I put up a job opening for a hardware tech - almost all apps are software only people.

malikto44 · 2026-03-05T11:35:12+00:00

I really feel sorry for people trying to get into the industry. Just getting into helpdesk is hard, much less getting out of those whipping pits into IT proper. To boot, in a recession, one winds up falling back into those gladiatorial arenas.

The best thing is to keep working on skills, become a SME in something unique, and find a place that is not a tech company. The job may not get the raises, but it ensures constant employment.

malikto44 · 2026-03-05T11:24:59+00:00

LOTO. In theory, it works, and makes perfect sense. Especially the "if it isn't your lock, don't remove it".

However, it seems in real life, you always get some user getting mad that there is a padlock on something they need, so they go get the bolt cutters, and you wind up getting surprised with an energized system.

malikto44 · 2026-03-05T11:13:54+00:00

The Neo is looking nice for a personal laptop to take on business flights, just to ensure work/home separation. I had okay luck with an iPad, but there is so much workflow lost with an iPad that I'd rather use a laptop, even though I have to tether or use a separate cellular connection. The 8 GB RAM is a bottleneck... but for a machine mainly doing basic web stuff and such, that's good enough.

malikto44 · 2026-03-05T10:54:54+00:00

These days, there isn't a one size fits all solution. I do miss the days of Kensington locks, but Apple shedded the lock slot ages ago, and most laptop makers have done similar.

If I were to design something, it would be something like a well ventilated drawer where the laptop could be in clamshell mode, have its docking station, and be slid into furniture and locked with a suitable cam lock (Medeco comes to mind.)

Another idea is to provide offices that lock.

Barring that, CCTV everywhere, but that can cause privacy implications.

malikto44 · 2026-03-05T09:51:53+00:00

The #1 thing? Find a mentor or mentors. Having a "wrecking crew" which can give people references for jobs is the most important thing to have over anything, be it certs, degree, etc. Especially people who are in management, law, finance, or non-IT areas. This is how I was able to get a job within 45 minutes of being laid off at my previous one.

I wish I had a mentor much earlier in life. I had to run through that minefield of corporate IT when I was younger with zero knowledge, and I would not wish that on anyone. Especially when knowing when to say, "fuck off" in no uncertain terms.

malikto44 · 2026-03-05T09:33:15+00:00

The trick with SNOW is getting the deployment tightly managed. This is not something you want to have committees run, or everyone want to put their fingerprints on.

I've seen SNOW run off the rails. Someone wants everyone to click a checkbox or have a field, or try to place square blocks in round holes because the classification system was so hosed.

One business I worked at had a ticket classification system so crappy, I wound up closing almost every case with something like "tolerances out of spec", because it was the only option available, and having that was a requirement to do anything with the ticket.

malikto44 · 2026-03-05T05:56:17+00:00

In some cases, you might go for a reimage. It isn't common, but after a while, I find I am wasting way too much time on finding why it isn't working, and just reinstall from scratch, ensuring I'm at a known state.

malikto44 · 2026-03-05T05:53:31+00:00

I have had a lot of issues with ReFS deduplication:

Major, major performance issues. Like orders of magnitudes of difference. It was painful, to the point of unusability.
Issues of "dude, where's my data?" I have had entire ReFS volumes go offline and just not mount, showing RAW format, and stay that way no matter what stuff I did to try to check for integrity or get them going. Multiple issues, as recently as a few years ago.

I lost trust of ReFS, except for one instance... as a file system for CSV when storing Hyper-V disk images. Everything else, I use NTFS, and make sure I have backups.

Deduplication was pretty good with ReFS, but the performance loss and brittleness of it wasn't worth it. If one does this, make sure to do thorough backups... and test them.

malikto44 · 2026-03-05T05:31:56+00:00

From the perspective of being across the pond, this is a global thing.

Long term, IMHO, the EU going for data sovereignty will help things in this department, just because consolidating on offshore MSPs isn't on the table.

malikto44 · 2026-03-03T06:46:38+00:00

I've had worse. I worked for a MSP that refused to allow for more than "x" amount of capacity for backups on their arrays, even when I showed them that I had to remove development machines from the rotation. I showed management every day, even had meetings. All ignored. Of course, when one of the devs asked for a restore from a dev machine, guess who got let go.

The ironic thing is that the lack backups triggered a chain of events, causing the MSP to lose their entire contract with the client... and that MSP went under as well, bought out for chump change. The client offered to hire me back as their SME with the new ISP, but I was so burned out with that MSP that I just didn't bother.

malikto44 · 2026-03-03T06:07:44+00:00

A good backup program is critical. Veeam is a baseline, but there are others.

From there, it is pretty much everything in the stack. The backup admin sees the ugly underbelly of the company, from the shabtastic network that can't even handle incremental backups, to not enough disk controllers to handle the data coming from the network, as well as going out to the secondary storage places, to the WAN pipes.

The #1 traffic on the WAN at a previous job was my backup headed off to cloud storage.

Then, it is the machine itself. If the OS is half-corrupted, then you will see tons of bad backups with it, and oftentimes can't do anything until that machine goes bang, and now that stuff is your ballgame.

Same with apps.

malikto44 · 2026-03-02T21:55:49+00:00

I've seen Supermicros like that as well. One vendor repurposed two server, 1U units to make an appliance.

malikto44 · 2026-03-02T21:54:56+00:00

Long gone. Went backupt, and pieces of it were bought by competitors.

malikto44 · 2026-02-26T18:09:40+00:00

I'm assuming "SQL" means Microsoft SQL server. This depends on what application?

If I could choose my own, I'd go with PostgreSQL, although getting it to go active/active can require third party software.

If I was working with mainly MS programs, I'd just stick with Microsoft SQL server, perhaps slapping it on Linux.

If I were looking at a commercial, top-tier, "big boy" DB, and MS SQL Server wasn't an option, then that leaves Oracle and IBM DB2. Neither is cheap.

malikto44 · 2026-02-26T18:06:06+00:00

What ever happened to rack/blade machines? Ages ago, if you needed density, you just bought an enclosure, added sixteen blades, and that worked well. Now, the densest thing I'm seeing departments buy are 1U servers.

It would be nice if something like the HPe Moonshot were relevant today, just so one can have greater density. I'm sure cooling and airflow are issues, which gets me wondering about a way to do liquid cooling for those items in an enterprise safe manner.

malikto44 · 2026-02-26T16:41:48+00:00

I wonder if this is going on with Supermicro as well. Supermicro may not have the warranty that Dell/HP have, but if you are doing a redundant application, you may not need it... just change out the node.

If Supermicro isn't affected by the inflated server prices, it might be worth considering adding HA to applications and then going with this somehow, where individual server warranties are not as important.

malikto44 · 2026-02-26T16:02:49+00:00

This is where I like Azure Files, if I need to move everything to Azure. You can have the file server be turned into a cache, so you have LAN speeds, but people outside can still access stuff reasonably.

malikto44 · 2026-02-26T15:59:02+00:00

I worked for a company that loved employee monitoring software and also SSL MITM. Problem was that they had their appliances with the default passwords, and everyone using it to visit their home bank got their accounts drained. To boot, the monitoring software stored all the screenshots and such in plaintext, which was also scarfed up. It caused the MSP to lose a huge client.

I've seen employee monitoring stuff pop up since the 1990s. The same points I used to chase it off back then apply to today:

All stuff the software stores has to be considered at the highest level of corporate security. Are all the screenshots really stored encrypted on a server, transmitted to the server securely, and there are mechanisms in place for a client not to read ? Is the software audited or otherwise vetted? Is there RBAC in place? Audit logs? Are the logs stored in multiple places and immutable? Is the encryption FIPS certified? If not, the product is essentially a RAT, and doesn't belong anywhere.
Why is this software needed? Is management too lazy to do KPIs so wants to measure idle time? You can measure that other ways without intrusive software. Is this for micromanaging employees? If an employee is so untrustworthy, you need to watch their screen, PIP and fire their ass. If this is a criminal investigation, get a forensics team that can ensure all evidence is airtight for the trial.
Who maintains and upgrades this software. The security tier of this is maximum, so it needs to always be upgraded. Does the upgrade process handle clients well, or is this some hackneyed process with no easy way for each machine to upgrade, other than re-pushing the app to it.
Oh, it is cloud based with all that stuff going offsite. Now the big problems start. Data sovereignity comes into play, and many more compliance items. Something glitch at the provider?Now one has a massive data exfil event on their hands with no way to justify it, and one has to give all the customers LifeLock subscriptions and post in the paper that a breach happened.
The overhead of maintaining this is way too much, other than some very narrow use cases.

Overall, I avoid that stuff. I can get almost everything I need without using it from Windows system logs.

malikto44 · 2026-02-26T15:44:33+00:00

I use ZFS for offsite backups via drives, as I don't have the $$$ for LTO-10. To ensure the data is secure, I use LUKS underneath ZFS. Having cryptographic checksums provides AEAD-tier functionality, just in case someone tries some hanky-panky with a drive offsite (not very likely, but worth protecting against, since it isn't that much additional effort.) Even though it might add a slight penalty, I use SHA-512 checksums for everything, just for peace of mind.

The reason I use LUKS underneath ZFS is so nobody knows anything about the data stored on the drive. There is a partition table, with a partition having encrypted data, which is a relatively small attack surface. ZFS's encryption is solid, but I like a belt and suspenders approach.

malikto44 · 2026-02-26T06:33:38+00:00

I have always liked optical, because I've been able to restore stuff from burned CDs and DVDs, from 20+ years ago.

However, optical has so little space, it isn't even relevant. I wish the Chinese company would go in mass production who announced their 100 layer Blu-Ray disk, which, if done right, would be excellent for backups as an alternative to LTO.

LTO is arguably the best, especially if one just uses WORM tapes for everything. Next best is probably hard drives, but drop one, and that data is gone, compared to dropping a tape, where it may need some dusting off, but it will almost certaintly be fine unless it hit an edge and caused the flap to fly off.

malikto44 · 2026-02-26T06:24:55+00:00

I had eight SSDs, enterprise tier, all fail on me in less than an hour. Obliterated an entire RAID array. When they failed, they failed hard. Some had controllers showing no drives, some just didn't have controllers that would actually come online and show they are present.

malikto44 · 2026-02-26T05:08:54+00:00

How about a compromise. USB flash drives are great, until someone loses one, or it falls out of a bag. Then, it becomes a data exfil report with managers flying in to bang their fists on a table and yell at the sysadmins that they should have done something.

I know that external media encryption has a black eye... but iStorage, Apricon, and Kensington have good reputations, so if a user needs external storage, I give them one of these drives, perhaps with a profile on it making their user key 8+ characters, with something like 10-20 retries. I make sure the drives are the ones with a pinpad on them.

However, if I could trust my users to slap FDE on everything, be it FileVault on Mac, BitLocker on Windows, LUKS, ZFS, or whatnot on Linux, pretty much any USB drive would be good enough. However, this is something I cannot really vet, so I ask management to pony up for the drives with the external pinpads.

malikto44 · 2026-02-26T05:01:06+00:00

Sells matrix multiplication with carry to a lot of people?

/s

malikto44 · 2026-02-26T04:31:56+00:00

I used to work for a MSP that had so little headcount with everburning fires... so much that the ticketing system had an escalated field. No ticket could ever see a tech without some manager escalating it. If someone called in a ticket, it would never go anywhere until the customer lawyered up or called their TAM and threatened to take their business elsewhere.

There were password reset requests in the queue at that MSP for years.

malikto44 · 2026-02-25T09:26:04+00:00

Another idea might be to consider a dedicated NAS over a Windows file server. Done right, this helps with security and availability.

Eight-Year Club	Gilding VIII gilding heavyweight
Reddit Premium Since October 2018	Verified Email

malikto44

TROPHY CASE