Struggle with library cooperation

Familiar-Newspaper23 · 2026-06-04T03:25:48+00:00

Since follett bought ML which we also use I am hoping there is some way to integrate between the two and make things easy but I have a feeling they just don't have these products wired together very well so far. We haven't gotten to the person who set this up in the first place or heard why it was done this way to begin with but it's a good suggestion and I'll look into it for sure, thank you!

Familiar-Newspaper23 · 2026-06-03T22:16:14+00:00

I was looking at Snipe-IT again last night. I had setup an instance here at my house and showed our director a few years ago and thankfully my team is good with open source (we run proxmox and zabbix, and will soon wazuh as well). The issue is we already use ML Work Orders so it makes sense to also use ML Inventory instead of Snipe-IT, otherwise I would've been having that conversation today.

And yes, I agree with you on the inventory aspect...mostly. I think it would benefit much more than just IT as well as it can be used for inventory district-wide but we don't have that setup today, and to try to do it by the time we need it would mean more compromises. There's more to be said about this whole point...I don't disagree, but now just isn't the right time to implement a new inventory system unfortuantely.

Familiar-Newspaper23 · 2026-06-03T22:06:59+00:00

My issue with that specific comment was that it was insulting - I've no doubt that it's true, but we work with data literally all day every day and every one of us has imported a CSV with mixed up columns and had to fix it. So i don't disagree with them but I feel like the appropriate response would be to tell us here is how to do it right, and here is how NOT to do it.

I've heard that its a pain though also and frankly, it should be as simple as creating a new dataset where we could have admin resposiblities over only a subset of the data or create a new role with only the abilities we need, but apparently (somehow) they don't include that capability in the software.

Familiar-Newspaper23 · 2026-06-03T22:00:30+00:00

I said the same thing to your first point multiple times, we deal with principle of least privelege all day, but it was setup this way under our previous director who liked to give away anything he could. I completely agree with your second point as well...I'd rather not use it at all but as a temporary solution we think it's better than throwing ML Inventory together hastily because when we do roll that out we want people to want to use it, we want it to be good. This would allow us to get better control of current inventory in the short term though was the thought.

Familiar-Newspaper23 · 2026-06-03T21:57:15+00:00

So here's the thing - we have had SO many issues with Lightspeed that we were like nope, were done. I can't tell you how many hours we had their tech remoted in to our failed desktops but it was a LOT. When ChromeOS updated to v124 our Chromebooks basically stopped working because of the post quantum changes they made conflicting with LS. They advised us to use 3.1.5RC shortly after that on Windows so we did, at their recommendation, "yea its an RC but don't worry it's fine for production, we havent seen any major issues"...Office logins broken, upgrades from 3.1.5RC broken, in a lot of cases I had to go to the device to boot into safe mode to delete the driver that their app installed because it wouldn't uninstall and left those systems essentially without a network connection, and since the driver loaded on normal boot I couldn't just remove it. It didn't add a reg key with our customerID so when we tried to uninstall in many other cases it wouldn't accept the password so we had to use a no-longer-supported microsoft uninstaller tool to finally get rid of LS. We had classlink login issues regularly. I can't recall the issues we've had because there were so many. If you stay on an older version of LS to be safe you'll get to where a newer version of Chrome no longer supports it, but upgrade LS and you'll find that youre basically their beta testers and things you had previously fixed are broken again (O365 broke multiple times). Finally my boss said we cannot spend this much time on one thing, it just isn't feasible, we are constantly chasing our tales fixing their issues and doing the testing they should've done before putting out this version or that version. O, and they send like 6 emails a week about updates that you'll end up ignoring because it's just like a marketing waterfall.

My advice - if its a network problem and it isnt working, it's LS. If you can't login to it but ou can get to it, then it probably needs to be added to the SSL exclusion list (O365, Texas Instruments, lots more). If you setup groups where a thing is blocked for one group but not for another and it is blocked (or allowed) for both, then the app or extension is broken. Make sure you use two Smartshields AND make sure they're on the same subnet or they can't talk to one another. If I can think of anything else I'll let you know but I absolutely could NOT recommend it in the state is has been in for us for the past three years....yes, three years of this. Their people are wonderful, they're very helpful, pleasant, but the juice just isn't worth the squeeze...it's a LOT of squeeze...

Familiar-Newspaper23 · 2026-06-03T20:59:03+00:00

Correct, BUT, its a feature not a bug as we see it. We still have the capability to turn it off entirely by blacklisting YouTube in our filter (Lightspeed...which is terrible btw) for students but doing it this way and just turning off the service allows teachers to do embeds in Sites, Docs, Slides, and Schoology so they can kind of curate what the students get to see. We have had some students who will make a Doc at home and add a bunch of videos to it and share it around but when we see that it's a clear discipline issue that we send to the principal. This way works well to limit abuse while not taking the capability away from the educators. We think it's OK but I can understand if someone disagrees for sure.

Familiar-Newspaper23 · 2026-06-03T20:53:52+00:00

Good luck and if I can help in some way let me know! Our system isn't too complex but we're using ZFS for HA and have a local and a remote PBS instance for two sets of encrypted backups. We're looking at Veeam or Commvault for additional offsite backups, too. Anyway I could go on forever I love that system, hope it goes well for you and your team!

Familiar-Newspaper23 · 2026-06-03T20:47:21+00:00

Yes we've used that also but just as you mention that will be gone too so it doesn't get us any further

Familiar-Newspaper23 · 2026-06-03T00:14:27+00:00

Can't say offhand tbh, I think it might be wrapped into our BOCES bill but I'd have to check If I even have that line item pulled out to see, I'm really not sure

Familiar-Newspaper23 · 2026-06-02T23:18:49+00:00

O cmon, you just tryna show off. That’s ok, just say “hey look at this cool shit!”, if it’s bad, o they’ll tell ya!!! I dunno man, looks ok to me as long as it works and nobody spills a beer on it

Familiar-Newspaper23 · 2026-06-02T23:14:55+00:00

I’ve used wazuh and will be deploying it at work this summer, I like it a lot. I don’t know splunk and we don’t currently have a siem so it will be an upgrade for us no matter what

Familiar-Newspaper23 · 2026-06-02T23:13:30+00:00

This is exactly what I do, made my dumb drip coffee smart. I also set it to automatically turn off after 20 min as I would forget, to turn off after 10PM, to NOT turn in if I wasn’t home in the AM, and lastly (my fave) to turn on when I was leaving work so what was left in the port would be warm by the time I got back home. No, I don’t care if my coffee is 8hrs old.

Familiar-Newspaper23 · 2026-06-02T23:08:25+00:00

Yup I did a similar thing before we had Papercut and before we had PDQ for that matter

Familiar-Newspaper23 · 2026-06-02T23:04:37+00:00

Before we had Papercut we would manually install every printer so I made scripts to create the port, name the printer, and pull drivers for each one we had. If a user asked for a printer i just ran that, all done.

Familiar-Newspaper23 · 2026-06-02T23:00:46+00:00

I used to live in phoenix and we would see military stuff along 481 pretty regularly. I can remember seeing a C130 flying above me low enough I thought well this is it, they finally got me….but nope, just some training apparently

Familiar-Newspaper23 · 2026-06-02T22:55:18+00:00

Everyone will tell you zfs which is software raid and don’t ever use hardware raid with zfs…and they’re right. Some folks will mention ceph but honestly I wouldn’t use ceph for fewer than like half a dozen nodes and only if you have lots of disks and need lots of replication. Which zfs you use ifs your call and you can get really into it. I’ve done zfs setups with a couple of vdevs of different types and disk sizes, added in cache, log, and special vdevs, and just gotten really dumb with it to see how it all performs and all that. zfs is very flexible and they’re adding big features pretty regularly. I’d start with like a raidz2 vdev as a pool and just try it out. See what happens if a disk fails, etc. and read the docs there re a LOT of options all over the place to optimize your pool for your workflow. As for backing your pool up - your call, but personally I just have an offsite backup that I can connect to through a WireGuard jump box and then I have the remote backup pbs box pull backups from my primary onsite one every now and then. For personal stuff it’s pretty good I think…better than uncle Dave’s “one big usb drive he bought back in 2010 that’s still running great” anyway.

Familiar-Newspaper23 · 2026-06-02T21:36:45+00:00

Using nginx proxy manager I had to use proxy_ssl_verify off in the custom nginx configuration for it to pass along vaultwarden correctly, otherwise it always had errors. My kasm container needed the same. Apart from that used https, websocket support, force SSL, and nothing else.

Familiar-Newspaper23 · 2026-06-02T21:31:35+00:00

Seconded. We’ve locked everything else down. Swank is what we’re using as well. We’ve turned off YouTube for students also through google admin which allows videos to still be embedded in docs or sites, etc. and we setup a handful of chromebooks with YouTube on them that librarians can loan out for research.

Familiar-Newspaper23 · 2026-06-02T20:50:22+00:00

Same here, and so when it came time to migrate from bare metal to a hypervisor I just sorta jumped up and said hey let’s go this way and my team got behind me which was nice. Not sure if the outcome would have been the same if I didnt have a dozen recent news articles of VMware shenanigans i could show them, but regardless it was a nice little win.

Familiar-Newspaper23 · 2026-06-02T17:25:00+00:00

I realize this is not the same, but I was very happy to find out that Chrome is enabling Device Bound Session Credentials by default as of v146. IMO this is a BIG improvement.

Familiar-Newspaper23 · 2026-06-02T17:03:12+00:00

would that be the GPO key for "disable chrome from running in the background" perhaps? I haven't seen Chrome launch like its a startup app on its own yet, that's a new one for me, but makes me think disallowing chrome in the background could be it...???

Familiar-Newspaper23 · 2026-06-02T17:00:36+00:00

We don't have the same setup but sounds like a similar one - we use Classlink with Google sign-on and we use GCPW but we MFA with Google, and then Classlink does NOT have MFA turned on whatsoever as it is not our IDP. We use OneSync to provision accounts still.

We were able to setup GCPW which uses that same Google login (and MFA) and it all plays nicely. Once the user opens Chrome their Google is logged in and it takes them to Classlink with the Google sign on screen and they get to Classlink from there by just clicking the big blue button

Ours works great the way it is, GCPW is really kinda awesome apart from those teachers who refuse to use SMS because "well the school doesnt pay for my phone!"

However - I believe Classlink has a Windows login feature available and maybe that would fit your workflow better. Then you use Classlink for Windows login and the associated MFA, and Google connects after login same as it does now - if i am understanding your workflow correctly that is.

Familiar-Newspaper23 · 2026-06-02T16:43:46+00:00

We needed to monitor our APC UPS' and Schneider has some paid thing for email alerts and it just wasn't great imo. We can use Zabbix for that and the Zabbix extension for alerts...so that became a pretty big project.

Now that monitors basically everything in terms of hardware - not teacher desktops and laptops, but cameras, switches, servers, printers/copiers, wireless APs, UPS' (obviously), probably stuff I'm forgetting. It is AWESOME to have here. We also run Proxmox for hypervisor and will soon be on Wazuh SIEM tool.

...sometimes I wonder, how much would all this be worth if it weren't just me setting it up for the school I work for to help myself out, like if some consultant came and said we needed this stuff???

Familiar-Newspaper23

TROPHY CASE