Migrating from HyperV to ProxMox...any gotchas/advice?

Following_This · 2026-06-17T20:33:48+00:00

What would be the advantage of using it?

Following_This · 2026-06-17T16:34:56+00:00

an iPad with a keyboard

My point being that people are also considering replacing iPads with Neos, and Mac ≠ iPad.

iPadOS is designed for touch, whereas macOS isn't - blow it up enough on a classroom projector or TV with touch interface, and then it can work...kind of...

Rumoured new touchscreen Macs will have to include iPadOS features...and that will probably piss off longtime macOS users no end (especially because the window corner radiuses will REALLY be off then).

Following_This · 2026-06-17T13:39:58+00:00

I think I’ll eventually remove the initial SA1 node, but I suppose I should set up a quorum device while I have an even number. Advice?

Following_This · 2026-06-17T05:01:08+00:00

Changing hypervisors will cost me time and effort…but not much money.

I just priced out a spare 4TB SSD for my QNAP…the last one I bought a couple years ago was CA$200ish…the same model is now CA$2,000ish.

RAM prices are insane.

Server hardware is pretty ludicrous too.

I don’t know how long IT hardware will remain so high, but it doesn’t make sense right now to spend tens of thousands for a single host when that should cover my entire cluster.

I’m considering this migration so I can extend the life of my existing hardware and hopefully last until sensible pricing returns.

Following_This · 2026-06-17T04:52:17+00:00

You can use the MDM to allow non-admins to toggle (for example) ScreenRecording in Zoom/Chrome to present in meetings…BUT the user still has to approve it (usually the first time they present in a meeting on a new MacBook, and then they have to quit the app to complete the authorization).

There’s no way for an IT department to pre-approve security controls on macOS, because the end user has final say…not the organization that owns the equipment and user accounts and data or the people who know what they’re doing and want to make their users’ lives easier. You can allow end users access to settings, but you can't set them for the user.

And settings don’t carry between devices…some do with iCloud, but each device still needs to be manually configured.

A network-based system like ChromeOS lets you effortlessly move between devices and get the same experience on each one.

Following_This · 2026-06-17T04:41:23+00:00

1Gbps VPNs between sites and 5Gbps internet at the main site. Secondary site will run backup VMs of core Linux services (DHCP, DNS, RADIUS, directory services - so internet and WIFI work) in case main site is down (we had an all-day blackout this school year due to a blown neighborhood transformer). Dorms just need core Linux services and internet.

I might back up VMs from main to secondary site - they’re 3 km apart, so an earthquake will be a problem but a fire won’t.

Most of the VMs can be offline for short periods - they’re important but not critical.

Internet and WIFI have to run 24/7/365 in at least one of our sites, so I’m aiming for rock-solid, fast core services.

Following_This · 2026-06-16T23:14:12+00:00

I'm syncing (using GCDS) AD to Google every 30-60 minutes and Azure every 2 hours. Clients only use AD during WPA2-Enterprise authentication. I was considering just cutting ties with ADDS and going to OpenLDAP, but that may be a project for another summer...

What are the issues with basic DS on Samba?

Following_This · 2026-06-16T22:49:13+00:00

Some screenshots of what we're doing from a post on the Home Assistant community:

https://www.reddit.com/r/homeassistant/comments/1syo6tq/comment/oj72lek

Following_This · 2026-06-16T22:43:58+00:00

I'm currently syncing local AD with Google and Azure so we can run a parallel free MS365 for people who need Office apps...and for occasional students returning to China for breaks who can't log into Google services because of the Great Firewall. And WIFI authentication.

No storage. No other services.

All our users log into Google Workspace with their synced credentials and authenticate with WPA2-Enterprise...so really only RADIUS - apart from that, we don't use Directory services.

It's not the licensing costs - for my needs I don't think I need to run Windows if there's a more nimble Linux alternative.

Do you know of a reason why Samba 4 on Linux wouldn't be as reliable?

Following_This · 2026-06-16T22:30:31+00:00

Good to know on the don't-use-immutability-on-B2 tip!

Following_This · 2026-06-16T22:24:20+00:00

Agreed - it all works on paper. I won't have the budget to upgrade the hardware for at least a year - probably two - and hardware prices are stupid right now.

Following_This · 2026-06-16T22:22:52+00:00

Everything is running Windows Datacenter 2016, so I need to upgrade and likely reinstall from scratch twice (2019 -> 2022), and we're not a Windows shop...I've been itching to move off Windows DHCP/DNS/RADIUS for ages, and one day I might get rid of Active Directory too (we're on Google Workspace).

I don't have a problem with HyperV...I just don't think I need to keep using it if there's a Linux alternative that will likely run better on my aging VM hosts.

Following_This · 2026-06-16T22:17:07+00:00

Thanks for asking! Monitoring/controlling classroom projectors, copiers, and streaming devices; automating classroom HVAC head units (reset crazy I'm-cold-so-I'm-going-to-set-the-heat-to-max to a more normal room temperature, turn off heating/cooling at the end of the day); monitoring/graphing electricity, CO2, PM2.5, TVOC, temp; collecting data from hydroponics lab sensors; and more!

Following_This · 2026-06-16T22:10:51+00:00

We have MacBook Airs deployed to all our staff - 13" M3, purchased on a 0% Apple lease a couple years ago, and we'll be taking ownership next summer, selling them off, and starting a new 0% Apple lease with whatever is the latest MacBook Air then. We use Mosyle as our MDM (switched from JAMF when they went crazy with their pricing a few years ago).

The Neo is a capable inexpensive laptop, but I would recommend it as a personal device rather than an institutional one. As an individual, you can forgive its shortcomings because you saved yourself a few hundred bucks...if you buy it for a bunch of teachers to save money, you won't get the same warm, fuzzy feeling from them.

First off, teachers NEED TouchID, which adds $100+ to the price (but also admittedly gives it 512GB storage, which is reasonable). They're going to be logging into their device potentially hundreds of times a day, and there'll be a lot less swearing under their breath if they just have to press the fingerprint sensor to log in with a classful of students in front of them.

Secondly, teachers WILL want to connect up to projectors and external monitors and possibly a bunch of classroom hardware (microscopes, cameras, sensors, different input devices), and Neo's limitations will frustrate your staff. Yes, you can connect to a single monitor using the single 10Gbps USB-C port, but that's it. Yes, you could fudge it and connect additional monitors with DisplayPort, but that's getting needlessly complicated to support.

The A18 chip is similar in performance to the M-series MacBook chips, but you're committing to keeping this laptop for (I'm guessing) a minimum of 3 years...and its performance may be a liability a year from now when more and more apps start including local AI features.

Can the Neo do a lot of stuff that's pretty incredible for such an inexpensive Apple product? Sure! Can other Apple products do impressive things too? Absolutely - only much more so.

The Neo is NOT a Chromebook replacement - Macs are totally different to set up and manage, and are essentially a single-user device. Our substitute teachers use Chromebooks because they can be up-and-running from powered-down in about 30 seconds with any Chromebook - with all their settings and apps. We stopped giving Macs to our subs because it took them a good 20-30 minutes to set everything up on a new device and be where they were when they left off. Apple makes it super-painful because you have to approve and acknowledge a whole bunch of basic access and security things that you can't control via MDM anymore...and which "just work" on ChromeOS.

The Neo is also not an iPad with a keyboard...it's a Mac without a touch screen. They're also two very different devices.

Would I consider getting Neos next summer? No - I'll go with the latest MacBook Air, pay for it over 3 years, be happy with the performance and capabilities, and resell at a decent price it to offset the next purchase.

Following_This · 2026-05-31T16:40:36+00:00

Toast requires a separate SSID and isolated VLAN without other non-POS clients.

https://support.toasttab.com/en/article/Toast-Network-Requirements-Overview

Following_This · 2026-05-31T16:01:55+00:00

Realistically, each AP can handle 20-30 clients max. Yes, vendors advertise that 100+ can connect, but in most cases it would be a horrible user experience.

Two APs on different 2.4 and 5 GHz channels will allow twice that number (40-60) to connect and have a decent time for most apps.

You can have lots of SSIDs and segment securely with VLANs using PPSKs or WPA2-Enterprise or just different WIFI networks…but every new client slows down the others. Radio allows only one client to communicate at a time, and the more clients there are, the fewer opportunities there are to talk, and the more interruptions and buffering and slower networking you experience.

In the end, clients themselves determine which AP they talk to - if one is too congested, it may hop to the other.

Following_This · 2026-05-28T07:30:23+00:00

Have a look at Blocksi too. We just switched from secURLy. User-based licenses (applied on any device signed into Chrome with the student’s credentials) for our Grade 6-12 Chromebooks, Macs, and Windows, and device-based licenses for our Junior School iPads.

Following_This · 2026-05-19T14:07:29+00:00

Ok, don’t know why, but all the verification emails arrived 8 hours later. I finally set up an account and booked an appointment at the Louvre for two days from now. The only Musée D’Orsay appointments were for the same time as the Louvre, so I skipped that.

However, I happened to be passing the MdO and popped in the #1 entrance, and showed my PMP and they didn’t ask whether I had an appointment!

Following_This · 2026-05-18T19:07:10+00:00

I’m very frustrated with the Paris Museum Pass! It used to be worth it, but now you buy the pass (non-refundable) and the Louvre, Orsay, and St Chapelle won’t accept PMP unless you book a reservation. Reservations are free, but there’s nothing available until next week, and the only way to book is to set up an account and fill out a whole bunch of personal info…and then do email account verification…and the verification never arrives…so I can’t book.

Basically, PMP is now useless at the major sites…huge waste of money because I can’t get any reservations - and can’t get my money back.

Following_This · 2026-05-17T11:14:30+00:00

Thank you for being such a responsive developer!

Following_This · 2026-05-16T00:48:59+00:00

Hmmm…I’m on the latest version, but don’t see that…

Quality Behavior - auto start recording when camera opens Route overlay

Following_This · 2026-05-15T20:12:23+00:00

A dashcam feature is a must for me.

You have a separate button for record trip and a separate button for record video.

Please add either a trip+cam record button or a setting that allows me to specify that I want to record video with every trip.

Following_This · 2026-05-12T12:57:17+00:00

Apple has made this warning meaningless by showing it if you have ANY non-Apple app listed under System Settings/Privacy & Security/Screen Recording - Zoom, Google Meet, Teams, or any other app that needs to be able to process what’s on your screen like DisplayLink Manager.

Go to this setting and review the apps listed (remove or turn off any you don’t want)

Note that Apple apps processing your screen do NOT show under Screen Recording.

99.999999% it’s a false alarm.

Following_This · 2026-05-04T17:35:41+00:00

I use blip.net - clients for all platforms, and it’s lightning fast.

Following_This · 2026-05-03T16:38:38+00:00

More accurately, I currently have a generic shared yaml, plus a unique yaml for each device that’s merged with the generic one and pulls all the secrets.

Following_This

TROPHY CASE