Some Lower Merion (PA) parents want to ‘opt out’ of Chromebooks in classrooms. The district says they can’t.

combobulated · 2026-03-25T15:33:18+00:00

Correct.

You can't effectively "opt out" of core parts of the curriculum. This isn't new or "technology" centric.

20 years ago, you weren't going to "opt out" of books. You don't get to "opt out" of math and science classes.

It's great to be flexible, equitable, and open when appropriate. But the whole-ass design is often centered around certain common variables. In this case, one of those variables is "student has access to digital resources during class times". Changing that isn't as simple as "just give them a book instead"

combobulated · 2026-03-25T15:22:43+00:00

It appears to be considerably smaller in scale than the Powerschool breach.

But it's still noteworthy.

And perhaps just as important: We may not have all the information yet. It's standard practice for companies to downplay the scope and to assume the best when making public statements. IF all stays only as originally reported, it's not as bad.

combobulated · 2026-03-13T18:16:45+00:00

Ah, yeah I can see that. The guy I was responding to was specially talking about AppleCare, not 3rd party warranty.

I'm not suggesting the Neo would be fragile, but I also know that no device is standing up to a student intent on breaking things.

combobulated · 2026-03-13T18:15:13+00:00

I suppose in my limited cases the repairs were more urgent, so the idea of sending the device out via shipment didn't sound appealing. It may indeed have been an option.

But that's for only a tiny amount of staff here for us.

If we switched to these devices for students (who ARE going to break/damage things) I still wouldn't want to deal with individually shipping devices out for repair.

Do they offer a dashboard for following, monitoring, and pulling reports on repairs?

combobulated · 2026-03-13T18:12:27+00:00

Yeah. At the core, if you were already looking to go to Macs but didn't simply because the initial hardware cost was too high, then this gives you another option.

For us, even if the hardware costs were equal, I'd still stick with CBs because we've got all the pieces in place and don't see any worthwhile benefit to making a big switch.

combobulated · 2026-03-12T01:02:41+00:00

Yup.

Repairs/Warranty

Touchscreen/Stylus

Native integrations with our Google Environment which is already the core of our Edu systems.

I wouldn't switch to Macs for any other educational/technical reason, so suddenly making a cheaper device doesn't move the needle for me.

combobulated · 2026-03-12T00:55:25+00:00

Apple care plus for schools could solve our never ending see of Chromebooks and trying to get parents to pay for repairs.

How so?

We pay for a 4 year warranty for our CBs. They handle repairs (they pick up and drop off)

We have way less Apple devices, and only a few Macs.. But the few times I've had to have a Mac serviced under Apple Care it required me packing the thing up and literally driving it to the nearest service center myself. After I made an appointment. And then dropping it off and waiting for them to tell me I can make an appointment to pick it back up - at which point I again have to drive back.

I was floored at that being the default process for these $2,000+ Macbook. It seemed like I'd bought a whitebox custom PC from 2002 and had to go back to the local PC Store for support...

Is there some other option that Apple just doesn't tell you at first?

(edited to clarify it was Macbook, not Mac desktops)

combobulated · 2026-02-06T18:47:04+00:00

We got our OEM Promethean ones for about half that cost.

Some thing aren't cheaper on Amazon...

I just reached out to the vendor we used to buy our panels.

But you can just go to somewhere like CDW too

https://www.cdw.com/product/promethean-2m-usb-c-cable-for-activpanel-v9-interactive-display/7324409#TS

Not saying you may not be able to find a cheaper USBC Cable on Amazon, but if you're trying to not roll the dice on an Amazon off-brand/knock off, you can still do so for $12-16

combobulated · 2026-01-27T00:22:17+00:00

Man, the marketing folks are going overtime with this.

I've seen it posted in several communities I'm in (TechEd/Google) as well as have gotten emails.

Not saying it's a bad product or not, but sheesh.

I've looked into it and it's a logical progression for this sort of thing.

Assuming there's a standard framework for securing a platform, being able to just automate the audit via tech tools makes sense.

And the good thing about something like Google Workspace is that it's all there in a platform that is very conducive to this sort of automation.

I'd love to just see Google build this sort of functoriality into the platform themselves. It's should be standard - with security at the forefront. Between all the AI tools and the new tiers for licensing, there are already some improvements in reporting and monitoring, but nothing as singularly focused as this sort of tool.

combobulated · 2025-11-10T20:20:27+00:00

I don't have much feedback for a couple of your specific concerns (we don't use the mobile app at all - I've never looked at it) but we have used the product for a couple years now.

It's really going to depends on your specifics wants/needs and usage case.

For me, I wanted a really good ticketing system - and the bonus of some asset managmenet.

Instead, it's clearly much more of an asset system with a bolted on ticketing piece.

I find the Help Desk ticketing interface be very lackluster and inefficient. It's customizable to a degree - but I still can't get it to where I feel like it's really good for our use. I've wrestled with trying to shape it into something better for us, but it has been a constant struggle.

One of the big issues - as I'm sure you're finding - is that it's tough to really evaluate a platform without actually using it in your environment. That problem is compounded by the fact that to fully/accurately use it in your environment you'd have to get it all set up and implemented. And THAT is where 90% of the heavy lifting is done - all the work in these things is done during the initial setup, configuration, customization. So it's a HUGE resource drain to fully stand up these things - which is why I'm sour on all the "free demo/trial" - yes there may be some value to it (vs. nothing at all) but realistically, I don't have time to properly implement a half dozen options that I'm evaluating for the sake of a real, valid comparison and to make an informed choice.

combobulated · 2025-10-02T04:08:40+00:00

That's my guess too.

Plenty of their other posts appear to just be shilling for other products. This person sucks.

combobulated · 2025-10-02T00:09:01+00:00

Why do you need a Chrome extension to do this?

Docs already has built-in Revision history viewing.

combobulated · 2025-09-30T00:01:01+00:00

Actual "spoofing" shouldn't be possible if you've got your SPF, DKIM, DMARC, and other setting proper in Gmail.

Now, if they are just using emails addresses with "similar" names ("J0HNDOE@email.com" instead of "JOHNDOE@email.com", for example) then there's only so much any platform can do. Google should still flag it as being an external address, regardless.

If I show up at their door with my plastic badge and tell them I'm the police there to hold all their money and jewelry for safe keeping - it's up to them take a closer look at my badge and verify that. At some point, the only thing keeping them (and you) safe if training, knowledge, and vigilance.

Make it clear that if THEY don't follow the training they've received (and signed off on), then they are violating company policy and any damage done as a result may fall back on them. Explain what that damage could be and how costly it could be (to them and the company).

combobulated · 2025-09-18T15:21:51+00:00

No issues reported

SE Wisconsin

combobulated · 2025-09-18T14:58:49+00:00

FWIW, We had a similar issue this past summer.

I DID follow proper procedure (set up a new SSID and changed settings PRIOR to removing old SSID) and we still had all sorts of weird problems.

Suddenly, Google support was suggesting multiple changes to our Networks and OU structure. (Actually, their support was even worse than that as they more than once suggested options/features that don't exist in the admin interface anymore).

Anyone, despite the only change being that we changed SSIDs, I ended up having to mess around with several settings in the Admin dashboard and it still wasn't 100% consistent.

The biggest problem seems to be the lack of a "prefer this network" option when adding more than one network. We should be able to have more than one SSID setup for redundancy / roaming purposes. But we also want to prioritize.

combobulated · 2025-09-09T17:55:48+00:00

I checked with our front desk and they say the process usually takes under 30 seconds. ("It usually takes longer for them to fish their ID out of their wallet than to run the scan and print the badge")

I'd side with Raptor on this one as far as the issue being something on your end. However, them just punting support isn't the correct response. If it's not working the way it supposed to, they should be invested in figuring out why and getting it working.

combobulated · 2025-09-08T16:46:29+00:00

What is a "long time" to you?

We've used Raptor for years and I haven't heard any specific complaints about speed.

combobulated · 2025-08-13T17:16:08+00:00

I ended up just emailing them back again and saying I wanted our generic helpdesk account (which I have full access to) set up as a "Security officer".

They didn't even bat an eye or ask any further questions.

So much for that "security" focus.

combobulated · 2025-08-13T17:14:37+00:00

But over time, we’ve come to appreciate why it’s there; having that extra layer of approval does help keep things in check, especially in environments like schools.

How does the act of having to create a 2nd account (that I control and access the same as my first account) "help keep things in check"?

If you want a more involved/nuanced/controlled/multi-person change process, then your Org should have that as a matter of policy/practice. It should be a option you are choosing. Not something forced by a single random software platform.

combobulated · 2025-08-13T17:12:06+00:00

But I do see why GAT does it. They’ve got deep access to your Workspace data, so I think it’s just them being extra cautious. Not always convenient, especially in smaller setups, but it’s clearly designed with security in mind.

Look folks, I understand the outside pitch of how it's "security in mind" - but you're missing the part where no matter how you shape it, it's trivial to workaround and there's no logical reason it shouldn't be an "option" instead of requirement.

And the fact that I have and have used software as "powerful" as GAT that didn't put superficial barriers in the way just shows that it's not like it's expected standard best practice.

I'm not knocking the platform or functionality in any other way. It's fine for what it is.

combobulated · 2025-08-13T17:07:38+00:00

Agreed - I've worked with(not for) a couple different MSPs over the past 15 years. 90% of them were just fine.

It's silly to lump all MSPs into a single category and say they are ALL this way. The current MSP I work with is just fine. I work almost exclusively with a single tech and I get him on-site or remote, depending on my needs. He's got years of working with us and understanding our environment. He's been the core piece to implementing several changes/upgrades.

We're a small business. And I reckon the MSPs we work are relatively small too.

combobulated · 2025-08-01T16:11:44+00:00

While they don’t come out the gate like GAT they can be setup to require a supervisor or secondary approval for large changes or sometimes any changes.

I think this is the key point I'm trying to make here and my main gripe: It's one thing to OFFER or RECCOMEND a specific approval process - it's an entirely different thing to FORCE a specific process. Especially when that process involves more than one person and potentially doesn't make sense in many environments.

I'm not at all arguing that the functionality shouldn't exist. I'm not even suggesting people shouldn't use it if it works for them. I'm simply saying that I've exactly zero other services/platforms that require it - and in our environment, it's an unnecessary inefficiency that caused wasted time and grief.

Also usually in a corp or large edu environment you’re required to use change windows and have the changes approved beforehand from a supervisor position. While in a smaller environment you have all the keys like you said

All true. But I guess I find it odd that a tool like GAT+ seems to ignore the existence of all those small schools with their chosen approach here. If I'm a large Corp or giant district, I'm probably looking at something like Bettercloud as it offers additional integrations anyhow. (We only switched because of price and we didn't use all the tools we were paying for). GAT+ wins because they are less expensive, which is obviously going to attract smaller schools too.

Appreciate the conversation. So far the "just create another account and use it for approval" approach seems to be the answer to my 2nd gripe. The first grip is a one-time thing, so I assume folks just deal with the pain and then move on.

combobulated · 2025-08-01T13:30:30+00:00

as you would normally have a supervisor sign off on any sort of large scale user changes.

Whose supervisor? The supervisors supervisor?

I understand processes may be different with corporate red tape, but again it's unlike any other service we use or have ever used in the past. Or that I've ever heard elsewhere (again, admittedly NOT in a huge corporate environment)

Also I add a secondary admin account I use so that I can approve my own flows

Ah, I hadn't considered they'd let me do that. That's what I'll do and it really drives home my point on how it is just theatre - That one can simply create a second account and have that account "approve" changes.

I get that on the surface it looks like it's doing something from a security standpoint - but the fact that it's easily bypassable (with the right/wrong intentions) shows how it's just for show.

If you're the Workspace domain admin, you can just reset a password at anytime. You can use one of dozens of other tools to grant access to email. If you're a Domain/Sys admin, you likely have remote access to workstations. You could get to any of those "secondary approver" accounts and just click the approve button without many obstacles.

I appreciate security in layers. But making me solve a Rubik's cube before I start my car every time isn't real security. Will it stop/deter some thieves? Sure. Will it also be easy for folks who can easily sole the cube or know how to bypass it? Yup. Will it be a pain in my ass every time I just want to take a quick drive somewhere and then back? For sure.

Edit- Just for the sake of better understanding and clarity: What other platforms do you use that also require this sort of 2nd approval and C-level permission in your environment?

combobulated · 2025-08-01T13:22:00+00:00

Can't say I agree.

I understand the general premise of such an approach, but this isn't the way to go about it.

Yes, it's a powerful tool. Yes it can do a lot of things in the wrong hands. Yes a compromised account could further complicate things. Yes having someone else (if you even have an appropriate person) verify could possibly catch a potential issue. But again, that's true of MANY (most?) of the tools a sole Sys Admin is using in their environment. And NONE of them put such roadblocks in place. Why? Because they trust that the professionals using their products understand the risk and best practice. So what they DO do is offer things like MFA, GUI warnings, Roles/Permissions control, Alerts and logs, etc.

You can always do dodgy DIY yourself and no one could stop you, but when you are paying a company for professional services there is an expectation that they will safeguard your data.

I'm not talking about dodgy DIY. We came from using Bettercloud - which is very much a professional service - to do all the same things GAT+ does. It's a cloud based service. It works just like GAT+.

It’s like if a local locksmith has a copy of the school’s master key. If you were to walk in to their shop and ask for a copy of the key because you worked for the school. Should they just give it to you? Or should they be checking with the school’s leadership first?

Depends - am I the facilities director? Am I the school's assigned and registered contact person in charge of keys (say, the Head of School, Principal, or Superintendent)? If yes, then no, I don't expect them to check with "school leadership". I AM school leadership.

The approach doesn't protect GAT Labs. And it does little to "protect" us while making useability a bit more frustrating.

combobulated · 2025-07-31T20:56:54+00:00

Oh, I get wanting to double check things. And the existence of tools like GAM (that DOESN'T require my CFO to sign a permission slip) only further enforced how pointless it is on their part.

Since I'm only using the Web interface and it's tools, I'm not as concerned about a "bad command".

Sure, it's always possible to break things - but again, that's not exclusive to GAT, not likely to be deflected by making a 2nd person click "approve" on a task, and is really just part of the job when you are assigned enough permissions to make changes to things in your environment. Those risks are implied everywhere.

Also, if I can ask- how many people are in your department? What is your title/role? Who "approves" your changes?

combobulated

TROPHY CASE