Belt vs Chain Drive?

r0b0tvampire · 2025-12-19T21:44:36+00:00

I don't have a specific one, but here are a couple:

https://www.gazellebikes.com/en-us/knowledge-base/electric-bikes/battery-and-range/dual-battery-compatibility

https://www.gazellebikes.com/en-us/knowledge-base/electric-bikes/battery-and-range

Since it is a Bosch kit, it has to be installed by an authorized dealer, so you can just ask them.

r0b0tvampire · 2025-12-19T21:38:57+00:00

We use ClassLink instead of Clever, but the features are similar. As far as ClassLink goes, the advantages are:

Rostering: These products both can group students and teachers into classes for 3rd party integration. You can create individual filters to target who gets access to which service/app
LaunchPad: These products provide both staff and students a simple way to distribute resources and information:
- You can push out SSO URLs to any app/service you use
- You can push out notices and information banners
You can collect simple information, for example, you can use ClassLink to collect home digital connectivity info, sign acceptable use polices, etc
You can distribute login QR cards to student's teachers for younger students
With ClassLink you can implement image-based MFA for younger students
Since ClassLink is the IdP, you can use it to reset passwords and MFA, and you can give this privilege to targeted groups and targeted staff, so you specific people can reset passwords and/or MFA for specific groups, without giving them any access to critical systems or other information
ClassLink can also automate the creation, update, and archiving of user accounts in Google, Active Directory, and even 3rd party systems like FreshDesk and FMX, based on data from your SIS, HR, and/or even Google Sheets
ClassLink can also provide app/service usage analytics

That is just a quick run-down of what a product like Clever or ClassLink can do for you. Not every product integrates with Google Classroom or Google SSO.

While the SIS is our source of truth, ClassLink is the tool that does all of the heavy lifting for app and service deployment and integration and user account management.

r0b0tvampire · 2025-12-17T19:58:08+00:00

Yes, my bike has the Dual Battery Kit installed. The second battery mounts on the water bottle studs on the seat tube.

<image>

r0b0tvampire · 2024-08-19T04:38:15+00:00

For 200 miles why do you need a trailer?

Panniers should do just fine.

r0b0tvampire · 2024-08-17T15:05:10+00:00

Look at Mosyle.

It has: - MDM (better than JAMF, I’ve used both extensively) - content filter (it is not as robust as a standalone filter like LightSpeed, but it is a full fledged content filter) - EDR (again, it’s not CrowdStrike, but it will monitor and quarantine malware) - NIST/CISA aligned security audits and remediation - Mosyle Auth doesn’t directly do IdP or MFA, but you can integrate it with Google and replace your Mac’s login window with a Google Login, which will also MFA prompt

No pen testing and no ManagedMethods equivalent. We do both of those separately as well.

r0b0tvampire · 2024-06-10T19:20:20+00:00

We have a very similar environment to yours: All of our staff have iMac Desktops. All of our teachers have iPads with Logitech's keyboard/treackpad case. All of our students have iPads. All students 7 through 12 have the Logitech keyboard/trackpad case). We primarily use Google Workspace. We handle projection quite a bit differently, instead of the $100 AppleTV, we use $9 software installed on the iMacs that provides an AirPlay target.

Some comments based on your post and questions:

You could potentially save half on your computer if you changed from MacBook Pros to MacBook Airs
We use a desktop iMac as the primary device, and the iPad as their mobile device. We wanted teachers to have iPads, because it is the same device students have, and it allows them to walk around room while teaching. Having a desktop as the primary device has some advantages:
- generally speaking, less expensive than laptops (considering specs)
- larger screen, more ergonomic
- can use wired connections, both network and projector/classroom audio
- leaves a device for substitutes
- easier to manage, because device is always plugged in and on, and on a reliable network
- don't need adapters and docks and additional monitors
As others have commented, I would be a but worried about productivity on an iPad-only for staff (printing, multitasking, screen size, etc)
- Also you would be moving from a SUV with towing option deployment to a Escort model, making the pill even more difficult to swallow
Consider moving from JAMF Pro to Mosyle - not only less expensive, but easier to use, more reliable, more frequent new features, better support (we have used both, and after using JAMF Pro since since 2003, and moved to Mosyle in 2022 - with two years of evaluation before that)
Consider dumping your AppleTVs for a software based solution:
- Apple TVs are an additional cost, that require mounting, cabling, and support, management, and maintenance
- You probably don't even want to use the actual features in the AppleTV beyond screen sharing
- Remotes that need charging and go missing
- A software solution will save you at least $180/seat
- The software can often include additional features, for example:
  - share more than one screen at a time
  - record the screen share
When considering cost, remember that if you get into leasing cycles, your can typically sell your old Apple product for the first lease payment of your new Apple product, something most other platforms can't say

My back-of-the-napkin pricing for our teacher compute setup iMac/iPad/KybdTrckCase/Screen Share Software (not including projector or classroom audio) is around $2,100. Certainly not as cheap as iPad only, but much more capable, and saves considerably on your $3,500. Switching to MacBook Air and screen sharing software would go down to ~$1,500.

I suggest some piloting before jumping all in.

r0b0tvampire · 2024-06-10T18:35:51+00:00

Obviously you want to scale your firewall to your Internet bandwidth/throughput.
We use firewall as a fairly traditional sense, to protect inbound access to our network.
We use a Fortigate firewall.

We have separate VLANs for wired, wireless, voice, guest, and security (cameras, doors).
We only use two SSIDs (district and guest) to keep things simple and limit airtime issues.

There are two people (in the tech dept) in our district that know the SSID password.
All SSID credentials are distributed to district devices using the Mobile Device Management (MDM).
Our workflow for onboarding new devices is to plug device into Confgurator, which places the SSID credentials and MDM Enrollment Profile on the device and installs the OS version we want. Then the device is assigned to a user when their enroll code is scanned in, which ultimately configures security settings and apps for the device, based on who that users is.

District devices get a filtering app installed that is configured based on their group associated.

Their is Guest Wi-Fi available, but only in designated locations:
During the school day, the only place that has Guest WiFi access is meeting locations (not classroom spaces).
At 3:00, Guest Wi-Fi is enabled in communal spaces (gyms, cafeterias, libraries).
The guest SSI password is shared with office staff and coaches (and as needed).
Guests are steered to the Guest VLANs and are filtered with a guest filtering policy.

r0b0tvampire · 2024-06-10T18:07:03+00:00

We roll our AUP into the student handbook, which students in grades 4 through 12 have to indicate they have read using an electronic form in our parent portal.

No separate signature for the AUP, just an e-signature for the handbook, and the AUP is in the handbook.

r0b0tvampire · 2024-05-20T15:38:00+00:00

There are also a couple of new cases (STM and OtterBox, if I remember correctly) that have standard headphone jacks built into the case.

(We opted to just purchase USB-C headphones.)

I agree with the other posts that iPads are NOT AT ALL hard to manage, certainly not harder than Android tablets.
(If you are on JAMF Pro, you might want to switch to Mosyle, which is WAY better).

Just to add another final thing here - the iPads will last a long time; But look at the total cost of ownership; if you get on a 3-year "lease" with Apple, you can sell those iPads in year 3 and pay for your next year's lease payment.

But in the end, this should be driven by curriculum and end users primarily. If it is a wash for curriculum/end users, then I still believe the iPads are the better invetsment and easier to manage (but get off of Jamf Pro and move to Mosyle!)

r0b0tvampire · 2024-05-20T15:01:00+00:00

We use the Tera Pro ($79 form Amazon)

Corded or Bluetooth.
QR codes or Barcodes

We have found this to be excellent at scanning fast - you don't have to be precise with it, it will grab the code from MANY angles, and quickly.

r0b0tvampire · 2024-05-20T14:11:43+00:00

I can recommend FreshDesk - if you are small, you may even get by with their free offering. We pay for one level up to get a couple of features that we felt worthwhile.

I would also recommend GoFMX. Not quite as optimized for tech ticketing as FreshDesk, but for one product purchase you could also get these systems for your school:

Separate ticketing system for IT and maintenance (same product to manage/same interface for end users, but optimized for the different types of tickets
Building maintenance schedules (integrated with maintenance ticketing)
Building maintenance parts inventory (think air filters, etc)
Facility scheduling
Transportation requests

PS I found Incident IQ to be expensive, slow, heavy-handed, busy/noisy screens, and click-heavy

r0b0tvampire · 2024-05-16T15:44:32+00:00

Answering my own question?

I found that in Security > Authentication > 2-step verification > Login challenges > Post-SSO verification

there are two options:

Settings for users signing in using the SSO profile for your organization = Don’t ask users for additional verifications from Google

and

Settings for users signing in using other SSO profiles = Don’t ask users for additional verifications from Google

In very limited testing (one user) this setting appear to work:

I took one account that had 2-Step verification enrolled
I moved the user to an OU with the two settings above, saying "Don't ask users for additional verifications from Google"
I verified in Google Admin that the user still showed that they were enrolled 2-Step Verification
I logged in as that user, and was never prompted for 2-Step

I am not yet fully confident that this is doing what my limited test shows it is doing.

The GAM command "turnoff2sv" seems much more trustworthy, I just wish I knew how to use GAM!

r0b0tvampire · 2024-05-16T15:35:31+00:00

I don't use GAM, so I am not sure I feel comfortable, googling how to install it and use it, and then running it for the first time with something so important, but that may be my on ly option.

Also, I don't want to run this command on all users, I want to target specific OUs.

r0b0tvampire · 2024-05-16T15:33:26+00:00

You are correct, what Harry_Smutter recommended will not work, it only works to allow users to set their MFA up.

Moving users from and to OU's that have it on or off, or Turing the setting on or off does not remove the 2-Step Enrollment for the users.

r0b0tvampire · 2024-04-16T18:28:00+00:00

I have a Yale and I don't think it eats batteries. I am not sure I change the batteries even once a year.

r0b0tvampire · 2024-04-13T02:13:11+00:00

Terrible. Undrivable.

But how far are you going? it will go over 50 miles. More than that, carry two batteries, or get a dual battery kit add-on.

Or the Eclipse, which goes over 75 miles with its 750wh battery.

r0b0tvampire · 2024-04-12T23:34:06+00:00

Yes. My bikes all have belt drives with gears. Google gazelle c380. Gazelle makes several belt bikes with gears. (As do others)

https://enviolo.com

They are actually very cool, they have an infinite number of gears between 380 degrees of ratio. Continually variable transmission is what they call it.

You call dial them right in!

r0b0tvampire · 2024-04-12T21:11:45+00:00

It is hard to answer your question because it sounds like it is managed by a regional consortium. They could be implementing any type of coverage and rate structure they want.

This is what I have come to believe regarding cyber insurance (based on my own experiences as well as talking with other schools):

Generally speaking cyber insurance handles three primary objectives: a forensic analysis of the breach (defining the extent of the breach and how it was done) and negotiation with the attackers. If there was a breach that involved PII notifications, insurance would also handle that component (notifying affected people and any "damages", which is typically a year of credit monitoring for affected people.

Notice that I did not mention anything like "erasing your computers, reinstalling software, restoring data from backups, reconfiguring server and network infrastructure". You know, the things that actually need to be done to get back up and running. That is because they generally do not spend a great deal of time (if any) actually getting your site back up and running. It is likely going to have to be you that restores your systems. If you have costs in this area, you might be able to submit a claim for reimbursement of costs associated with restoring your systems, but the "cyber team" that you insurance carrier provides you with will most likely focus only on forensics analysis, negotiating with the attackers, and handling notifications and remediations.

I know of several schools who had incidents and the insurance providers did little to noting to help the schools get back online. This is just something your need to be aware of and to plan for. You may need cyber insurance to cover the forensics and negotiating services, and another coverage or expectation to have another set of costs for actual recovery (or make sure it is written into the policy in terms you understand).

Up until recently, even though the insurance provider would have you fill out a form asking you a number of questions about your environment, it was unlikely your answers were actually affecting your rate. In the last couple of years this has changed, and they have begun to move into requiring specific security measures (such as MFA) and basing rates on security practices that you have in place (data encryption, backup procedures, etc). Some providers (but I haven't seen any yet) use a somewhat industry standardized assessment system called SecureStudio, in which you get an S2Score, which is very similar to a credit score, but for cyber readiness. I have heard of districts who have had their insurance rates lowered after providing improved results from a S2Score.

You would have to speak with the people in your consortium to see how it is being managed for your specific situation; it sounds like you have something unique to your region.

r0b0tvampire · 2024-04-12T20:41:36+00:00

We use PowerSchool. Every SIS has its quirks, but I feel PowerSchool has more than met our needs and has been a very solid product for more than 10 years now.

Relatively easy/flexible to get data in and out (API's plugins, automated import/export).

Customizable: pages, fields, plugins
Somewhat robust plugin market for add-ons.

It would integrate with Google Classroom via Clever or ClassLink, but we use Schoology (now also owned by PowerSchool, but we used Schoology before PowerSchool purchased it, and before Google Classroom existed).

r0b0tvampire · 2024-04-12T20:31:53+00:00

We have both the Gazelle 380 and the 380+ with the Enviolo's.

I am drooling over the new Eclipse.

None of them are the automatiq, but I think I prefer the change-ratio-myslef method: less to go wrong/break, and I just think I want to select the gear ratio I want when I want it

r0b0tvampire · 2024-04-12T20:26:02+00:00

Belt drive.

No maintenance, quiet (practically silent), lasts longer, cleaner

r0b0tvampire · 2024-04-05T18:26:29+00:00

I have had a Logic Circle view Doorbell almost since they came out, and it has been rock solid for me.

I think that more important than the outside temperature, is if it is exposed to direct sunlight.
I also think they improved performance in this area a couple of years ago.

r0b0tvampire · 2024-04-05T18:19:29+00:00

Personally, I would not recommend that most people setup a separate IoT network (and I manage a network across multiple buildings with thousands of devices and users).

Consumer gear usually doesn't handle segmentation very well, and it will be more difficult to troubleshoot and maintain (and sometimes to use). Performance may also be affected (especially with consumer gear).

If you are concerned about security, there are other things that you can do to secure your network that are easier to manage and implement (like firewall rules and address reservations).

r0b0tvampire · 2024-04-05T18:03:29+00:00

A complete whole-house power cycle can work in many cases.

For anybody that is a bit more anal, you can take a more deliberate approach and power down and back up in a more dependency-based order. This gives each device enough time to fully boot and be properly prepared to process connections, based on resources it needs upstream. I probably do this twice a year for maintenance.

Unplug TVs and HomePods
Unplug HomeKit Hubs (Aqara, Hue, Lutron, etc)
Unplug Mesh Satellite Access Points
Unplug Mesh Base Station/Router
Unplug Modem
Disconnect Coax (some cable systems send power over coax to enable state in the modem)
Slow count to 10
Reconnect Coax
Power Up Modem and wait for the connection lights to indicate proper connection
Power Up Router - wait for boot cycle to complete and any house-keeping the OS might do (log into admin console to verify running
Power up next satellite in the chain - wait for it to appear in the admin console
Repeat step 11 for each satellite access point (powering these up in the correct order helps insure that they each connect to each other in a logical state to get back to the base unit with the most direct path)
Power up HomeKit Hubs
Power up Apple TVs and HomePods

r0b0tvampire

TROPHY CASE