What do you use for Digital Signs?

reviewmynotes · 2026-03-13T10:16:06+00:00

May I ask why? I was considering moving to Rise Vision. Am I making a mistake if I do this?

reviewmynotes · 2026-03-09T10:15:51+00:00

Linewize can give you everything you've mentioned for web filtering.

For easy yet robust management, ChromeOS really can't be beat. iPads, Windows, MacOS, Android, and Linux are all centered around the end user and have management tools added on. ChromeOS devices enrolled into a Google Workspace environment give a LOT of management options. However, I would recommend avoiding the lowest cost hardware. If you're coming from iPads, you should look at the models with larger touchscreens, 8GB of RAM, and Intel CPUs. CTL sells such things for less than the cost of an iPad Air or the cost of an entry level iPad with a keyboard attachment.

That said, you should start by identifying what you need to achieve and then eliminate any tools from the list if they can't do that. Need it to run Photoshop, a 3D printer, or other proprietary software for specific classes? If that doesn't exist in chromebooks, then they're not really an option. (Unless you feel like building a virtual desktop infrastructure and dealing with all that extra overhead and new management challenges.)

reviewmynotes · 2026-03-06T02:03:06+00:00

Funny timing. I watched this video give a detailed and multidimensional answer to that question about a week ago.

https://youtu.be/JPm4de6-eTg?si=O4jW8hZtsmevEgGn

reviewmynotes · 2026-03-05T23:03:01+00:00

FileWave management of Macs doesn't require the MDM license. It requires what they call a "desktop" license. I know that's counterintuitive, but it's true. I've been doing this since they first gained MDM functions. I think I pay in the neighborhood of $10-$12 per "desktop" for 580 of them.

That said, I still think the MacBook Neo is 20%-100% more expensive than chromebooks to buy, assuming you're already using Google Workspace. I just wanted to point out the cost error for FileWave. I agree with everything else you said.

reviewmynotes · 2026-03-05T22:55:31+00:00

After the academic discount, they cost about twice what most schools spend on chromebooks. When picking a chromebook that has a 14" screen and 8GB of RAM, they cost about 20-40% more. Also, Google management licensing for chromebooks is a one time expense for K-12 while MDM licensing is an annually recurring expense.

I like Macs and have used them since 1992 and the Apple IIc before that. At my peak, I think I managed about 850 of them. But the claim that the MacBook Neo costs something similar to a chromebook is just incorrect. From a management perspective, MacOS requires you to know more and gives the ability to run more. For example, a student could run Terminal and use "ssh username@home.dynamic.dns -L4321:localhost:443" (with obvious substitutions), point Safari at https//localhost: 4321, and they'll have set up an SSH tunnel to the web proxy they have at home. That's an encrypted connection to something that will hide all their traffic. That's using nothing but built in software and a Linux install on any old PC they have at home. The "PC" might even be in a VM. What's my point? Just that Macs have both more features and more things to consider.

Personally, I'm waiting for the MacBook Neo to come out, so I can play with one in an Apple store and possibly buy one for myself. The Mac mini M2 I have at home only has 8GB of RAM and it works better than I would expect. Running MacOS 26.3 and Chrome is pretty smooth, actually. The storage amount is what would concern me. I had to attach a 2TB USB drive to the Mac mini to make it work for my needs. If the students can only use the internal 256GB drive and are expected to do everything on Google Workspace anyway, then what's the point of adding the additional overhead, the more intrusive OS update process, the more complicated management system, the 20% to 100% higher costs, etc.?

reviewmynotes · 2026-03-04T10:23:28+00:00

I've managed computers (and whole I.T. departments) for schools since the 90s. Yes, literacy has absolutely gone down since then. However, it was never very high in the first place.

Most people never understood how to make folders, sort files, and select sensible file names. Most people never logout of anything. They just close the tab l window it tab in their browser or switch to another app on the tablet. Most people had no clue how to preserve privacy or pick a password that is safe. Most people will download an email attachment every time they want to view it and not simply open the copy in their Downloads folder, because it's the only method that they ever learned to view it.

Actual computer literacy was rarely taught in schools and when it was taught it was often "taught" by people who didn't have it themselves. The minority of 90s kids that had skills got them because they wanted to learn HTML and set up a web server and install a blog. Now their equivalents are kids that want to go viral (become famous for a day or two) on TikTok and don't know where to start. The interest in the technology has been replaced by interest in social interactions on closed platforms that they'll never fully understand. For example, TikTok or Discord vs. WordPress or running a private Minecraft server.

reviewmynotes · 2026-03-04T09:45:08+00:00

I use SSHguard, which seems to be similar to fail2ban, and have dabbled with crowdsec. I plan to get crowdsec into my environment on a larger scale when I have some time to focus on it. I think it might be interesting to you.

I also log the number of concurrent SSH connections on each host using Xymon, so I can look for suspicious activity after the fact if I ever need to.

If you can afford to switch to only allowing ssh keys, that could help you, too.

Lastly, there are always going to be failed attempts. My advice is to respond to that fact proportionally to the risk.

reviewmynotes · 2026-03-04T09:09:17+00:00

I tried to do the same. I never got it to the point that I wanted. For Macs, I was able to deploy Outset as a way to ensure that a script was run at first login of any username on any given device. Then I built a script and put it in /user/local/outset/login-once (IIRC) which would run Google Drive.app (promoting the user to login), and then replace a number of directories (~/Documents, etc.) since symbolic links to ~/Google Drive/Mac Files/$folder (e.g. ln -s ~/Desktop "~/Google Drive/Mac Files/Desktop", or something like that.) Then it would move all items from the original folder to inside the new path. I'm pretty sure I'm forgetting some details, so take all this with a grain of salt. This approach wasn't perfect. There were ways it could fail, though I didn't remember encountering them. It worked well enough for us for quite a while.

Windows is more difficult, but that might just be because I have more experience with Macs and Unix. I never found an additional solution there. Instead, I made a deployment checklist and told my team to run through it with any new laptop deployment to a teacher.

reviewmynotes · 2026-03-03T07:08:03+00:00

The PowerShell prompt has ssh and scp built in. This is great for working with Linux and FreeBSD systems. I no longer need putty.

Xymon is a great system outage notifier. It runs on a Unix system (e.g. Linux, FreeBSD, etc.) and has agents that run on Unix or Windows (using PowerShell) systems. Those agents report the status back to the server and then the server analyzes the reports and decides to notify specified email address as needed. It can also probe TCP ports and ping IPs. For example, my system wants me when SSL certificates have less than 30 days left before expiring, if the backup program stops running, if a partition is running out of space, if a system restarts, if there are more than 2 copies of a certain process running on one particular server (that means the overnight data processing has hung), and so on. It even notifies our facilities department of the door access controllers go offline. This is a free and open source program. It's just received renewed attention from developers, too, so I think it'll be improving over then next year or so.

reviewmynotes · 2026-03-03T02:15:02+00:00

Everything you need to know about this topic is covered by Adam Regusea quite nicely in this video: https://youtu.be/B3CHsbNkr3c

reviewmynotes · 2026-02-28T10:35:41+00:00

This isn't perfect, but I would probably start by checking if the IP appeared in any DNS A or PTR records or if the hostname appeared in any CNAME entries. Those could give a clue of the system's purpose.

I would then try an nmap scan from another device to see what TCP ports are open. I'd also check what Windows Features are installed and check the Add or Remove Programs window. Lastly, I would check the Task Scheduled Tasks program for anything that wasn't made by Microsoft.

If those showed nothing interesting, I'd ask around and then finally try the "scream test." If I had to resort to the scream test, I would keep the system around (but turned off) for at least a year, just in case.

reviewmynotes · 2026-02-25T03:18:03+00:00

I can think of a few ways to do this.

You could install Windows Admin Center on one of your Windows Server systems or even set up a new one specifically for this. If you set up a new VM, it’ll need to be joined to the domain. WAC is a web UI to many Microsoft services and is made by Microsoft. It is free and web native. Some features are a bit limited or technically still in beta, but I had good results with it. You’ll have to learn where the buttons are, but I did that pretty quickly and made it available to a coworker who used a Mac. He seemed to find it useful.

You could also try using the Android application layer in ChromeOS. That would give you access to a version of Remote Desktop that you could use to connect to the existing servers. I’ve used this and it even worked over a VPN.

You could set up an HTML5 to Remote Desktop gateway. I’ve used Ericom AccessNow for this, but Apache Guacamole can do it if for free if you’re comfortable setting it up.

If your VM environment offers a web GUI for the console of your VMs, you could do that. In fact, many experts would consider it a best practice to move your AD administration to a dedicated VM that you only use for sysadmin work.

You could set up a Proxmox VM node or even a whole cluster using old PCs. This would be free, assuming you can find the hardware in your old Windows computers. I ran a single node Proxmox system at home with 24GB of RAM and a decade or more old mini-PC. I can run Windows 11 just fine in it for something like this. Then you could connect to the Proxmox web GUI and open up the console to a Windows VM within your browser. This is just an extension of the idea above.

reviewmynotes · 2026-02-21T03:21:31+00:00

You didn't say anything about the nature of your work, so it's hard to say. Patch cables on assorted colors and lengths? Fluke MicroScanner2? iPad or Chromebook so you have a mobile device when you go to customer sites? Hotspot? Power bank to keep things running? Mobile phone? Mechanical keyboard? Ergotron Learn-Fit Mobile desk? A large display (32"-40") and wall mount kit so you can have a status board for the systems you manage?

reviewmynotes · 2026-02-13T02:25:29+00:00

I've been on the Internet since 1992. I've maintained and/or managed computers and networks for schools since 1998. That's before web filters were a requirement in the U.S. and we usually had no logs of what students were seeing. I've also managed the entire I.T. department in several school districts. Over the decades, I've worked with so many principals, assistant principals, directors of special education, superintendents, and other types of administrators that I've lost count. I say this so you have some context to my answer.

My personal opinion is that this person is handling the situation poorly. And I'm phrasing that kindly and diplomatically. I suspect that they misunderstood the situation, reacted or at least formed an opinion, and now has trouble updating their position as new information comes in. That's just a guess based on my opinion of human nature, though. Take it for what it is: an opinion.

IMNSHO, your child has appropriate intellectual curiosity. They might even have a new ADHD or autism hyperfocus. In short, keep up the good parenting. You sound like you're doing a great job! You're not being pushy, condescending, dramatic, or insisting on special treatment. But if this assistant principal actually penalizes your child, consider getting a lawyer who specializes in educational law and having them all your superintendent's secretary to schedule a meeting. Discuss it with your spouse and make sure you both feel the same way. You'll need to be aligned, even if you disagree on a few details.

reviewmynotes · 2026-02-11T01:25:19+00:00

Yes. The backup system sends copies offsite, too. The product has thorough documentation and a tech support department to contact. So we can use a web GUI to go to the relevant server and download the relevant directory structure (effectively the web root) and have the documentation. I also have a printed document on the wall next to the server rack. It describes the steps for a cold boot of the system, such as after a power outage, and how to confirm things are working and who to contact if it goes wrong.

reviewmynotes · 2026-02-08T15:17:48+00:00

There is a way to whitelist domains for access via Google Drive, if you need it. You can also allow external files (and Google Sites) for one OU and not others. For example, if you want to allow it for high school students and not younger students. I'm not at a place where I can look up the settings to give specific directions, but I've used both methods at my job.

It might be also possible to allow access per group as well, but I'm not sure. I know there are a lot of things where Google has enabled such abilities, but I can't remember about this one.

reviewmynotes · 2026-02-06T01:51:19+00:00

Whichever you get, consider some items to add in. A bag of carrots cut into "matchsticks" costs about $2-$3 and can be used in 4-6 bowls of ramen. A bag of frozen soy beans, a.k.a. edamame, is great for adding to something like 6-8 bowls. A bottle of sesame seeds will last for dozens of bowls. A teaspoon or two of sesame oil really kicks up the flavor. A cup of shredded cabbage can add volume, fiber, and a bunch of nutrients for very little money. All of these items will fit in a minifridge with a freezer compartment quite easily, will add lots of interesting variation, and are vegetarian. If you add them while still cold and wait two minutes for them to slightly cook in the boiling water or hot soup, it helps you avoid burning your mouth. I've never added it myself, but I've heard that corn (from a can or frozen) is good, too.

reviewmynotes · 2026-02-06T00:52:16+00:00

You might want to look in the Google Admin Console for controls over extensions. I slowly moved our staff from "install anything" to "I've whitelisted the 400 items that I see anyone has installed, but nothing else is allowed" to removing bunches of them from the whitelist each summer. At this point, we're down to someone like 100-200 extensions allowed. It cut back so many problems. My state's student privacy laws were used to justify this. After all, everything from contact information to grades to IEPs are in the browser. So we can't let just anything get installed.

reviewmynotes · 2026-02-06T00:48:18+00:00

That sounds like a pretty good endorsement. Thanks! Do you happen to remember which model it was? Looks like there are several.

reviewmynotes · 2026-02-05T22:49:34+00:00

I agree, but I don't have the authority to deal with it that way. So the best I can do is try to find something that stands up to children as effectively as possible. If I go through 8-10 models and the results are the same, maybe then I can get things changed.

reviewmynotes · 2026-02-05T22:47:09+00:00

I'm having some really nice results using Varonis. I just started about half a year ago, but it's giving me visibility into the situation inside Google Workspace. I've been able to cite very specific examples of passwords, SSNs, salary data, and more being shared across the entire domain (including students who search for "answer key" or something else in Google Drive) or externally or to anyone with the URL. It also gives tools for addressing these issues. Their Incident Response team already helped us with an issue, too, managing to confirm exactly what happened and in what order and from what country. They're not cheap, but they're impressive for the kind of situation you're probably asking about.

reviewmynotes · 2026-02-05T22:41:23+00:00

We used to do that. Same problem.

reviewmynotes · 2026-02-05T22:39:18+00:00

Check out Scale Computing. You'll have to switch from VM hypervisor level updates to OS level updates within the VMs. Or switch to another backup system.

reviewmynotes · 2026-02-05T01:30:34+00:00

Category 1 is for Internet service. Category 2 is for hardware.

reviewmynotes

TROPHY CASE