HDMI switcher with 3 or 4 big buttons?

In a classroom, I have 3 HDMI cables at the teacher's desk. Ultimately, they need to go to a computer as standard USB video (i.e., recognized as a webcam).

Rather than the going to the computer as 3 cameras, it would be ideal if they were recognized as a single webcam. And it would be best if there was a box on the teacher's desk with 3 big physical buttons: Cam1, Cam2, and Cam3. Each button would control which camera feed is going to the computer.

I also don't want a bunch of other buttons to confuse the teachers.

The cameras are all 4K, and it needs to output to the computer as 4K.

Does such a simple setup exist?

reddit.com
u/FatBook-Air — 1 day ago

How do you prevent attackers from getting on AP management VLAN?

Each of our switchports feeding each U7 Pro XG wireless AP is configured with a trunk port allowing two VLANs: the native wireless-management VLAN and the tagged wireless-clients VLAN.

If a brazen attacker physically disconnected an AP and used the connection for their laptop, MAC filtering would kill the connection assuming the attacker didn't understand MAC spoofing. But I want to assume the attacker did understand MAC spoofing. So, they could get on our wireless-management network.

Is there a way to prevent this? I was thinking about 802.1x, but if I am reading correctly, I think Ubiquiti APs don't support 802.1x in this context? Or is my interpretation wrong?

reddit.com
u/FatBook-Air — 2 days ago
▲ 178 r/sysadmin

Anyone else downgrading their Microsoft 365 sub?

We are currently on Microsoft 365 E5. We got our new quote yesterday (estimated), and my leadership have decided to migrate to E3.

I don't think anyone is thrilled, but it's the only way to stay somewhat budget neutral.

Disclaimer: part of the issue is that we (my company) are seeing across-the-board increases for *everything*, so while our revenue is actually higher, our costs increases are outpacing it, which means we have fewer real dollars in the coming year. That's putting a squeeze on all purchases.

Anyone else?

reddit.com
u/FatBook-Air — 5 days ago

APs need to initiate connections to UniFi OS; what about the reverse?

I am setting up firewall rules, and I currently have a firewall rule allowing our self-hosted UniFi OS server to initiate connections to our wireless APs. It seems to work fine.

Will there later be situations where UniFi OS itself needs to initiate connections to the wireless APs? I don't mind adding the additional rule, but I don't want to do so unnecessarily.

reddit.com
u/FatBook-Air — 23 days ago

Small UPS or line conditioner for harsh environments?

Where I work, we have a few places where -- for short periods -- temps can get up to 140 degrees or as low as -5 degrees. It usually lasts only 4 or 5 hours a time before returning to about 75 degrees. It can also be very dusty.

I want the power to the network switches to be clean. I am not really concerned about battery backup as I am surging or sagging voltages.

I have tried normal UPS's, but they last only 12 to 18 months.

I also don't have a lot of room. These areas have 19-inch racks, but I have only up to 2U and about 20 inches in depth available. I have some room on the floor below the racks where I could put a tower unit, if I were forced to.

Total peak wattage is only about 120 watts.

Any recommendations?

reddit.com
u/FatBook-Air — 25 days ago
▲ 10 r/paloaltonetworks+1 crossposts

Can I get 60 DHCP scopes onto a PA-455?

Disclaimer: I should have read docs *first* and deployed *second*. But I did not.

I have about 60 VLANs/subnets. They're mostly small (/24, /25), and we have that many only to fully segment different device types. The total device count is only about 800. So I need 60 DHCP scopes. We currently have a small Layer 3 switch doing DHCP without any issue, but we are trying to migrate DHCP functionality to the Palo Alto to do some consolidation.

I have migrated 10 so far to the PA-455 without any issue. But I have read in the docs that anything beyond 5 is unsupported.

Am I eventually going to run up against a limit?

reddit.com
u/FatBook-Air — 26 days ago

Website scanner for $2500/yr?

We have a website for a nonprofit with about 600 pages, but only about 200 pages are "unique." (Those other 400 pages are template-based so we need to only check one to check them all.)

A professional company gave us a good baseline website with no known issues and was manually checked by accessibility pros, and we have a few in-house staff who have basic accessibility training who will do some basic checks, but we need something to get low-hanging fruit in case staff miss it.

Are there any automated services that will automatically crawl about 200 pages of our website that search for at least the easy WCAG 2.2 AA issues for about $2500 per year?

reddit.com
u/FatBook-Air — 1 month ago

Are you auto-deploying OS updates for Windows and Linux servers?

Back in 2019, we enabled automatic updates for Windows Servers. It has a 14-day deferral, and we update once per week. We have an update ring that automatically updates with a 3-day deferral for test machines and low-risk production machines. To my knowledge, we have run into only one significant issue that was a direct result of OS updates and was not caught in the 3-day deferral ring.

Last year, we deployed automatic updates for Linux servers (most are Rocky Linux and RHEL, and all are minimal installs with no GUI). It updates weekly. It prunes all kernels except the current one plus two older ones.

We do *not* currently auto-update most app software running on top of the OS. (There are a few we do, but we actually *have* been burned here.)

  1. Are you automatically updating your server operating systems?

  2. Is anyone aware of an official way to defer Linux updates? Is it even worth doing?

reddit.com
u/FatBook-Air — 2 months ago
▲ 109 r/sysadmin

Is anyone else having to hold off laptop purchases?

I think we all knew prices are now higher than they were 6 months ago, but I submitted my proposed budget last week, and today our line item for laptops was completely eliminated due to price.

We usually buy Dell. Look how high these things are. These are not highly specced laptops. By the time I can buy, the Dell Pro 16 Plus laptops that we bought last year will probably no longer be sold, and that sucks because they are $600 cheaper right off the bat.

https://www.dell.com/en-us/shop/dell-laptops/scr/laptops/appref=dell-pro-product-line,16-inch-screen-size,copilot-plus-pcs-artificial-intelligence

u/FatBook-Air — 2 months ago

Auditing custom code?

My org has WordPress sites, but we do not manage them. A local vendor manages them, and we do trust them, but they're not a big company.

They have produced some custom plugins for us. The plugins are doing some heavy lifting, although none of it involves PII or anything super sensitive.

Are there any automated/AI solutions that would allow us to intelligently fuzz or otherwise check for any low-hanging security issues with the code of the plugins?

reddit.com
u/FatBook-Air — 2 months ago

DigiCert is not a tiny company, with well over 1000 employees. The company is not in bad shape financially, as by its own account, "DigiCert...announced a record-breaking Q4 for FY2025." (Link). As a public certificate authority, many of its long-lasting certificates ship on consumer devices by default.

Why are companies like DigiCert still not using free application allow-listing solutions like AppLocker and App Control for Business (WDAC)? (Link)

>Threat actor engages user on ENDPOINT1 via support chat, repeatedly sending malicious ZIP file attachments presented as customer screenshots.
>
>ENDPOINT1 opens malicious file. Initial execution of k3.exe and related binaries from AppData and Public directories.

Of course, DigiCert points to a CrowdStrike malfunction:

>CrowdStrike support confirms ENDPOINT2 sensor gap.

Nonetheless, the fact remains that an application allowlist would have almost certainly prevented this issue. We need to stop pretending AppLocker and/or App Control for Business are some extremely high bars to meet; they are becoming the expected minimum, especially in high-stakes organizations that impact the rest of us.

reddit.com
u/FatBook-Air — 2 months ago

I know that we otherwise qualify for SAQ A, but I am stuck on one requirement due to the way our website is setup. Here is that setup:

  1. ON OUR SITE: Users go to our website and choose what to purchase.
  2. ON OUR SITE: When it's time to pay, our website creates a URL string that contains some transaction data, like: transactionID=34, transactionAmt=395.03,userID=123
  3. ONE OUR SITE: Our website redirects the user is using a GET (not a POST) to our payment processor's website (ACI Speedpay) using that URL query string (e.g., https://www.acispeedpay.com/transactionpay?transactionID=34&transactionAmt=395.03&userID=123).
  4. ON PROCESSOR'S WEBSITE: The payment processor's website then displays the amount that is to be paid and what is being purchased, and once the user confirms that everything is correct, the user is then prompted for cardholder data to make a payment.

No cardholder data is collected, stored, or transmitted on any of our infrastructure. The only thing we are automatically sending to the payment processor is data about the purchase being made, because otherwise the user would need to be trusted to tell the payment processor they need to pay X number of dollars and cents.

Would this environment qualify for SAQ A?

reddit.com
u/FatBook-Air — 2 months ago