You do realize that the entire "ubiquiti sucks" mood on HN started with the publications of these (factually inaccurate) articles from Krebs?
This whole thing pisses me off. A insider threatened a company with reputational damage and used a press guy to pull it up. HN picked it up and amplified it. Press guy never corrected the story, and the here we are - with people still railing on HN for a untrue story that the press guy enable that the extortionist planted.
> You do realize that the entire "ubiquiti sucks" mood on HN started with the publications of these (factually inaccurate) articles from Krebs?
It arguably started when they:
- Shipped tons of jobs overseas, and firmware quality took a noise-dive.
- Stopped letting people run the NVR on their own hardware (with short-notice).
- Required cloud login and an app for setup (something that, for years, NOT having was a claimed Unifi advantage).
- Constantly introducing and retiring half-baked ideas/products/lines.
The whole company has lost focus and certainly lost quality. The recent security kerfuffle certainly didn't help, but mostly it reminded people that their previously "local only" stuff was now Cloud Connected™ by force, and that UB lost the keys that users didn't want to exist to begin with.
I dropped Ubiquiti after their wifi APs started uploading telemetry. UI’s subsequent reaction to the secret telemetry (it was not announced or in any changelog before an user got curious about their Ubiquiti AP’s extra data packets headed to the internet) was to gaslight users and add an opt-out. The attempt was successful - people rarely bring it up and some will defend the actions of Ubiquiti.
I get it. Telemetry helps with diagnosing issues. But UI’s reaction to being unmasked made me realize they could never, ever be trusted for network infrastructure.
I also remember Ubiquiti quality declining before this Krebs business, and finding out that Ubiquiti had offshored much of the business in recent years.
I don't think Cisco will do this. They already have a budget product line. Which is said to be pretty mediocre but if course it has to be not to cannibalise their enterprise offering.
Linksys is strictly unknowledgeable home-use kit, whereas Ubiquiti could be called "prosumer," and Cisco doesn't have anything in the price range. When I built out a new, 1500-seat church, Ubiquity offered better-spec'd wifi AP's for less than half the price of comparable gear from Cisco. Would I do it again, knowing what a hassle their administration software is, and how often it breaks? I don't know.
The price here is almost the same as the Lite series of Unifi. They also have a Meraki go line but that seems to be yet another one (from an acquisition). But this is also in the same price range.
1. Krebs corrected the story. Twice. You just have to open the original article to see it.
2. The "Ubiquiti sucks" mood started with Ubiquiti releasing shit products with even shittier software that, quite incredibly, sometimes even degraded with updates.
Point 1 is correct insofar as he published an update to it in December.[1] He did not (and does not) make it clear that the employee who was arrested was his source.[2] In fact his anonymous source "Adam" is never referenced anywhere in his second article, outside of comments asking him about it.
If you read his reporting on this now, it is still not clear that "Adam", his source, and the person committing the alleged offences are the same person. It may be he doesn't know but he certainly makes zero effort in either article to address the question.
Ubiquiti's forced cloud BS is more than enough reason for people to move away from them -- they basically dropped out of consideration for my purposes after they did that.
It can also be true that there was a drop in stock price when this incident was reported, and further drops after Krebs' coverage.[3] In fact he even discusses their share price at the tail end of his original article, even updating it on March 31 and acknowledging a roughly $50 drop following his reporting.
I doubt Ubiquiti will win this court case but I do think Krebs damaged his own credibility here.
Has it 100% been confirmed that Adam == Sharp? There are certainly allegations that Sharp talked with the media, but on breaches like this there are typically multiple people working them with detailed knowledge. The timing is suspect, but with cases like this, you have to prove that someone did it out of malice.
It also doesn't mention anywhere in the indictment who Sharp spoke with, so until it goes to trial... unless Krebs confirms that it was Sharp that contacted him, these are just assumptions/allegations and not something that have been proven one way or the other.
"Ubiquiti sucks" started for me when a switch firmware update enabled some loop detection that couldn't be turned off, and completely broke my Google WiFi setup. Support tried, but ultimately the solution was to connect Google WiFi to a dumb switch.
Then around a year later an update bricked 4 of my 5 cameras, and support was completely useless.
You know, and then they had this huge security issue.
Sure, Krebs reported the security issue, but "ubiquiti sucks" sentiment has largely been Ubiquiti's doing IMHO.
> You do realize that the entire "ubiquiti sucks" mood on HN started with the publications of these (factually inaccurate) articles from Krebs?
Nobody’s posted a “Ubiquiti sucks” thread from before the Krebs kerfuffle, so here’s one from Nov 2019. In that thread, people complain about a new “phone home” feature and Ubiquiti ignoring the terms of the GPL.
Not at all, I continued writing a lot on Twitter and still love the product. I don’t like the way they’re handling this situation though, more in this vid from a few days ago: https://www.troyhunt.com/weekly-update-289/
Having used their products for years the "ubiquiti sucks" mood has been their own fault. Product quality has declined, they keep promising features that don't work / kill throughput / just don't come out for months if ever.
I think you're mistaking a correlation for causation here. Yes, people started saying "UI sucks for $reasonXZY" a lot more after these articles came out, but that's merely because the articles provided a convenient hook to which to attach existing grievances.
A random "Tell HN: UI sucks because their firmware went down hill"-post is not likely to go anywhere. But as a comment within an article about UI, sure, that works.
There are many things wrong with UI. An inflated insider security story does not change that.
"Ubiquiti sucks" is not an HN-specific thing. The consensus among IT folks in multiple communities I'm part of is that they've gone from being front-of-the-tech-curve with nice UI that Just Works, to overpriced underspec'd cloud-locked-in meh-ness.
I put them on a personal black list when there was some shenanigans with them using GPL code and not releasing their modified source, or something. That was years ago.
a few weeks ago UI released an update to their protect surveillance line which subsequently prevented certain cameras from recording. an update which fixed this "bug" was released 3 days ago.
things like this contribute more to the mood you reference than the reporting from Krebs a year ago, IMO.
Speaking only for myself I disagree. I only had vague notion of them, but read Krebs on occasion, but didn't have any strong feelings on them ... until this. As long as the info in the 1st post form the lawyer is correct, I wouldn't buy from them
The press across the board does a terrible job of printing retractions. I know that doesn't really excuse Krebs but most errors don't get corrected and those that do generally show up in a tiny column in the middle of the paper.
If you're Brian Krebs and are writing, editing and publishing this stuff yourself, I don't know that you'd have the bandwidth to be able to monitor and correct every new development in something you've written. The New Yorker has a staff of hundreds of fact checkers, lawyers and proof readers just to keep them out of court, and they too seem to have a difficult time with publishing corrections.
I'm not excusing either party, there are issues here that need to be resolved. But the expectation that any part of the press, be it publishing a physical newspaper or running a security blog, will spend much time paying attention to old stories for corrections doesn't match up with reality.
Wow, I didn't know that. If that's the case then Krebs is far beyond what 99% of large news outlets, magazines and other news sources bother to do. I was on the fence before about this but if that's the case, I'm fully on Krebs' side here.
It's not defamatory though - if people decide "yeah you probably suck" but its because of what someone else said, it's arguably up to them to show the person who originally spoke was defaming.
You can't sue journalists for this.
Now, it sounds like they have a bunch of other (factually correct) nonsense going on, they had a leak, suing to try to stop is just an incredibly bad look. I don't even know who Ubiquiti is, but fuck them, they sound like aholes to me.
It's almost impossible to prevent a trusted insider attack. It is possible to quickly identify and shut down a insider. I think the second is a bigger issue - they did (obv) identify the attacker - but they had the FBI involved at that point.
Good policy will prevent you from assigning the person responsible for the breach to the team to investigate themselves, I think the FBI learned that the hard way.
Ubiquiti did not have good security policy as stated in the hacker news post from 3 months ago (cred open to many people etc).
While it’s impossible to completely prevent this, best practices were not followed.
Thank you for saying what nobody else on HN will say. Instead it’s just constant outrage on HN against companies. Why didn’t Krebs issue a public apology or retraction? I love Ubiquiti and have over $2k worth of UniFi equipment in my home.
This entire fiasco has hurt Ubiquiti’s brand and reputation, and in no small part Krebs is responsible for that.
This whole thing pisses me off. A insider threatened a company with reputational damage and used a press guy to pull it up. HN picked it up and amplified it. Press guy never corrected the story, and the here we are - with people still railing on HN for a untrue story that the press guy enable that the extortionist planted.