[_pplp]

If I can vent for a second, this company has no leadership. None. Things may have changed in 2 years, but I doubt it. I was messaged almost daily by random employees asking wtf was going on with the company. They were afraid for their jobs. Practically no one respected the CEO, and he was the only C-suite exec. There. Was. No. Leadership.

There was no company wide communication, and all communication channels were made private, and if you sent an email to more than a couple people you were directly rebuked by the CEO. Nobody felt like they were trusted, and the norm was for most engineers to have absolutely zero idea of what was happening in the company outside of their direct project.

Teams were constantly at odds and pitted against each other, and the CEO never resolved any conflicts between teams or employees. The company (at least the software side) was treated like Thunderdome. Some team leads and office managers took care of their people, but most people were just beaten down. I don't think I'd ever seen a less motivated, more dejected group of software developers than I did during my time there.

IMO, this kind of bullshit clown show starts from the top. And as long as the top doesn't want to fix it, it won't get fixed. And since software almost invariable ends up reflecting the structure of the organization that produced it, you get this kind of security shit show.

I hope this is the last one and they get their act together. But realistically I can't believe that'll happen.

[ex_ubiquiti]

> There was no company wide communication, and all communication channels were made private

I couldn't understand why the ex-Amazon cloud lead was also in charge of Slack. When he made all channels private and put a Slackbot in every channel to monitor conversations, I knew it was all over. I'm worried his Slackbot logs are part of the leak. Guy had his hands in everything :(

Same guy who took over GitHub and forced everyone into his self hosted source control because he couldn't trust Github. That decision didn't pay off.

[lima]

> I couldn't understand why the ex-Amazon cloud lead was also in charge of Slack. When he made all channels private and put a Slackbot in every channel to monitor conversations, I knew it was all over. I'm worried his Slackbot logs are part of the leak. Guy had his hands in everything :(

He did.... what? That sounds like straight out of a Dilbert comic.

[_pplp]

I mean, I didn't necessarily agree with all of his methods or reasonings on everything, but I've come to realize a lot of times his hands were just as tied as ours. And the draconian surveillance stuff? Yeah, he was directed to do that. One guess by whom.

He was "in charge" because he convinced Robert that he was the right guy for the job by finding a security flaw that let him log into Robert's personal UniFi Protect setup at his home. At that point Robert basically gave him carte blanche, but also started directing him to lock everything down. More than a bit of paranoia there, in my opinion.

[ex_ubiquiti]

He was in charge of cloud when he "found" a way to forge Ubiquiti SSO logins for any user using his root access to the SSO signing secrets.

In the Krebs article the whistleblower calls out forging SSO logins as one of the things that was compromised. If the attacker is really an ex-employee like Ubiquiti says, then it's scary that the SSO signing keys aren't even being rotated after the account forgery stunt.

> Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

[sngz]

> Same guy who took over GitHub and forced everyone into his self hosted source control because he couldn't trust Github.

sounds smart to me. I wouldn't trust github either.

[lostlogin]

If you had the power, what you would do?

From the outside it seems like accepting fault and product returns would smooth waters. Acknowledge faults on their own forums and Reddit subs and also provide times lines for fixes (then stick to them and update threads!)

The hardware is mostly good. The weird bugs and company management are turning a strong community of users against Ubiquiti.

[EricE]

Even as an outsider it's beyond obvious there is no leadership or vision other than cut costs.

After Brandon left, Unifi went to shit. There hasn't been one significant feature or major function added to Unifi since then. Routing hasn't move at all in 7 years. Well, in a recent beta you can now have multiple WAN IP addresses. Whooppee. Switching hasn't gained anything - layer 3 is utter missing. QoS? Good luck.

Unifi is fine for networks with simple needs, good for prosumer use or small businesses - but if you start to scale requirements it falls over pretty quick.

It was very promising when routing/switching was added to Unifi - but it's never been fully realized :(

[cactus2093]

> I hope this is the last one and they get their act together. But realistically I can't believe that'll happen.

The good thing about them being a public company is there is some accountability from outside the company. Looks like they're already being investigated for fraud for downplaying the breach and their stock price took a big hit. Hopefully this all leads to the CEO being replaced and things turning around.