| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by ex_ubiquiti 1661 days ago

Ex-Ubiquiti employee here. Nick Sharp wasn't just a senior software engineer. He was the Cloud Lead and ran the whole cloud team. His LinkedIn profile will confirm it. This is why he had access to everything.

Nick had his hands in everything from GitHub to Slack and we could never understand why or how. He rose to power in the company by claiming to find a vulnerability that let him access the CEO's personal system, but nobody I spoke to ever knew what the vulnerability was. I discussed this with another ex-Ubiquiti person in an old thread [1] Now I'm positive he faked the security issue as a power move, just as he faked this attack for extortion purposes.

He would also harass people and use his control over Slack and GitHub against the people he didn't like. Many people left around this time partially because Nick made everything so difficult at the company. What a terribly depressing series of events.

[1] https://news.ycombinator.com/item?id=26694945

5 comments

baskethead 1661 days ago

Is this why Ubiquiti quality has fallen over the last ~2 years? I went all-in on Ubiquiti almost 3 years ago and I’ve been less than thrilled with the quality and level of support. This chaos that you say happened seems to line up with what I was seeing as a customer but everyone has been shocked at how UI has dropped in terms of quality.

myrandomcomment 1661 days ago

I used to recommend them. Not anymore. My complete home setup is all their kit (the GUI means that if I kick it, the family can likely sort - it is import). I opened a case that a replacement switch (new model, old is EOL) did not work with one of their POE devices. I know this stuff backwards and forwards. I did my testing and basically sent the case to support with all the details (I know this stuff at the ASIC level). Wasted my time for a week. Finally I just said screw it and RMA the switch (nothing wrong with it) because support would not move. I received the replacement and surprise, same issue. Only after that I got the "sorry, we will reach out to L2 support." Wasted my time on a good debug that clearly ID the issue and I had to pay for shipping on RMA. I am stuck with them for now, but as soon as I can find a better offering I am going switch.

(My issue is that I understand that most users are clueless, heck I started in support for Win3.1 for an ISP, but the stuff in the debug clearly was a statement that I understood what I was say, and even as a Jr. engineer 30 years ago, I would have read it and said "hum, this dude knows his stuff, maybe I should ask at the next level").

cyounkins 1661 days ago

Possibly related: Ubiquiti used non-standard 24V POE for some devices. Plugging standard 48V POE into certain old devices could damage them, and 48V devices won't power on with 24V injectors.

secureleaf 1660 days ago

This is true, although it's important to differentiate active and passive adapters.

Ubiquiti sells some devices that are 24V passive PoE. These devices include their UISP products (such as devices like the AirMax). Passive injectors are dangerous because they always supply 24V to the port; this could damage a non-24V PoE device.

There's also the 802.3a* standards family, such as the 802.3at (what Ubiquiti calls PoE+). Each of the standards (e.g. 802.3at, 802.3af, etc.) support different amounts of current, but they're all 48V active adapters. Active PoE is safer because the device "requests" the power it wants; the switch does not always supply 48V power over the port, so devices that don't require PoE won't be receiving power.

Ubiquiti sells a few switches that support both 24V passive PoE and 48V active PoE. You can change this in the switch's web interface, through the port settings. You may also want to consider just using a 24V passive injector, especially if your switch cannot be configured to supply 24V power.

DaiPlusPlus 1661 days ago

To be fair, and AFAIK, I understand there was (and still is?) no ISO/IEC/IEEE standard for "dumb" PoE power, only "smart"/"managed" power.

The rest of Ubiquiti's gear does use IEEE 802.x.

myrandomcomment 1661 days ago

Thank you for sharing. Unfortunately this is not the issue. I wish it was that simple as they make an adapter for that.

jcpham2 1660 days ago

Also used to recommend but currently in the process of replacing all APs

Edit: also their stock. Believed in them so much I bought their stock

artificialLimbs 1661 days ago

When I first bought ubnt (a sec gateway), I could chat with support agents FROM THE GATEWAY'S WEB UI! The service was shockingly good at the time, and I was committed to using UBNT from then on. Agents would be on the chat usually within a minute, maybe a few.

Now... submit a ticket. Frustrating/pointless UI changes. Breaking system upgrades. Backed up your configuration? Doesn't matter, you're going to need to reset this update... disappointing. I still have hope they'll turn it around because they have the best UI of any network gear I've used for getting small/mid size networks up and done.

khaki54 1660 days ago

yeah i remember that feature. was amazing!

zamadatix 1661 days ago

I mean this genuinely: I'm amazed there was a point at which people were ever thrilled enough with the quality and level of support from Ubiquiti that they are now shocked. Other than the working hours first level chat support I can't think of anything they had in support that remotely resembled having quality support. Shit, 3 years ago I was happy if there was someone on the forums that found a version of firmware that had killer features like "routing, hardware NAT, and IPv6" working all at the same time without (major) bugs. Low quality software and support with cheap hardware is what they've always been known for with everyone I've ever talked to.

RF_Savage 1660 days ago

Maybe people are now used to the level of support they get from Google & Co.

lotsofpulp 1661 days ago

I read somewhere (maybe on Reddit) that ubiquiti had started offshoring a lot of the work and as a result quality had suffered.

b3lvedere 1661 days ago

I used to like Ubiquiti a lot, but nowadays i prefer to use other brands which are even easier to implement and manage. For the clients that still want to use Ubiquiti i try and implement a Debian 11 VM with the Ubiquiti software on it.

pdimitar 1661 days ago

Which are those other brands and models, please? I am looking to upgrade my home setup to 10GbE LAN and apart from 2-3 switch models from Mikrotik I really can't see anything worthwhile (I don't want Cisco or TP-Link, they don't take security seriously).

Ducki 1660 days ago

Check out Aruba Instant On, they seem to be trying to jump the bandwagon with the single-pane-of-glass-management and target small businesses. Also Ruckus Unleashed seems to be similar and Juniper MIST.

pdimitar 1660 days ago

Thank you! Never heard of them, will research them thoroughly now. Much appreciated.

b3lvedere 1660 days ago

Aruba Instant On. (It's owned by HP) The name is bit misleading though. Especially the first time it can take quite some time for devices to be fully updated and manageable.

Regarding support wise: I've had one malfunctioning switch (POE just stopped working) and it was replaced within 24 hours, so that's nice.

lotsofpulp 1660 days ago

Does Aruba instant on allow for multiple VLAN solely for wireless clients by SSID?

I love Meraki stuff, so I looked into Meraki Go, and they handicapped Meraki Go by only allowing VLAN for devices with wired connections to the switch. I want the ability to setup a wireless SSID, apply a VLAN to it, and have any wireless devices connected to that SSID be on that VLAN.

b3lvedere 1660 days ago

https://instanton.club/library/setting-up-aruba-instant-on-1...

hnaccount141 1660 days ago

I have an instant on switch and quite like it. Worth noting however that the unifi-style all in one management interface requires using their cloud service, it can't be self-hosted like unifi. The switches can be configured locally (individually) but the access points can't.

Wish they would reevaluate that decision, as I've heard good things about their access points.

pdimitar 1660 days ago

Are their 10GbE switches fan-cooled? I really would like a quiet device for a bedroom.

Fnoord 1660 days ago

I have a 16 port 10 gbit Ubiquiti switch, and it has fans. But they only ever spin up when I (re)boot the device.

b3lvedere 1660 days ago

To my knowledge all their switches are fan cooled.

iYanderz 1659 days ago

A lot of tech is suffering from quality issues in the past 2 years: We're in the middle of a global pandemic. Components are being stripped out left and right to meet demand, especially in the automotive sector. Ubiquiti is no different, and their store being constantly out of stock is a clear indicator of that.

Personally, I would argue that Ubiquiti handled the pandemic much better than other companies. Take the Cloud Key firmware: Back when it was first released, the thing was so unstable it had to be reset every few weeks. Every firmware update required a factory reset. Nowadays, it's solid. Even flashing beta builds is a smooth, issue-free process. Features like person and vehicle detection in their Protect lineup are a much welcome addition, as is the revamp of the Protect app. All of this happened during the pandemic.

I know people whine about how Ubiquiti unified everything under a global login, but come on.. if it works, it works. It's hardly a reason to bash Ubiquiti because you're upset you temporarily have to sign into ui.com.

Now, maybe they are putting more effort into Protect than they are into the network side of things. I don't know, because I primarily use them for Protect. With that being said, I'm fairly satisfied.

chaostheory 1661 days ago

If you read their Glassdoor reviews, one of the common complaints was the company’s hostility towards automated tests.

newbamboo 1660 days ago

If there’s a single person to blame for a company’s failure, there isn’t a single person to blame.

throwaway-swsh 1661 days ago

If it makes you feel any better I worked with him at Nike in 2014 and he was a complete jerk then too. I’m surprised this didn’t happen sooner if anything. How do these people stay employed?

pdimitar 1661 days ago

Let me not come across as non-sympathetic -- I feel what you and others went through.

But IMO the truly depressing event here is management refusing to do anything until it was too late. What are they even paid for?

neom 1660 days ago

How does one weaponize slack? Github maybe I can understand, but I don't understand how you can weaponize slack.

staticassertion 1660 days ago

Lots of credentials end up getting shared over slack. If you own slack you probably own a few other systems.

Also, extortion. I'm always amazed at what people will say over Slack DMs, seemingly not realizing that it all is accessible by the company.

neom 1660 days ago

Real question not trying to be cute, it's just been 4+ years since I've been inside a company actively using slack.

Is that (creds) considered safe/secure these days? Is it common place? I kinda figured slack might get to be a 1password on top of everything else, so it's interesting to hear it's happening.

staticassertion 1660 days ago

> Is that (creds) considered safe/secure these days?

No, definitely not. It's just super convenient and happens all the time at every organization.

The most recent Twitter breach involved a credential shared in a Slack channel. Security teams have a hard time monitoring Slack and the default settings are pretty bad (infinite session length, infinite message retention).

neom 1660 days ago

Should there be a chat bot for this? "Hey, I see you just shared a credential, I'll remind you in 5 minutes to delete it, if the message is not deleted I'll alert a member of the security team" kinda thing?

mnahkies 1660 days ago

Ideally shouldn't the credential be rolled even if you delete the message?

Unless slack hard deletes messages, but my guess would be soft deletion. Even then it's not really designed for sending sensitive credentials

staticassertion 1660 days ago

Absolutely. I know lots of companies have rolled their own. I'm unaware of a public one. I've been meaning to write one myself, maybe I'll do that this weekend.

edm0nd 1660 days ago

You can also view users private messages by downloading the history.

organsnyder 1660 days ago

ChatOps would be one way.

stef25 1661 days ago

> He rose to power in the company by claiming to find a vulnerability that let him access the CEO's personal system

Do you mean he got promotions cause he found a non existent vuln? Surely whoever handed out those promotions is to blame here?

OneTimePetes 1661 days ago

He extorted himself a promotion, by knowing some dirt on the CEO.

Actually not unusual.

Lots of the Highest Ranked Sys Admins in larger companies are quite "invulnerable" due to the implication, that they might know everyones mail & the companies dirt.

the_gipsy 1661 days ago

Ultimately, you can blame the CEO for everything.