Ex Ubiquiti employee here. I barely recognize the company any more. The company always had problems but we had a lot of smart and hard working peopl in the early days. People are always amazed when I tell them how small the company was when we made Ubiquiti and UniFi into household names among nerds.
Some of those people remain. UI-Marcus in that link is a good person. The company went into a steady decline after the CEO started centering the company around the offices in Portland and China. Portland was home to the UX designers who wanted to redesign everything to look nicer but didn't understand how customers used our products. Portland was also home to Nick Sharp, the cloud lead who tried to extort the company and lied to the press about hacks. The favorite office in China made the FrontRow product, which failed so badly that I doubt anyone has heard of it. These people were supposed to be the future leaders of the company, but everything they did was a disaster. We could all see the writing on the wall and left. Well, almost everyone.
I don't even know which Ubiquiti office owns the cloud any more because everyone working on cloud at Ubiquiti either quit or was laid off after the cloud lead went to prison for extorting the company.
I hope the company can get back on track some day. It's sad to see all of our old work decay like this.
> Portland was home to the UX designers who wanted to redesign everything to look nicer but didn't understand how customers used our products.
MirkoTik has also been updating their UI this year and it's only getting worse.
They are starting to put everything into auto-collapsed sections so that instead of just scrolling down the page you now must remember the section's title and open it in order to access the controls. There are hundreds of sections.
Yeah, seriously - it's ugly and quirky but generally all the settings you care about are there and I don't have to click through 15 different levels of menus or look things up in the wiki for the proper cli invocation when I need to tweak something.
Exactly, I can think of very few tools/apps that are as effective and powerful as winbox.
Not to mention that the entire program is portable and around a few megabytes in size)
For probably the past 10 to 15 years there has not been a moment that I haven’t had at least two winbox sessions open/running on my daily desktop 24/7. (Network/Wi-Fi admin , responsible for thousands of devices)
The Dude. edit: more context, that's the Win UI manager with the 90s look for MikroTik. It's not pretty but I know fairly large ISP admins swearing by it https://mikrotik.com/thedude
These newly collapsed sections are tabbed sections in WinBox, so there you've had the problem since the beginning.
It's a matter of preference and I've always preferred Webfig. I'm a MikroTik user since 2013 and have 9 devices which I like a lot. I only used WinBox when I misconfigured them a bit in order to access them via the MAC address.
Hadn’t heard of FrontRow (as you assumed) so went looking for information about it and it looks like they may have repurposed it for the Access Reader Pro? Haha that’s a way to move them.
>I hope the company can get back on track some day. It's sad to see all of our old work decay like this.
Agreed, and it really was amazing work. As someone who started using and then deploying UniFi in maybe 2015-2016ish and found it a revelation, it's been tremendously depressing see so much potential and such a community utterly squandered. I can only imagine what it's like for someone on the inside. Nevertheless, thank you so much for your work and all the others who helped make it happen. If nothing else it did at least really blaze a trail and show what could be done, and contrary to this issue without any cloud bullshit and subscription lock-in. Even were Ubiquiti to truly implode, that showing of what could be done would remain and by its nature the kit would remain useful for a long time.
There have been some mildly positive signs recently though, even if the UX churn remains shitty. There has been small shoots of progress on actual core features, years and years and years late granted, but not entirely too late. I wonder if the emergence of TP-Link's Omada as a clear, direct same-niche competitor has lit any fires there?
I hooked my home up with 3 Unifi AC Pros + ERPOE5 in 2015/2016. They've been running for 8 straight years without ever restarting. Never had a problem.
Granted, I never updated the firmware in the 8 years. Heck, I'm not even sure how I can get back to the web UI to control them.
Its fine to use at home, but I see a lot of people pretend these are Enterprise devices and use them as such. They are upgraded consumer gear, at best, imo.
Source: I've been working with unifi gear for the past 4+ years and use a basic unifi setup at home, since it was free to me. I wouldn't have bought it.
Like all things, YMMV. I'm glad to hear its working like you need it to.
What would you have a bought instead? In my experience there isn’t anything comparable in the consumer space. I’d love to be shown I’m wrong. I use both their network gear and security setup (door bells, cameras).
I’m not sure there is another company offering the same solution with ease of setup and low overhead to manage. Is there?
I guess this depends on use-case. I mean, if someone has a need for the more advanced features of a router/firewall like this, then they don't need the consumer focused UI.
If someone doesn't know networking well enough, then the UI isn't helpful really since they don't know the why of things.
It's a great niche, but Unifi has issues and they seem more focused on selling more of them, than fixing issues present for 5+ years.
Here's an example:
Unifi uses Strongswan for VPN. There is a bug in that 2 people cannot connect to the VPN site from the same IP. Site2Site between 2 unifi devices has been unreliable.
As far as what I would have bought, it's moot, since I'm not the common use case. At one point, I used an ASA 5510 as a home router. ;)
Use the Unifi phone app to manage them. You can manage the APs themselves without logging into anything. I’d recommend updating the firmware after 8 years, you can always do a hard reset to get the original back.
Hard reset will not automatically downgrade the firmware.
And I don't think it's a good idea to manage multiple APs using the app instead of from the controller. Managing a single AP from the app is ok, but I think you'll run into problems when you have multiple in a network.
OP didn’t ask about managing from the controller. I prefer the controller and use it myself. Some of my family members do not want a controller and use the Unifi APs I suggest.
For example, you can't set up meshing from the mobile app. Best you can do is give them all the same SSID/password, and they also have to be wired in that scenario.
It's a weird one because they had a decent product line and just seem to be making really weird choices - I assume to market to the home/"pro-sumer" crowd instead of actual businesses? They just came out with a network switch with RGB for damnsake.
A few of my IT clients have UniFi routers and they're quite lackluster for the price - pretty UI but loads of broken features and bugs galore, and you can't manage them centrally like the rest of the UniFi kit.
This actually my turn out to be VERY useful. As someone who runs Unifi at home w/ a stupid amount of VLans, being able to color code them at the switch will come in real handy when I just go and start unplugging stuff and rearranging as does happen. If they update it to flash VLan color while unplugged using the LCD screen it will be even MORE useful. We can hate on RGB all day just for RGB sake but when it has a use, more the better.
There are some really terrible UI choices in SwOS, like not labeling rows of checkboxes so users need to hover over each one with their mouse to see a tooltip.
Send them a bug report, they'll likely fix it. I'm not joking, they're not using Webfig often, so sometimes they can overlook these kinds of minor issues.
I have a mikrotik https://mikrotik.com/product/hap_ac3 that I bought as a sort of test and it's been working fine for my needs. the webUI isn't the best, but wiki docs were pretty straightforward and I've been decently happy.
There's a learning curve indeed, but it's also essentially just a thin wrapper around nftables (read iptables) so you learn about Linux networking by using them
I've been using unix and linux since the 90's and linux full-time on every system of mine, and Tik's still seemed entirely counterintuitive to me. I'd rather just deal with iptables and linux directly without the wonky cli.
Anyone using Mikrotik these days? Been Mikro-curious for awhile and always see them thrown around as a Unifi alternative. Yet to hear of any firsthand implementations though.
As a network engineer, I've considered them for my house, the price is right, but:
1) Their main push seems to use a thick client for admin which is a big no to me, otherwise the web ui in theory looks ok-ish.
2) Looking at their cli guide, it was cryptic as hell to me, and I deal with everything from cisco, arista, aruba, juniper, fortinet, pan, whatever from a cli or gui.
This was mostly confirmed a few weeks back, another old network engineer friend of mine hit me up asking if I've ever dealt with Mikrotik, and said no, but I knew where he was going. He'd screwed with it for a day or so supposedly just trying to make some L3 vlans, and finally a day or so later told me he'd made it work, but has never dealt with anything so terrible to configure from either gui or cli after having tried both, and he's another 20yr+ network engineer like me I trust not to be stupid.
That was all I needed to hear for future consideration.
Mikrotik has had WinBox for as long as they've been around and there's a lot of inertia around using it, but WebFig and the CLI are the only things I use (though I do have The Dude running through Crossover because it's useful).
Where you run into problems with 'tik gear is the differences that L3HW acceleration introduced into the mix. They didn't do what every other switch vendor does and limit features to what the switch chip supports and hide everything that the CPU can't handle away, so you have multiple ways of approaching most issues which threw me for a look as somebody who had been running JunOS gear in his lab for a while.
Once you get a feel for it then it's pretty straightforward to work with everything, though somebody used to an older generation of NOS like classic IOS (and associated clones) would have an easier time than me.
For sure, VLAN config is one of the most extremely "How and why did anyone end up designing it this way?" thought-inducing areas of Mikrotik config.
But I will say that the boxes of theirs that I bought about ten years ago are still going strong, never had a device fail on me, still receiving OS updates, still able to export and re-import my config to any of a wide variety of newer devices when the time comes.
Clearly they're not the right choice for everybody, but there are certainly up sides, if you're willing to grapple with the config.
Hmm, that looks like it must be centrally managed from the internet? Not saying it's not an appropriate replacement for Ubiquiti, but that seems like an opportunity for the same issues to show up… something that isn't remotely managed might be better instead.
I think the "InstantOn" functionality requires internet for setting up, but it seems like there is a way to manage it locally without the use of the "InstantOn" functionality:
Thanks! So it sounds like it may work, but it's very unclear it'll keep working. (Also I happened to be more personally interested in the APs rather than switches, and it's unclear if that also has a local management mode.)
I notice that the linked docs article doesn't get listed if you go up the breadcrumb and try to go back down…
Not sure if they sell it outside of EU, but Keenetic is absolutely awesome. Been using their routers for a while, have a wifi mesh configured in my home built on their devices.
China deploys plausibly deniable backdoors into internationally shipped network devices. Bugs that are remotely exploitable if you know they exist, but not obvious enough that they provide justification for the devices to be banned from import. These consumer devices are not exploited for intelligence gathering, but rather deployed as proxies that fall into one of two common buckets: acting as SOCKS proxies to relay attacks, and allowing a remote operator to scan for nearby wireless networks and bridge into them.
The NDAA blacklist was a happy compromise by the US government of banning the most egregious vendors that might find their way into sensitive facilities (Huawei, Hikvision, etc) while letting consumer focused brands that do the same (TPLink, Jetstream, Wavlink, etc) slip by so it didn't appear at face value to be a blockade of all Chinese made networking gear.
Taiwan on the other hand is less concerned about how China perceives their relations and bans all these vendors. They also ban Zoom.
First, [citation needed] w.r.r tplink and other consumer grade routers 'getting off easy'
Second, you seem knowledgeable about concerns w.r.t some supply chain attacks, at least from foreign actors, so do you have an alternative suggestion that isn't impacted by such concerns?
Ubiquiti is a non starter imo given their recent posture
"We are unsure how the attackers managed to infect the router devices with their malicious implant. It is likely that they gained access to these devices by either scanning them for known vulnerabilities or targeting devices that used default or weak and easily guessable passwords for authentication"
This implies the opposite of "the CCP has a backdoor to every device". Vulnerable devices from all manufacturers get exploited like this all the time.
I use TP link access points with my own cloud controller (running in docker container on my LAN) and a separate wired router. I don’t think there’s any concern with access points “phoning home” in this configuration.
I've had pretty bad luck with TPLink APs temporarily dropping connections and being just generally unstable. Even when you can put OpenWRT on them the hardware is just kinda buggy.
I think OP means the Omada EAP's, which are dedicated access points and not the routers. I have 2 EAP225's that have been better than the Ubiquiti it replaced.
Draytek routers are not perfect, the UI lacks polish, but I have never had one fail on me yet. Solid kit (even though you do need to keep up with the firmware updates to keep them secure)
Is it true the failed FrontRow hardware was repurposed into the Unifi door fob scanning thing/product ("Access Reader Pro")? I recall reading this somewhere, and the hardware appears to be identical:
I was absolutely floored when I saw the announcement of the FrontRow device - what a bizarre thing to have brought to market for a network hardware company. I can only imagine someone somewhere got far too caught up in the "wearable" hype a few years ago.
I can't really go into details, but FrontRow wasn't the most bizarre thing Ubiquiti was working on, just the one that got reasonably close before being shelved.
IIRC Access reader isn't the only product the FrontRow R&D cost/stock of parts was tried to be recouped, but at that time I wasn't working there anymore.
It makes good sense for large distributed deployments.
One page to update everything rather than have to connect to each device and push a config.
The controller also "back-ports" the configuration as appropriate for a given device. Declare a vLan once, don't have to worry about which cli version is running on a given switch and adjust your command accordingly.
These things don't matter much when you only have one physical location / few devices but if you're an IT guy that manages networking across every physical building in a school district...
Since the device tries to phone home, it's also a NAT buster which is invaluable when you're drop-shipping equipment to customers and have little control over your environment but need to be able to promise some level of functionality.
> Portland was home to the UX designers who wanted to redesign everything to look nicer but didn't understand how customers used our products
I think that's every single piece of modern software to date. I call them "Dribbblrs", because it's like they take inspiriation from these websites (e.g. Dribbble) that fetishize things that look pretty but are dogshit to use. I really wish it would end but I don't see it happening unless there's a revolution from within the UX community (which I am not a part of).
Some of those people remain. UI-Marcus in that link is a good person. The company went into a steady decline after the CEO started centering the company around the offices in Portland and China. Portland was home to the UX designers who wanted to redesign everything to look nicer but didn't understand how customers used our products. Portland was also home to Nick Sharp, the cloud lead who tried to extort the company and lied to the press about hacks. The favorite office in China made the FrontRow product, which failed so badly that I doubt anyone has heard of it. These people were supposed to be the future leaders of the company, but everything they did was a disaster. We could all see the writing on the wall and left. Well, almost everyone.
I don't even know which Ubiquiti office owns the cloud any more because everyone working on cloud at Ubiquiti either quit or was laid off after the cloud lead went to prison for extorting the company.
I hope the company can get back on track some day. It's sad to see all of our old work decay like this.