Hacker News new | past | comments | ask | show | jobs | submit login
Ubiquiti starts serving ads in their management interface (twitter.com/superdealloc)
634 points by andremedeiros 24 days ago | hide | past | favorite | 319 comments

I think it's a common sentiment here, but I'm turning into a more extreme anti-advertising zealot every day.

Even the large ad networks show paid content that violates what I would consider widespread ethical norms - presenting everything from hyperbolic claims to straight fraud to people with little repercussion. I'm reminded of a poignant example in television, where episodes of Jeopardy! are intertwined with their shilling quackery like Prevagen to an audience using the fear of aging. Perhaps I'm growing increasingly blind to any positive impacts of the discipline, but ethically I find it hard to separate the fraudsters from the engineers that enable them.

I guess advertising is saving me a lot of money in the end by cultivating this hatred, and though I can't change the world this screed was therapeutic.

My mother got a new laptop, and at some point I got remote access to help her get a few things set up (password manager/ad-blocker/backups/etc). I was really amazed at what her Facebook feed looks like. Actual Facebook advertisements for literal scams. 'Michelle Obama's investment tips' for some bitcoin platform. 'Patagonia Outlet' with items at 25% of the cost, at domains like patagonia-outlet.shjss72828.sub.domain.pl, etc. I scrolled for a while and more than half of the advertisements were like this. This is what senior citizens are dealing with.

This is just not ok. I understand that screening everyone in the world's personal posts/shares for 'fake news' is a daunting task, but KYC-ing advertisers and screening/auditing ads for blatant and obvious scams or false marketing is many orders of magnitude less resource intensive... and should be required by laws with teeth.

If the costs of doing so mean that it's impossible to make a profit as an ad platform, then that business model should die.

> but KYC-ing advertisers and screening/auditing ads for blatant and obvious scams or false marketing is many orders of magnitude less resource intensive

And very easy to automate. We know they can do it. But until there is sufficient threat of action if they don't then they are happy to let their users get fleeced in exchange for the advertising $.

There is an argument that "if they crack down on the easy to detect stuff, the scams will just get more clever" but that is not at all why they aren't making more effort.

One funny thing I've noticed with facebook, is that if you start responding to such adverts with comments along the lines of "this is obviously a scam because..." responses, they start showing you more and more of that sort of scam presumably because you have shown engagement with the previous ones.

For an extra dose of cynicism keep in mind Youtube is demonetizing countless videos supposedly because advertisers don’t want to be associated with such content. Garbage ads certainly aren’t exempt from that logic, yet there doesn’t seem to be as much of a crackdown on them.

The content creators aren't paying them, the advertisers are.

> This is just not ok.

"Not OK" is forgetting to clean up your table after the meal. What these scammers are doing is simply fraud and Facebook should be liable as they enable it.

I remember when I set up my first FB ad (maybe 10 years ago?) it took a few days because some of them were manually reviewed. Fast forward 10 years and they accept any fraudster who pays them a few bucks. Just low scum, that's all.

So what your saying is Facebook is a grocery store checkout?

Glad I deleted mine in 2010.

Having less exposure to advertising, given that I watch less advertising-interrupted television than ever and have had a pi-hole running for a good couple of years, when I am exposed to advertising I'm reminded of how incredibly bottom-feeding it is.

I've said it before: Advertising is a psychological attack on human weakness.

> I find it hard to separate the fraudsters from the engineers that enable them

Paraphrasing because I can't find the original:

"What does it say of humanity to have so many of the smartest minds in the world working on making advertising more effective"

> this screed was therapeutic


“The best minds of my generation are thinking about how to make people click ads.” –Jeff Hammerbacher

Some of these best minds are probably reading this right now, and keeping awfully quiet. :-)

Or hiding in plain sight in posts here.

Most advertising literally attempts to hack an audience’s brains, which everyone should instantly recognize as being black-hat.

At the same time, we have created super computers that run on expansion cards that are being used for that same black-hat activity. Currently measured in the 10s of teraflops of processing power.

More and more I'm seeing a general public backlash against advertising. It's been so large and so prevalent that people find it irritating enough to avoid products that are getting heavy pushes. I've found myself having a visceral "stay the hell away from this product" reaction on occasion as well.

My stance on web advertising has always been "go back to static, not in-my-face, non-animated, no audio, no javascript ads and I'll consider turning off my ad blocker."

I'm absolutely not letting my computer get infected through the ad networks, which is a separate issue really.

Advertising is the most toxic virus ruining everything it touches. TV, then Cable TV, radio, usenet, on and on. Can anything survive the destructive ravage of ads?

In my dream world, all forms of push advertising would be illegal, full stop. Meanwhile, I'll put whatever effort it takes to block everything.

Advertising is only able to exist when there's centralized entity controlling the presentation of the content. TV and radio are good examples — your receiver simply plays whatever is on air, and has no idea what's in there. Social media services like Facebook strive to control the experience end-to-end precisely because of that too, and that's the reason why public APIs for Facebook and Instagram got reduced from "enough to build a third-party client" to "you can post, getting any info for the current user requires a manual review, and you can't do anything else".

Contrast this with email and phone, the only successful federated systems. Spam is illegal in some countries, and there's a concerted effort by everyone to fight it.

When no one controls the whole experience end-to-end, there is simply no technical possibility to expose you to something against your will. This is why decentralized social media is the future. I just can't see how Facebook could survive much longer unless there's a drastic change of some sort.

I dread to think what happens when ads collide with cryptocurrencies. They’ll either wipe each other out or merge into something far horrible.

They're already dating and it looks like marriage is afoot. Plenty of ads driving people into crypto scams.

Isn't that basically what Brave is doing with Basic Attention Tokens?

Yeah, you're probably preaching to the choir here. The tracking and advertising industry has an unprecedented amount of influence and control over our lives, it's getting harder to pry your life away from their claws.

Sadly, I think things need to get much worse before they get better. People still don't understand the dangers of it, though I believe this has already become a sociopolitical problem instead of just an annoyance.

At this point I'm just generally not okay with being marketed to against my will. Especially in places that have absolutely literally nothing to do with spending money — like, you know, every single news website and every single social media service.

If I want to buy something, and if I don't know exactly what, I'd like an unbiased list of things in that category to choose from. And when I don't want to buy anything — which is, again, when I'm reading an article for example — I don't want to be reminded that economy exists AT ALL. There is no place or circumstance in my life where advertising, as it is known today, would be anything but annoyance to me. Which is why all my devices have ad blockers installed and third-party cookies disabled.

So who pays for what you're consuming?

There is no requirement, ethically, morally, or legally to look at ads.

That's not my concern, neither is it my responsibility to make sure whoever the website belongs to gets paid. Paywall it for all I care. Implicit contracts aren't a thing.

The person with the server.

It's certainly how I feel. I see virtually no advertising at all.

I use ad blockers.

Pay for YouTube premium. Use a sponsorship skip extension.

Only watch ad-free TV / streaming.

Pay for Spotify.

Use tweetdeck for Twitter.

Don't use Instagram or Facebook.

I certainly don't listen to the radio.

Where else can I possibly see an ad? A billboard? That's easy to ignore.

Imo it's all worth it.

It amazes me that we don't charge third parties to use our network resources to retrieve their assets for displaying as ads.

We should be charging vendors for traffic that is only designed to forward their business, when it happens on our own local loop.

> a poignant example in television, where episodes of Jeopardy! are intertwined with their shilling quackery like Prevagen to an audience using the fear of aging.

Episodes of Jeopardy, now temporarily hosted by Dr. Oz.

Latest thing that set me off was noticing Mandalorian wallpapers on my Pixel phone.

I'm even more concerned about the second order effects of so much being driven by driving clicks to ad dollars. This is obviously what causes the attention economy and maybe many of our negative trends in society. How much less attention would BS articles on anti-vax and QAnon nonsense get without all of this? How many fewer content farms that are just trying to waste my time would we have?

I would love to see how an alternative reality without advertisements would look. I'm not sure if we could ever fully accomplish this given that there always will be people willing to pay for eyeballs and people happy to take money or goods to change their messaging.

Advertising is legalized fraud. Someone gets taken advantage of and we say "Oh you fool, you should've known those claims were bullshit."

I am very much anti-advertising, at least the way it currently operates on the web and the inherent invasion of privacy but I think from a technical perspective what's happening here is very different compared with how a traditional banner advert is being displayed and it's not constructive to directly compare the two.

Are you objecting to the actual advertisement?

Because that is small potatoes compared to the tracking, matching and profiling of individuals. I believe that is the big threat to society (and possibly democracy)

I recall an interesting interview I had with eyeo, which bought the original Adblock Plus extension and have since been pushing for their "Acceptable Ads".

  - Do the ads still track users?
  - Yes, but they are not unobtrusive
  - Yeah, that is not acceptable.

One follows from the other. Tracking, matching and profiling of individuals isn't done for kicks, or because evil governments are asking - it's done for two reasons:

- Tune the advertising to best manipulate a particular person (think of it as a PID controller tuning inputs to a system);

- Ad attribution - i.e. determining which companies in the advertising chain should get paid when a customer buys something from someone.

Restricting the shape and form advertising is allowed to take addresses the driving factors behind privacy violations.

The sentiment definitely resonates. The way I see it, advertising is a cancer on modern society[0]. The two big tech-related social problems so frequently discussed these days - surveillance capitalism and outrage culture - are directly caused by it.

> Perhaps I'm growing increasingly blind to any positive impacts of the discipline, but ethically I find it hard to separate the fraudsters from the engineers that enable them.

There are definitely useful spinoffs - like they always are, when you throw a lot of money and a bright mind into solving tough problems. But it's hard to argue the positives here where the primary driver is a huge net social negative, and spinoffs could've been done pursuing better goals.


[0] - And I mean that - http://jacek.zlydach.pl/blog/2019-07-31-ads-as-cancer.html.

This is not that simple, unfortunately. Advertising in itself is not bad. Why informing about a good product is something wrong? How we would have Tesla or iPhones, etc. without advertising. Nobody would know about all of those.

But something went wrong at some point.

Similarly with options - options were a great way farmers could offload risk to the products buyers, who, in exchange could get better prices.

But when options started to be used for something which is not much different from lottery bets, again, something went wrong.

This is important lesson. Capitalism is a great system, but it cannot be narrowed to greed. Capitalism requires working ethics since we are not able to regulate every aspect of life - it is practically impossible.

But ethics no longer works. Big IT companies owners were fixing employees wages, who cared. Amazon owner does not care about warehouses workers miserable work conditions. Facebook owner is ok to steer people into fights, as this increases "engagement", ads clicks and revenue.

Has it happened that Jeff Bezos or Mark Zuckerberg was asked to leave his country club or whatever place they are hanging out because of the unethical behavior? Obviously not.

You picked two terrible examples. I first heard about the iphone via word of mouth as a friend had one and was showing it off at the bar.

I hear about new ones by word of mouth from collegues (from people who go out of their way to watch product releases on the apple away day or whatever it is). I hear about new gadgets by paying for someone to go to CES and look at what's new.

Tesla, and starlink, again is word of mouth, or deliberatly seeking out information on it (by visiting tesla.com for example).

> This is important lesson. Capitalism is a great system, but it cannot be narrowed to greed. Capitalism requires working ethics since we are not able to regulate every aspect of life - it is practically impossible.

The market is literally a big, greedy - in algorithmic sense - optimization engine. It optimizes away everything that stands in the way of making more money. It optimizes away quality, and it absolutely optimizes away any and all ethics. Marketing and advertising are a clear example of this in two separate ways: on the object level, they're already doing everything they can that isn't strictly illegal[0]; on the meta level, you see that competing on marketing and advertising has a better ROI than actually trying to make better products.

You cannot expect a sense of ethics from a system which requires ethics as a containment vessel, and continuously tries to erode it. Much like you can't expect water to just keep flowing in a straight line, in absence of a bank or pipe that would constrain its expansion.


[0] - And enforced. GDPR demonstrates that with insufficient enforcement, otherwise reputable companies will absolutely break the law.

Maybe I'm wrong but I thought that Tesla actually never used ads. Then again with the PR they generate there's just no need to.

> Capitalism is a great system, but it cannot be narrowed to greed. Capitalism requires working ethics since we are not able to regulate every aspect of life - it is practically impossible.

Whether it's still Capitalism at that point is an interesting question. Some people seem to call any market-based system capitalism. For others the lack of ethics is definitional.

My own view is that we probably ought to stop using the term "capitalism" entirely for the most part, and be more specific about what we mean.

Advertising itself is bad.

You're upset about regulators, not about advertising.

It seems like you're mixing advertising = fraud, when in reality it's just people who commit fraud that use advertising because regulators can't seem to act.

I got my first Internet connection when adblock was already a thing (though I was definitely an early adopter). I don't know how ad-filled Internet looks like and I will fight tooth and nail with every tool at my disposal to keep it that way: adblocks, Pi-hole, VPNs on phones, paying for ad-free versions, it doesn't matter. I do not watch TV and I will do my best to keep ads out of all my screens.

Good for you mate, just keep in mind that a large part of your purchase decisions are still influenced by paid media (not only advertising) - as long as you're aware of that, you're safer, that's the true adblock.

One of the reasons I have used Ubiquiti over the last few years is their product quality over other networking hardware. The inclusion of ads leads me to revisit those assumptions before my next purchase.

Ads, even if self-promotion, are a bellwether for a company being desperate or greedy, neither of which bodes well for their long-term product quality, usually because it indicates sales people are making the decisions. They also often lead to a slippery slope of increasing user data collection

> Ads, even if self-promotion, are a bellwether for a company being desperate or greedy

from 2003: https://www.theregister.com/2003/11/07/help_my_belkin_router...

I have never bought a belkin product since.

We upgraded to Ubiquiti a few months ago. I was so impressed by the hardware for the price. The dream machine firewall had such a good interface compared to more expensive firewalls I’ve used in the past. I’ve been very pleased so far, but this and another article have me worried they’re going downhill.

As a flip side experience, I have a dream machine too; it ignored my auto update settings and updated itself anyway, there's no way to roll back, and it now regularly stops responding, has high packet loss over wifi and supports response was effectively "go jump". Very unhappy.

Yea, I've had a few problems with UDM as well. The management UI/controller container has died numerous times so to get visibility into whats happening I need to ssh in and restart that container or restart the router.

I've also had numerous cases where routing has stopped for no reason. This I find really bad as, "it has one job ...".

That update that was supposed to be off (a known problem.) Bricked my VPN config in a time of quarantine away from home.

That was a fun thing to explain. My respect for this company was stellar, but is now around rock bottom.

For me that was the "one job" problem.

I have all aps and controller blocked from the internet for that very reason. Don't tell me when to update heh. Really sucks about not being able to roll things back.

I recently purchased switches, wireless access points and cameras for a new home-office setup. I was looking at going full Ubiquiti because the dream machine (UDM) comes with a network video recorder (NVR) that looked quite good in comparison to Zoneminder, Shinobi and even Synology's paid product.

While researching I found-out that you must use a ui.com account to setup the UDM (the apologists call it "mandatory online registration"). While you can setup a local account and disconnect from ui.com afterwards, I was perplexed that they would choose to do this.

Their user forums had at least two flamewar threads with people pointing-out the security implications of linking your local network to a remote, internet-accessible service but zero communication from Ubiquity themselves. Fast-forward to January and we saw the disclosure of a massive breach on ui.com.

So I ditched the Ubiquiti cameras for Geovision (better bang for $), kept the switches, APs and have been running the controller in containers (https://github.com/jacobalberty/unifi-docker). Needless to say, I'm not going to upgrade from version 6.0.43, which does not include advertisement.

I hope it doesn't get any worse because I do love how easy it is to maintain VLANs, firewall rules and IPS services.

Mind sharing the other article?

Sorry! It was this one. I guess it wasn’t the article so much as the comments on it. Former employees were lamenting the management at Ubiquiti, and users in the thread mentioned they noticed some rumblings of a decline in quality. Like I said, I’ve been happy so far, and I’m hoping that lasts.


The funny thing is that I have a UDMP on the way, because one of my APs died and I figured it was time to upgrade the network a bit, but now I'm refusing delivery and sending it back for a full refund.

I was considering replacing my AP AC Lite with whatever 6E equivalent comes out when 6E is approved. I considered picking up a NanoHD for the extra MIMO speeds, but in the meantime I keep seeing problems with reliability, the 6.x Unifi version, UDM needing to be rebooted, etc.

Even if Ubiquiti was as good as it was pre-2019, if they pulled this advertising stunt then I'd not consider upgrading. There's now no chance I'll be sticking with Ubiquiti for my 6E upgrade.

My nanoHD reboots frequently with current firmware. Sometimes it needs readoption, sometimes a manual reset to be readopted. The AP AC Pro seems less affected.

Thanks for that input. My AP AC Lite has been absolutely rock solid so I wouldn't want reduced reliability; it's the reason I went with Unifi in the first place. Not that it matters; no chance I'll be going with Unifi in the future.

Yeah, and thanks to your comment it actually got me thinking that I can (at least temporarily) mitigate my current situation by taking the nanoHD out of the loop entirely, as I do have another spare AP AC Pro in my closet. I also got the nanoHD because of extra MIMO speed (among other things, it's feeding my home office setup wirelessly), but the egregious loss in stability is not worth it.

Downgrade your nanoHD back to 4.x firmware. That way you get to keep your MIMO speed with stable device, you will only lose WPA3 support (if you use it, it is a new thing in the latest controller).

I was on the fence about buying some ubiquiti stuff. Now there's little chance. Do you have any recommendations for competing products?

For what products/environment/usecase?

just typical prosumer use cases. Nothing fancy

My FlexHD is perfect on my USG, so ymmv.

Ubiquiti products are not quality. They beta test in prod, more less.

Technically it's an advertisement for their own product. I have around $1,500 worth of various routers, switches, and cameras from Ubiquiti in my house and don't really mind. Agreed, the "ad" is very large and there should be a way to close it and never show again (cookie or local storage). However I think this HN title is misleading (clickbait and outrage driven) as they are not making ad revenue as one would infer.

How is pegging and selling the successor to what I have not making ad revenue? The difference is that they’re not selling pixels for money, they’re trading pixels for sales.

The main difference in my opinion is that typical advertising is a lot more privacy invasive and malicious. Tons of cross-site tracking, ads of dubious quality, getting 3 ads per 5 minutes of YouTube, etc.

I’m not frustrated when I get an email or dismissible banner ad from a company regarding a new product. It’s possibly interesting to me, and easily dismissible if not.

Sure, technically, this is advertising. But the biggest problems people have with advertising (privacy invasion, seeing too many ads, or seeing low-quality ads) aren’t present in this example.

It’s advertising in the exact same way that GitHub might show a banner informing me of a new plan they have. While it can be annoying, yes, I would disagree that it’s “as bad” as typical advertising practices.

Even if they only advertise their own products, they will probably become interested in conversion rates and customer segmentation at some point. Or they want to advertise on other sites as well. One way to do this, would be to include trackers from ad-networks, such as Merkle M1, in the admin dashboard.

They said it can't be dismissed.[1]

[1] https://news.ycombinator.com/item?id=26630127

One auto update they broke my laptop's ability to connect. Turns out they'd auto enabled 5 GHz band steering, but my laptop's chipset only did 2.4 GHz. Even when it was enabled, the Android management app said the setting was disabled.

Customer support directed me to the forums. Ubiquiti didn't respond to my post. I posted on a thread where someone else was seeing the same problem, where a number of people gaslit me and blamed me for the problem.

I still have no idea if they've fixed their band steering. Or how they decided to force 5 GHz on a 2.4 GHz chipset. Or how to get support. Or how to report a problem.

Definitely won't be buying their products in future.




We have 5 ubiquiti switches on our office network that are running 4 year old firmware. The next version after started dropping DHCP packets! I followed the thread for months and months and they never fixed the issue. I gave up caring, stopped watching the thread and swore never to buy any of their products again.

I do wonder if they ever fixed the issue. The switches lock up every couple months and need a hard reboot.

We also had all sorts of problems with their APs and switched over to Cisco Meraki. As much as I hate Cisco and their ridiculous cost at least the Meraki line works.


I got bitten by the same problem. There is a workaround but the bug is silly!

Holy crap! This must be what I'm dealing with.

I have an old laptop that I was trying to fire up to run some lightweight games on. I could not get it to connect to wi-fi for the life of me. Must be the band steering.

Ubiquiti has really fallen far. The 5.x series of controller with the AP AC (S)HD was great, but everything since has been hot garbage. The 6.x series of controllers is still basically a public beta and riddled with bugs.

The newer MediaTek based APs have constant problems with client device compatibility, and can’t even reliably support DHCP on the newest official firmware and controller versions (or any of the last 10 releases).

I strongly advise you to look anywhere else for your WiFi needs unless they really turn the ship around somehow.

It's really sad. I used to recommend UniFi and their other hardware without a second's hesitation to all of my friends and the software and hardware quality control has just gone so far down hill. Now they're putting ads and privacy violating code in the admin user interface? What a complete disregard for user security and privacy in one of the most important places for it. Ugh. Add that to their GPL violations ( https://web.archive.org/web/20170317174847/http://libertybsd... ) and it's just too much for me going forward. I won't be installing or recommending Ubiquiti gear any more.

Yeah it's a pretty big bummer. I used to recommend their stuff a lot and I don't know if I'll be able to do that from now on.

It's not like their hardware is cheap, I'd much rather pay a monthly subscription than be served ads.

I'd like to receive security updates for at least the warranty life of the device, but I wouldn't mind paying for new features/major versions of the firmware. That said, owning what I've bought is non-negotiable. I paid for what I bought and I'm not going to allow myself, or my friends, to be turned into a product.

> I'd much rather pay a monthly subscription than be served ads.

Why not both?!

/s but probably for real eventually.

This is what Chase bank does in their app.

I’m in the same boat. I think it’s pretty weird that these days I’m more comfortable setting up a new router on the OpenBSD command line than I am with a Ubiquiti GUI.

TP-Link has actually upped their game with routers and APs lately. The next time I’m doing an installation that doesn’t need big-boy stuff from Cisco I’m going with them.

Give Mikrotik a look, too. Their HW is solid and while the UIs are decidedly old-school, they also expose just about every configuration option you could want, and everything can be configured from the command line.

What privacy violating code?

Google Analytics at least.[1]

[1] https://news.ycombinator.com/item?id=26629518

GA is used across the web...

> GA is used across the web

And that's it's biggest problem.

If only few sites used it, it wouldn't be that big of a deal

GA being used doesn't even remotely mean it's anything good.

The craziest part is they were poised to dominated the SOHO / MSP markets. There’s NO competition or viable products in those markets. I’ve searched high and low.

Instead of focusing on their strengths like great value with self hosted management infrastructure, they look like they’re setting up to force subscriptions on their users. All of the subscription BS for centralized management is so expensive that it’s literally cheaper to hire someone to manage everything by hand (the old fashioned way).

This.If I’m gonna have to waste time and effort to block my network gear sending its spy data back home, and blocking ads it tries to show, why wouldn’t I just do that on much cheaper throwaway Chinese hardware? I’m much more likely to buy stuff like TPLink gear that can be flashed with OpenWRT, or jump feet first into Mikrotik gear - than ever spend more money on Ubiquity’s modern shitware...

Try a used WRT1200AC, it has an extremely powerful ARM processor, and is super stable. I'm getting >500Mbit over 5GHz on a 2x2 antenna setup.

WRT1200AC. the worst experience i have ever had with a router. the moment i plugged in my NAS the whole thing froze and had to be force rebooted.

every 3-6 hours the wifi just died and had to be again force rebooted.

will not touch linksys again. they're a consumer brand, and my requirements are clearly SMB.

imo their best product was the WRT54GL.

Was that running the original Firmware, or OpenWRT? In my experience, all vendor firmwares are to be regarded just as "proof-of-electrical-functioning", to be replaced with a OpenWRT running a recent kernel. Similar to how to you reinstall/upgrade a new laptop on the second boot fresh out the box.

Probably stock, probably on a DFS channel.

tried openwrt, tried stock, and always non-dfs. what i do know is that after i plugged in my NAS using RJ465 the whole router collapsed and had to be force rebooted. every single time.

fast forward, and my UDM Pro handles everything, including ax.

openwrt was extremely slow.

Ive been using them since gen1 hardware on 2.6 controllers. And their advertised features like zero handoff were hot garbage. Their channel selection to this day still sucks and isn’t even self aware. I often have multiple aps on the same channel close enough they have their own co-channel interference. This even happens on 5Ghz where theres plenty of space, not even considering DFS and I live in the country.

Standards like fast roaming are fraught with issues.

And at one point they added call homes/telemetry. I think the 5.x code.

That is to say they have always been buggy in one form or another. More so than other vendors like Aruba or Cisco, I’ve managed both at campus scale in a previous life. I wouldn’t put them in an enterprise but a smb or soho deployment sure.

When they did the call homes/telemetry I created some firewall rules for the controller. The controller can only talk to the Ubuntu repos. Aps are on a private vlan with no internet. I only open the controller up for Ubnt upgrades and then shut down the rules and disable the ubnt repos in sources.list.

If I were someone new in the market I would look at the ruckus unleashed platform for wifi. You can get aps with extensive features cheaper, especially grey market.

I would and have avoided UBNT for all routing and switching.

With the depth of your experience, what's your prosumer recommendation? MikroTik?

for wireless AP's? It really depends. I actually just went with Wave2 stuff. In the end i bought some UAP-AC-HD's because

1. I am familiar/setup to handle their quirks and had 99% of the setup already done.

2. I really wanted an AP with Dual 5Ghz AND dual 2.4 Ghz dedicated antennas for some very specific applications (multiple rtsp streams over wifi+client plex wifi streams+client traffic. With the first two largely being on 2.4Ghz.

3. I am lazy (lots of this, my wife is less tolerant of me re-designing the wheel and being locked into an upgrade for days)

4. The security stuff i had mostly addressed anyway.

If this were a greenfield purchase or I didn't really need/want dedicated radios.

Id go with a ruckus. the r700 unleashed and/or r500 unleashed can be found cheap and are chock full of features. and 2x2:2 is normally going to be perfectly fine in a home setting.

Going with ones that are "unleashed" mean that the controller runs on the AP's. not extra hardware needed.

For most home uses. wave1 is still more than enough and their Wave1 AP's can be had cheap. Hell you can probably even get one of the R710/R510's in a very good price range and be at wave2.

For switching...mikrotik is solid for cheap and works and stable. Even modems etc. For firewalls my preference is BSD, so something like opnsense...But mikrotik will probably do okay as well.

> Id go with a ruckus. the r700 unleashed and/or r500 unleashed

This is the problem with Ubiquiti, and maybe why they feel they can advertise in their UI and let their quality slip: a new r710 lists for $1295.

That's almost four times as much as a UAP-AC-HD. On sale for $810 it's still over twice as much. Some of the Ubiquiti WiFi 6 stuff can be had for $100-150.

Like, yeah, I'm sure Ruckus is way better, but I'd hope so for the price difference.

You can get the r710 on Amazon for $430. R510 are even cheaper around 230 or so. These aren’t the latest iterations of their hardware. Ruckus doesn’t require a contract to get updates firmware/software. Theses are around the same prices as a uap-ac-hd.

Regardless of list price. They can be had as cheap as ubiquiti and their software/firmware is not only better but doesn’t have all the telemetry crap built in.

> They can be had as cheap as ubiquiti

I'm assuming you're talking of used hardware as this isn't the case, at least in the UK.

No it is still new. Just not the latest line of production gear (Which would be the R750). Im not going to post direct links because i assume that's a no-no.

Ruckus refreshes their gear fairly frequently and the overstock can be had at a steep discount. Those not needing to do huge, high density deployments in things like auditoriums, stadiums, classrooms and the like but are just looking for something for their home can get a really solid piece of gear (imho better than ubnt) at a steep discount.

Its not really the same as even grey market Cisco stuff.

Like i said, i stuck with ubnt because of some specific things, including the fact that I could re-use mounting holes/measurements and could upgrade in an hour vs rebuilding entirely.


Thanks for the detailed information. Unfortunately, the UK prices don't reflect the US prices, both on Amazon UK and other retailers here. The only way to get Ruckus gear that cheap (or cheaper) is to get them used on eBay. I think I'll probably go down the TP-Link Omada route as someone suggested elsewhere in the comments here. The feature set and prices look to be about right for me.

i have had very good experience with the Ubiquiti WiFi 6 products.

Mikrotik has a great feature set and is mostly stable for the mainstream features. Where they really fall apart is wifi throughput. Most devices won't top 400mb/s.

There is some hope on the horizon with v7 and the newest devices like Audience. Have seen reports of 1.3gb/s on these. But it's barely even beta right now.

Ruckus is pretty solid and you can usually find them used for great prices. Many units have a stand alone firmware available that negates the need for a controller.

We used to operate a satellite office whose primary internet service was Mikrotik directional AP’s bridged at both ends and this was maybe a half mile line of sight uplink.

My testing even on gigabit chipsets mirrors your 400 mbit per AP comment, at least in my situation.

Thank you. Do Ruckus support wireless downlinks? I can't lay cables here, so the switch in my home office needs to be fed by an access point.

With unleashed they do. Its otherwise known as meshing pretty much anywhere else.


If you are talking long distances you need to start looking at directional antennas...But to say..span an A-Frame house...they would do fine as others as well.

It's just over two rooms and a hallway essentially, so should be fine. Thanks a lot!

EDIT: The "Wireless Bridge Topology" is exactly what I need, here, but it's not entirely clear to me yet if I'd really need two APs on the gateway side as the picture suggests: https://docs.ruckuswireless.com/unleashed/

You will need to have one AP wired (thats the root AP) and the next ones can be wireless connected/meshed.

Note: regardless of the vendor Meshing will basically 1/2 your available wireless bandwidth. Its handy to extend coverage, and you will still be able to stream netflix and probably even things like facetime etc, but you are going to be essentially inducing a half-duplex connection into your "backbone".

I second that. Despite investing in their infrastructure and recommending to friends (so basically being biased to like it) they just don't seem to care anymore.

I'm waiting for some company to take their place. And I don't see how making router software open source for a company that is selling hardware is not a win.

> I don't see how making router software open source for a company that is selling hardware is not a win.

There are several business tactics that are foreclosed by making the router software open source, mostly around price discrimination.

For example, you can't sell the same hardware for different prices with some hardware features turned off in the higher-volume cheaper SKU (which lets you apply greater efficiencies of scale to producing the hardware).

Of course, most companies that use price discrimination are only trying to maximize their profits, but it is worth noting that since hardware vendors that keep their software closed are able to pursue this tactic, it can leave hardware vendors with open software at somewhat of a disadvantage.

isn't tesla selling cars of the same hardware at different prices with some hardware features turned off at lower prices?

> software open source for a company that is selling hardware is not a win

Tesla doesn't release the software to their cars.

Big tech swing that didn’t connect?

Has the makings of an internal power struggle where the people who actually hold things together we’re not on board and bailed.

Haven't they fired most of their engineers and outsourced development?

Do you have any brands you would recommended for home use for "prosumers"?

I recently upgraded my home network and went with mikrotik (an RB4011). RouterOS is incredibly deep

It's also incredibly userunfriendly and lacking features for home users. I have both UniFi APs and a Mikrotik router and configuring RouterOS reminds me of trying to setup PPPoE internet on a Linux machine in 1990s.

A lot of manual settings with obvious features (NAT acceleration, NAT loopback, good VPN client, easy QoS, reasonable firewall) being extremely hard to configure well in comparison to competing SOHO equipment.

Yes, Mikrotik allows tweaking everything, but if home user is not interested in that, there's Quick Set for configuring the common scenarios.

Opposite way is much harder, as we can see with Ubiquiti: they hide and remove options, that are needed. With USG devices, I could have config.gateway.json configuration for some of those hidden options (like having site-to-site VPN using hostnames instead of IP addresses... well, Unifi UI cannot do that, but strongswan doing the IPSec on Unifi has no problem doint that). With UnifiOS devices, they are not addressing the issues, they are taking away the workarounds instead.

So they can advertise as much as they want, until they make devices fit for the purpose, there's no point in purchasing them. I don't see the situation improving anytime soon, they don't listen on their own community forums.

Mikrotik definitely doesn't have a flashy UI if that's what you care about, but the configuration for those things you list didn't seem all that different to ubiquiti's edge line from my research. Maybe I'm wrong, but I'm also happy with my choice and had no problems setting it up

For wireless APs, check out TP-Link's Omada line.

I keep researching the same thing and it’s not great, everything else is significantly more expensive.

Adding my thoughts from being a Turris Omnia user since the release (2016).

I think it's one of the better standalone WiFi router/AP's out there. If you want a long term supported open source/openwrt one it might be the best choice out there.

The original 3.11 release track has been super stable for many years, and is still being updated with security fixes. The 4.0 branch was a bit bumpy ride but since the 5.0 release early last year I've had zero issues.

Note that the default WiFi chipset is not the latest generation, and although the dev team is actively looking at the possibility to get some wifi6 working [1], I think it might be a while before that is out and stable.

As a bonus it has some cool features like built in support for CZ.nic's honeypot as a service [2] and lxc.

[1] https://forum.turris.cz/t/wifi-6-ax-adapter/10390/63 [2] https://haas.nic.cz/

Until now I loved Ubiquiti. So what do you recommend for high quality mesh wifi?

Thanks for this

I'm going to go out on a limb here to point out the inconsistency of this entire thread. For the following reasoning, I'm going to use the word "ad" in the broad sense.

1. Everybody is excited with Github's new features that they promote on the dashboard. Sometimes popups and flashes too. Are they not ads?

2. Nobody ever complains about Github showing ads.

3. Github is a SaaS.

4. unify.ui.com is a SaaS

5. OP is complaining about ads on a SaaS.

6. Most people here don't seem to like this banner in question, but that's not how they phrase their responses.

Is this a case of some random Amazonian complaining about intrusive ads or or a case of ads, even for self promotions, aren't allowed in SaaS?

Github makes it a single click to hide their intrusive notifications and such. They're rather tasteful at where and when they show you something. They have a notifications panel you can click once and then it won't bug you until the next time.

This screenshot shows the ad takes up a huge chunk of real estate and can only be turned off by presumably opting out of some new experience, which means it might become permanent. If enough of the internet protests, obviously Ubiquity might re-think their recent actions... but it won't change their overall product direction which is to try to encourage you to buy newer products by any means they can.

The proper equivalent would be if my Amazon Echo started showing me ads for a new Amazon Echo, or if I launched the Echo app and it said, hey, do you want to buy the new Echo at the top and I couldn't remove it. Perhaps another comparison: What if Nest suddenly changed to show an ad when you went to change your thermostat's settings such that you could learn about the new Nest that replaces your old hunk of junk? Or imagine if you opened System Preferences or About This Mac, and saw an ad for the latest and greatest MacBook from Apple? Like, do I really want to see stats about how my battery life is only 10% that of the newest Apple Silicon?

SaaS or not, there's a difference between advertising some new service I don't need and advertising new HARDWARE I don't need within my existing, perfectly good, management control panel for my existing hardware. Whether its hosted on a website or not is just an implementation detail. They could have used Electron, same result.

Apple is already pushing you ads in macOS, just click on the App Store menu item, or open Music, or News, or TV, or Podcasts.

I don't disagree much with what you said, I'm just not sure if people actually know what they are arguing for. If the Ubiquity ad is too intrusive, complain about that. If it's a sweeping stance against all ads in things you've paid for, argue for that. I'm not seeing people make that distinction here. It's always both, and you can't argue for both at the same time.

The first tweet argues against ads in SaaS, and the second tweet argues against intrusive ads. If you argue against intrusive ads, then that means non-intrusive ads should be okay. If you argue for a blanket no-ad policy in products or services you've already paid for, even if the ads come from the same company you've bought your goods from, you don't need to argue whether the ads are intrusive or not.

This is what OP and lots of people don't seem to understand, and I'm quite surprised that this kind of logic actually flies on HN.

I have previously, strenuously argued against ads in the App Store and will continue to do so until I manage to singlehandedly change Apple’s mind on this (yeah, not happening, I know…)

Outside of that, I’m okay with Apple showing ads for their music service or iCloud storage. As I said earlier, ads for services are one thing but ads for hardware are another. Intrusive or otherwise, I think it crosses a very big line to advertise your new hardware that replaces my old hardware from within a management control panel for said old hardware.

That said, I let it slide when it’s a feature distinction, for instance the management for the EdgeRouter X would mention features only in upgraded hardware or my AP management would have more features if combined with a Smart Firewall. That’s acceptable because I’m not asking you to fork your software to hide features I can’t use — it would be nice, but it’s understandable if you want to rub it in my face that there’s more you can do for me, like Premium Service upgrades or new software features (maybe).

Where I absolutely draw the line though is when perfectly good hardware advertises its replacement and I’ll stick with that, even if others are less consistent.

> 4. unify.ui.com is a SaaS

The Ad has shown on my locally deployed piece of software that's controlling hardware. It's not SaaS, it's a program for managing physical hardware running on my hardware.

And it has replaced USEFUL information (channel utilization and client counts) with a fullscreen unremovable ad.

How can you defend this crap?

> it's a program for managing physical hardware running on my hardware.

That's not what the article suggests. The article suggests an ad on a page with an ubiquiti url.

While it may be the same software under the hood, I agree that seeing an ad when I'm on someone else's hosted page is (somewhat) acceptable unless I'm a paying customer, but seeing it on my own machine isn't.

In the end since those are two entirely different things and the article seems to be discussing their hosted version, It's important to keep those things apart

> That's not what the article suggests. The article suggests an ad on a page with an ubiquiti url.

It's both. UniFi is product line of network hardware which is managed by a central controller. The controller is available as a software download, and Ubiquiti sells a few devices that are pre-configured to run it (the "Dream Machine" from the ad, and their "Cloud Key", which is just a PoE-powered mini-appliance that runs the controller). The controller's UI can be accessed either directly, or via a Ubiquiti-run cloud service. The tweet shows the latter, but having recently upgraded my controller, I can confirm that the ad also appears when directly accessing the UI. What's worse, there's a link offering to go back to the "Classic Dashboard" on my install, but it doesn't appear to work.

On my install, it worked when I went to settings and found "Use new interface in all pages" or something like that. Disabling that option kicked the UI back to the non-insane version.

> I can confirm that the ad also appears when directly accessing the UI.

This is vital information. This is definitely not okay for practical reasons.

They removed local management apparently.[1]

[1] https://news.ycombinator.com/item?id=26631513

I don't understand how can you keep things apart when it's the same software?

If I can self host it expect no ads (ie when I see that interface on an url that says 192.168...). If I pay a subscription for a service I expect no ads there.

If I buy a gadget and use the manufacturers’ cloud service “for free” (apart from the hardware purchase) then I expect anything.

I wouldn’t want to use a cloud service to access what’s on my own hardware. Apart from ease of configuration, what’s the point of it? Why wouldn’t I rather go to my own server?

> unify.ui.com is a SaaS

As far as I am concerned, UniFi is a set of compatible hardware products. Physical goods. Expensive, high-quality physical goods that I have already paid for. None of that is like GitHub.

But it looks like they want to be a SaaS instead, maybe because that's where the ad revenue is. But that's not what I as a buyer of WiFi APs want from them in any way whatsoever.

I think they’re trying to position themselves for a buyout. The massive effort to push everyone onto unifi.ui.com is the hint. The subscriptions tab in that portal is the second hint. Eventually they’ll try again and again and as soon as they have enough people locked into the cloud version they’ll pull the trigger and force subscriptions.

Even if they burn the brand, they won’t care. It’ll become SonicWall Cloud or some BS sub brand of a bigger vendor.

Look at the UDMP. There’s no reason that thing couldn’t have let’s encrypt integration for people that want external access without the cloud BS. Plus, local access over http is a bad design IMO. So if it’s a worse product and less secure, why do it? Usually when things don’t add up it’s safe to assume something is amiss.

I'm using Github for free, but I paid Ubiquiti a lot of money for their hardware. For me this is the major difference and the reason why I have different expectations while using their services.

> 3. Github is a SaaS.

> 4. unify.ui.com is a SaaS

One of those is not like the other. Unify UI is completely useless without a corresponding purchase of a physical good.

I don't care about Github's "ads" (quotes are intentional) because (1) they most unintrusive (2) not selling me an expensive piece of hardware

Either they are ads or they are not, whether they are intrusive or what they are selling, or even aren't selling anything are immaterial. If they are promoting something, it's an ad.

Lol. You are missing the point.

You pay Ubiquiti for the hardware and software to control the hardware. And they still show you ads in the software!

You're paying nothing to GitHub.

Github shows self-promotion even on paid accounts.

unify.ui.com is not just any software. It's a hosted management interface. They are selling you a service on top of some hardware. Services self-promote.

At this point, I'm willing to argue the issue at hand isn't even about intrusive ads or whether SaaS should self-promote. This is likely a case of people's idea of ownership has been challenged. They thought they bought a physical good, they hold complete ownership of it, and they didn't tell the hardware to sell them things. What lots of people have failed to connect is, Ubiquity routers are hardware/software/service bundles. Specifically in this case, they are trying to sell you "powerful insights and control", AKA some analytics and remote management capabilities that's only available on specific hardware/unify combo. People don't have a problem with SaaS running on some cloud hardware self-promoting, so logically why should people have a problem with SaaS attached to some hardware that you can touch self-promoting. Well, it turns out people don't like that. It's too drastic a change, it upends our traditional understanding of what purchasing physical good means. People still think they bought a piece a hardware, they can move it around and open it up, and therefore they own everything related to it. It requires thinking to process that in fact, you've bought some hardware, but the service is just a license, and you don't own it. None of these reactions are rational, it's just human psychology.

From what I can see it takes up the space that would have been used by the stats from that equipment if you had it installed - so it's a lot less problematic than if they were taking up space that could have been put to better use.

I think some of the responses in this thread reek of throwing the baby out with the bathwater.

Github has ads? Not on the repository pages, which are the only ones worth visiting.

it's more like they nag 'bout this and that, i'm astonished everytime i use a browser w/o ublock.

I’m even more astonished by the dismissive, misspelled, and incorrect support response.

* telling the customer they’re wrong...

* incorrectly...

* and with multiple typos.

Yes, very cool.

The customer service response is deplorable, makes me think twice about purchasing any more Ubiquiti gear.

If you want support do not go to Ubiquiti. That is not their business model (yet). And I hope it will never be.

I'm astonished by the childish and rude language directed at the customer support rep.

Because I called out their bullshit?

Calling out bullshit is fine but I'd choose better language.

"This is unacceptable and this change makes me very angry. I will not be considering future products from Ubiquiti"

The customer service rep isn’t in control of the change. They’re in control of what they tell me, and he was bullshitting. Not really sure what else to tell you.

> They’re in control of what they tell me

Have you never interacted in a non-business sense with someone who worked customer support? They DO NOT have control of what they tell you. They will get fired real quick if they don't follow the script. Especially someone working the first line of support in a chat box.

C'mon man.

So this awful response was part of the official script? That's even worse.

But it doesn't justify being rude to the support person.

So the support person is a glorified bot, but we have to be careful not to hurt it's feelings? Honestly I feel for the support guy, but he represents the company. And companies purposely push their support onto social media platforms like twitter - where exactly are unhappy customers supposed to vent their anger?

It? This is an actual person we are talking about. And most people are perfectly capable of handling a mildly stressful situation without acting like a complete jerk to someone.

Haha teaching others how to behave online .... Oh my.

I see a lot of complaints here, but nobody offering any substantive alternatives. Mikrotik is mentioned several times, but always with the caveats that it has glitchy UIs or poorly implemented features. EnGenius... you've got to be kidding.

I've been a UI fan for many years and was also dismayed by the 6.x releases and the switch to Mediatek, but every time I went looking around, I saw the same tire fires at other vendors. At least with UBNT it's "the devil you know".

Cambium is interesting, I've been playing around with their cnPilot stuff and it's been pretty solid.

Same. There are enough annoyances with UI gear to keep us all here griping for days. But when you try to find an alternative company for your Wireless needs you realize quick that you're perfectly willing to put up with UI's stupid annoyances. Granted a few glitches have wasted days of my life trying to correct. But I'll be sticking with them for the foreseeable future. Over the years I've had satisfactory uptime and performance.

Building your own router with pfSense is one prosumer solution I've considered, by shied away from due to lack of time[1]. Not sure how a pfSense setup would work with wireless APs though.

[1] https://www.pcgamer.com/i-built-my-own-super-router-out-of-o...

pfSense might have a lot of features, but the UI is terrible in all possible ways. They should stop letting their programmers "design" the UI; dumping the raw database into an HTML table is not a good user interface.

If you want a really nice UI then you need to stop looking at consumer gear and just buy enterprise cisco kit. All of these budget brands discussed here are consumer.

OPNSense might be a better choice, considering recent and not-so-recent events.

I usually prefer the regular line over the UniFi series of UI and they tend to have less UI polish but that‘s what usually tells that it‘s a product for technical people.

I won‘t switch to the UniFi series for now even though they would provide easier management. But I‘m a bit worried that it‘s going to be an Apple-style product line where the pros are somehow not respected as much as before.

I'm just going to cash up and pay for Ruckus for my Wifi6 upgrade

OTOH not sure what i'd recommend to others - there must be 20+ unifi networks out that via recommendations i've made to friends + network

I’m curious, have you used EnGenuis before or just based on people’s responses? I was thinking of using them for a project but wouldn’t mind hearing an opinion from someone familiar with them.

Openwrt runs on lots of Ubiquiti (and other) hardware, and generally runs pretty well.

An advertisement for a company’s products on the login page is one thing - but a full on banner in the interface itself (with apparently no way to disable) is another.

Sticking with Mikrotik for now.

Mikrotik user here, I find their software really clunky and buggy.

My dream networking gear for my house is whitebox switches that I can run Debian on, but I can't find any at an economical price. Anyone know of 5-12 port ARM switches?

I've heard good things about PC Engines, although they don't have that many ports: https://pcengines.ch/apu4d4.htm

But if you're doing this for a home network you don't really need that much bandwidth out of the home and can use the 2-port one with whatever switch you want.

I ran openwrt on a laptop in a one-armed router network configuration and it worked quite well.

I have a pcengines box as my router/gateway (with OpenBSD, works absolutely wonderfully), but I need access points as well. Especially because I cannot lay cables in this house, so my home office is relying on a wireless uplink.

Got any recommendations for access points that support wireless uplinks? My Unifi ones unfortunately tend to reboot frequently, sometimes needing manual readoption/full reset. It's bad if it happens during a meeting.

I don't think I need many bells and whistles, at this point I'm just content if it's stable.

Mikrotik wireless wire? Sub $200 wireless link. It's a pair, not an ap. Anyway - it does what it says on the tin.

Thanks, but will this work through walls? (The wooden kind you get in Californian houses, not concrete or anything.)

I didn't even think of it when I wrote the original reply, but if the locations share power grid wires internally you can always g.hn over that copper to get the connection through the wall.

Ah, I thought about that as well, but I hear conflicting things about what that means for ham radio. I don't have a license yet, but certainly plan to have one.

Someone else suggested Ruckus in another subthread here. If they support wireless downlinks, that may be a good option.

EDIT: If it's known that (quality) power line stuff does not cause interference, it does become a good option.

haven't noticed any interference from powerline stuff, but the link-quality is definitely hampered by interference from other stuff (ie. temporary packet loss when some electric motor starts).

i consider it somewhere in between wifi and an ethernet cable in terms of quality.

No sorry it does need line of sight :/

Are you talking about the windows-based software? It's clunky.

The CLI, on the other hand, is pretty great. Everything is consistent.

No the CLI too unfortunately. While it is consistent, the editing of row numbers and the display of settings is really cumbersome. Setting up VLANs in particular is really tedious. Compared to real enterprise grade networking (Juniper/Cisco/Arista) it's dangerously unintuitive.

I've also tried automating it via Ansible with no success, has anyone had any luck with that?

the mikrotik CLI is an abomination if you're ever worked with JunOS on a juniper.

I wouldn’t go that far. There’s often leaky abstractions, sure. But at 30% (or less) of the price of the equivalent Juniper hardware, I can usually live with it

Interesting, Winbox or WebFig/CLI? I find this clunkyness to be a good thing, compared to shiny and inflexible products. I have some experience of quite a few brands and so far Mikrotik is one of the most coherent and unified experiences. WebFig and CLI are the same across devices running RouterOS. Winbox is not my bag though.

RouterOS is not perfect but it does most things without being overly complicated. It's DHCPv6 relay agent is pretty much useless and I really look forward to WireGuard in RouterOS v7, if ever released as stable :D

The one thing that winbox gives you is the ability to connect directly to a MAC address - helpful if you've borked your IP address setup.

Some Mikrotik hardware can run OpenWRT.

I have an RB4011iGS+5HacQ2HnD, oddly enough made by the networking company Amazon acquired (Annapurna). In theory, the CPU is supported in the mainline kernel, but I can't find an OpenWRT release or figure out how to package a custom Linux payload for flashing.

Mikrotik support refuses to provide me the uboot config they use or guide me through this process :(

Big fan of Mikrotik, I have about a half-dozen scattered about the homelab.

Made a decision long time ago to go all-Mikrotik instead of ubnt, definitely glad I made that decision several years ago.

The three stages of an engineer’s relationship with Ubiquiti:

1/ Their APs are so cool! Check out this web interface! I can manage an entire fleet of both of these, all from my home office!

2/ Aha, the APs run Linux and I can ssh to them and upload settings — even cooler!

3/ Er, you know what else runs Linux, has a pair of wired and wireless NICs, and can be managed remotely with plain text files and ssh — literally every SBC on the market for $20.

I run a mixture of UAC PROs and PoE SBCs as APs now. The latter because I’m cheap and I can manage them myself. The former because I’m cheap and refuse to retire something for which I paid $100+ a piece.

Ubiquiti provide some fantastic and well polished products. I thought I needed them, but all I really needed was commodity hardware and a shell script.

Are there any SBCs which have built in APs that can handle transfers in the hundreds of megabits range?

Good question.

When you have gigabit FIOS backstopped by multi-hundred mbps LTE, several thousand square feet of concrete and metal construction, and actively use (and feel) hundreds of megabits in any given room, even in commercially packaged offerings there are not a lot of consumer or prosumer options.

Of the two that I’ve found: (a) eero Pro (not base), and (b) UDM Pro + Nano HD APs, it comes down to something like iPhone vs. Pixel: how much twiddling do you want to do for entertainment value?

For what it’s worth, I find better sustained up/down WiFi speeds (>600 mbps vs. 450 mbps) through eero Pro, but better sustained up/down wired speeds (>900 mbps vs. >800 mbps) and support for obscure legacy IoT through Ubiquiti UniFi®.

In locations not needing more than one AP, I find monster all-in-one gaming WiFi routers (e.g. Netgear, TP-Link) beat both of them.

I've been considering my options to replace the Unifi controller if things get much worse and OPNsense + some terraform magic sounds like a great option.

What do you use to synchronise the APs and switch configuration? I'm talking things like SSIDs, VLANs, DHCP options etc.

Two SSIDs with RADIUS on one (which assigns VLANs) and guest access on the other.

VLANs at the switch level are handled by consumer NetGear switches. They have an HTTP interface around which one can build a simple API.

Configuration is driven by pushing from a single script. Push is not nearly as malleable as pull but it’s a very stable system. The script handles IPAM and DHCP allocations but almost everything that needs a static address is accessed via the DNS entry for its IPv6 EUI64 address.

Firewall rules between devices and other networks happen at the VLAN / subnet level — the actual IPv4 addresses aren’t needed for the rules themselves.

What $20 SBCs on the market have multiple real network interfaces? I'd love to pick up a few.

Ironically, a second hand Ubiquiti EdgeRouterX is a great platform from which to start building something. Ignore the UI and configure everything from the command line.

Just updated my controller VM (for two access points) to 6.1.71. Good thing it's on a ZFS volume, and that I made sure to snapshot it before updating, because I just rolled it back and dropped a pin in /etc/apt.

Ye gods. Video ads in my management interface? Are you KIDDING? This is ridiculous.

Sigh. Everything is turning to ashes. Every. Fucking. Vendor. has decided that it's perfectly OK to spam you and hoover up your personal data. And no, don't say "Apple" since I don't trust them any more than Microsoft or Google.

In any case, it makes me very hesitant to "update" my EdgeRouter, for that matter. :(

Ubiquiti has been skating on thin ice with me for a while, after their earlier telemetry kerfluffle, where they eventually did the right thing. But this is beyond the pale. The only thing I've seen worse was years ago when Belkin started hijacking HTTP connections to serve ads for censorware. [0]

At least the access points are capable of running OpenWRT, but I don't relish the prospect of reflashing them. The ERPoE-5 is the lone EdgeRouter I don't see in OpenWRT's hardware table. :(

[0] https://www.cnet.com/news/web-hijack-riles-belkin-router-use...

> ”And no, don't say ‘Apple’ since I don't trust them any more than Microsoft or Google.”


Because only one firm in your list has billboards focusing on privacy (keeping your data on your device), code enforcing that, and policy and code requiring developer full transparency in the consumer app store.

It’s an interesting exercise to ask:

If you don’t trust Apple any more than Google, what would it take for you to trust that a high end consumer hardware company would be less data privacy exploitation motivated than a purely ad revenue driven company?

What’s stupid is that ubiquiti could have easily advertised its hardware less intrusively in so many different ways.

For example, they could show “devices that integrate with <AP or Switch or Router>” or integrate the changelog of all their releases into the management UI for all products.

The list goes on for the more thoughtful ways that could have done it, but instead they did they took the absurdly lame way of advertising via banners. Jeeze.

I'm willing to pay for major updates that include new features, even on a per-device basis. I'm not willing to pay for things I already bought that don't work correctly (bug fixes).

This ad-supported model isn't needed or wanted.

Agreed. It's not like their hardware is cheap or subsidized either, like the Cloud Key, which is a tiny device that acts as a proxy and has some cache storage for firmware updates that costs upwards of $100 here.

Also runs mongodb

Joke's on you, Ubiquiti - you've bungled so many controller upgrades I haven't upgraded it in a long time.

Jokes on me... They somehow bungled the auto updates for udm machines, and force upgraded people regardless of the setting.


Makes it almost sound unintentional.

Same here. I switched to Ubiquiti gear a year ago, and by and large it's been very solid, running 2 AC-Pros, 2 AC-HDs and a bunch of switches and a gateway. My controller is a docker image running on a NAS, and having read about the problems with the v6 versions I have stayed on v5, and likely will for a long time. It's a relatively simple home setup so I'm not using any of the fancier configuration settings. For my purposes, it's infinitely better than the hodgepodge of equipment I had before.

I still like the UniFi experience and have not had any problems. I am increasingly concerned about the direction the company is going. I figure I get can a quite a few years of service from my current setup. I don't need to update or change anything for the time being, so there is no urgency. I might still recommend a Ubiquiti setup to others but it would be heavily caveated.

Yep, using an older version in a docker container. Until they force me to upgrade for some reason or other.

Yep, gonna stay on that sweet 5.14.23 till the end of times.

Holy shit! I thought I was the only one. The updates terrify me. Watching devices at 150 sites all provision simultaneously makes my asshole pucker so tight it creates a vacuum in the office. Why Ubiquiti?

So you’re the one whose ass is splitting atoms.

I have been watching Ubiquiti slowly go downhill over the past five years. I finally jumped ship to Mikrotik for a recent addition to my network and they seem like a good replacement for power users. Nothing they sell is quite as user friendly as the Ubiquiti gear, but I would rather have to spend a few minutes at a console then loose control over my network because a SaaS went offline

> loose control over my network because a SaaS went offline

That doesn't sound correct. I've always been able to access my controller without internet access as long as I was on the same LAN and was hitting the controller IP directly.

certainly a hyperbole from op.

but i have to agree that it is no far fetched for ubiquiti to fuck this up.

I just noticed PrivacyBadger is blocking Google Analytics on the management interface now, has it always been like that? I just did the update and I'm not seeing that ad.

Do you own a UDMP?

No, maybe that's why I'm not seeing the ad?

Yeah that’s probably why. Wait until they release the successor and you’ll start getting them :-P

Bummer, I was considering switching to a full Ubiquiti setup in the future. Are there any other worthwhile competitors?

I was also looking into this pretty recently.

Good info here https://www.youtube.com/watch?v=4G2g7Txgzgw

Reading the Glassdoor reviews of Engenius makes it sound like a clone of Ubiquiti minus Ubiquiti's weird dislike of automated testing. Still, I hope that there is a decent alternative to UI

It's been a decade or so since I paid attention to Engenius, but I don't think it's right to describe them as a Ubiquiti clone. Engenius for a little while was the vendor of choice for people trying to build out consumer mesh networks. Ubiquiti may have existed then too, but didn't become the more popular choice until a little later.

Back then, Engenius had a lot of nice features and solid products, but their radios had some issues. I think we had to replace about 60% of the Engenius devices we deployed over a five year period. We never had to replace any of the Ubiquitis.

I wouldn't buy Ubiquiti now though.

What would you buy?

I dunno. I'd be starting all over again and looking for different options depending on the application. One of the nice things about Ubiquiti was that they did several things well.

For plug-and-play home wifi, Eero might be a good choice, with some reservations.

For slightly larger scale prosumer stuff, I might look for a way to use Ubiquiti's hardware but with something like https://hostifi.com/ , maybe with older-generation hardware that I still trusted.

For the DIY hobbyist, pfsense, openwrt, and kin are still popular.

Honestly, mesh networks have been a tarpit forever. It's been exceedingly difficult to make them reliable, with all the features people want (like access point roaming), without spending a lot of time or money. I got out of that niche a few years back and have no desire to get back in to it.

> For slightly larger scale prosumer stuff, I might look for a way to use Ubiquiti's hardware but with something like https://hostifi.com/ , maybe with older-generation hardware that I still trusted.

For prosumer stuff -- why would you not just self-host?!? The average prosumer is never going to need more than the cheapest DO droplet to host. Or else just run it on a computer that isn't on all the time -- prosumers either already have a server on all the time or don't care if they have logs going back 5 years. This seems to cost $60/mo at the least.

Also, I do not have much faith in this company with their website being so slow (maybe too many HN people are hitting idk, never heard of them).

My bad, (it's WordPress) we're working on building faster landing pages with Webflow

Seems okay. Though, the controller is Windows only?

I tried EnGenius a few years ago and had no end of problems with them. Switched to Ubiquiti and they've been rock solid ever since. I really, really hope Ubiquiti isn't going down hill.

I hope so as well.

Run a dockerized or VM controller (so you don't need CloudKey or Dream Machine) and pin the version; I'm running 6.0.43 and don't see any ads. Also make sure you find the option to install using a local account (not available on UDM).

The rest of the gear is working tiptop for me.

Just get separate stuff from good manufacturers. Build your own router.

Is self-promotion considered ads? My opinion is "yes" but it is not universal. For example the EasyList policy[1] states "Self-promotion should not be specifically removed by EasyList, although equally should not be allowed if it is blocked."

I asked myself the question when Wikipedia does its calls for donation. One may argue that it has a noble goal but technically, it is a huge ad banner of the annoying kind, and I would have expected indiscriminate ad blockers like uBlock Origin to block them, and they don't. And the reason is doesn't isn't because it is Wikipedia, it is because it is self-promotion and is therefore allowed.

[1] https://easylist.to/pages/policy.html

Edit: the definition of an ad by EasyList is "the promotion of third party content in return for goods or services" https://easylist.to/2011/07/11/the-definition-of-advert-and-...

First they track you, then they pander to you, then they sell you out completely.

Guess we just got to step 2.

To be honest, the reaction here seems rather absurd. From the screenshot, the user doesn’t have a USG, so the management interface can’t show data it otherwise would. This banner suggesting a UDMP is occupying space that would have otherwise just said “no data available”. It’s a bit obnoxious and should really have a “hide this” button, but it’s really pretty minor all things considered.

> This banner suggesting a UDMP is occupying space that would have otherwise just said “no data available”

I disagree, simply because that "space" is also known as "the top half of the screen", AKA "above the fold" and "prime real estate".

The user would obviously be better served by moving the functional parts of the UI upwards.

I feel bad for the engineers there, who clearly are not in charge.

Oh man you have no idea. I spent a year there running the Network Controller team.

"Shit show" doesn't even begin to describe it.

Please tell us more.

After some unexplainable sustained 100% packet loss (for minutes at a time) I switched from a set of eero routers to ubiquiti gear a few years ago and it's been a great experience so far. A single AP-AC-lite covered my entire 2600sqft house from the basement.

Somebody I know has stayed on the eero train (on my recommendation before I gave up on them) and he says the company has prioritized features he doesn't care about and deprioritized features he wished it had.

I hope Ubiquiti doesn't go down this road.

I sometimes wonder how these decisions get made within companies. I mean you are network hw vendor, how do you get convinced to embed adware/spyware into your products without compromising on trust? I'd fire all concerned if I were on the board and understood what the brand meant.

The decision maker is a product manager. The person has an agenda. With Unifi that seems to be: let us build a proper remote management interface and new fancier UI at all costs (and with some evil thinking a subscription service). Over time they become so invested that even of the become aware of the real customer need they cannot jump of from what they started.

Other example: the other Ubiquiti product manager check offs feature lost: IDS check, firewall check, pppoe check. Seeing that they are half baked he ignores.

I do not think that Ubiquiti problems is the engineering they outsourced. It is the product management they screwed up. They are not listening to what user wants. The indian IT guys are delivering.

And honestly: it is an ad. No ad network. They know our network better than us by their cloud management ... They do not need to analyze us. When they want to be an ad network they could do much worse things (like the telcos do).

Pitch to a VP with "we will do a tiny trial of 1% of customers, if it doesn't work it's GONE, no harm done."

Gets the greenlight, everyone who worked on it is invested and motivated to make the results look good, and it builds from there.

I’m not saying it’s ethically right, but from a business perspective, the question is inverted: how can you NOT spy on everyone?

There’s virtually no regulation on data collection, every other company is already doing it with no repercussions (especially home ISPs who you have no choice over and can see/sell everything you do!), anyone doing it is making a ton of money while destroying competitors, and virtually nobody in the public cares at all.

The only people speaking against it only have a voice because they’re already rich, mostly from collecting data, so anything they say rings hollow at best.

This is on the hosted interface, right? I can sorta understand that, especially when the ads are for their own gear. But if I start seeing ads in my locally installed copy of Unifi, this will be a problem.

I just got this ad on the unifi Controller hosted on my own server. Not happy about this.

Well that is disheartening. I've been pretty happy with my choice of Ubiquiti gear for home, it was a vast improvement over the consumer-grade gear I had been using before, but if I'm going to start seeing ads on my own server, I'll be looking elsewhere when it's time to upgrade.

The “hosted” interface is nothing but a proxy to my paid for cloud key. I also see this when I access it locally.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact