* Posts by Trevor_Pott

5207 posts • joined 31 May 2010

Ransomware attack hits Synology's NAS boxen

Trevor_Pott
Gold badge

Re: so .... if I don't run EZ-Internet ....

If your Synology doesn't have ports open to the net, you should be safe. But do run updates on the thing anyways. If your computer were ever infected in the future, and your Synology was left unpatched, it could be pwned at that point. Updating now will patch the hole.

1
0
Trevor_Pott
Gold badge

They're putting together a complete PR campaign around this. Their PR guy is horribly overworked, and he has been reaching out to tech journalists around the world on this. My article - and others like it - are the first line of their efforts to reach customers.

I suspect an e-mail blast is being prepared, though I personally think that should have been done about 10 minutes after learning this was an issue. Still; I do know that they will be issuing most (if not all) of the advice I wrote in this article, probably later today.

We'll see over time how the response shapes up, and I'll work with their PR guys - and hopefully their brass - to make sure they do better next time. People's files are being encrypted. Who knows how many memories are being lost. It's the least I can do.

2
0
Trevor_Pott
Gold badge

The second piece has been published, for those curious.

0
0
Trevor_Pott
Gold badge

Re: Advice please

Edit the firewall on your router, not your Synology NAS. Your Synology NAS should never be plugged directly into the internet. There should always be a router in between. If you have any questions whatsoever, contact Synology immediately, and they'll walk you through locking this down.

Edit: others go there first. :)

0
0
Trevor_Pott
Gold badge

Re: @Trevor.

Absolutely. Please go to the Synology Download Center and download the update or new version of DSM for your device. You'll be able to log into your Distation or Rackstation locally and then go into "Start --> Control panel --> Update and restore (which is under "system")". Here you'll be able to feed it the file you downloaded.

I've done the above many times. It's safe and works well.

2
0
Trevor_Pott
Gold badge

Re: @Trevor.

Okay, I do get the quibble about "backup first, then upgrade the DSM"...sort of. In the many years I've owned Synology Diskstations I've never had a DSM update go sideways on me. To be perfectly honest, I trust hte DSM update process enough, I'm not sure a special "out of band" backup would have even occurred to me. (I do have automated end of night backups, natch.)

But I'll make sure to pass along your advice all the same, because it is right and proper that they pay attention to the order of that.

1
0
Trevor_Pott
Gold badge

Actually, I can't really call them on the carpet for that one, mate.

If affected, you're screwed. Your data's gone and you either pay the ransom or pray for backups. In that case, the fact that the advice is "switch it off and calling Synology" is - to my mind - exactly the right response.

This means that they will give each user a walk through their options one by one. It also means that if the user chooses to simply nuke out the OS, restore and start fresh by blanking the drives then Synology will help them do so.

Beyond that, I'm honestly not 100% sure what Synology can do. Offer to pay the ransom for you? I'm pretty sure that's actually illegal.

If they knew how to crack the thing and get you your files back should they be posting that on the internet for all to see? Or should they walk you through it on the phone where there's at least a chance that the minor obscurity will prevent the bad guys form figuring out that their operating version is done for?

Honestly, if you've any better advice at all for any of it, ping me and I'll make sure it gets in front of the right people at Synology.

As regards "how this could be prevented in the future", keep an eye out for a sysadmin blog in a few hours. That one has already been written, and Synology's brass sent a scathing hot piece of my mind besides. I have a face-to-face with these folks in a few weeks, and there will be beating about the ears, I promise you all.

14
0

What's the point of the Internet of Things?

Trevor_Pott
Gold badge

Re: No, Trevor...

I have an alarm clock that leaps of the table and drives across the room to make me chase it. So yeah. Technology can help, even with hard problems.

1
1
Trevor_Pott
Gold badge

Re: Deep Breathing . . . for Diving into Dark Web Pools

@ amanfromMars 1 cease this coherence immediately. It's disconcerting.

5
0
Trevor_Pott
Gold badge

Re: Deep breath . . .

"I would not, however, be caught dead with a goatee."

Noone here accused you of having taste... :P

2
0
Trevor_Pott
Gold badge

Re: not convinced, but can see potential

I don't generally swear, or even write long comments, due to passion. I do it to achieve a very selective, targeted effect in the reader. There have only been - to my knowledge - about 10 comments where I have "snapped", and truly just core dumped my emotions without some form of careful linguistic selection.

That said, I don't see anything in this thread worthy of a good riposte. People are pretty tame, even the trolls. It's like a quiet Saturday night on the lake, in forum form.

2
1
Trevor_Pott
Gold badge

Re: @Trevor_Pott: not convinced, but can see potential

I believe I've had THAT conversation already.

0
0
Trevor_Pott
Gold badge

Re: not convinced, but can see potential

Aye. And not just you. Lots of people take pills, even when they are young, for a variety of ailments. Do you know how hard it is for someone with ADHD to remember to take their meds in the morning?

And what about something that took your blood pressure before dispensing a dose of stimulant (again, common for ADHD folks) so that it knew when it was safe, and when not?

A pill box that could track what Alzheimer's (or, for that matter others) patients took, and then either report that back to the doctor, or at least track it in aggregate to help us design better pills?

Something that tracks what we eat, and when, as well as what pills we take - and when - so that we can correlate symptoms for various things with these sorts of events and are better able to detect patterns? (For example, this would be really useful in helping to diagnose Celiac patients, IBS and a few other things.)

Hell, a toilet with an automated excretion analyser to help determine things like "are my organs shutting down" or "do I have a gall bladder infection", etc.

There are a lot of possibilities. Not all have to be internet connected. Some are better if they are.

But that was really my point in the article. It's not going to be "selling billions of units of an individual product" so much as "selling millions or tens of millions of an individual product" to meet niches.

3
2
Trevor_Pott
Gold badge

Re: No convinced

Is there no room for optimism at all? Life is all dour? We will die alone and unremembered after a brief period of despair and suffering that was our lives?

How sad. :(

5
3

Yes, we know Active Directory cloud sync is a MESS, says Microsoft

Trevor_Pott
Gold badge

"That's what makes you Special."

Shiny. Do I get a short yellow school bus? I could turn it into a testlab on wheels!

1
0
Trevor_Pott
Gold badge

Re: But does it work?

Aye, saw it. There are 384 work mails (down from 1021 when I woke up an hour ago) to go before I can start getting into the "El Reg" folder. I'll dig myself out eventually...

0
0
Trevor_Pott
Gold badge

Re: But does it work?

That AC is so far in the "RUN, DEAR $DEITY RUN!!!!!!!" part of the crazy/hot graph that a careful reexamination might be required. :)

1
0
Trevor_Pott
Gold badge

Re: But does it work?

@Steven Raith don't bother the Anonymous Coward you're talking to is a Microsoft marketing shill. Worse, it's not capable of rational thought. Just ignore it. Hopefully it'll do the world a favor by getting ebola and dying alone.

1
1
Trevor_Pott
Gold badge

Re: But does it work?

Several options exist. They're all a little bit prickly. Worth a blog, perhaps.

1
1
Trevor_Pott
Gold badge

Re: But does it work?

It was "miserable as bleep" and "reliable unless you changes something."

Azure AD is one of those things that introduces a strict change management requirement into your environment. Breathe on it, and it will do something bizarre. But if you're one of those shops that sets up things and then basically doesn't touch them for 5 years, you're good.

Of course, bear in mind that Azure AD can be configured in a few different ways, depending on the wodge of cash you pay, the apps you're using, the level of integration you're seeking, etc. TBH, from a technical level, it's why I walked away from Azure. I just couldn't stand bleeping with it to keep it working.

Now, if they're correct, and it's push-button easy (with presumably similar "oh shit" buttons for when something changes) then It's worth a really good long look. That said, almost every company I deal with is moving away from Active Directory as their authentication system. It's used mostly to lash together legacy Windows boxes, but almost always with a cloud connector to a less frustrating and more widely supported service.

Identity management is a hotly contested battleground right now with dozens of new entrants every year. It is going to be a while before it all shakes out and there is absolutely zero guarantee that Microsoft will emerge the winner. (My money is on a much expanded OpenID.)

The big problem with Azure AD is that Azure AD isn't exactly like adding a domain controller. You don't just have a copy of your whole AD in the cloud.

The benefit of Azure AD is that you don't just have a copy of your whole AD in the cloud.

Active Directory - like the registry before it - has become a dumping ground for information that by all rights should be in easily editable flat text files. (And bleep you too, systemd, with a bronzed goat!) So there's layers upon layers of cruft in the average Active Directory. Some of this cruft you need to make programs run. Some of it is just "junk DNA" waiting to cause a cancerous mutation.

So the bad stuff doesn't go into the cloud...but much of the good stuff doesn't either. So it takes a lot of whitepapers to find out what's where, when and why. Frankly, I gave up. I started moving away to stuff that doesn't need the Active Directory - or the bleeping registry - to get the job done. I like that "keep it simple" mantra.

But there are a lot of folks who aren't in that situation. And so this might well be an important tool for them, especially if they are to remain wedded to Microsoft in the long term. Microsoft is certainly making it a huge part of their plans, as it is an important weapon in the Identity Wars...and that's a set of battles Microsoft's "cloud first, mobile first" future can't afford to lose.

If you could just get your identity from anywhere, why...what could be next?

6
2
Trevor_Pott
Gold badge

Microsoft has made a confession: “integrating your on premises identities with Azure AD is harder than it should be” and requires “too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required.”

Oh, but when I say this exact same thing, I need to be berated, chastised and personally attacked. Groovy.

Still, cheers to MS for fixing this. It's great for their American customers. I genuinely hope it works on the service provider mini-Azures so that the rest of us can have integrated networks provided by companies with zero American legal attack surface. A proper hybrid cloud is a good thing, and Microsoft does look like they're only a few years from having the first stage of that wrapped.

Good show.

15
2

Synology and the NAS-ty malware-flingers: What can be learned

Trevor_Pott
Gold badge

Re: Conflict of interest?

"Isn't it a conflict of interest for Trevor to report on Synology while touting their gear to his own customers? Obviously he wouldn't want them to go bust. What exactly is his interest in the company?"

I am not entirely sure why it would be a conflict of interest to report on Synology while selling it to my customers. I sell Microsoft software and services to my customers too, and I tear them a new arse every other day. Any vendor is disposable, and - to be perfectly blunt - I don't make my living selling computers. I keep my hand it in because doing so allows me to keep a presence at the coalface of IT, making sure my skills stay sharp and that I have knowledge and experience relevant to the IT companies I report on.

What might represent a conflict of interest - but I honestly feel does not - is that i am currently engaged with Synology on a very narrow contract to provide them a VMworld booth demo. This demo consists of a Supermicro FatTwin server, A Supermicro Switch and a Synology RackStation all configured to run various workloads that stress the Synology storage. The contract is very narrowly defined, and I have no other role (such as ongoing consulting, etc) beyond that specific deliverable.

Given the voluminous red tape that is Synology's internal marketing spend processes, there is zero reason to believe I would get another contract from them. So, being frank, there is no incentive on my part to be nice to them. I have a fixed contract that says "I gets my money if I deliver the goods" and there's nothing in there about not pissing off the natives.

And I piss off the natives rather a lot. They weren't exactly happy I ran a pair of pieces that said, in essence, "Synology made mistakes and needs to reorganize themselves internally and spend a stonking huge pile of money to make things better in the long run."

I've never tried to hide who I am working with. You can always find out information about my open-ended engagements at http://www.trevorpott.com/about/ under "disclosure".

I don't list narrowly focused, fixed-deliverable contracts unless those contracts compel me to advocate on behalf of a client. Once more being blunt: I get so many jobs creating whitepapers, blogs, demo videos, booth demos and so forth that the fixed-deliverable stuff all blurs together. They don't make me any more or less happy about a company.

A great example is Microsoft. They gave me a free year of MSDN so that I would be able to have licences to write about their software. Didn't make me any more charitable towards them.

VMware ensures I have a suite of the latest licenses, if you read my writing over at SearchVMware, I don't exactly pull punches with them either...and the VMware licenses I get are enough to run my lab.

Bottom line: if there is ever something I - or any of the circle of professionals I trust to help me make these judgements - feel presents the possibility for conflict of interest, that will be listed in the disclosure section of my personal website for all to see.

In the meantime and betweentime, I will report on anything interesting I turn up - positive or negative - with as little personal bias as I am capable of demonstrating. I will also use and abuse any and all of my contacts within every vendor I can to advocate on behalf of "the little guy": the end customer, end user and the sub-1000 seat SMB.

As regards Synology, this means using all my connections there to try to get them to take a more serious approach to security. But I don't give Synology any more of a break than I would any other company.

Well, except Ninite. They get a free pass no matter what. But I'm allowed to be an unashamed fanboy of at least one company, aren't I?

2
0
Trevor_Pott
Gold badge

Re: Remember it's not just Synology

"You could at least slap all of them equally for their incompetence over the years."

I do.

1
0
Trevor_Pott
Gold badge

If it was a fnord, you wouldn't be able to see it.

As for Synology, I've got meetings scheduled with them to go over the issues here and try to convince them to invest heavily in security. So far, they seem receptive.

1
0
Trevor_Pott
Gold badge

Re: re: Fail2Ban

Fail2Ban is capable of more analysis than simply "block X number of failed logins". That just happens to be the only thing most people use it for. :)

Also: Fail2Ban wouldn't have stopped this attack, but it would stop many others. And my point here is "defense in depth." That there are layers that need to be here. I would, for example, configure Fail2Ban - or the auth system it protects - to reject any root or admin-priv user if that user was logging in from anything excepting the local subnet. Very important...

2
0
Trevor_Pott
Gold badge

Re: "It's an expensive ask..." but necessary

I can't say I completely disagree. At the same time, the balance between security and usability is still something tech companies are pouring research dollars into.

I personally can't claim to have all of the answers. Some, yes, but certainly not all. I think any among us who did try to claim that would be a fool; if they had the surefire answers, they'd be a mad billionaire.

So absolutely there needs to be a refocus on security within Synology. I'd like to be among the first to pound on the table about this. But this has to be balanced with usability and perhaps that means that - for now - we can't have both.

For now, at least, security is a shared responsibility, whether you're using a Synology NAS, a Supermicro IMPI controller, a Dell thin client or an HP display management computer. Systems that are largely unattended and unmanaged still need TLC. It sucks, but it's the state of technology today.

What really needs to happen is a lot of the smaller players need to get together and pool their resources into helping solve the problems to hand. A great example would be the Application Layer Gateway firewall I want. That's a beefy requirement. It take a log of RAM and a lot of CPU, at least when you're talking in the context of IoT devices.

A baseband management controller, or a low-end ARM NAS, or even your average display management computer is going to have trouble handling a proper one. Throw on monitoring, reporting, communications, etc...suddenly we start getting into the realm of a Big Ask for such small equipment.

So I think real research is required how. How can we do more with less? How can we shrink the requirements of some of this stuff so that we stay within the power/parts/price limits for that product category but still maintain both usability and security?

As I said above, I certainly don't have all the answers. I wish I did.

I could use the billions.

5
0

Microsoft KILLS Windows 8.1 Update 2 and Patch Tuesday

Trevor_Pott
Gold badge

Re: And meanwhile in Munich…

Microsoft is the world's premier supplier of Contempt as a Service. Their offerings are unmatched, whether you reside in Germany, the United States, China, or anywhere in between. Subscribe today!

52
4

China: Microsoft, don't shy away from our probe

Trevor_Pott
Gold badge

Re: Just leave now...@Trevor

"Be honest with yourself, Trevor. You know have a freetard Linux agenda and you will never be satisfied until you get your way."

You're an idiot.

2
0
Trevor_Pott
Gold badge

Re: Just leave now...

I never said the Chinese economy wouldn't take a hit. I said it wouldn't collapse. The US, OTOH, relies on cheap Chinese goods so absolutely that an inability to source them would obliterate their economy overnight.

1
0
Trevor_Pott
Gold badge

Re: Just leave now...

"Would the Chinese economy survive if we bought all our production back home?"

Yes. The US just isn't that significant. There are 6.7 billion other people in the world, and they will all still buy Chinese.

6
0
Trevor_Pott
Gold badge

Re: Just leave now...

Microsoft doesn't make a better mousetrap. Microsoft runs a protection racket. If you don't use their everything, they'll break your fucking kneecaps. So pay the protection money.

That's what "bundling" and "integration" and "embrace/extend/extinguish" or standards is all about. Abusing a monopoly in one area to enforce a protection racket in another.

Most people don't want to buy Microsoft. They don't trust Microsoft, and they sure as hell don't want Microsoft's broken UIs. But so long as Microsoft can keep convincing those who hold purchasing power in governments and businesses to do so, they have us all by the balls.

9
2

Windows 8 market share stalls, XP at record low

Trevor_Pott
Gold badge

Re: @Trevor_Pott - @P.Lee - Obvious answer to obvious stupidity is obvious

Aha. Then you are the closest to having grokked my meaning so far! :)

0
1
Trevor_Pott
Gold badge

Re: @Trevor_Pott - @P.Lee - Obvious answer to obvious stupidity is obvious

"Sorry Trevor, that's an issue for me. The other is software quality.../soapbox"

I'm not actually sure what you intended to say. Either you were talking about "all modern computers are really inefficient and this is bad" or something I have no idea how to decipher. If the former, I lack an understanding of that connects to the topic at hand.

Maybe I'm too sleepy?

0
0
Trevor_Pott
Gold badge

Re: @Trevor_Pott - @P.Lee - Obvious answer to obvious stupidity is obvious

Did I say "Android was currently a major desktop player?" No. I said - and I quote - "Android." No qualifiers of any kind. I let the rest of you lot fill in the blanks with your preconceptions and biases.

I did mean something very specific with that one word comment - and it relates directly to the comment it was replying to - but so far noone has gotten it. Given the absolutely fascinating responses that have developed thus far, I'm inclined not to reveal my original meaning and simply let the lot of you fire arrows into the dark.

I'm really curious to see if anyone gets what I meant.

0
1
Trevor_Pott
Gold badge

Re: @P.Lee - Obvious answer to obvious stupidity is obvious

"Everything you say sounds reasonable except for the Linux bit. UEFI Secure boot will make sure Linux will never get on consumer PCs. Ever!"

Android.

21
1

END your Macbook SHAME: Convert it into a Microsoft SURFACE

Trevor_Pott
Gold badge

Re: Resistance is futile Trevor

"MS knew it was only a matter of time before Win8 would grow on (in?) you..."

Coming from an account named "Fungus Bob" just makes that statement all the more creepy...

4
0
Trevor_Pott
Gold badge

@Dave 132

Ahoyhoy! You coming to VMworld? I think I owe you a keg or three of beer...

1
0
Trevor_Pott
Gold badge
Pint

@Ben Bonsall +1 for making me larf. Good show, that man.

2
0
Trevor_Pott
Gold badge

"Despite its user interface, when it comes to touch and digitizer support Windows 8 is far better than Windows 7. There are many under the hood improvements in handling that kind of input which 7 lacks. People got so focused about the Metro UI they missed what other was done. I understand any attempt to build a tablet with good pen input supports needs Windows 8, not 7."

Um, no. I'm pretty sure that I said Windows 7 was ass at dealing with pens, or being a tablet. I know full well that Windows 8 has many under the hood improvements over Windows 7. It's the chrome that makes it a bucket of warm ebola.

And it isn't just Metro. It's the fucking charms. And the flat everything. And the zero delineation of controls. And the "cloud integration". And the streaming of your every move back to the hivemind. And the...

Seriously man, if it were just fucking Metro we wouldn't hate it this much.

Ultimately, that's the reason why people don't want to use it, even if the digitizer support is better. It's the 10,000 "little things" in the UI that pick and nag at you like a cloud of bees in your brains. Using the damned thing is just awful, and that's why people will cheerfully pay significant amounts extra to avoid it.

6
0
Trevor_Pott
Gold badge

I was aware of the Android one, didn't know the Win 8 one had come out yet, but it makes sense. Which brings me back to "but it runs Windows 8." If Cintiq wanted to do a Win 7 jobbie on the same hardware, that'd be just fine. Worth a premium, even.

I'm entirely aware of all the tablets with Wacom digitizers (Surface, many of Samsung's, etc.) Hell, I own several.

The reason this Macbook Pro dealie has so many backers - and it isn't remotely the first attempt to "tabletize" a Macbook - is because it runs OSX. Windows 8 is a bucked of warm ebola. Windows 7 isn't particualrly great at being a tablet OS. OSX isn't much better...but it has a cult following, especially amongst "design" types who still buy into a two decade old mythos that says "to do proper design, you need a Mac." (That isn't true, BTW, and ceased being true a long, long time ago.)

The point here is that there are poeple who are willing to spend money on convenience. How is this any different than people who pay 2x or 3x more to get a bag of cough drops at 2am by going to the 24/7 convenience store instead of waiting until the morning and hitting up the bulk shop?

There are people - rather a lot of people - who loathe Windows 8. They loathe it enough that they would rather pay 2x, 3x or even 5x as much for what amounts to the same hardware just to get an operating system whose quirks don't drive them batty.

I sympathize. I am personally in that camp. A slightly modified (give me my fucking up button!) Windows 7 is my preferred environment. I am willing to pay extra and/or put in extra time to get that environment. Quite frankly, if my choices on my next PC were "$5000 Windows 7 box" or "$1000 Windows 8 box" there'd be no contest. I'd by the Windows 7 box.

So yeah, I get why people would mod a Macbook. I also get why they don't want a Windows 8 or Android Cintiq. Both of them are absolutely awful for the types of tasks that anyone with a digitiser is going to do.

So...despite the fretting about a few bent coppers...it's really not all that weird.

6
4
Trevor_Pott
Gold badge

I agree that a wacom tablet is cheaper, but - and please do correct me if I'm wrong - they aren't generally portable unless they've been built into a "proper" tablet. They serve as a second (or mirrored) monitor where you do things like keep palette tools. At least, that's my experience with them...

1
0
Trevor_Pott
Gold badge

To be fair, if I needed a pen interface to do my job, and the only available choices were "Windows 8" and "sacrifice a pill of virgins to get a frankenmac" then I would absolutely choose the frankenmac. Windows 8 is one of those things that is worth paying a significant amount of money not to have to deal with.

Alternately, I could just get an x86 tablet and hackintosh it. Or even Windows 7 it. Not exactly routes forward for large enterprises, but good enough for the lone gunman types.

25
14

The Therapod diet: From HUMUNGO DINO to TINY BIRD in 50m years

Trevor_Pott
Gold badge

Re: Humans Next Step Hobbits ?

Actually, Hobbits dies out. Not so long ago, however, that they wouldn't have met our ancestors.

0
0

Hey, big spender. Are you as secure as a whitebox vendor?

Trevor_Pott
Gold badge

Re: Lost in acronyms

Baseband Management Controller. They provide lights out management. See here.

2
0
Trevor_Pott
Gold badge

Re: random opinions

To be fair, IPMI has gotten a lot better of late.

1
2

Bloodthirsty Apple fanbois TEAR OPEN new Macbook, bare its guts to world+dog

Trevor_Pott
Gold badge

Re: Gonna risk the Wrath Of Trevor!

Emphatically have to disagree about the Brikk thing. I read it as an article in good fun mocking the concept of a gold-plated smartphone in general and the the "augmentation" of the iconic Apple design more specifically. I don't think the fact that he didn't include Brikk's willingness to bling up phones that nobody would ever bling up is relevant. He was having a bit of fun. He wasn't there to advertise on behalf of Brikk.

0
0
Trevor_Pott
Gold badge

Re: Gonna risk the Wrath Of Trevor!

Hey, I've no problem with you disagreeing with me. Disagree away! You feel Jasper has a bias, but you manage to express it without attacking him. Yes, I do very much disagree with you, but I see no reason for wrath.

1
0

Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers

Trevor_Pott
Gold badge

Re: US Tech Companies

"Hmm... Trevor, can you spot a contradiction in what you wrote?

Seems like any assertion of independence by anyone - a person, a company, or a country - is now treated as a threat."

I can assert all I want, that doesn't make my independence a fact. It's those who try to go beyond asserting into "enforcement" that become threats to the powers that be.

2
1

Yes, Australia's government SHOULD store comms metadata

Trevor_Pott
Gold badge

Re: Simon is being prescient, sensible and is an exemplary Australian.

Damn it, always late to the party.

0
0

Microsoft adds wireless industry legend John Stanton to its board

Trevor_Pott
Gold badge

Re: More re-arranging chairs on the Titanic….

"I hope someone has a secure back up of all their old strategies because they are going to need the old one that has “corporate windows” written [in gold] on the cover."

If Microsoft truly do alienate their userbase so much that this would be required, do you honestly think that the world would be willing to submit to that kind of lock-in again? With the same company that they abandoned for lack of trustworthiness?

0
0

Forums