Https://graph.api.smarthings.com Failed to load devices

I actually have 2 IFTTTTs in my SmartApps now. I’m sure it will work twice as fine!

4 Likes

It has nothing to do with “external services”. A SmartApp can disarm the Smart Home Monitor with a single line of code or push its armed/disarmed status to a rogue server. I can think of dozens of both explicit and covert abuse scenarios a malicious SmartApp could do. SmartThings approval process includes a code review that ensures that things like that don’t happen.

Quite incorrect, Geko: The review process absolutely does not prevent that from happening even via fully approved and published web services SmartApps.

For example, nothing prevents IFTTT, Amazon Echo, InitialState, or The Ubi (all are “approved web services SmartApps”) from doing anything at all with the devices you authorize. They could purposefully or accidentally unlock all your doors, for example, or flood your lights in a denial-of-service attack type scenario; collect the event data on all authorized devices and sell it to marketers…


Please, please, please move, follow, and continue this discussion on the thread Topic I directed you to: SmartTiles (& "other" External Services) Security

So, @slagle - is there any estimate of a resolution here? Or are we to consider this “loophole” closed?

Hey guys,

We are reverting the change we made today. The developers of these apps have been notified and I will be working with them to get them back up and running.

We truly do apologize for this, and any inconvenience we cause anyone.

5 Likes

Thanks, Tim…

Apologies for nitpicking here, but any particular reason the SmartThings Status Page doesn’t indicate a problem? We have users and/or customers who are affected, but can’t direct them to the official status…

http://status.smartthings.com

3 Likes

Put it this way - If you hadn’t have done this I think a lot of people would have been thinking “Well it cant be a priority as we’ve not even seen any forward motion” so the fact it didn’t work doesn’t matter… You’ve shown the public some progress with the problem… Which to me, means a hell of a lot more than "“We’re working on it” every 7 days…

So from me… Thank you for trying!

1 Like

It’s not that it “didn’t work”; it had serious negative repercussions on functionality that did work, with no warning.

New features should never be at the expense of existing stability.

The “new feature” here is the launch of SmartThings in the UK in early September prior to it being thoroughly tested. Without that flawed launch, there wouldn’t be “lots of people” complaining about OAuth services not working in the UK, and this impactful failed fix would not have… existed.

SmartThings is not a “beta testing platform”… Or is it?

1 Like

I’m afraid you’ve answered your own question. :wink:

1 Like

Oh no - I didnt mean it in any way to say it had the right platform effect. However it did have a mental affect on us UK members in a good way (yes at the expense of the US members).

However, launched right or wrong in the UK, it was launched. I’m a UK member having spent (with conversion of currency) more on a device than a US member would have. As a normal consumer, I expected it to work. So when we found out it didn’t perform the advertised functions I was a bit disappointed.

I’m a realist however and understand these things “can” happen. I’ve been waiting now 4 weeks for even the slightest show of progress on the issue beyond “Its coming soon” or “It’s weeks away rather than months or days”. This hickup was the first sign of “progress” if you can call it that, no matter the detrimental effects on others.

I agree it should be rolled back, and I’m glad they have the ability to do that otherwise from a company operating point of view, you might as well call it a day now.

I’m sorry it had this effect of the US members, however from a UK point of view, we needed this to show it was actually being worked on.

2 Likes

Is this stuff tested? I don’t mean that in any sarcastic or offensive way. I’m genuinely curious is there is any group of beta testers who are first to be exposed to platform updates via an opt-in.

1 Like

Update:

We found a problem. Hot fix was pushed to tomorrow morning. I will keep you all updated here with every new piece of information I get.

Thank you for any patience you can offer us, and again I apologize the the inconvenience.

9 Likes

Well…it looks like I stumbled on a big one…:smile:

I’m chomping at the bit here :slight_smile: Any news on if the hot-fix was deployed this morning? Also if it worked as intended? :smile:

Hi @slagle whose morning are you referring to here? It’s afternoon in the UK already :wink: I’m going to assume you meant your time but a declared time zone would be helpful on global communities (especially with how many of us Brits are watching this issue / fix in regards to the underlying OAuth issue).Thx Ant

Morning in context will almost always be US time. Deployments are usually (but not always) done by people in Minneapolis (central time), but there isn’t a set time. I don’t know anything more specific for this specific case.

Thanks @Dianoga

I work for an American company so ‘get it’ but as this is now marketed in the UK it would be nice to see this for clarity. It will likely reduce ‘chatter’ from users waiting on specific releases / fixes etc.

Will the UK platform be maintained by the same team as fixes deployed on central time could be a bit of a pain for UK users who are 6hrs ahead.

The UK platform is maintained by the same team that does all other regions (currently only US). I know in the past they have deployed hotfixes at 3 AM Central / 9 AM UTC when major platform issues have come up. I suspect this fix was delayed until this morning as we already had a full release scheduled to go out (it’s being deployed now). I’m not part of the team that coordinates releases so I don’t know that for sure.

This is a good point. It’s definitely something I’ll try to keep in mind going forward.

1 Like

I don’t know if this is related but I added a new device and changed the device type…when I log in via the web - it shows the correct device type, however, it never changed in the App…when I edit it via the app - it still has the “old parameters” from the original code.

Dave

In the US here and have seen no hot fix released. Is it recommended to uninstall, wipe cache, and reinstall cleverobjects? Is there any way to authorize CleverObjects from the web?