SmartTiles announcement

With some hesitation, I am announcing that I have decided to convert SmartTiles into a Closed Source Project and remove the open source from GitHub.

Repeating what I said in March, when SmartTiles.click project was launched in it’s present form, I am grateful for the overwhelming support of the SmartThings community. Thousands of users gave my vision of a simple but flexible alternative user interface a try. Thousands of posts here are proof of your contributions by testing and giving feedback over the past year of development.

Your ideas, code snippets, notes of thanks, and a few PayPal donations large and small, helped motivate me to make installation simple, add many features, help you customize, and do the best I could to respond when things broke due to SmartThings back-end changes.

Sharing the source code has been my pleasure. I exposed it to peer review and suggestions, and I welcomed community members to learn from the techniques I used and experiment with modifications for personal use.

Maintaining, enhancing, and supporting SmartTiles is obviously a lot of ongoing effort. SmartThings is getting closer to providing a SmartApp “Marketplace” to help developers earn more than just voluntary donations for our efforts.

While waiting to see when SmartThings would speed up the publication of community SmartApps, I set up a web service installer at http://SmartTiles.click. It’s been very popular and helped many more people to use SmartTiles without handling any code.

With the SmartTiles.click installation service, it was no longer a priority to submit and publish through the SmartThings “app marketplace”. At that time, I chose not to publish my app, but I’ve kept the possibility open.

A few days ago some concerns about the security of SmartTiles were raised and it was singled out as a “bad example” in a topic titled “Why apps like SmartTiles may not be publishable”. @Ben raised a few valid concerns and myself and other community members have responded. It might worth your time to read the discussion if you are interested.

For all users of the current version, I addressed the security concern in the SmartTiles documentation here: http://www.smarttiles.click/info/#security

It is a recommended practice to use password lock on any phones or tablets you take out of your home, as neither SmartTiles nor the official SmartThings mobile app will automatically log out since there is no session timeout. You can cancel your SmartTiles access tokens using another device.

There were other reasons mentioned that make SmartTiles an example of an “unpublishable” SmartApp. I will take some time to reflect on performance and security design, and I welcome SmartThings engineers to discuss their recommendations. I am committed to sharing only quality and educational code within the community, so I decide it is best to take down the open source.

I will try to keep the SmartTiles.click installation service active and any urgent maintenance updates will be pushed automatically, but my focus is on deciding the future of the product. I also have to prioritize and may be slow to respond to questions or comments.

You can keep running any personal copies of the app, but please do not publish or distribute it, as specified in the License. I appreciate, when you get a chance, if you remove any forks that you have made into public GitHub repositories.

Alex Malikov
@SmartTiles

I am sorry things have come to this. I wish you well and hope things continue to go well for you. I looks forward to see what this project becomes in the future.

But know I know why my older customized SmartTiles dashboards started throwing an error.

Message me you version number. I will restore that file. I didn’t realize anyone uses such old versions.

So multiple dashboard will not been possible now… It’s a bad idea…

I respect your choice as a copyright holder, but it’s not gonna be easy to push toothpaste back into the tube.

@625alex What you have contributed to this community is absolutely priceless. SmartTiles is one the best apps on the SmartThings platform and definitely to me it is the best app among all existing official SmartThings apps. We all appreciate the effort that you have put into it and realize that numerous number of hours were spent in putting that product together. I am sure it is going to be sad for a lot of community members to see this project moving to be a closed source project. It is very unfortunate but I hope that folks will still be able to use the app through the installer page for a long time to come.

I wish you luck with your future projects and hope that we get to see more of your contributions on this platform soon.

Thank you once again for letting all of SmartTiles users experience a high quality Smart Home Interface.

Cheers

Ash

Yeah… interesting legal situation with GitHub, actually. (Gosh… don’t let me hijack this Topic… I wish Discourse had sub-threads … I really don’t think this needs an entirely new Topic though…):

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

I’m not a lawyer, but my strict interpretation of this GitHub term says that if Alex used a public repository, then he had to allow anyone to fork it. Fine. His license says “private use, no distribution”, though, which means that people should only have forked into private repositories if they were to be fully compliant. I don’t see anything obvious in the GitHub Terms of Service that makes the public repository rule automatically mandatory for forks. Did they overlook that? Or leave it out on purpose?

Doesn’t matter, really, I guess. “Closing” previously open source is really only a formality as long as it had some sort of restrictive license on it, because that license survives. Alex can directly contact the individuals who have forked if he thinks they are “distribution risks”.

And I emphasize that I’m sure the vast majority of people who make forks public are just doing so due to the convenience of GitHub and not intentional “distribution” and that copyright holders are fine with that as long as at least the full copyright and license restriction text remains intact.

@625alex In my experience SmartTiles was one of the best things about using SmartThings. I’m not surprised by your announcement. It symbolizes the inevitable end of a fun and open era. Corporate lawyers and security engineers are in the right to mitigate risks to ST and its big parent owners and its future consumer target of every day Joe users who might unknowingly put themselves at risk. And I’m sure partnerships require certain levels of compliance. That’s where startups die and corporate life begins.

I hope you find good options to re-architect SmartTiles so we can use it in the future (I’m assuming a platform update will break the current code before too long). Even more than that I hope we all see alternative platforms to play around with and build on in the future. Thanks for all your time on this SmartApp. I had a lot of fun tweaking it and using it in my kitchen. Glad I was able to donate and submit a pull request or two. I just deleted my fork.

I wasn’t paying close attention because I had forked Alex’s repo months ago only to submit a pull request and didn’t use it since. But I think Github said I couldn’t make my SmartTiles fork private because “forks of public repos cannot be made private” or something like that. Deleting was the only choice. I think the recommended practice is to clone a repo and make it private.

That’s assuming your account allows private repositories.

I’m a bit puzzled what Alex tries to accomplish by this move. He obviously intends to continue offering SmartTiles through his website. The only difference is that now you won’t be able to review the source code. Now, Alex has excellent creds and a very firm standing in the community, but my basic instinct would be to stay away from a closed sourced app that has not been approved by ST. I personally feel more comfortable installing an open source app with known security issues than a closed source one with unknown security issues. Just my 2 cents.

That makes sense. It would be good if GitHub aligned their repository rules with common license clauses, or highlighted this type of example. Open source always scares me a tiny bit, because “fair use” is hard to define, so sometimes I’d rather not see any code that I might replicate a little segment of just s bit too closely.

The benefits of open source are amazing though. I think many of us wished SmartThings were entirely open sourced, like Open Home. But… Different business strategy and so on.

Imagine if SmartThings’s native mobile App was open source and GPL’d… It would be interesting indeed. Probably not practical without a very well defined “client API”. So we arrive in this limbo for now…

But how do you know that SmartThings’s own (closed source) mobile client App doesn’t have “unknown / unpublished security issues”? I’d bet it does.

Sorry Terry, but you question does not make sense. That’s exactly my point.

This is such a shame. I guess I’m lucky I grabbed the code the other day for manual installations so I can still have multiple interfaces for now. @625alex I hope you continue to develop SmartTiles as its really a defining feature of SmartThings, and find a way to publish it in a way where multiple instances are allowed. Its been awesome watching this project evolve over the last few months. I’ve watched a few niche communities fall apart when they started calling out developers. I hope this doesn’t drive you away from SmartThings and it continues to grow.

Probably the best app that has ever happened in ST world.

This is why we can’t have nice things.

I’ve been watching this project from the sidelines for the entirety of the bajillion-message main thread, mostly because I didn’t have a spare tablet to run it on, and it’s been wonderful to see it grow. I’m saddened that Alex has been made to feel that his code is poor quality because it needs to work around some currently unexposed functionality on the ST API side.

I am troubled by this. But I understand. I am sure this has occupied a ton of @625alex time and for little or no financial gain.

SmartTiles.click has found a very interesting loop hole in the SmartApps model to allow others to install a developer’s instance of the code.

If ST closes this loop hole, SmartTiles.click is done. Only options are to submit for publication or open the source back up.

I feel for Alex, but in the spirit of the community and the many past, present and future community developers that could have learned from this type of interaction with ST, it saddens me that a once open source code is now gone.

Good luck Alex, I hope you can find what you are looking for.

There are two main reasons for closing the source.

First, I did some pocking around and it looks like SmartTiles has made some ripples across the Internet. SmartTiles is the first piece of code of non trivial value that I own. I don’t really want to start going after people and pressing my IP right. Developers both inside and outside the community have pieces copied from based on my project.

Second reason is to protect my name and the SmartTiles brand. Also to protect SmartThings from it’s users. SmartThings can’t handle the polling rate of SmartTiles, which is 3 polls per minute. I have seen some mods that upgraded “frequent updates” to “near instantaneous”. I don’t think that polling rate of 3 per minute is “excessive”, but I bet SmartThings does not discriminate between “official” vs “modded” versions of the app. I don’t want SmartTiles to be “unpublishable” because it has 1000 different faces where some are more publishable than others.

I was not the first one to find this hook. SmartRules, SharpTools, ThingLayer, Simple Rule Builder and other successful projects also depend on this model of app installation. If OAuth installation is closed off, the open platform is done.

“Submitting for publication” might not be an option. But there is one more way.

I hope this means what I think it means.