find.z-wave.me issues

Official announcements from Z-Wave.Me team. Check this forum to get information about new releases and bug fixes.
User avatar
PoltoS
Posts: 7562
Joined: 26 Jan 2011 19:36

find.z-wave.me issues

Post by PoltoS »

Dear Z-Way/RaZberry users,

Many of you are IT experts so we believe it would be good to share some technical details with you.

You might have noticed that our remote access service called find.z-wave.me was not working well last months. The reason is a very fast growing number of users. We did a lot of work to heal the service, but just adding more resources to the server was not a solution. The intrinsic limitation of the technology used made it impossible to easily scale our infrastructure.

As a result we decided to follow two steps:
1) We change our infrastructure to scale it horizontally - means adding more servers. This was expected to be a fast solution.
2) Over time (in April-May 2018) switch to another technology we develop since July 2017.

Our Step 1 was expected this month. Last week we have made two test switches to our new servers, but pretty soon we realized that there is a security issue allowing to access boxes of other people. Some of you also noticed that and were gentle to drop us a note about this highly critical issue. Of course we turned the service down and switch back to the old robust and secure find.z-wave.me server.

This critical issue is fixed now and we would like to share with you how a small bug in our software ended up with a disaster.

As you know, we do not store any information on our find.z-wave.me server. Even hashes of your passwords are not stored. We only store public keys of your boxes to match them against your box ID to verify your box identity when you connect. This is to make useless to hack our servers. When you connect via Web or mobile apps, our server connects to your Z-Way via the tunnel and tries to login via the login and password you entered in the form. If successful, we send back to your browser the authenticated session. If not, we say login/password incorrect. This means we do not store any logins/passwords/Z-Way session of your boxes.

How has it ended up that one got access to the box of another customer? Good question! It turned out that our passthru authentication daemon after improvements to support new server infrastructure was not initializing the memory and in some cases when entering wrong login and password a session from the last successful authenticated user was returned. Stupid bug that resulted in an awfully problem, agree!

As of today this issue is fixed. We did a lot of internal tests and are now ready to turn the service for public.

We apologize for the inconvenience caused and hope there were no harmful consequence for each of you. We hope that this trouble will not kill your trust in us. We will continue to make our best to provide you a good, robust, secure (and free as before) service.

Out Step 2 is an ongoing work. Security is our primary goal. We will comme up with this new technology around April-May as planned.

TLDR
We still don't store your data, if you don't trust us, you are always free to disable the remote access service and use your own way to access your box remotely.

Sincerely yours,
Poltorak Serguei
CTO at Z-Wave.Me
enbemokel
Posts: 482
Joined: 08 Aug 2016 17:36

Re: find.z-wave.me issues

Post by enbemokel »

Hi Polto, hi Team,

thanks for informing me/us about the true story behind the problems and an upcoming solution.
I like the Z-Way system and the functions. Personally I started to use VPN to connect to the system but the find.z-wave.me server
is an easy solution.
Go on and thanks for all your and your teams work in Z-Way.
Best regards
RolfKunkel
Posts: 58
Joined: 03 Jan 2017 18:35

Re: find.z-wave.me issues

Post by RolfKunkel »

All this sounds promising but the reality unfortunately looks different. Today Alexa Service is not working at all for me. Yesterday it worked pretty well (9 out of 10 commands worked successfully) today every command via Alexa fails. I would prefer to pay a few Euro per month for a stable service instead of having a service for free that is not working. My wife is upset and asked me to look for another system that works. I have not looked yet but if stability will not improve I will do that.
User avatar
PoltoS
Posts: 7562
Joined: 26 Jan 2011 19:36

Re: find.z-wave.me issues

Post by PoltoS »

The service is not finally running smoothly. It works on 3 servers balancing the load between them.

We now finally have time to work on the future service that will be even more efficient and faster to serve even more customers.
User avatar
PoltoS
Posts: 7562
Joined: 26 Jan 2011 19:36

Re: find.z-wave.me issues

Post by PoltoS »

Dear Z-Way/RaZberry users!

We would like to announce that our https://find.z-wave.me service is running fine now.
Brekne
Posts: 24
Joined: 09 Aug 2017 16:52

Re: find.z-wave.me issues

Post by Brekne »

It is not . Backend server error or I get 502 Bad gateway
User avatar
PoltoS
Posts: 7562
Joined: 26 Jan 2011 19:36

Re: find.z-wave.me issues

Post by PoltoS »

Switched to a another server, now back again
Brekne
Posts: 24
Joined: 09 Aug 2017 16:52

Re: find.z-wave.me issues

Post by Brekne »

I only get "Backend server error" This has been the case for the last days
Onanov
Posts: 3
Joined: 15 Apr 2017 01:48

Re: find.z-wave.me issues

Post by Onanov »

Im getting the same - Backend server error - been like this for a number of weeks with Alexa not responding to commands. Any update on the fix for this?
itstrisha
Posts: 12
Joined: 07 Apr 2018 13:25

Re: find.z-wave.me issues

Post by itstrisha »

Hello there,

Thanks for updating me about the actual issue and also thanks for providing the solution
Post Reply