DarkSky broken in 0.40.1 [Solved, someone stole my key]

Lapatoc · March 18, 2017, 9:11am

I’ve checked my dashboard and I always had around 1000 calls per day.

rpitera · March 18, 2017, 4:15pm

That’s the free limit. You may have made more API calls, but if you’re not paying for them it won’t register anything over 1k.

Rolling back to 0.40 has not seemed to help any so I am taking the advice offered and manually setting my update time and restarting. Even though my DarkSky sensors aren’t appearing, somehow I am already up to about 936 calls.

rpitera · March 18, 2017, 5:20pm

OK something really screwy going on here. An hour ago I set the update to 15 minutes and restarted. In that time, I went over my limit and maxed out at 1000 calls.

Technically, it should have made on 4 update calls in that hour. I got no error about the config at start up so I’m sure I did it right.

-  platform: darksky
   api_key: !secret forecast_io_api_key
   update_interval:
    minutes: 10
   monitored_conditions:
     - summary
     - icon
     - nearest_storm_distance
     - precip_type
     - precip_intensity
     - precip_probability
     - temperature
     - apparent_temperature
     - dew_point
     - wind_speed
     - wind_bearing
     - cloud_cover
     - humidity
     - pressure
     - visibility
     - ozone
     - minutely_summary
     - hourly_summary
     - daily_summary

I’m restarting now with homeassistant.components.sensor.darksky: info in my logger config to see if I can figure out what the heck is going on.

lordsiris · March 18, 2017, 7:38pm

I just took a look at my dashboard in darksky. I updated on the 16th and see no major difference on the 17th compared to the 15th. Will check it again next week. Actually had 7 fewer calls (total 287) on the 17th than I did on the 15th. I do have “update_interval: 300” in my config and have had it for as long as I believe I have used darksky.

rpitera · March 18, 2017, 7:42pm

Unfortunately, because I went over the limit I won’t see any more info today anyway.

Can you verify my setting is correct? I checked the config with HA right after I made the change and it was fine with it but for some reason it wasn’t helping.

Could my API key be compromised? Not sure if the console tells you where the origin IP is from… but all my configs use secret and have for some time. I’m just so confused about why this happened out of nowhere; the only difference being the HA update.

lordsiris · March 18, 2017, 7:46pm

Possibly a test or second install of HA running against it too? Maybe change your secret key in dark sky and update that in your config? Looking at the HA docs I’m not even using a documented format for update_interval but my “300” is 5 minutes and looking at my darksky dashboard that is exactly how often I am hitting their api.

rpitera · March 18, 2017, 7:49pm

OK, I have just reset the API key and I am going to change my update_interval to 300 like yours.

Let’s see what happens tomorrow.

rpitera · March 18, 2017, 8:06pm

I couldn’t wait. So I reset the key and then gave them a CC for billing and set a cap limit of 2000 - which is low even though 10000 calls only cost a dollar - just to be safe.

After a restart and monitoring at the DarkSky console, it appears to be respecting the update interval setting. I’m going to do more testing but I wanted to share this with you.

heathpitts · March 18, 2017, 8:40pm

False alarm on mine. I guess when they start counting isn’t the end of the day in my time zone. I ended up with around 279 calls to the API yesterday with my interval set to every 5 minutes

rpitera · March 21, 2017, 6:25pm

False alarm on mine, too. Turns out someone stole my API key!

I got a quick response from Jay over at DarkSky and he was able to tell me that on the days in question, calls were coming from two IP addresses; my normal one and one from Sweden. So it was obviously compromised.

And in researching it turns out that in one of my other issue responses here:

I posted some error messages which had my key in the URL. Why someone would steal this is beyond me as it’s so easy to get free access to DarkSky, but that’s the case. Sad to think someone in this community would do such a thing but a lesson learned.

Make sure you sanitize your postings EVERY TIME. I’m usually so good about this and checked to see if it was posted anywhere else like the forums and it was just this one. But that’s all it takes…

stunts1337 · March 21, 2017, 6:48pm

What a weird thing to steal… a free API key…

rpitera · March 21, 2017, 7:03pm

Exactly my thoughts. Why do this when it costs you nothing to register? And super sad to think that someone who is a part of this community would do something like that. All I have ever done here was try to help people.

Made an already crappy birthday that much more miserable…

timseebeck · March 21, 2017, 7:45pm

(sorry, English is not my mother tongue and I really don’t know if I’m going to use the appropriate words to express feelings)

HASS devs are amazing! Guys (like you) who help n00b users (like me) are great! I don’t usually write on the forum (not smart enough) but after reading your message I felt like I had to write these lines and say THANK YOU!
Big thanks from users like me who appreciate your knowledge, time and patience. I wish I could have the privilege to keep on learning from users like you.

Kind regards and all my respect.

Lapatoc · March 21, 2017, 8:07pm

Well this is weird but explainable. It could be that person is not a part of this community. I believe so. GitHub is indexed by Google and many other search engines. Someone just may search for the key. And reason is why it was stolen they thought it may be premium account.

stunts1337 · March 21, 2017, 9:34pm

Also possible the person was just not very informed, saw your code somewhere and copy + paste without realizing hes using your specific key