Ping confirmed that you are using google appengine.
>ping www.wattvision.com
PING ghs.l.google.com (74.125.113.121) 56(84) bytes of data.
When you use federated login, google appengine is behaving as if request came from the same google assets. This is a major hole. However it is recommended you use following login method.
>>> UPDATE: Google confirms (see post by sean_lynch below): Google here, confirming this is an issue with the Users API on App Engine. On-call team is working on the fix now.
<<<
>>> They rolled out a fix at 12:30PT. <<<
Ok will read up on that, thanks for confirming. We still cannot repro the exact issue, however.
Here are our repro steps:
- Inside an Incognito Window in Chrome, created a new Gmail account, signed out, signed in and checked "remember me".
- In another tab, visited wattvision. Clicking my house brings up "wattvision uses google accounts for sign in" log-in window which asks for password.
That's not the expected behavior. We use Google Accounts for Sign In, but it should present you with a window that says "sign in to wattvision" and ask you for your password again, even if you are already logged in to Gmail. We'll confirm / try to repro on our end. Any other info you have is appreciated.
UPDATE: We definitely want to fix this, we do not want to surprise or inadvertently sign up users. That's not our intention and we're not that kind of company!
I went to the last page because I was curious that you had to register _before_ buying.
At this last page I saw my gmail username pre-populated in the form automatically which freaked me out (I didn't even know grabbing a visitor's google account name was possible) and I closed the page, I did not submit (voluntarily) any info. Then within a couple of minutes I got in my gmail account a welcome email.
(I didn't even know grabbing a visitor's google account
name was possible)
I didn't either, but it seems you can simply use Google's API to allow a user to sign in, where the user name of the user that signs in (or is already signed in!), is reported to the user of the API via a callback. The request after you sign in has a 'continue' HTTP header that says something like:
How is that even possible? So if I'm signed into my gmail, a site can detect my email address? This seems like a huge privacy bug on googles behalf if this is actually happening.
This looks like a nice tool to have (if a bit expensive), but seriously, a bug like that is a real deal killer. Having my house appear after clicking a link freaked me out.
Ha. If only we were that good. ;) We try to figure out the city you're from using Geo IP (maxmind.com, for example) and then draw a Google Map. Down the line, we want to use the city you're from to compare use with other users from the same city/region. We're not interested in your exact street address.
To everyone complaining about the Google account login on wattvision.com: this looks like a major Google bug, not a WattVision problem. Even if they were evil, this should not be possible.
You should include a link to your site from the blog. I was borderline interested in the product, wanted to see what it was about and went hunting for a link and then became uninterested after I couldn't find one.
I think this was just discussed on HN too. There may be better input on that thread.
Sweet! We installed one at Anybots and it's surprisingly useful to know how much power the building is using. You make what you measure, or in this case use less of what you measure.
I suspect that this sort of device could be removed by the power company should they discover it.The homeowner/tenant does not, in most cases, own the meter and some power companies could consider this a modification of the meter and have it removed. Heck, they might even bill you for the removal.
I'm speculating, of course, but it seems like a real risk to me.
Either that, or the power company might start an investigation with law enforcement to determine if you have fitted the power meter with a device that misrepresents your electricity use.
I can only imagine the look on my meter reader's face if he saw a device like that attached to the meter.
One would hope that Wattvision launched(s) an education campaign aimed at the power companies to let them know of this device.
I think this is incorrect speculation. Black&Decker, for example, sells a similar looking device. I've had one on my meter for months and no one's said anything.
The reference to specific manufacturers is for informational purposes only and does not represent that the Power Monitor has been approved or endorsed by the manufacturer or your local power company.
I will give you this one though. My local power company indicates that the meter is property of the customer. Perhaps this is more common that I initially thought:
Wow looking at the ranking page here http://www.wattvision.com/rankings Mark's House use about 10 times energy as comparable size homes. Is it a house or an open air furnace?
I like it. Will you be shipping internationally? Just a note, the size comparison is not very useful since I:
1) Do not know how large that particular candy bar is. It could be a tiny one or it could be a huge one.
2) I have no idea how large that Reddit toy is.
I'm interested in this kind of product, but I live in an apartment and don't have access to my electric meter (or if I do, I definitely can't install things on it). Is there something like this I could use on individual outlets?
Depending on what state you live in, your apartment building is required to give you access to the meter that measures your apartment (to verify that you're getting charged correctly). If you ask nicely you might be able to convince your landlord to let you hang one of these (especially if the meter is indoors). I proposed such a thing to my landlord and they were interested in knowing more.
Dammit Savraj, in one fell swoop you not only brought out a super-cool greet tech appliance but also realised the dream that Clickpass never could - true seamless sign-on. The King is dead, long live the King!
Pretty neat. It will be possible to determine if a house is occupied, by looking at the current and historical power usage data. You've still got to find the address though.
Congrats! Does this hardware work with more meter types than the beta hardware? My meter was not one of those that it initially worked with, so I sent in a picture of it, and I would very much like to get this working.
Do the WattVision guys have plans to create sensors that can replace light switches and receptacles? Perhaps with wireless mesh networking? That would be sweet :~).
Login issues aside (I realise they are significant but they're very well covered here)...
This is a great product. I'm delighted for you that you've launched it as a shipable unit after what I'm sure was epic work. But you just cannot sell to consumers on a website that look like that. Your homepage consists of a graph, for crying out loud.
>ping www.wattvision.com PING ghs.l.google.com (74.125.113.121) 56(84) bytes of data.
When you use federated login, google appengine is behaving as if request came from the same google assets. This is a major hole. However it is recommended you use following login method.
http://code.google.com/appengine/docs/python/users/overview....
EDIT: Just reported the bug with appengine groups. http://groups.google.com/group/google-appengine-python/brows...