-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Of course it is ... it's Tesla's API; they can do anything they want with it ...
@hcdavis3 - Why do you say Tesla has blocked getting that info? I can still access the API so I'm assuming TeslaFi can too. I ran get vehicle data config and was even able to send commands. I didn't check the streaming API so are you saying Tesla is now blocking access to the streaming API? That would affect my Teslamate too though it can now see the non-streaming pages (like I just tested with Postman)
EDIT: Ah! Looks like they blocked it on an IP layer (assuming the below reddit post is true). That explains why I could still access the data as well as my Teslamate.
Tesla blocked connections to the API from the AWS range of IP addresses. TeslaScope was also affected and has already put together a workaround
EDIT: Ah! Looks like they blocked it on an IP layer (assuming the below reddit post is true). That explains why I could still access the data as well as my Teslamate.
Tesla blocked connections to the API from the AWS range of IP addresses. TeslaScope was also affected and has already put together a workaround
It seems to me this may be an overreaction ...
I'l lay my guess on the line now:
DDoS attack originating from the AWS IP space leads to Tesla blocking the AWS IP block as a mitigation measure.
And if it turns out to be that ... much ado about nothing.
Still probably some form of rate-limiting would be my guesstimate ... Just a guess of course until we hear something more.
I see these attacks daily on my email/web servers from amazon cloud service IPs. Also from google and microsoft cloud services. Best way to handle it is to put an ip block on them. Stops it cold.
Perhaps teslafi should get their own address space and servers (and not use the amazon cloud).
Blocking all IPs from cloud servers must work but damn is it harsh. The decision to buy/host/maintain your own hardware/OS/network/configuration vs using a cloud provider isn't that simple. I'm sure you know if you work in the IT industry.
Now, as much as we like the API, Tesla doesn't owe us anything. That api was built for their mobile application. People simply discovered it and used it. Don't get me wrong, I love TeslaFi and appreciate all the applications that people have built around the api. The api is good and could be enhanced further. I would love it. I'm just saying it's not an entitlement
Now, as much as we like the API, Tesla doesn't owe us anything. That api was built for their mobile application. People simply discovered it and used it. Don't get me wrong, I love TeslaFi and appreciate all the applications that people have built around the api. The api is good and could be enhanced further. I would love it. I'm just saying it's not an entitlement
Keep letting Musk know that! He’s an ultra nerd just like us, if it doesn’t open them to security issues or overload servers, I’m sure he would be open to supporting something official if fans (owners) made it know how much we love it!Blocking all IPs from cloud servers must work but damn is it harsh. The decision to buy/host/maintain your own hardware/OS/network/configuration vs using a cloud provider isn't that simple. I'm sure you know if you work in the IT industry.
Now, as much as we like the API, Tesla doesn't owe us anything. That api was built for their mobile application. People simply discovered it and used it. Don't get me wrong, I love TeslaFi and appreciate all the applications that people have built around the api. The api is good and could be enhanced further. I would love it. I'm just saying it's not an entitlement
I wonder how many many hours tesla has lost due to canceling appointments, and talking to end user customers who start with the phrase "Teslafi says my battery........."
Just musing here, not advocating one way or another. I can understand peoples desire to see all this detailed data that isnt intended to be customer facing, and I could totally understand tesla blocking it (both as an accident, and on purpose).
I just block the address range where the attack is coming from. Works great.
It is like the difference between owning a home and renting an apartment. For a (real) business, it is well worth owning the servers and an address space - for security, customization and complete control. I've been running servers since 1995. It is dirt cheap compared to any cloud service. But you are correct - you have to be technically capable or forget it.
ucmndd
Well-Known Member
2008 called, they’re wondering where their postmaster and webmaster went. Please check in with them, they’re concerned.
“Real” businesses realized paying employees to run commodity services at one-off scale stopped being economical a decade ago.
Agree with you. Most companies use an outside service to manage their servers. Very few employees have the skill needed. Or the company can not afford them.
Getting back to the subject - if teslafi is getting ip blocked by possibly being in the spammer ghetto (AWS), then it would seem they have the tech ability to run their own server and address space. Thus avoid being ip blocked.
It’s ALL about scale. When your monthly AWS bill is mid-8 digits, you figure out real quick that maybe running things yourself might actually just be cheaper. (And yes, I have a customer doing exactly this - and re-homing from AWS.)
This would do both Tesla and the users a favour at this point. Is it still blocked?
I'm glad I abandoned work on my Tesla API service since it would've been based on AWS. Phew.
This is overlooking huge issues.
I've often wondered why Tesla even tolerates it. Surely they must see the massive amount of traffic coming from services like TeslaFi.
The app only uses the API briefly, and slowly. Maybe a few requests per day. But these other services? They're pounding the Tesla servers with requests. Some of them poll every few seconds. It's completely ridiculous, orders of magnitude more traffic than they should be serving for just app usage.
Even if Tesla is running this out of their own data centre, this surely impacts their load, number of servers needed, bandwidth, etc. All of those ultimately have costs associated with them, which is why someone like Amazon charges for all of those things (and various other granular things).
Yeeeaah, no. Elon is still the CEO of a company that needs to survive and make business decisions.
I'd wager that third party services already make up >90% of the API load on those servers that serve the API. If I was on that team, I'd start asking questions like...
Anyone and their dog can run a service on AWS. Being on AWS does not imply you have the means, ability, employees, or other logistics to handle running and owning a physical server farm at a real, owned building.
This. But AWS bill optimisation is a thing, and I personally find it fun. Transforming services so they're more financially efficient on the AWS offerings (basically, leverage specific AWS services and don't just run an EC2 [VM] fleet hooked to RDS [VM with Database]). Plenty of success stories there.
I'm glad I abandoned work on my Tesla API service since it would've been based on AWS. Phew.
This is overlooking huge issues.
- Address space is not cheap, nor widely available.
- Servers come with maintenance. Something the size of TeslaFi absolutely cannot justify running a personal server farm and employing people to maintain that around the clock.
Blocking all IPs from cloud servers must work but damn is it harsh. The decision to buy/host/maintain your own hardware/OS/network/configuration vs using a cloud provider isn't that simple. I'm sure you know if you work in the IT industry.
Now, as much as we like the API, Tesla doesn't owe us anything. That api was built for their mobile application. People simply discovered it and used it. Don't get me wrong, I love TeslaFi and appreciate all the applications that people have built around the api. The api is good and could be enhanced further. I would love it. I'm just saying it's not an entitlement
I've often wondered why Tesla even tolerates it. Surely they must see the massive amount of traffic coming from services like TeslaFi.
The app only uses the API briefly, and slowly. Maybe a few requests per day. But these other services? They're pounding the Tesla servers with requests. Some of them poll every few seconds. It's completely ridiculous, orders of magnitude more traffic than they should be serving for just app usage.
Even if Tesla is running this out of their own data centre, this surely impacts their load, number of servers needed, bandwidth, etc. All of those ultimately have costs associated with them, which is why someone like Amazon charges for all of those things (and various other granular things).
Yeeeaah, no. Elon is still the CEO of a company that needs to survive and make business decisions.
I'd wager that third party services already make up >90% of the API load on those servers that serve the API. If I was on that team, I'd start asking questions like...
- Who is the "customer"? (it's supposed to be the official Tesla app only, but TeslaFi perhaps? TezLab? TeslaMate?)
- What changes can we make without upsetting our customers? (Again, they normally have full control over the app so they'd only upset themselves... but if they change how something works that TeslaFi depends on, who has the right to get angry?)
- What are the design/testing requirements? (with only the app, the load can be well defined. with other services, this completely changes requirements)
Anyone and their dog can run a service on AWS. Being on AWS does not imply you have the means, ability, employees, or other logistics to handle running and owning a physical server farm at a real, owned building.
This. But AWS bill optimisation is a thing, and I personally find it fun. Transforming services so they're more financially efficient on the AWS offerings (basically, leverage specific AWS services and don't just run an EC2 [VM] fleet hooked to RDS [VM with Database]). Plenty of success stories there.
Similar threads
