During the night from today to tomorrow, Thursday, September 20th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CEST, mite will thus be unavailable for up to 30 minutes. This maintenance is necessary to deploy security updates which require a reboot of our servers. We ask for your understanding.

~~
Update: Maintenance was completed at 3:01 AM CEST. mite was unavailable for a total of 15 minutes.

Julia in Tech talk

On May 25th the EU General Data Protection Regulation (GDPR) will come into force. While mite does support its principle guidelines since day one, we too have to adapt legal documents to meet the new requirements:

• Data Processing Agreement (new)
• updated Terms of Service
• updated Privacy Policy

Data Processing Agreement

When you input data into mite it isn’t stored locally on your device but centrally on special mite.servers in the data center of our hoster SysEleven in Berlin, Germany. Thus we process data on your behalf. And thus we now have to conclude a so-called Data Processing Agreement (DPA) in the meaning of Art. 28 GDPR with you.

In this DPA we promise to process your data only for purposes linked to mite. We explain which data exactly we collect, how we process and protect it, and which rights and duties you have.

Please conclude our DPA until May 25th. If you’re the account owner, we display a direct link within mite to take care of that. Alternatively please head over to the »Account« tab by yourself.

Updated Terms of Service

Due to the GDPR we also have to slightly update our ToS. Please find the new version at its usual place. You can still access the former version here.

In §13 Data protection you now commit to follow legal data protection guidelines, and to conclude a DPA (see above) with us.

Moreover our ToS now specify that not only companies but also consumers may use mite. This clarification results in new clauses and new rights for consumers: §1.3, §2.3, §3.6, §5.

Our updated ToS become effective automatically if you do not object within six weeks. Should you object, you or we are entitled to terminate our contract.

Updated Privacy Policy

Due to the GDPR we also have to fundamentally change our Privacy Policy. Please find the new version at its usual place. You can still access the former version here.

Until now we had a pretty tight text which we thought to be easily and quickly comprehensible. Now we have to explain everything in epic detail and legal language which we think makes it less accessible. But we do hope that you’ll still appreciate it because now you get access to much more information on how your data is handled by us.

In the end

Thanks for hanging on – until the bottom line of this long post as well as until days before the GDPR comes into force. We’ve been having the topic in mind for almost a year, but frankly it has been quite a challenge to find a good lawyer with time on his or her hands. Sorry. But hopefully, now that the updates have arrived, you’ll see them as a step forward. GDPR & mite: ahoy!

Julia in Inside out

During the night from today to tomorrow, Thursday, April 12th, between 0:30 and 1:00 AM CEST, mite will be unavailable for up to 10 minutes.

We’ll move mite to new servers with a new server architecture, and to do this properly, we’ll have to take the app down for a couple of minutes. We ask for your understanding: this is necessary so mite will be fast and secure for years to come. By the way, while we do move mite to other servers, SysEleven in Berlin, Germany will continue to host it. They have been taking care of us so well during the last years.

If you cannot notice anything working differently, we put our thumbs up. But if you do happen to stumble upon a problem, please tell us so we can fix it right away. Send us a detailed e-mail which includes information on your browser version. Thanks and mite ahoy!

~~
Update: Maintenance was completed at 0:36 AM CEST. mite was unavailable for a total of 6 minutes. From our point of view all servers are working smoothly.

Julia in Tech talk

During the night from today to tomorrow, Tuesday, January 16th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CET, mite will thus be unavailable for up to 45 minutes. This maintenance is necessary to deploy security updates which require a reboot of our servers. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:40 AM CET. All servers are patched now. mite was unavailable for a total of 22 minutes.

Julia in Tech talk

During the night from today to tomorrow, Thursday, October 19th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CEST, mite will thus be unavailable for up to 45 minutes. This maintenance is necessary to deploy security updates which require rebooting our servers. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:22 AM CEST. All servers are patched now. mite was unavailable for a total of 18 minutes.

Julia in Tech talk

During the night from Wednesday to Thursday, July 20th, between 0:00 and 8:00 AM CEST, our hoster will perform scheduled maintenance in our primary data center. Within this time frame, mite won’t be available for 30 to 60 minutes. This unavailability is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:48 AM CEST. mite was unavailable for a total of 22 minutes.

Julia in Tech talk

On the early morning of May 3rd, mite was unavailable for some users. Deutsche Telekom AG had routing problems with our primary data center operated by SysEleven in Berlin. Thus, a subset of users with Internet providers such as Deutsche Telekom or affiliated companies such as Congstar or Swisscom were affected. These networking problems started at ~7 CEST and continued until 8:45, when DTAG solved the problem.

We are sorry for this interruption. If mite is unavailable, especially at the beginning of a month, your daily workflows can be heavily affected, we’re well aware of this. A big thank you to all users who got in touch and helped us to narrow down the root of the problem!

Julia in Tech talk

Tonight and tomorrow night, between 0 and 8 AM CET, our hoster will perform scheduled maintenance in our primary data center. Within these time frames, mite won’t be available for a couple of minutes each night. This is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully, all servers are patched now. mite was unavailable for 18 minutes on November 9th and for a total of 53 on November 10th. The downtimes were longer than expected, and we are sorry for that. A hardware node initially didn’t boot correctly on the second night of maintenance. Hopefully, we did not overly disturb your work.

Julia in Tech talk

You are wonderful. We’ve been experiencing this day by day for almost ten years now. Whether you’re getting in touch with a question, or a suggestion on how to improve mite: we experience savvy and knowledge, sympathy and kindness. And, most notably, helpfulness. For this, we thank all of you.

Today, we’d like to thank one person especially: Marcel Eichner. He informed us about a security vulnerability last Thursday. Thanks to his detailed description, we could immediately reproduce it. We deployed a security fix three hours later. Thanks for your support, Marcel!

One, we do not have indication for an exploit of the vulnerability. Two, personal data could not have been read or modified. Nevertheless, as a matter of principle we want to inform you in detail.

The problem had slipped in to our open data interface, the mite.api. Every project in mite has a unique identification number (ID), and is optionally assigned to a customer. Over the API, time entries can be created for a given project. The project is referenced by its ID. mite checks if a project with this ID exists, and whether it belongs to your own account. If the check fails, the project ID in the server response is set back to “null”.

To improve performance, the server response not only contains the project ID, but also, if existent, the ID, name, and hourly rate of the project’s customer. The vulnerability was hiding in the check outlined above, within its chronological order. If the project ID belonged to an account other than you own, the project ID was correctly nulled as described, but the server response contained, if existent, the described data of its customer.

The server response did not disclose to which mite.account the customer belonged. Thus, one could have found out that any company that uses mite works for a customer such as “Acme Inc.”, but not, which company. And fortunately, it is not highly sensible information that any undefined team on the world works for a customer such as “Acme Inc.”.

The vulnerability thus wasn’t a highly critical one, and it is now closed. But it was able to slip in, even though we take security very seriously. That’s why we are so thankful to Marcel. And that’s why we’d like to ask all of you to please get in touch with us immediately if you should become aware of any other weak spots in the future.

E-mail works best in such cases. Please find our PGP key as well as all other communication channels right here. Please describe as detailed as possible what you did, how mite reacted, and how mite should have reacted. Code snippets help a lot, also screenshots, information on the technology you use, or anything else that might be important to help us reproduce the problem – and fix it as fast as possible. Please support us in keeping mite healthy and bug-free. For all of you.

Julia in Tech talk

Our hoster will perform maintenance work in our main data center during the night from Monday to Tuesday, May 31st, between 0:00 and 6:00 AM CEST. They will update the core routers. During the given timeframe, internet connection might be disrupted for up to two hours. Unfortunately, mite won’t be available then.

We wish our hoster SysEleven a smooth course of these necessary works. And we ask for your understanding. Hopefully, these updates won’t interfere with your working hours.

~~
Update: Maintenance has been completed successfully at 4:18 AM. mite was continuously available.

Julia in Tech talk