Scheduled maintenance on September 20th

During the night from today to tomorrow, Thursday, September 20th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CEST, mite will thus be unavailable for up to 30 minutes. This maintenance is necessary to deploy security updates which require a reboot of our servers. We ask for your understanding.

~~
Update: Maintenance was completed at 3:01 AM CEST. mite was unavailable for a total of 15 minutes.

Julia in Tech talk

Scheduled maintenance on April 12th

During the night from today to tomorrow, Thursday, April 12th, between 0:30 and 1:00 AM CEST, mite will be unavailable for up to 10 minutes.

We’ll move mite to new servers with a new server architecture, and to do this properly, we’ll have to take the app down for a couple of minutes. We ask for your understanding: this is necessary so mite will be fast and secure for years to come. By the way, while we do move mite to other servers, SysEleven in Berlin, Germany will continue to host it. They have been taking care of us so well during the last years.

If you cannot notice anything working differently, we put our thumbs up. But if you do happen to stumble upon a problem, please tell us so we can fix it right away. Send us a detailed e-mail which includes information on your browser version. Thanks and mite ahoy!

~~
Update: Maintenance was completed at 0:36 AM CEST. mite was unavailable for a total of 6 minutes. From our point of view all servers are working smoothly.

Julia in Tech talk

Scheduled maintenance on January 16th

During the night from today to tomorrow, Tuesday, January 16th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CET, mite will thus be unavailable for up to 45 minutes. This maintenance is necessary to deploy security updates which require a reboot of our servers. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:40 AM CET. All servers are patched now. mite was unavailable for a total of 22 minutes.

Julia in Tech talk

Scheduled maintenance on October 19th

During the night from today to tomorrow, Thursday, October 19th, our hoster will perform maintenance work in our primary data center. Between 0:00 and 8:00 AM CEST, mite will thus be unavailable for up to 45 minutes. This maintenance is necessary to deploy security updates which require rebooting our servers. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:22 AM CEST. All servers are patched now. mite was unavailable for a total of 18 minutes.

Julia in Tech talk

Scheduled maintenance on July 20th

During the night from Wednesday to Thursday, July 20th, between 0:00 and 8:00 AM CEST, our hoster will perform scheduled maintenance in our primary data center. Within this time frame, mite won’t be available for 30 to 60 minutes. This unavailability is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:48 AM CEST. mite was unavailable for a total of 22 minutes.

Julia in Tech talk

Yesterday's connection problems

On the early morning of May 3rd, mite was unavailable for some users. Deutsche Telekom AG had routing problems with our primary data center operated by SysEleven in Berlin. Thus, a subset of users with Internet providers such as Deutsche Telekom or affiliated companies such as Congstar or Swisscom were affected. These networking problems started at ~7 CEST and continued until 8:45, when DTAG solved the problem.

We are sorry for this interruption. If mite is unavailable, especially at the beginning of a month, your daily workflows can be heavily affected, we’re well aware of this. A big thank you to all users who got in touch and helped us to narrow down the root of the problem!

Julia in Tech talk

Scheduled maintenance on November 9th and 10th

Tonight and tomorrow night, between 0 and 8 AM CET, our hoster will perform scheduled maintenance in our primary data center. Within these time frames, mite won’t be available for a couple of minutes each night. This is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully, all servers are patched now. mite was unavailable for 18 minutes on November 9th and for a total of 53 on November 10th. The downtimes were longer than expected, and we are sorry for that. A hardware node initially didn’t boot correctly on the second night of maintenance. Hopefully, we did not overly disturb your work.

Julia in Tech talk

Security update

You are wonderful. We’ve been experiencing this day by day for almost ten years now. Whether you’re getting in touch with a question, or a suggestion on how to improve mite: we experience savvy and knowledge, sympathy and kindness. And, most notably, helpfulness. For this, we thank all of you.

Today, we’d like to thank one person especially: Marcel Eichner. He informed us about a security vulnerability last Thursday. Thanks to his detailed description, we could immediately reproduce it. We deployed a security fix three hours later. Thanks for your support, Marcel!

One, we do not have indication for an exploit of the vulnerability. Two, personal data could not have been read or modified. Nevertheless, as a matter of principle we want to inform you in detail.

The problem had slipped in to our open data interface, the mite.api. Every project in mite has a unique identification number (ID), and is optionally assigned to a customer. Over the API, time entries can be created for a given project. The project is referenced by its ID. mite checks if a project with this ID exists, and whether it belongs to your own account. If the check fails, the project ID in the server response is set back to “null”.

To improve performance, the server response not only contains the project ID, but also, if existent, the ID, name, and hourly rate of the project’s customer. The vulnerability was hiding in the check outlined above, within its chronological order. If the project ID belonged to an account other than you own, the project ID was correctly nulled as described, but the server response contained, if existent, the described data of its customer.

The server response did not disclose to which mite.account the customer belonged. Thus, one could have found out that any company that uses mite works for a customer such as “Acme Inc.”, but not, which company. And fortunately, it is not highly sensible information that any undefined team on the world works for a customer such as “Acme Inc.”.

The vulnerability thus wasn’t a highly critical one, and it is now closed. But it was able to slip in, even though we take security very seriously. That’s why we are so thankful to Marcel. And that’s why we’d like to ask all of you to please get in touch with us immediately if you should become aware of any other weak spots in the future.

E-mail works best in such cases. Please find our PGP key as well as all other communication channels right here. Please describe as detailed as possible what you did, how mite reacted, and how mite should have reacted. Code snippets help a lot, also screenshots, information on the technology you use, or anything else that might be important to help us reproduce the problem – and fix it as fast as possible. Please support us in keeping mite healthy and bug-free. For all of you.

Julia in Tech talk

Scheduled maintenance on May 31st

Our hoster will perform maintenance work in our main data center during the night from Monday to Tuesday, May 31st, between 0:00 and 6:00 AM CEST. They will update the core routers. During the given timeframe, internet connection might be disrupted for up to two hours. Unfortunately, mite won’t be available then.

We wish our hoster SysEleven a smooth course of these necessary works. And we ask for your understanding. Hopefully, these updates won’t interfere with your working hours.

~~
Update: Maintenance has been completed successfully at 4:18 AM. mite was continuously available.

Julia in Tech talk

Updated backend engine

Since yesterday night, mite is running on an updated version of its underlying application framework. Furthermore, we deployed some small fixes, e.g. performance improvements for users with a very high number of active customers and projects.

Deploying such updates is a routine job as a mite.caretaker. We document yesterday’s update here today because it temporarily introduced a bug. Fortunately, several users let us know immediately.

We have fixed the error as well as its temporary effects in the meantime. But we don’t want to sweep such problems under the rug, but instead inform you in detail about what went wrong and how we dealt with it. You should be able to count on that.

So here we go: We deployed the update yesterday evening at 19:42 CEST. If you locked a time entry thereafter, or edited it via bulk edit, or started or stopped the timer on it, its revenue was set to zero, so its correct hourly rate didn’t take effect. We fixed this bug with another update tonight at 1:58 CEST. Then, we fixed the revenue of all time entries that had been edited since 19:42 and had been affected by the bug. We finished these fixes tonight at 4:08 CEST. So the error is fixed, and all data is correct again. But if you edited time entries between yesterday evening, 19:42 CEST, and tonight, 4:08 CEST, and exported them right away, we’d like to advise you to nevertheless double-check their exported hourly rates and revenue.

An undocumented change in mite’s underlying application framework caused the bug. Of course, we run automated as well as manual tests before each and every update. But unfortunately, we did not catch this one. Thus, we’re already extending our testing procedures.

We are so sorry. And we don’t treat this lightly, you can be sure about that.

Please get in touch with as much details as possible via e-mail if you happen to stumble upon any other problem, so we can get rid of it it right away. We won’t back down from our ambition to keep mite bug free!

Julia in Tech talk