During the night from Wednesday to Thursday, July 20th, between 0:00 and 8:00 AM CEST, our hoster will perform scheduled maintenance in our primary data center. Within this time frame, mite won’t be available for 30 to 60 minutes. This unavailability is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully at 2:48 AM CEST. mite was unavailable for a total of 22 minutes.

Julia in Tech talk

On the early morning of May 3rd, mite was unavailable for some users. Deutsche Telekom AG had routing problems with our primary data center operated by SysEleven in Berlin. Thus, a subset of users with Internet providers such as Deutsche Telekom or affiliated companies such as Congstar or Swisscom were affected. These networking problems started at ~7 CEST and continued until 8:45, when DTAG solved the problem.

We are sorry for this interruption. If mite is unavailable, especially at the beginning of a month, your daily workflows can be heavily affected, we’re well aware of this. A big thank you to all users who got in touch and helped us to narrow down the root of the problem!

Julia in Tech talk

Tonight and tomorrow night, between 0 and 8 AM CET, our hoster will perform scheduled maintenance in our primary data center. Within these time frames, mite won’t be available for a couple of minutes each night. This is necessary to deploy a security update which requires a server reboot. We ask for your understanding.

~~
Update: Maintenance was completed successfully, all servers are patched now. mite was unavailable for 18 minutes on November 9th and for a total of 53 on November 10th. The downtimes were longer than expected, and we are sorry for that. A hardware node initially didn’t boot correctly on the second night of maintenance. Hopefully, we did not overly disturb your work.

Julia in Tech talk

You are wonderful. We’ve been experiencing this day by day for almost ten years now. Whether you’re getting in touch with a question, or a suggestion on how to improve mite: we experience savvy and knowledge, sympathy and kindness. And, most notably, helpfulness. For this, we thank all of you.

Today, we’d like to thank one person especially: Marcel Eichner. He informed us about a security vulnerability last Thursday. Thanks to his detailed description, we could immediately reproduce it. We deployed a security fix three hours later. Thanks for your support, Marcel!

One, we do not have indication for an exploit of the vulnerability. Two, personal data could not have been read or modified. Nevertheless, as a matter of principle we want to inform you in detail.

The problem had slipped in to our open data interface, the mite.api. Every project in mite has a unique identification number (ID), and is optionally assigned to a customer. Over the API, time entries can be created for a given project. The project is referenced by its ID. mite checks if a project with this ID exists, and whether it belongs to your own account. If the check fails, the project ID in the server response is set back to “null”.

To improve performance, the server response not only contains the project ID, but also, if existent, the ID, name, and hourly rate of the project’s customer. The vulnerability was hiding in the check outlined above, within its chronological order. If the project ID belonged to an account other than you own, the project ID was correctly nulled as described, but the server response contained, if existent, the described data of its customer.

The server response did not disclose to which mite.account the customer belonged. Thus, one could have found out that any company that uses mite works for a customer such as “Acme Inc.”, but not, which company. And fortunately, it is not highly sensible information that any undefined team on the world works for a customer such as “Acme Inc.”.

The vulnerability thus wasn’t a highly critical one, and it is now closed. But it was able to slip in, even though we take security very seriously. That’s why we are so thankful to Marcel. And that’s why we’d like to ask all of you to please get in touch with us immediately if you should become aware of any other weak spots in the future.

E-mail works best in such cases. Please find our PGP key as well as all other communication channels right here. Please describe as detailed as possible what you did, how mite reacted, and how mite should have reacted. Code snippets help a lot, also screenshots, information on the technology you use, or anything else that might be important to help us reproduce the problem – and fix it as fast as possible. Please support us in keeping mite healthy and bug-free. For all of you.

Julia in Tech talk

Our hoster will perform maintenance work in our main data center during the night from Monday to Tuesday, May 31st, between 0:00 and 6:00 AM CEST. They will update the core routers. During the given timeframe, internet connection might be disrupted for up to two hours. Unfortunately, mite won’t be available then.

We wish our hoster SysEleven a smooth course of these necessary works. And we ask for your understanding. Hopefully, these updates won’t interfere with your working hours.

~~
Update: Maintenance has been completed successfully at 4:18 AM. mite was continuously available.

Julia in Tech talk

Since yesterday night, mite is running on an updated version of its underlying application framework. Furthermore, we deployed some small fixes, e.g. performance improvements for users with a very high number of active customers and projects.

Deploying such updates is a routine job as a mite.caretaker. We document yesterday’s update here today because it temporarily introduced a bug. Fortunately, several users let us know immediately.

We have fixed the error as well as its temporary effects in the meantime. But we don’t want to sweep such problems under the rug, but instead inform you in detail about what went wrong and how we dealt with it. You should be able to count on that.

So here we go: We deployed the update yesterday evening at 19:42 CEST. If you locked a time entry thereafter, or edited it via bulk edit, or started or stopped the timer on it, its revenue was set to zero, so its correct hourly rate didn’t take effect. We fixed this bug with another update tonight at 1:58 CEST. Then, we fixed the revenue of all time entries that had been edited since 19:42 and had been affected by the bug. We finished these fixes tonight at 4:08 CEST. So the error is fixed, and all data is correct again. But if you edited time entries between yesterday evening, 19:42 CEST, and tonight, 4:08 CEST, and exported them right away, we’d like to advise you to nevertheless double-check their exported hourly rates and revenue.

An undocumented change in mite’s underlying application framework caused the bug. Of course, we run automated as well as manual tests before each and every update. But unfortunately, we did not catch this one. Thus, we’re already extending our testing procedures.

We are so sorry. And we don’t treat this lightly, you can be sure about that.

Please get in touch with as much details as possible via e-mail if you happen to stumble upon any other problem, so we can get rid of it it right away. We won’t back down from our ambition to keep mite bug free!

Julia in Tech talk

Tonight, starting at 8:15 PM CET (what time is that for me?) until approximately 9:15 PM, we’ll deploy some important updates to our servers. Within this time frame, mite won’t be available for about 10 minutes. We ask for your understanding.

~~
Update: Maintenance took us a little longer than expected, but went just fine. mite was unavailable for four minutes only. Thanks for having kept your fingers crossed!

Julia in Tech talk

At the tab »Reports => Time entries« and optionally on shared reports, you can export time entries to Excel, and at »Reports => Projects«, projects. We remodeled these export features. Until now, mite generated Excel-specific XML. Now, mite generates XSLX.

Techie lingo aside, this update should ensure one thing: a stable, smooth export of your data. In current versions of Excel as well as, hopefully, in future ones.

Please tell us if the new export format does not work smoothly for you, and specify the exact version you’re running. We tested the new export on Windows on Excel 2016 and 2013, on Mac OS on Excel 2016, 2013, 2011, Numbers 3.6, OpenOffice 4, and LibreOffice 5, as well as on Excel Online.

Julia in Tech talk

Developers, hear hear: we overhauled the documentation of our open data interface, the mite.api.

Besides the known XML format, all requests are now finally depicted in JSON, too. Furthermore, we described common mistakes, HTTP status codes, and some previously undocumented features such as sorting time entries, filter shortcuts, and HTTP caching.

Cheers to a more helpful documentation, and happy coding! Please be so kind and get in touch if you stumble upon any inconsistencies.

Julia in Tech talk

Since 14:05 CEST, mite is not available due to a problem in our primary data center. We’re terribly sorry, please, excuse us! We’ll do everything to get mite up and running again as soon as possible. Please visit Twitter to get the newest information on this issue, we’ll update continuously.

~~
Update: Since 14:51 CEST, mite is available and at your service again. Of course, your data was safe anytime. You can always rely on that.

The interruption occured because of a network/DNS problem in our main data center. We’ll discuss it in-detail with our hoster soon, and try to come up with improvements. Again: we are so sorry for this downtime!

~~
Update: The network problems were caused by a line fault in the greater Berlin area which resulted in large parts of the Internet at the internet exchange node BCIX not being reachable. Thus, our hoster has diverted traffic to another node. Since then, mite has been available and stable again.

Julia in Tech talk