Not cool, N26

January 2016, I switched banks. I moved from my traditional german bank, GLS Bank, to the then one year old startup N26, formally known as “NUMBER26”. I’ve done this for the follwing reasons:

  • Real time banking: All transactions, like card payments etc. are instant.
  • Instant (!) Pushnotifications on my phone about any account activity such as a card payment in the store.
  • A mobile app that not only looks like a banking app in 2016 should but also offers advanced features:
    • Total control including the change of daily withdrawal and payment limits
    • Locking and unlocking my debit cards
    • Setting a custom PIN anytime
    • View all transactions in real time even before they clear
  • They not only offer their product in english (I use all my stuff in english) but also speak english to me on my statements and on the phone
  • I love their vision of being a european bank
  • They are the only bank in Germany apart from Fidor to offer a DEBIT MasterCard linked to a checking account (I’m not a big fan of the german national Girocard system all the other german Banks are using)
  • Contactless payment support (MasterCard / Maestro PayPass)
  • No usage fees when using the card abroad in non EURO countries
  • Free ATM withdrawals worldwide

Overall, I’ve been a very happy customer and for the most part, I still am. I gladly recommended their checking account to friends because I truly believed in the product.

But recently, they fucked up. Badly.

August 2016

The first serious fuckup happend last month. My public broadcasting service fees (a mandatory thing in Germany) were due as they were every three months. Those are to be payed to the GEZ, an institution with a very bad reputation, so I did not grant them electronic access to my account. Rather, I did setup a standing order that transfers the money to them five days before the fees are due.

On August 10th, the standing order was executed as planned. I got a push notification as always, entered the transaction into my budgeting software and moved on. So far, so good – nothing was unusual.

Two days later, on August 12th (a Friday), I got a notification that the transfer did not go through and that the money has been put back into my account. I called N26 customer support and they told me, that the receiving bank rejected the transfer because the IBAN was unknown. So I called the GEZ.

I talked to a friendly woman and she was very surprised after I told her, that her employer’s bank rejected the transfer (or so I was told by N26). Together with her, we double checked all the details including the IBAN, payment reference etc. and everything turned out to be correct. She then gave me an alternate IBAN to retry my transaction. So I did transfer the money to the new IBAN and that worked. I almost missed my payment because SEPA transfers are not processed over the weekend and the money was due on monday. I checked this one off as an odd glitch at the receiving bank and moved on.

The rest of the month went by as usual without any further incidents.

September 2016

I got my credit card bill for my Visa card that I have at Barclays Bank. It was a lot bigger than usual because I booked a high-class hotel for the 33C3 conference in December. That was expensive but I live on a Budget. I had the money saved over the months before so while this was a large bill, I was prepared to pay it with no stress. The balance is not automatically withdrawn from my checking account  so I have to transfer the money to them.

After the bad experience with the GEZ payment last month, I setup the payment of the credit card bill to be executed 9 days before it becomes due – just in case something goes wrong. And boy – I am happy that I did that.

The payment was executed as a one time standing order on Thursday, September 8th at 06:00 AM. Or so the N26 banking system told me via a push notification that morning. The money must arrive at Barclays by September 17th or they will charge me late fees and interest. Typically, I can see my payment in my credit card account the following day. Barclays is pretty quick in that regard. So I checked my online banking at Barclays a day later on Friday and saw no change. Same thing on Saturday. That’s were I began to worry that something went wrong.

In Germany, Banks typically clear SEPA transfers twice a day: Once in the morning at around 9 AM and once in the evening around 5 PM in a batch processing manner. That’s a relic from the old analog times where they received physical checks and stuff in the mornings and evenings. Despite real time banking: When it comes to SEPA transfers, N26 is bound to the same restrictions simply because all other banks are doing the same thing. According to this logic, the transfer should have been processed at Barclays by Friday evening at the latest. While Barclays does not update the transaction list, they do have an “credit available” indicator that will show that the balance is payed even if the payment is not in the transaction list yet.

If the "Available credit" (Verfügbarer Kredit) and "Credit limit" (Kreditrahmen) do match, the payment was processed, despite there is still a balance shown
If the “credit available” (Verfügbarer Kredit) and “Credit limit” (Kreditrahmen) do match, the payment was processed, despite there is still a balance shown

The picture above shows the two indicators matching. On Saturday, that was NOT yet the case. The “credit available” (Verfügbarer Kredit) number was still not equal to the credit limit (I did not use the card in September so once the payment arrives, those numbers MUST match). I checked the Barclaycard online Banking again on Monday evening, September 12th. Still no change. I really started to worry that my transfer got lost but kept my nerve. The next day I got an email from Barclaycard reminding me that the balance is due very soon, on the 17th. That triggered me to call them.

The support representative was very helpful and, just with the GEZ, he double checked all the details like the IBAN with me. It all matched my outgoing transfer that was recorded in my N26 account so there was no error on my part. He confirmed that they never received a SEPA transfer from me. To be sure he asked me to send him a screenshot of the outgoing transfer in my online banking so he can do some further investigating with their accounting department. I did that but have no response yet (at the time of writing, this was less than 24 hours ago so that’s okay). Since the Barclays representative was very clear that they never received the money, I checked my N26 banking again. They have an option, to download a preliminary account statement so I went and checked that:

The online transaction list did show my credit card payment. The statement does not …. hmm. Time to call N26 about that.

The N26 support representative was also friendly and helpful. He looked at my account and the transaction in particular and then told me that on that day (September 8th), they had technical issues so the transfer was “stuck” in their system but it should clear within 24 hours. He was very sorry about that but I told him that while this is “unfortunate”, it was not his fault (which is true, although N26 as an entity is most definitely at fault).

The good news: The N26 support kept word – the transfer cleared a few hours after that call and, as you can see from my Barclaycard banking screenshot, the payment does show up as the “credit available” and “credit limit” numbers now match.

The bad news: I am convinced that this is the same glitch that happened back in August. Both times, it involved standing orders. The last time I got notified automatically that the transfer had failed and I was told on the phone by N26, that the other bank rejected the transfer. After today, I don’t believe that anymore. I believe that the transfer back in August also got “stuck” in their systems and was simply dropped. N26 probably got a lot of complaints about that so this time, as the problem happened again, they did not drop the transfer but instead, silently executed it with heavy delay without notifying their customers. I have no proof of that but this is what I believe had happened.

Banks in the SEPA area are legally required to process transfers within one bank business day and N26 took four times as long for this one. While I am still very happy with them in general, executing transfers on time is a core business function of a bank which they should NEVER fuck up. And for me, they messed it up twice in two consecutive months in a row, making me question their reliability. I will keep a close eye on future transfers and should they mess up again, I will reconsider my banking options. My trust in N26 took a serious hit today.

State of payment in Germany

There is one thing that I must put out here first. I am very much pro privacy and I try to defend the right to privacy as much as I possibly can. To give some examples:

  • I do host my own email
  • I do host my own Dropbox replacement (ownCloud)
  • I do use PGP / SMIME whenever possible
  • I do use Threema over Whatsapp as my primary messenger
  • I strongly believe in encryption by default

I even went as far as getting my passport without fingerprints in it despite the fact that those are mandatory by law here in Germany (*cough*, superglue, *cough*). Still: I am a person that prefers to pay by card whenever possible – regardless how big or small the transaction amount is. So you I guess you might call me a hypocrite for ignoring the privacy issues related to this.

The reason me being alright with paying cashless is that I am very open and transparent on my finances anyway. The important thing to note: Right now, I have a choice and I consciously have chosen to be open. Because of this, leaving a data trail with my everyday purchases is not a problem for me. The convenience of not having to deal with coins and paper bills is just worth it to me personally.

There is a movement out there advocating to abolish physical cash all together. This is something to be considered harmful, because it removes choice. You should always have the choice of doing your purchases anonymously.

Back on topic.

Germany, despite being one of the most civilized and richest countries on earth, is still a developing nation in many areas. Payment is one of these areas and it manifests itself in the Germans’ strong believe in cash: In 2014, 82% of all transactions in Germany were made using cash. When you talk to people, it is mostly because of privacy reasons and I do admire that. Again: Choice.

Fortunately, card payments are becoming more and more available giving me choice too. Practically every super market, gas station and clothing store accepts cards. However many smaller stores will tell you that they only accept “EC-Karte” (EC-Card) which stands for “electronic cash”. Officially the proper name is “girocard” since “EC” died back in 2007. However in practice, almost no one knows the name “girocard” so I’ll keep calling it “EC”.

EC / Girocard acceptance logo. If you see only this, don't expect your international debit / credit card to work.
EC / Girocard acceptance logo. If you see only this, don’t expect your international debit / credit card to work.

EC is a german national debit card system comparable to Maestro or Visa Electron / V-Pay but it will only work with debit cards issued by German banks!.

This is a dick move because practically every other country in the EU uses the international Maestro or Visa Electron / V-Pay system. Everybody using the same payment system has significant advantages for the consumer: His debit card will work everywhere regardless of which country he travels to inside the EU – except for Germany. I’ve witnessed a couple of surprised tourists that found out about that the hard way: At the cash register trying to pay up.

You might think: Okay, but German debit cards should have the same problem in reverse and won’t be accepted in neighboring countries. But you’d be wrong. German banks, knowing that all other countries around Germany are using international systems, will typically co-brand their debit cards with Maestro / V-Pay functionality. A double dick move in my eyes.

My old German debit card. It has girocard (EC) / Maestro functionality
My old German debit card. It has girocard (EC) / Maestro functionality

I clearly am a supporter of international standards and systems because I want to be able to travel Europe freely without worring about this stuff. Therefore, despite living in Germany, I have been using international cards (MasterCard and Visa credit and debit cards) exclusively for over two years now so I know what it is like to be a “tourist” trying to pay with them.

Fortunately, there is light at the end of the tunnel. Last year, two discount groceries stores (Aldi and Lidl) finally started accepting MasterCard, Maestro and Visa debit and credit cards too. Most other large supermarket chains like Penny or Rewe also take them now. In gentrified areas these cards are also welcome in most restaurants too. My favorite Pizza delivery service now accepts Paypal which enables me to use use my debit MasterCard. Heck – even the customs service of Oldenburg (where I live) took my Maestro debit card (which is purposely NOT EC-Card compatible).

Contactless payments are also up and coming. All the supermarkets I go to including Aldi and Lidl do offer contactless payment. However the staff hardly ever knows about this feature because those cash savvy Germans won’t use it. So expect to see a surprised face looking back at you when you wave your card in front of the terminal and don’t just walk away because there are likely to be questions about what just happened ;-).

Recently, I also switched jobs and I am now working in a gentrified area of Bremen. All the places I prefer for lunch in that area also will accept card payments so I will do my personal no cash challenge. I will try not to use cash for an extended period of time – at least until the end of June and I am looking forward to see how that turns out. I will probably write a post about that experience too.

In conclusion: In 2015, many of the major places started to take international debit and credit cards so it is not all doom and gloom anymore. You finally can have choice at most places: Pay with physical cash or use your cards.

A year on a budget

I’ve never been good with money in my life. I did okay. I did not have any debt apart from two credit cards although I’ve never carried a balance and always paid them of in full every month. I was making my bills. I’ve never been late on anything.

Last year and the years before that it was like this:

I did have some savings ranging between the €1500 – €3000 mark. Every month, I put something in savings. But my checking account was always relatively low on funds after the big ticket items like rent, utilities, electricity etc. were withdrawn at the beginning of the month. Most of the time there was still enough left for groceries and gas plus some other little things. But almost every month, something “unexpected” came up, like an insurance premium, some household repairs or an annual subscription fee for things like Amazon Prime that I had totally forgotten about. So I transferred the money back from savings into my checking account.

I was living paycheck to paycheck despite having a good salary as a software engineer in the publishing business. Most of the time, I did not think about it but sometimes, reality hit me and I got scared. I was making ends meat but I did not get ahead. I was treading water and I seldom had more than €2000 margin between me and a financial disaster.

On March 25th 2015 my checking account was overdrawn by about €150 and my two credit cards had a balance of around €360 combined. I was a little over €500 in debt before the end of the month. I also had just over €2300 in savings so at least I had more money then I owed but still: I had enough! I’ve never been so “deep” in debt before in my entire life and it made me very uncomfortable. I feared that I might go down hill from here very fast. So I decided it was time to change something going forward. The following day, I got on a budget.

I am interested in personal finance and economical topics so even back then I listend to Dave Ramsey’s podcasts daily (go figure) and I still do today. If you don’t know him: He hosts the third largest talk radio show in the US and is all about helping people getting their finances in order. He has these revolutionary ideas like:

“If you have no debt and spend less then you make you’ll have money”

No sh*it! It is a simple concept but it is hard to do if you never learned how.

To achieve this goal, he tells you to live on a written game plan: The zero based budget. You have to assign every dollar of your paycheck a task on paper on purpose every month before the month begins. So you write down what you need to buy short term like rent, food, transportation and so on. Also, you need to look ahead for larger, less frequent expenses like that annual insurance premium. So you divide those by 12 and put that amount away every month. When you are done with your plan, you are supposed to have zero dollars left to assign. The idea is: When EVERY SINGLE dollar has a task, then none of them will “wander off” and you won’t wonder where they went.

A software that implements this concept really well is YNAB. I found it thanks to German podcaster Holger Klein (thank you so much!!) who mentioned it on his WRINT podcast when he was talking how the software has changed his life. YNAB also comes with its education and its rules to live by. Those rules are very close to what Mr. Ramsey teaches.

I am not affiliated with YNAB or Dave Ramsey in any way. But I can safely say that the concepts they both taught me as well as the YNAB software to help implement them have changed my life since then.

You might think that a budget is restrictive because it makes you spend less (and it does). But it is not restrictive – it gives you permission to spend. All you need is a look at your budget to see whether or not you can afford to buy something. In December 2015 I spent over  €4000 on general living expenses, christmas presents, the 32C3 conference and a large utility bill (that alone was over €700). I barley felt it. Why? Because I planned for all of that back in March and every month I put money aside for all of that. I had the cash. A year earlier that would have totally destroyed my finances.

The budget has become a tool that I never want to live without again. It puts me in control of my spending, my finances and ultimately my own fate. It feels awesome to set savings goals and achieve them! (Hello new 128GB iPhone 6S Plus) It is great to know that should I ever loose my job, I can make it up to three months on my own even if I don’t get any unemployment benefits (which you do get in Germany unless you lost your job due to own negligence like stealing from your employer).

Being on a budget has also changed me in many ways: It taught when to say no and when to say yes, how to aim for something and than achieve it. Since I am no longer broke I have lots of room for charitable giving in my budget. Giving the Pizza guy a €20 tip when they usually get nothing or maybe €1 – €2 makes them very happy. And making people happy is awesome! Giving more of my money has taught me how to be humble, how to serve people around me, how to be excellent to my friends, family and colleagues. If you are not budgeting you should try it. Done right it WILL change you forever.

Dissecting E-Mail Malware

I’ve been receiving a lot of mails like this recently:

Malware mail

It reads:

Dear Sir or Madam,

attached you’ll find a new order from BSH Household Appliances LLC. Please include the order number on your invoice as a payment reference for us.

Kind regards,
BSH Order Center

This E-Mail has been checked for viruses by Avast Antivirus-Software

As you can see it includes a word file which I had no doubt was not legit – despite the nice claim that this mail has been checked by Avast snakeoil anti-virus.

Fun fact: At the time I got this Avast would have given that Word file a clean bill of health according to VirusTotal. Out of 54 scanners, only one did recognize this as malware via a heuristic. That is, among other reasons, why I think that virus scanners are a bunch of crap causing more harm then good. But that is a completely different issue.

The one thing the fake “checked by Avast”-line did for me: It peeked my curiosity for some reason. What was lurking in that file? What does it do? I wanted to find out especially since I’ve never done a forensic analysis of something like this but always wanted to try. Here’s how I approached it:

A first look

The first thing I did was: Just look at the file using good ol’ “less”. It revealed a bunch of HTML and one thing specifically peeked my interest:

Terminal screenshot
Part of the attached word document as plain-text

This looks very much like a Base64 encoded binary. So I wrote myself a small PHP script to decode that:

That was simple enough. Now, lets explore that further. Calling “file decoded.bin” just revealed “decoded.bin: data”. Looking at that the file with less just reveals garbage and “strings decoded.bin” revealed only one interesting string: “ActiveMime”. Little to go on.

Bring the hex editor!

The next obvious step was to look at the file with the eyes of a computer. I know that the first few bytes of a file usually reveal what it is. This is also how the “file” command identifies files (as far as I know). So I  launch emacs, which has conveniently has a hex editor build in: hexl-mode. Here’s the fist few bytes of my decoded base64 binary:

Since “file” did not reveal anything by looking at the first few bytes, I did not read much into that “ActiveMime” string there. It might serve a purpose exploiting MS Word but I’ve ignored it for now. More interesting is the “789c” because after it the file seems to really take off. I concluded that this must be the real start of the file because there are no more zeros from there on –  Just a lot of unreadable data.

Googling “0x789c” quickly revealed that that is a header for a zlib compressed data stream. The next logical step is: Decompress it. First, we need to truncate the first 50 bytes so the file starts with “789c”. This can simply be done using dd:

Now that the file is a valid zlib file, we can uncompress it. PHP can help you here too:

Now lets look at the file again. “file payload.raw” now reveals “payload.raw: CDF V2 Document, No summary info”. The first bytes of our payload look like this in the hex editor:

The file header and the file command indicate, that this is a “Microsoft Compound Binary File”. As far as I understand it, this is a container used by the old binary “.doc”, “.xls” and “.ppt” formats that were common before the introduction of Office Open XML in MS Office 2007.

It is an interesting format containing a FAT like filesystem pointing to multiple data streams for an application to process. You can read more about the binary file format here. It is quite an interesting design.

The evil VBA macro

I’ve never processed binary files myself without the help of a library and really did not feel like starting to learn that now. So I opted to look for ready made tools to use with that file format. The ForensicsWiki pointed me to the python oletools package. A huge shoutout to the author of this brilliant tool! If I ever decide to go into the forensics business, I would probably add this to my toolbox.

With oletools, a simple command is needed to display all VBA macros of that binary document:

Unfortunately, the source code is obfuscated. Variable and function names have been replaced by random strings like Ycra1FCZhO making the source very difficult to read. It was however clear, that the obfuscated source does build an URL using a bunch of loops. Then, it downloads the contents of that URL which happens to be an EXE-File. Once that is done, it runs the EXE-File which then in turn infects the PC.

Rather then messing with the source and trying to make it readable, I just installed a Windows 8.1 evaluation VM with MS Office 2013 trial, Wireshark and Sysinternals Process Explorer. My plan was to simply infect the machine and see what happens.

This is part of the network traffic after opening the infected file:

Malware download attempt
Malware download attempt

As you can see, I was too slow. The file has already been taken down. I could observe though, that my initial assumption was correct as the macro virus did try to run an EXE file that presumably would have been downloaded from this server.

There is nothing more for me to find here. I’d love to find out what the actual virus would have done to the system. Anyway: It has been a fun little project between Christmas eve and 32C3. I certainly did learn a lot about computer forensics and analyzing files and most importantly: it was fun!

If you are interested, you can download every file I’ve mentioned. But beware: This download contains the actual malicious document “invoice76940509.doc” which tries to infect your system. Handle with care. The password for the zip file is: “containsviruses”.

Silex Skeleton

I’ve been looking for a good, minimalistic MVC microframework for PHP development for designing RESTful APIs.

I’ve found Silex and I love it because it comes with some bare essentials: A simple dependency injection container and a router. That’s it. Nothing else. Need more? Use Composer to plug in more stuff. This allows me to build powerful webapps and APIs without the overhead of large frameworks like Zend or Symfony where I’ll never use 90% of the features.

Also from a security standpoint: Less code means less attack surface.

I’ve created a skeleton project which serves as project starter template and example on how things work if you’re new to Silex. You can check it out on Github. Once you’ve set it up on your system, you are greeted with a simple demo site:

Silex Demo App Screenshot
Silex Demo App

Apart from Silex itself, the skeleton comes with the bare minimums that I think most people will use frequently:

  • A templating engine: Twig
  • Database access layer: Doctrine ORM
    (The Hibernate for PHP, only way less hassle. Love it!)
  • Support for config files based on an APPLICATION_ENV environment variable
  • Support for internationalization: Symfony translator

And that’s it. These are the bare essentials to building a modern web app. You can of course exchange every part of this by using Composer but I’d like to think that my choices are not unreasonable.

Based on this template, I’ve already developed two APIs for two different commercial projects in just a few days. I’ve never been able to work this quickly and I really really love Silex and I hope you’ll love it too.

Feel free to get startet using my project starter. Pull requests and improvements are always welcome. It is licensed under MIT so go ahead and play with it.

E-Mail Verschlüsselung

Ab sofort nimmt mein Mailserver keine E-Mails mehr an, die unverschlüsselt reinkommen. Solltest du mir also eine Mail schicken und du bekommst eine Unzustellbar-Mail, dann steht da sicher folgender Fehler drinnen:

530 5.7.0 Must issue a STARTTLS command first

Das heißt,  dass dein E-Mailanbieter keine Verschlüsselung von E-Mails auf dem Transportweg unterstützt. Damit ist gemeint: Der Weg der E-Mail durch das Internet von deinem Mailanbieter zu mir. Stell dir das vor wie der Unterschied zwischen einer Postkarte und einem Brief: Die Postkarte kann jeder unterwegs lesen bis sie in deinem Postkasten ist, einen Brief dagegen nicht. Dieser ist in einem Umschlag. Die Verschlüsselung ist quasi dieser Umschlag.

Hauptsächlich Firmen schicken noch umverschlüsselte Mails durch die Gegend, denn die großen Freemailer (GMX,, Gmail & co) machen das mittlerweile weitgehend richtig und verschlüsseln automatisch beim Senden. Wenn du einen Firmenmailaccount verwendet hast: Sprich deinen Administrator oder Vorgesetzten an und frage ihn, warum allen ernstes sensible Firmenmails ohne jeglichen Schutz vor dem Abfangen geschickt werden. Das ist unverantwortlich! Die Briefpost macht ihr ja sicher auch nicht über Postkarten so dass das die jeder mitlesen kann.

Oh und übrigens: Ihr begebt euch auch Datenschutzrechtlich auf dünnes Eis wenn ihr keine Verschlüsselung nutzt.

Wenn du einen privaten Malianbieter hast: Wechsle ihn. Nichts sagt so schön “Mir ist der Schutz meiner Kunden egal”  wie das Senden von Mails im Klartext. Verschlüsselung anzumachen wäre für deinen Anbieter ist kein Riesendrama, sondern trivial. Das ist in einer halben Stunde erledigt – Vorausgesetzt, man weiß was man tut. Und wenn man Kommunikationsinfrastruktur für Dritte betreibt sollte man wissen, was man da eigentlich macht.

Wenn du wissen willst, ob dein E-Mail Provider Transportverschlüsselung unterstützt: Guck mal auf

E-Mail encryption

Effective immediately, I have configured my mail server to reject incoming e-mails without transport level security. So if you send me an e-mail and it bounces, there probably will be an error like this in your bounce mail:

530 5.7.0 Must issue a STARTTLS command first

That means that your E-Mail provider does not support encrypting emails during transit. I am not talking about end to end encryption like PGP or S/MIME where no one but you can decrypt the actual message. Just simple transport encryption between your mail provider and me.

It is 2016 now and after Snowden I consider encryption to be mandatory regardless of content. We need more encryption by default to counteract mass surveillance by Prism, XKeyscore, NSA, GCHQ and alike.  That is also why this site itself is HTTPS only. Not because I handle sensitive information but to embrace the new “encrypt by default” world.

So if you can’t send me emails that means your e-mail provider is bullshitting you. There is no better way to say “I don’t care about my users data” but by sending your precious mails over the internet without any protection whatsoever. None of the major providers like or GMail does that anymore. Yell at your current provider and switch immediately to someone who knows what he is doing!

If you are using a company email account: Talk to your mail server administrator and ask him why your company emails are sent unencrypted. That is flat out unacceptable.

If you want to test your mail provider whether or not transport level encryption is supported: Check

3,5″ Floppy Disk labels

Today, I wanted to create new set of Workbench 1.3 floppy disks and I am certain that I will keep them in my disk box until the disks won’t work anymore (hopefully a long time as the disks are new old stock).

For those disks that I want to keep around forever (or at least a long time), I wanted to create more suiting labels for them. I decided to create them on my Amiga 500 and print them with my Commodore MPS 1230 dot matrix printer to fit the style of the media ;-).


This printer is a character-based printer. That means that this printer is capable of printing only one font that looks like a typewriter. The computer sends the characters to print line by line to the printer, along side with some control characters like “carriage return” and “line feed” but that is beyond the point. The printer will then use it’s built in typewriter like font to print whatever characters the computer has send.

So I created a template on my Amiga 500 that lets me print my own floppy labels with my dot matrix printer. I don’t mind sharing my “work” (if you can call it that ^^) so can find the finished template in this Github gist.

When you print these labels on a character based printer like mine, the dimensions of the borders will be exactly those of a floppy disk label. If you edit the text inside, be sure to keep the number of lines intact as well as the whitespaces between text and border. Print them and cut out the labels alongside the dashed lines. Then, use some glue to stick the labels to your floppy disk.

The finished result looks clean and professional:


Jugend Hackt Maskottchen

Die Junghacker des Nordens

Drei Tage lang, vom 18. – 20. September 2015 im Gaußhof in Hamburg, fand Jugend Hackt Nord statt. Ich hatte das Privileg dort als Mentor dabei sein zu dürfen.

Was ist Jugend Hackt überhaupt?

Jugend Hackt ist ein Hackathon für Jugendliche zwischen 12 und 18 Jahren. Hackathon setzt sich aus Hacken (im Sinne von Programmieren / Basteln) und Marathon zusammen. Dieses Event ist in diesem Jahr erstmals in die Regionen “Nord”, “Süd”, “West” und “Ost” aufgeteilt und wird von der Open Knowledge Foundation veranstaltet. Ziel ist, dass junge Progammiertalente zusammenkommen, sich vernetzen und in Gruppen über das Wochenende coole Soft- und Hardwareprojekte entwickeln. Ganz getreu dem Motto der Veranstaltung: “Mit Code die Welt verbessern.”

Begleitet werden die Jugendlichen dabei von sogenannten Mentoren. Das sind Erwachsene mit technischen und organisatorischen Fähigkeiten, die die Teilnehmer anleiten, bei Fragen weiterhelfen und dafür sorgen, dass jeder integriert ist und Spaß hat. Ich war als einer dieser Mentoren dabei.

Die Projekte

Ich selbst war das erste mal bei Jugend Hackt dabei und es war auch mein erster Hackathon. Ich muss sagen, dass ich noch immer total geflasht bin, was die Jugendlichen da geleistet haben!

Anfangs hatte ich Sorge, dass man überhaupt erstmal auf Ideen kommen muss. Es werden nämlich nur grobe Themengebiete vorgegeben. Was die Jugendlichen daraus machen ist ihnen überlassen. Stellt sich raus: Das war das kleinste Problem. Im Gegenteil: Die Kids haben das Haus mit kreativen Ideen nur so gerockt!

Einige Kids @work bei Jugend Hackt Nord 2015
Einige Kids @work bei Jugend Hackt Nord 2015

Es gab Ideen wie das Projekt “Moin Refugees”. Das ist eine App, die Helfer und Flüchtlinge zusammenbringen soll. Als Flüchtling wird einem gezeigt, wo die nächsten Stellen sind, wohin man sich wenden kann und mann kann Helfer informieren, wo man gerade hin unterwegs ist. Als Helfer kann man sehen, wo Hilfe gerade am Dringensten benötigt wird. Weitere Funktionen sind die Möglichkeit zu spenden, Facebook / Twitterintegration und die Möglichkeit den Notruf zu wählen und im akuten Bedarfsfall Hilfe von Polizei, Feuerwehr oder Rettungsdienst zu erhalten.

Ein cooles interdisziplinäres Projekt war das Anti-Cheat System. Eine Hardwarelösung, mit einem Raspberry Pi Minicomputer, der das Schummeln auf E-Sport Tunieren verhindern soll. Die Idee ist, dass das Gerät bei Turnieren zwischen Maus und Computer sitzt, und sich für den Computer als Maus ausgibt. Der Computer meldet die im Spiel ausgeführten Mausbewegungen an den Raspberry Pi zurück. Betrügt der Spieler, indem er z.B. einen sogenannten Aimbot einsetzt (Programm, was automatisch auf Gegner zielt),  dann weicht die Mausbewegung mit der im Spiel ausgeführten Aktion ab und der Betrüger ist entlarvt.

Das Projekt, welches ich zusammen mit den Mentoren Knut und Ludwig betreut habe, was Schoolnet. Dabei geht es darum, eine open source Lernplattform zu entwickeln, auf der Lehrer ihren Schülern Aufgaben zukommen lassen können und die Schüler diese innerhalb einer Frist lösen müssen. Weitere Features sind Dinge wie ein Vertretungsplan. Angedacht waren auch noch Ideen wie Raumplanung und der Stundenplan. Das ganze soll eine Alternative zur proprietären iServ Lösung sein,  die eine ähnliche Zielsetzung hat. Jedoch ist diese wohl enorm teuer, nicht open source und sieht, sehr diplomatisch ausgedrückt, “nicht mehr ganz Zeitgemäß” aus.

Zara und Aurelius aus dem Orga-Team
Zara und Aurelius aus dem Orga-Team

Darüber hinaus gab es noch viel mehr. Eine Übersicht, was genau alles da am Start war, findet sich aktuell auf Hackdash. Unbedingt reinschauen! Ausnahmslos jedes einzelne dieser Projekte ist Saucool und ich könnte zu jedem Stundenlang erzählen, was ich daran so klasse finde, aber die Aufmerksamkeitspanne eines Leser ist endlich und ich würde den Rahmen sprengen.

Geil war’s!

Die Überschrift sagt alles. Das war die coolste Veranstaltung, die ich bislang je besucht habe. Ich habe an dem Wochenende so viele talentierte junge Köpfe kennengelernt und wir haben voneinander eine Menge lernen können. Im nächsten Jahr will ich unbedingt wieder dabei sein. Es ist angedacht, dass auf dem 32C3 etwas für die Junghacker vor Ort zu machen. Nichts genaues weiß man jetzt noch nicht, aber ich will da unbedingt auch mitmachen 🙂

Grüße gehen an dieser Stelle noch an die Jungs von Schoolnet. Sowohl Frontend, als auch Backend. Insbesondere an den Head of Template =P. Aber auch an alle anderen Teilnehmer(innen), Mentoren(innen) und die Orga: Ihr wart alle spitze! Danke für das tolle Event!

No, I don’t want Windows 10!

First: Yes, I do have a Windows computer. I do like to play PC games and I am not a big fan of consoles so MS Windows is the obvious choice for a gaming computer.

Just the other day, I noticed the yellow exclamation mark  on the start menu’s shut-down button, telling me there are updates to install automatically. So I went and checked only to see this:

Windows 10 Update offer
Windows 10 Update offer

I’ve disabled the “Get Windows 10” App Update (KB3035583) previously. Before today, that one also got automatically reinstalled after Microsoft apparently released a newer version of that update, causing it to reinstall although I’ve previously told Windows that I don’t want that update. Screw that.

Now, Windows Update wants me to Upgrade to Windows 10 although I am certain that the GWX-App is not installed. Turns out, Windows Update is now offering Windows 10 as “Important update”:

Wichtig = important
Wichtig = important

And it even goes so far to download the installation files without bothering to ask:

Win_Install_DownloadIf I were using a small SSD drive that 2,66 GB of space might be important to me.

So, this is the third attempt of Microsoft to get me to update to their “NSA-Dream I watch your every step” operating system. I DON’T WANT IT!

  1. Get Windows 10 App, I disabled that update
  2. Update to the before mentioned app, that reinstalled it.
  3. Now via Windows Update as “Important update”.

According to one must set the following registry key:

Hopefully, that helps.

Update – November 10th, 2015

Microsoft has just released another update for the GWX-App. The DisableOSUpgrade = 1 did not prevent the app from being updated nor did the app honor that setting. It still wants me to update to Windows 10.

Once again, only uninstalling the update and blacklisting the latest version did help. For now. Until Microsoft decides to push another update. If anyone has a more permanent solution, please let me know.