All posts in Technology

IoT Makerthon

At the end of March 2017, I participated in an IoT Makerthon (Hackathon) at my co-working space in Cologne.

The turnout was not what I expected, we were only approx. 15 participants. Considering it was planned on a Monday in working hours the only people who could attend were those who were either sent by their day job or those who could take the day off.

After a quick round of introductions, we started brainstorming on what ideas we wanted to implement. Everyone got one vote and those with the most votes would be worked on by the groups.  I’ll talk more about the projects later on.

Before breaking into projects, we had some jumpstart sessions with both sponsors to get their platforms and their capabilities:

  • QLOUD with thier IoT platform
  • ubirch presented the calliope-mini microcontroller, which they helped design, and a short introduction to LoRa and LoRaWAN
calliope-mini QLOUD IoT Developer Set
calliope-mini QLOUD IoT Developer Set

Then we broke into teams and started working on the projects. Here are the results that were achieved:

Bridge Measurement: In MediaPark there is a bridge, and we thought it would be cool to be able to measure its usage by means of its movement. So based on the readings of the accelerometer on the calliope-mini, we did just that. Movements were sent via LoRa to the the things network which then can be used for further processing or consumption by someone else. For predictive maintenance.

This slideshow requires JavaScript.

Air Quality: For the open space rooms in Startplatz it is good to have a friendly reminder to open the windows now and then to provide fresh air. So by connecting Seeed Grove Air Quality Sensor to the calliope-mini we managed to find an appropriate quality value to send a visual and auditive reminder.

Foosball Table (Kickertisch): We have a great (professional) Foosball table at Startplatz. We decided it would be useful to be able to monitor when it was in use, call for additional players and for a quick tournament. Using a couple of calliope-mini’s, we setup the first to measure movement on the table. When use is detected it sends a message using BLE to a second calliope (used as a digital board) to signal that the table is busy. By pressing the buttons on the first device signals are sent to call for players or a quick tournament. Of course we had to connect to the things network and based on that info tweet the information on the board, using node-red. The code to this can be found here.

Monitor walk-in meeting rooms: we have walk-in meeting rooms, that cannot be booked and should only be used for max. 1 hour. Some members overstay their welcome in these rooms so we setup the QLOUD box with a sensor for the door, a movement sensor, and a siren. With that we can give the member a kind reminder that is time’s up. This all feeds to their IoT backend to create statistics and be able to see it on a dashboard.

I for one, think it was a great day. I got to know lots of interessting people, got my hands on new technology and even got a starter kit from QLOUD (Thanks again to Christian and Daniel)

The session was followed by a TV crew. There is condensed video in the ZDF Mediathek in German. It starts at 9:50 and ends on 14:45

Before I close this article, I would like to reflect on how much prototyping can be done with these inexpensive kits. Especially if you consider that no one had to do much programming in any language, but rather drag-and-drop.

Who signed the .apk file?

After a while searching for an older version of an App from the Play Store, I finally found the version I wanted and downloaded it.
In order to install it, you have to “Allow the installation from unknown sources”. So there goes the chain of trust for the app.


So how do you know:

  • Where did the app came from ?
  • Did someone plant Malware in it?
  • Can I trust it?

These are cases for your trusted cryptographer or in the case your certificates.

Basically you need fo follow these steps:

# Dump the apk information
$ANDROID_HOME/build-tools/23.0.0_rc2/aapt dump badging |grep package

# verify the signer
jarsigner -verbose -verify |less

# Verify that all files have been signed with the same key
jarsigner -verbose -certs -verify |less


Error -505 while installing Android App

I’ve had the DB Navigator app trying to update itself for the last 3 to 12 months, but hadn’t really put some time into figuring out why it didn’t work.  If figured I was not the only one affected so they would fix it themselves someday. Since that never happens, I took some time and wrote this post.

In a nutshell the problem is that the ticket database was owned by another DB app: de.bahn.dbtickets. I uninstalled it and then could update / re-install the DB Navigator app.

How did I figure this out?, you say

  1. Enabled developer mode on my phone
  2. Connected to it and used adb logcat to see the logs
  3. Tried to install the app
  4. Found this in the logs

E/Finsky (28878): [1] PackageInstallerImpl.handleCommitCallback: Error -505 while installing INSTALL_FAILED_DUPLICATE_PERMISSION: Package attempting to redeclare permission de.bahn.dbtickets.permission.WRITE_DB already owned by de.bahn.dbtickets
W/Finsky (28878): [1] 3.installFailed: Install failure of -505 null

So the highlighted part is what told me the problem.

Have fun.


I just released a set of scripts that come in handing when creating clean images for virtual environment, heck you can even use it for cloud images.

What they do is:

  • clear all the logs
  • clean up the networking scripts, because the normally get references to the mac address in CentOS
  • clean up the repository files
  • in some cases create a root user

There are scripts for: CentOS 6, Debian and OpenSuse.

They can be be found in the tools section or in github.

Horizon and cookies

I’ve been working with the Havanna release of OpenStack the last couple of days and ran across a default setting that should be avoided in any deployment: using cookies as the session backend.

The source of the problems has been known at least since October 2013  in Django and other frameworks: clear-text client-side session management.
There is even OSVDB entry and Threatpost covered it in an article.

Keep Reading →

Social over-sharing

Image from

In some parts of the world over-sharing or just sharing information about you, your life-style and family can be really dangerous. There are many types of information one can over-share on the Internet, typically on social media sites like Facebook, Twitter, Google+ or Foursquare :

  • Personal information, for example: name, maiden name, birthday, schools we attended, who are our friends and family, pictures.
  • Geo-location or location information: this information tells people where you are and where to find you. Keep Reading →

Measuring community activity in Cloud Computing projects

I normally try to stick to posting original content on my site, but I ran across this post today while doing some research for the Hacker High School project.

It presents a really well structured analysis of the communities that support and give life to the main Cloud Computing projects: OpenStack, CloudStack, Eucalyptus and OpenNebula. All the information was extracted from public forums and code management systems.

You can find the post here:

Executive summary

  Keep Reading →

Smart phone / mobile phone tracking and privacy

The first hand-held mobile phone was demonstrated by Motorola in 1973 and since 90s, mobile phones have become one of the technologies that have the biggest impact on the way we live. Cell phones or mobile phones have reached an impressive 96.2% of the world population and have penetrations rates of over 100% in developed nations. This information technology has spread faster that any other, including TV, Radio and the Internet. Can you remember how we lived before cellphones?

Keep Reading →

vpnc and Fritz!box

Fritz!Box is a series of home routers from AVM, which can do a lot. Among the features is  VPN support: site-to-site and client-to-site (road warrior).

I wanted to play with the road warrior setup, because it is always practical to have a way back into a network: for privacy if on a hot spot or just to be able to access hosts on it.

Fritzbox deliverers it own Windows / Mac VPN client (FRITZ!Box VPN Connection) which works pretty good, but as a Linux user I would really enjoy native support (so I don’t have to get access through a VM, which works pretty well by the way).

After multiple failing tests and toggling all possible vpnc configuration options, which aren’t that many by the way, it was time to play: find the differences!

Keep Reading →

Adoption of Linux releases

I’m impressed how some software Vendor have resisted to provide support for Red Hat Enterprise Linux 6 (RHEL6) and its derivates for their products. This week I ran into two examples:

Keep Reading →