Advent of Code 2018

This year I was introduced to the Advent of Code by Julien and Hielke, who organized a local advent.

It is a great initiative, it is nice to be focused on coding and it adds to a festive atmosphere. Together with four other team members the challenge was accepted. We all took a different approach, as it also stimulates learning a bit about new stuff (e.g. using Kotlin vs Java).

Due to time constraints I have solved only the first half of the advent puzzles, and also by using ‘plain old Java’. But my personal challenge is to look back at the code and apply a better (more modern) alternative in the time to come.

My code can be found at , be warned – it is ‘Hackathon style’ code – as you get more points the faster you finish..

The current state of PSD2 implementations in The Netherlands

PSD2 is the name of a European regulation that tries to achieve a better banking experience for bank clients. One of the focus points is ‘open banking’. Banks must open up their systems to third parties. This will allow bank clients to bank through non-bank organizations. With consent of the client a third party can retrieve information and initiate money transfers.

All European banks need to be compliant in September 2019. With 2019 just around the corner, it is interesting to check out the current state of the implementations. Luckily I was able to attend a tech talk by Mark Wanders and learn all about it, from a developer’s perspective.

The conclusion is that most of the big banks still have some work to do. But the small and young Bunq bank is in the lead.

The Bunq API is available since March 2017 in both sandbox and production environment. They offer the full functionality and cater more towards developers. This means it is easy to onboard: just request an API key from the app for access to your own accounts. For access to other accounts, use OAuth2. It is also is to build with, use the SDK for your preferred language (Java, C#, Python, PHP). All the certificate management, header signing etc. is taken care of for you!

Not all banks offer all functionality yet, or make it difficult to access (OAuth2, mutual TLS and HTTP header signing –
very secure, but potentially a hassle to implement and debug).

Another interesting finding is Payment Requests are being implemented by several banks.

Now try for yourself:


Me at Bunq, when they hosted a DevOps Amsterdam meetup 🙂

Swiss Cheese model

A while ago I posted an article about the PRISMA incident analysis model. Related to this subject is the concept of the “Swiss Cheese Model”. This model shows why things can still go wrong when there are multiple layers of protection in place. 

In every layer there are holes, and sometimes these holes line up – resulting in an incident. Also see the Wikipedia Swiss Cheese Model page.