cloud encryption: cryptomator

Here is a great solution for anyone who wants to encrypt their data before putting it onto the cloud.

It’s an open-source encryption software for PC, MAC, Linux, Android, and iOS. So every common plattform is supported.

How is it encrypted?

In short:
You get a realtime de-/encrypted container.

the password: scrypt
the files: AES-GCM (256 Bit)
(the filenames are also encrypted beforehand)

See the full documentation on that here:

pc windows example


There are multiple files generated. good for cloud sync.
The structure looks for similar to the files and folders created with ENC DataVault by ENC Security
You get a “light” Version (which enables AES 256 bit) of that software with buying a Sandisk Cruzer USB Stick. I’ve bought the pro version allowing multiple, military-grade AES 512 and also AES 1024 bit containers.
=> cryptomator has a better usability

Use cases

In my case, I use it to safely share and access data between my windows pc, linux (ubuntu) and android smartphone.

On mobile, you get the option to sync your taken pictures encrypted into one container. for convenience, there is the option of entering your credentials to encrypted containers via fingerprint.

It would be possible to share cloud storage with other family members and keep private data protected.

You could also just encrypt your files locally on an external disk.

About the company: Skymatic GmbH

It’s born as a german startup with the idea: there are a few cloud encryption tools available… but no one has made their code open source to be transparent and also more secure.

They also provide company licenses for implementing their technology into your own software or you can get an enterprise solution for encrypted file storing and sharing: cryptomator server


Nov 2019:
PC / Linux / Mac: Pay what you want

0 EUR, 9 EUR, 15 EUR, 25 EUR or what you want

Android and iOS:

iOS 5,99 EUR – 4,99 USD
Android 9,99 EUR
right now there is a discount for 5,99 EUR

Secure E-Mail with Gpg4win

On the 07.05.2019 the BSI (Federal Office for Information Security) has released a press article that federal institutions may use Gpg4win ( ) to send VS-NfD / restricted data via mail.
which means for us..
-> if it’s safe for restricted federal data…
-> it’s safe to use for everyone’s emails as well 🙂

A note on why you should encrypt and what the software does, can be found here

Basically.. if you send private messages… in the realworld, you wouldn’t want to send several things readable to everyone on the way either, like on a postcard.

=> On the web.. sending emails is like sending postcards…

Of course, TLS/SSL helps that the way your message is transferred safely.. but on the servers, your emails are still readable in clear text.
Oh.. wait.. there is the patriot act, which allows national agencies to access to those on demand. but not only the USA has such laws..

The thing is, that federal security agencies like the NSA might copy your emails and make profiles from it.
Even your metadata 😉 speaks a lot about you
who you are friend with.. what topics you talk to them.. when you are awake, if you are in vacations, from which location/computer you send your email from… and many more

The goal here is: END to END
private/public key encryption (RSA)

How does RSA work?

You can encrypt with a public key but only decrypt with a private key.

You generate a password-protected private key, which you don’t share.
With this one, you generate a public key.

Now you send your public key to the other person.
The other person encrypts the message with your public key and sends it to you.
You can decrypt the message with your private key.

I’ll make a tutorial on how actually to use Gpg4win

Write Clean Javascript Code

A awesome resouce on writing clean javascript code

based on Robert C. Martin‘s book
Clean Code: A Handbook of Agile Software Craftsmanship

“The only valid measurement of code quality is WTFs/minute”


  • Use meaningful and pronounceable variable names
  • Use the same vocabulary for the same type of variable
  • Use searchable names
  • Use explanatory variables
  • Avoid Mental Mapping
  • Don’t add unneeded context
  • Use default arguments instead of short circuiting or conditionals


  • Function arguments (2 or fewer ideally)
  • Functions should do one thing
  • Function names should say what they do
  • Functions should only be one level of abstraction
  • Remove duplicate code
  • Set default objects with Object.assign
  • Don’t use flags as function parameters
  • Avoid Side Effects
  • Don’t write to global functions
  • Favor functional programming over imperative programming
  • Encapsulate conditionals
  • Avoid negative conditionals
  • Avoid conditionals
  • Avoid type-checking
  • Don’t over-optimize
  • Remove dead code

Objects and Data Structures

  • Use getters and setters
  • Make objects have private members


  • Prefer ES2015/ES6 classes over ES5 plain functions
  • Use method chaining
  • Prefer composition over inheritance


  • Single Responsibility Principle (SRP)
  • Open/Closed Principle (OCP)
  • Liskov Substitution Principle (LSP)
  • Interface Segregation Principle (ISP)
  • Dependency Inversion Principle (DIP)


  • Single concept per test


  • Use Promises, not callbacks
  • Async/Await are even cleaner than Promises

Error Handling

  • Don’t ignore caught errors
  • Don’t ignore rejected promises


  • Use consistent capitalization
  • Function callers and callees should be close


  • Only comment things that have business logic complexity.
  • Don’t leave commented out code in your codebase
  • Don’t have journal comments
  • Avoid positional markers

Microservices, APIs, SOA

I found a great article on “Microservices, SOA, and APIs: Friends or enemies?
check it out.. really easy to understand the differences

A little bit about Microservices:

It’s often said.. complex code is spaghetti code (with meatballs = OOP), well structured layered code is lasagne code.. and microservices ravioli code.

On bigger applications.. a well thought out monolithic modular app might not be enough or at least not performant enough.

Big companies like Netflix talk about it.

The millions of users require:

  • fast startup times,
  • easy and reactive ui,
  • working movies (main functionality),
  • no downtimes and
  • always new features/updates.

The solution to this of course is a microservice application

Thoughts before creating microservice instead of monolithic applications:

  • Do you need to scale? How much concurrent users do you have?
  • Does your application or several parts really need to have a high-availability?
  • Do you develop in separate teams or is everyone on one team?


  • Scalability:
  • Microservices can be monitored really well, giving you metrics to find services with high hardware requirements or faulting services
  • run multiple instances for particular services, making reaction times really fast by also giving you a high availability (in case they crash)
  • You can run/scale on multiple Servers / PaaS Instances (Pivotal, AWS, …) with different spec requirements depending on what your microservices needs
  • Improved Isolation:
  • every Microservice should be one logical part and thus can be updated or refactored or exchanged separate without affecting the others
  • By doing only one particular job (bounded context).. your microservices become easier to read, test and optimize
  • You can use multiple programming languages in one project. eg. node.js, ruby, c#, python, c, R.. in the end you talk via API
  • Background Services:
  • You can run background jobs, which wait for events to start working. they can do things without your interaction.


  • Distributed System Complexity (Logging, Monitoring, Network, Msg Queues, Multiple Instances, )
  • with more Services, more parts can fail
  • Architecture causes network-load and can be slowed down by network-latency
  • May have double code for same helper functionalities

Programming Services it is highly recommended to apply the principles of

12 Factor Apps

  • Code is Version controlled with many deploys [Codebase]
  • Dependencies are declared and isolated in a manifest [Dependencies]
  • Configurations are stored in ENVironment variables, not config files [Config]
  • Service are attached Resources, which can be consumed over Network (local or 3rd Party) and can be detached at will [Backing Service]
  • Build and Run stages are seperated. Providing a faster, tested and better Release Management. [Build, release, run]
  • Services are Stateless. They share nothing. They only use persistent data from backing stores. Thus they can easily be scaled. [Process]
  • To fit the concurrency needs, services are exported via Port Binding. [Concurrency]
  • Processes should be designed to be disposable without hassle [Disposable]
  • You should have a similar Developement and Production environment, designed for continuous integration. [Dev/Prod parity]
  • Logs should be treated as Event Streams. The App should never be concerned of storing logs. [Logs]
  • Management Tasks running as Processes: no local terminal, no direct db access. [Admin processes]

Terminator won’t start

I ran into a stupid error.

My terminal client Terminator wouldn’t start on ubuntu and I didn’t get any no error either.

I started it via terminal. Here I got the following error:

except (KeyError,ValueError), ex

I found the problem and solution
python3 was changed to my default system python

=> changed it back to 2.7, everything works again

I use update-alternatives

you can set up things easily. eg. python

check if it’s maybe already set up for python

# CHECK if setup for python
update-alternatives --list python

otherwise set up the alternatives

update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

update-alternatives --install /usr/bin/python python /usr/bin/python3.6 2

and configure the version you want to be used by default

update-alternatives --config python

There are 2 choices for the alternative python (providing /usr/bin/python).
Selection Path Priority Status
0 /usr/bin/python3.6 2 auto mode
1 /usr/bin/python2.7 1 manual mode
2 /usr/bin/python3.6 2 manual mode
Press to keep the current choice[*], or type selection number:


Here are some Badges of courses I’ve taken.


You get also PDF certificates which you can print.

RIPE Database Expert Course

What you actually learn: 
How to get Data out of the RIPE DB, how to Register new IPs.
Best practice for registering Networks.

1 – RIPE Database Basics
Let’s get started! Learn about the different object types and how they relate to each other.

2 – Registering Contact Information
Create your first RIPE Database objects. Learn how to create a person and role object in the RIPE Database.

3 – Querying the RIPE Database
How can you find information in the RIPE Database? And how can you manage your search results?

4 – Protection Mechanisms
All of your RIPE Database objects must be protected. Learn how to add maintainers to your objects.

5 – Creating Assignments
Learn the concept of hierarchical authorisation and create assignments in the RIPE Database.

6 – ROUTE and ROUTE6 Objects
Learn what route and route6 objects are and how you can create them.

7 – Reverse Delegation
Learn how you can setup reverse DNS delegation in the RIPE Database

Introduction to IPv6 Course

What you actually learn:
How IPv6 works and whats different in v6 Protocols (instead of ARP, RIP, DHCP).
How many IP subnets to assign for different needs (sizes of houses, companies).
How to implement some security features, based on IPv6 Addresses.

1. From IPv4 to IPv6
Let’s get started! From IPv4 exhaustion straight into IPv6. Let’s see why it is a good idea to start working on your IPv6 network.

2. IPv6 Address Basics
Learn how to write IPv6 addresses correctly and calculate your first IPv6 subnets.

3. IPv6 Transition Mechanisms
What are the most used IPv6 Transition Mechanisms? Go through our list to learn the trends.

4. Deploying IPv6
SLAAC, ND, DHCPv6, DNS…don’t let the acronyms fool you. Let’s look at the best ways to take advantage of IPv6 characteristics.

5. Get and Register IPv6
Do you need to request your IPv6 allocation? Do you have an IPv6 allocation but you don’t know how to register it? This section is made especially for you.

6. IPv6 Assignments and Addressing Plans
Learn IPv6 assignment best practices and get inspired for your addressing plan.

7. IPv6 and Security
Discover the different security aspects you need to consider when you deploy IPv6.

well.. who doesn’t like badges 😉

online courses, moocs and video lecture portals

I often use e-learning portals to learn new stuff.
You don’t need them exactly, nowadays you could learn everything on youtube, medium, github or free e-books.

However, the good about courses/e-learning portals is, the authors do create more courses, get feedback and get better at teaching stuff. You often get a certificate, which can be motivating seeing your progress.

There are also courses made by universities or colleges. Here you can often buy a qualified certification.
These are usually different: high quality, academic correctness where the information comes from. Since I am used to it.. I love this as well. But they often expect previous knowledge to understand the topics.

And there are learning portal joint-ventures from big companies like microsoft, ibm, …

I found there is a pile full of learning portals out there.
I wanted to give you a list of some for IT and computer science related topics I use.

Search Portals

But first.. there’s a company which created a search portal to find online courses:

There is also a search portal for certificates:

Academic Education Sites

HPI (Hasso Plattner Institut):

High quality business, software, new it technology and it law related (german) courses.

A good thing is.. you can enter the courses even afterwards.. if you don’t mind learning for the knowledge not for the certificate. Or qualified certificates which can be credited as ECTS if you are a student.

These are the courses I absolved here:

About Semantic Web Technologies

  • Information Service Engineering (semanticweb2017)
  • Linked Data Engineering (semanticweb2016)


  • Blockchain: Hype oder Innovation? (blockchain2018)
  • IT-Recht fĂŒr Software-Entwickler


Lots of high quality university courses from MIT, Harvard University, University of California Berkley, RWTH Aachen, Technische UniversitĂ€t MĂŒnchen, Hongkong University of Science and Technologie, Kyoto University, Peking University…

on different topics

Architecture, Art & Culture, Biology & Life Sciences, Business & Management, Chemistry, Communication, Computer Science, Data Analysis & Statistics, Design, Economics & Finance, Education & Teacher Training, Electronics, Energy & Earth Sciences, Engineering, Environmental Studies, Ethics, Food & Nutrition, Health & Safety, History, Humanities, Language, Law, Literature, Math, Medicine, Music, Philanthropy, Philosophy & Ethics, Physics, Science, Social Sciences

You can get paid qualified certificates which can be credited as ECTS or just view the courses and maybe upgrade to a verified certificate later. You can also get a Micromasters Degree for certain topics.

Education Sites

Pluralsight –

High quality Software development, IT Ops, Professional Business, Data Professional, IT-Security, Design, Photography courses. Some courses have a clearly knowledge prequirements.

Price is a monthly or annually fee
35 $ / Month or 299 $ annually
or the premium version with certification practice exams for 449 $ annuall

There are some weekly free courses… I recommend you to check it out!

Udemy –

Medium to high quality.. for lots of different interesting topics. Often very good and easy explanation. Lots of trainers.. so every course might be different.
Prices for courses are ~10-12 EUR.. 100 EUR

Coursera –

High quality university like MIT, Princeton, UCS or Google courses
You can take courses, get specializations, professional certificates, master track certificates or even degrees. You often need to know pre-requirements
Price range is from free to 30k (masters degree), depending on what program you choose

Udacity –

high quality courses on computer science, programming, autonomous systems, business and career from the big companies like google, nvidia, kaggle, amazon, ibm, unity
Price is 500-999 $ for a topic related nanodegree

THD Wirtschaftsinformatik Studium – Semester 5

Was lernt man an der THD? (Stand 2016)

Content Management und Document Engineering

  • Technische Dokumentation: Erstellung, Rollen, Juristische Bedeutung, Defizite von Dokumentationen, Sicherheitshinweise
  • Metadaten Suche
  • Content Life Cycle
  • Bausteinzentrierter Ansatz: Baustein-Pool, Regeln zur Modularisierung, Modularisiertes Schreiben, Eigenschaften von CMS, Variantenmanagement, Unterschiedliche Sichten, Übersetzungsmanagement

AusprÀgungen von Typen

  • Web Content Management Systeme (CMS)
  • Dokument Management System (DMS)
  • Redaktionssysteme
  • Enterprise Content Management (ECM)
  • Digital Asset Management (DAM)
  • Metadaten: Dublin Core, Schlagwortkataloge
  • Suchmaschinenratings: Textretrieval – Vektorraummodel, Hyperlinkbasiertes Retrieval
  • Single Source Publishing Systeme (SSPS)
  • XML: Dokumentzentriert, Datenzentriert
  • SVG: Darstellung


  • Business Process Modelling (mit BPMN): camunda
  • Erstellung/Verwaltung: IT-System unterstĂŒtzt (mit Columbiasoft DocumentLocator)
  • Versionierung
  • Archivierung: Zeitarchivierung
  • Architekturen: FAT-Client / Thin Client, DMS -Bus, Content Repository, Workflow Komponente
  • Implementierung: Private/Public/Hypbrid/Community-Cloud

Data Warehouse (Schwerpunkt)

  • Aufgaben, Varianten (SAP, MS, Oracle), Ziele,
  • Technische Siche: Konzepte, Performance, Daten (Beschaffung, Modellierung, Auswertung)
  • ETL, OLAP (verdichtete Informationen), OLTP (operative Transaktionen)

DataWarehouse – Business Intelligence – SAP BI

  • Architektur: Query, Infoset, MultiProvider, InfoCube, DataSourceObject, DataSoruce, Persistence, Source
  • Delta-Wichtigkeit
  • Datenfluss im SD Modul
  • SAP BW im Vergleich mit Excel-Pivot
  • Datenfluss im BI allgemein
  • Datenmodellierung, Transformation
  • Query Navigation, Variablen im Reporting
  • Hierarchien, Attribute, Texte
  • Multi-Cube, Prozesskette, Aggregate

In Memory Systeme

  • Funktionsweise, Vor- / Nachteile
  • Performance: Komprimierung, Partitionierung, Hardwaretrends
  • SAP HANA, BW auf HANA, Umgang mit Ressourcen (Hot, Warm, Cold)
  • Qlik

Programmierung multimedialer Systeme

Programmierprojekt in Java J2EE mit dem Spring Framework im Team:
Unser Programm: “Touchscreen BAR POS Kassensystem”

  • 2/3-Schicht-Architektur
  • N-Schicht Architektur
  • MVC : PrĂ€sentation, GeschĂ€ftslogik, Integration, Ressourcen
  • Eclipse Editor

Spring Framework

  • Beans (managed by Inversion of Control IoC)
  • Dependency Injection, DAO (Data Access Objects),
  • Metadata
  • Application Context
  • Spring Security CSRF, Sectag
  • Baeldung
  • Angeschnitten: Envers, Quarz, Silenium

Dependency Injection, DAO (Data Access Objects), Metadata, Application Context

  • Java JPA / Hibernate (als DB Persistenzschicht oder object relation mapping)
  • DAO: unidirektional 1:m, bidirektional 1:n, bidirektionale n:m Relation
  • Java iText: PDF output
  • git workshop

IT-Sicherheit (Schwerpunkt)

  • Begriffe: safety, security, CIA-Kriterien: confidentiality, integrity, availability; dependability, controllability, accountability, legal liability, protection, privacy, compliance, Vorratsdatenspeicherung, WLAN Störerhaftung, KRITIS, SPoC
  • Gesetzliche Vorgaben: § BDSG, § TKG, § TMB
  • SĂ€ulen des Datanschutzes: ZuverlĂ€ssigkeit, Zweckbindung, Transparenz, Korrekturrechte, Datensicherung, Kontrolle, Sanktionen > Recht auf informationelle Selbstbestimmung
  • Schutzziele: Vertraulichkeit, IntegritĂ€t, VerfĂŒgbarkeit


  • Angriffstypen: shoulder surfing, social engineering, man-in-the-middle-attack, browsing, sniffing, keyboard logger, fake login screens, traffic analysis, data diddling, Denial of Service (DoS), ping of death, SYN-flood, teardrop, brand, wasser, sturm, vandalismus, sabotage
  • SicherheitslĂŒcken: exploits, zero-day-angriffe, spam, phishing
  • Schadprogramme: ransomware, trojaner, viren, dialer, bot-netze
  • InnentĂ€ter, Missbrauch, Fraud
  • Innovative Technologien: P2p, Voip, WLAN, Data injection, SCADA: Stuxnet, RFID, Biometrische Verfahren, DRM, Desktop Firewalls, Grid-Computing, Vernetze Autos, Smart Home

Security Engineering

  • Analyse, Modellierung (nach TISEC), Sicherheitsarchitektur
  • Organisatorische Einbindung der IT-Sicherheit: IT-Sicherheitsmanagement-Team (Bereichs-/Projekt-/System-/Sicherheitsbeauftragter)

IT-Grundschutzkataloge des BSI: ISi-Reihe (Internetsicherheit)

  • Absicherung eines Servers
  • Absicherung eines PC-Clients
  • Sichere Anbindung lokaler Netze an das Internet
  • Sicherer Fernzugriff auf lokale Netze
  • Sichere Bereitstellung von E-Mailservern
  • Sicheres Bereitstellen von Web-Angeboten
  • Sichere Virtuelle Private Netzwerke (VPN)
  • Sichere Nutzung von Web-Angeboten
  • Sichere Nutzung von E-Mail
  • Sicheres Wireless WLAN
  • Sichere Internet-Telefonie (VoIP)


  • 100-1, 100-2, 100-3: inzwischen von 200-x abgelöst
  • 200-1 Managementsysteme fĂŒr IT-Sicherheit
  • 200-2 IT-Grundschutz-Methodik
  • 202-3 Risikomanagement
  • 100-4 Notfallmanagement


  • TCSEC / “Orange Book”: Identifikation und Authentifikation, Rechteverwaltung, Rechte-Kontrolle, Audit, Wiederaufbereitung
  • Cobit (Control Objectives for Information and related Technology)
  • ITIL (IT Infrastructure Library)
  • ISO TR 13335 (GMITS): Technical Report; Management of Information and Communications Technology Security

Sicherheitsmodelle und Architekturen

  • Zugriffskontrollmodelle: benutzerbestimmbare (DAC), systembestimmbare (MAC), rollenbasierte (RBAC), Zugriffsmodelmatrix (ACL), dynamische: Harrison-Ruzzo-Ullman-Modell, Brewer-Nash, Chinese-Wall-
  • Rollenbasierte Modelle: Benutzer-Rolle-Zugriffsrechte
  • Sicherheitsmodell: BerĂŒcksichtigung organisatorischer Hierarchie
  • Bell-LaPadula-Modell: dynamische Zugriffsmatrix, multilevel-Sicherheitsmodell
  • BIBA-Modell: zugriffsorientierte Maschine (no write up, no read down)
  • Clark-Wilson-Modell: IntegritĂ€tsziele: Verhinderung unzulĂ€ssiger Modifikation unautorisierter Anwender, Aufrechterhaltung der Konsistenz, Verhinderung unzulĂ€ssiger modifikation durch autorisierte Anwender
  • Verbandsmodell: Hasse-Diagramm: beschreibt zulĂ€ssige/unzulĂ€ssige InformationskanĂ€le


  • Operationelle (IT, Strategie), Finanzielle Risiken
  • Risiko = Tragweite * Wahrscheinlichkeit des Auftretens
  • Risikoanalyse, Risikovermeidung, Risikomonitoring
  • Klassifikation von Informationen:
  • Privatwirtschaft: confidential, private, sensitive, public
  • MilitĂ€r und Behörden: top secret, secret, confidential, sensitive but classified, unclassified
  • Schutzbedarffeststellung: Kategorien: “normal”, “hoch”, “sehr hoch”
  • Personalmanagement: ZukĂŒnftige MA prĂŒfen, non-disclosure agreement, Rechte nach Beendigung eines ArbeitsverhĂ€ltnisses entziehen, Dokumentation
  • Kontrollmechanismen: Administrative/Technische/physische Kontrollen
  • Kosten und Nutzen: ROSI (Return on Security Investment)
  • Fallstudien: Rootkits
  • Trends und weitere Entwicklung
  • Initiativen des BSI zur IT-Sicherheit

Informatik-Controlling (Schwerpunkt)

  • Strategische IT-Planung: Situationsanalyse, Visionen, Missionne, Kritische Erfolgsfaktoren
  • Competetive Forces Modell nach Porter
  • Wirtschaftlichkeit von IT-Systemen
  • Balanced Score Card
  • Kostenrechnung in der IT
  • Kennzahlen in der IT


  • SAP Organisationseinheiten, Stammdaten, Bewegungsdaten, Transaktionsdaten, Belege / Dokumente, Materialstamm Sichten
  • PLM (Product Lifecycle Management): Innovation, Produktentwicklung, Produktpflege
  • CRM(Customer Relation Management): Marketing, Kundenangebot/-auftrag, Service
  • SCM (Supply Chain Management): Einkauf, Fertigung, Montage, Produkt QM, Arbeitsvorbereitung, Packerei/Versand, Lager
  • HR/HCM, IT, FI, CO, OR, QM, Projektmanagement
  • SAP MM
  • SAP SD
  • SAP PP
  • SAP FI
  • SAP CO
  • Procure-to-pay Prozess: BANF, MIGO, MIRO
  • Order-to-cash Prozess
  • Purchase-to-Payment Prozess


  • Arbeiten an Cisco Routern, Switchen
  • Routing: static, dynamic
  • Dynamische Protokolle:
    • Distant Vector: RIP, RIPv2, RIPng, IGRP, EIGRP
    • Link State: OSPF
  • Switching: Port Security, 802.1Q VLAN
  • IP-Subnetting
  • Error Troubleshooting, Wireshark



  • Merkmale
  • Definition
  • Projektdimensionen
  • Voraussetzungen
  • Einordnung im Unternehmen
  • Dokumente
    • Baseline
    • Aufzeichnungen
    • Bericht

Prozesse / Phasen

  • Projektentstehung
  • Projektinitiierung
  • ProjektdurchfĂŒhrung
    • Go Live
    • PhasenĂŒbergĂ€nge
    • Dokumentation
  • Projektabschluss
    • Abschlussbericht
    • “Lessons Learned”

Übergreifende Themen

  • Business Case
    • Fortlaufende geschĂ€ftliche Rechtfertigung
    • Umfeldanalyse
  • Organisation
    • Rollen: gemĂ€ĂŸ PRINCE2, Informelle Rollen
    • Verantwortlichkeiten
  • PlĂ€ne:
    • Produktbasiert
    • Projektstrukturplan (PSP)
    • Ablaufterminierung
    • Kritischer Pfad, Kritische Kette
    • Netzplan
    • Ressourchenplanung
    • Kommunikationsplan
  • Fortschritt
    • Ereignisgesteuert: Phasenabschlussbericht, Projektabschlussbericht, Ausnahmebericht, Offener Punkt-Bericht
    • Meilenstein-Trend-Analyse
    • Abweichungsanalyse
    • Managementphasen
    • Critical-Chain-Management
    • 90%-Syndrom
  • Änderungen
    • Change Request
  • QualitĂ€tsmanagement
    • Leistungsmerkmale
    • Testmanagement: Quality-Gates
  • Risikomanagement
    • Bedrohungen
    • Chancen
    • Risiko Piktogramme
    • Risikobehandlung
    • HĂ€ufige Risiken
  • Kommunikationsmanagement
  • Konfigurationsmanagement


  • RADAR-Methode
  • PULS-Problemlösungsmethode
  • SMART-Ziele
  • ProjektbewertungsgrĂ¶ĂŸen: KPI, ROI, Muss
  • Stakeholder Analyse
  • Einzel-/Multi-Projectmanagement
  • Projektcontrolling
  • Vorgehensmodelle im Software Engineering

Yongnuo Flash on Sony Alpha 7 Series?

Can you use a Yongnuo Speedlight YN560 III for Canon Nikon Panasonic Pentax on a Sony Camera (Sony Alpha 7 7R 7II 7RII 7III, A6000 / a6300 / a6500)?

The answer is: YES, you can!

I’m writing this because I’ve found a few blogs, youtube videos that it works but not how exactly.

It’s a simple flash meaning no automatic or ettl. Manual mode only.

If you want flashes as studio environment to control your light (M, ISO100, f8 or higher, 1/160) as me… it is a really great and affordable equipment!

I needed two off-camera flashes for portraits.
Thats why I got myself

  • 2x Yungnou YN560-III for Canon (~50 EUR; IV Version costs ~60 EUR)
  • Yongnuo RF603C II for Canon (Wireless Remote trigger)

and also…

  • Pixel RW-221 E3 Wireless Shutter Release Remote Controller for Sony
  • 8x BONAI AA 2000mah rechargable batteries
  • 8x Amazon Basics AAA 750mah rechargable batteries

I wanted a remote trigger off-camera
since I didn’t know if the Yongnuo Remote Trigger will work for that…
I got myself one from Pixel (Single Shot, HighSpeed, Bulk, TimeTrigger)

It is not connected via the flash hot shoe as it might seem. You get a 2.5mm to usb cable to connect it to the multi-purpose usb port on the Sony camera.

The Yongnuo RF603C II can also be used as Remote Control

on-camera: it is connected via the flash hot shoe
off-camera: 2.5 usb cable needed!! (not included)

on-camera: one trigger on camera (TX mode)
off-camera: one trigger on camera (TRX mode), the other in the hand (TRX mode)

for that the settins on the YN560-III need to be set to M on wireless mode

The whole flash gear..