$ cd /projects/bedster
bedster.de / bedzy.de — Hotel Booking Startup
GitHub: private (Rails 2.3.5, vintage 2009)
PRE — Idea · Setup · Build
Goal: Build a lean, automated hotel booking platform that could
compete with the big players through technology, not headcount.
Background: I'd spent years as team lead (and later area lead for
two departments) at a major German hotel booking corporation. Those
were my prime employee years. Full of energy, motivated to "make a
difference." I did some good work there, but I also witnessed how
inefficient these large companies are. Money burnt left and right.
Bureaucratic paralysis. And whenever I named the truth — the
actual root causes of problems — I made enemies. The "old
timers" didn't appreciate a new guy pointing out why things were
broken. Eventually the culture clash made leaving the obvious
choice.
Between the hotel corporation and the startup, I did a stint at
BCG Platinion. Learned how large-scale consulting operates.
Discovered that the problem-solving style required was orthogonal
to how I actually think. Left after six months to start the
company.
The idea: I code everything in Rails. Pay for design/HTML. Partner
with a marketing and sales guy (also ex-hotel-corporation). Low
cost, low effort, high profit. The hotel booking world had nice
margins at that time. In theory, this SHOULD make money.
Context: this was 2009. There weren't 500 hotel booking sites yet.
There was booking.com, the corporation I'd left, hotel.com. Even
aggregators like Trivago were just getting started. The German
market was wide open.
My USP? Modern layout. Less corporate, more consumer. Intelligent
features that nobody else had:
- "Semantic search" — type "Berlin 15km morgen ez dz wifi
pool" and the system would parse it: city, radius, date
(German weekday names, "morgen", "übermorgen"), room types
(EZ/DZ), amenities via alias matching. Basically a precursor
to modern LLM interfaces, built from keyword parsing in 2009.
- "Merklisten" — hotel wishlists with comparison features.
- Amazon Punkte integration — I gave back part of my
commission as Amazon loyalty points. Book a hotel, collect
points, convert to Amazon vouchers. A real loyalty program
for a one-man startup.
- Fully automated fax invoices — when a booking came in,
the system auto-generated a PDF confirmation via Prawn, sent
it to the hotel by fax through InterFAX's SOAP API, then a
background daemon polled every 2 minutes for delivery status.
The entire hotel communication pipeline was unmanned. That's
how I could run it alone.
A popping cyan design. A funny logo. bedster.de. All sorted.
Bootstrapped with a €50,000 "Gründungsdarlehen" (German
government startup loan). This was my shot at freedom. Finally my
own company. Finally out of the corporate grind.
Stack:
- Ruby on Rails 2.3.5
- Pegasus / TripAuthority hotel distribution API (SOAP/XML)
- Direct hotel inventory with real-time availability
- InterFAX SOAP API for automated fax confirmations
- Prawn for PDF generation
- IntelligentSearchManager (custom NLP-style query parser)
- Geokit for geocoding + distance search
- Memcached (8h TTL for search results)
- PegThreadDispatcher (async parallel SOAP calls, 40-hotel
burst batching)
- Sphinx full-text search
- Amazon loyalty points integration
- GetText i18n (German primary, English secondary)
- Deployed from a tiny rented office in a startup center
near Düsseldorf
The Platform
It launched. It was live. It worked. Hotels were attached via the Pegasus distribution API — a global hotel network providing inventory from thousands of hotels. Some hotels also signed up directly, with their own rates and availability managed through a local database. The booking engine supported two paths: Pegasus hotels (SOAP reservation through TripAuthority) and direct hotels (local inventory deduction with atomic transactions). Both paths ended in the same automated fax pipeline. Booking comes in. PDF generated. Fax sent. Status tracked. No human required. The semantic search actually worked. You could type a messy German query with dates, room types, amenities, and radius, and the parser would figure it out token by token — falling back to sensible defaults if something didn't match. It felt modern in 2009. It would feel natural today. Had NDAs with Best Western International and Tourico. My partner had hotel industry contacts. Some bookings came through. Some real revenue. But peanuts. This business takes marketing money to generate volume, and marketing money was something I was about to run very short on.
Screenshots — The Brand & The Product
The Beschattungskrimi
Spoiler: the lawsuit that followed ended in a court-confirmed
settlement. No harm found. No stolen data. Corporation paid court
costs. What follows is the documented record of how it happened.
It started before any letter arrived. The cars showed up first.
I am ultra-perceptive when it comes to patterns. So when the same license plates kept
appearing near my home, my office, and on my daily routes, I
noticed. Same black VW Passat with tinted rear windows and a radio
antenna. Same silver Mercedes A170 with rotating drivers. A grey
Volvo estate parked outside my office for hours, driver just
sitting there.
I told my girlfriend. She didn't believe me. "You're exhausted.
You're paranoid. Take a break." Right.
We went to the police. Filed a report for stalking. Gave them the
license plates. They looked them up and shrugged. "We can't do
anything until something happens." Thank you for nothing. We left
the station. And within two minutes of driving away, the very same
car with the very same license plate I'd just reported pulled up
beside us on the highway exit.
"THERE. LOOK."
She believed me after that.
What followed was a month of documented surveillance:
- Followed to the farmers market at 7:30am on a Saturday morning.
- Followed from home to office and back, daily.
- I ran counter-surveillance: U-turns, nonsensical detours. The
cars followed through every single one.
- My girlfriend tried to confront a driver parked 50 meters from
our home at 7:30am. He locked the doors and fled.
- She photographed another one sitting outside my office. He
jumped out, tried to grab the camera, cited "Recht am eigenen
Bild" (right to one's own likeness), threatened to call police
but didn't, asked for directions instead, made a phone call,
and vanished.
- A man was spotted photographing me and my business partner from
behind a cemetery wall. He fled when discovered. A cemetery
wall.
I documented everything. Timestamps, license plates, vehicle
descriptions, witness statements. Autistic precision applied to
personal survival. The document is titled "Protokoll
Beschattungskrimi" — Protocol of the Shadowing Thriller.
I didn't yet know who was behind it.
The Cybercrime
Then the digital attacks started. December 2009. Someone called my mobile carrier's callcenter, impersonated me using personal data, and changed my account email to an unknown address. They requested copies of my phone bills and detailed call records — Einzelverbindungsnachweise. They wanted to know who I was talking to. I discovered this when I received an email: "Here are the bill copies you requested." I never requested them. I called the carrier. Changed my password. Explicitly asked them to require password verification for any future changes. They acknowledged. 47 minutes later, someone called again. Used an "alternative data verification" method — account number plus phone number — to bypass the password I'd just set. Changed my email again. To the exact same unknown address. When I called back, the carrier admitted this bypass existed and that my request to disable it had been ignored. The same email address was used to attack my business partner's T-Mobile account on the same day. Same method. Same goal: phone records. I had the callcenter agent set a new password that even I didn't know. He chose one without saying it out loud. Reason: I wasn't sure if my phone was being tapped. I was 34 years old, running a bootstrapped hotel booking startup, and I was implementing operational security protocols against a threat I couldn't yet identify.
The Lawsuit
Then a letter arrived. My former employer was suing me. The charges: "Urheberrechtsverletzung" (copyright infringement) and theft of intellectual property. Their argument: it was impossible for one person to build such a platform in months when it had taken them decades. Therefore, I must have stolen their data and trade secrets. The compliment embedded in the accusation was lost on me at the time. They admitted in their legal filings to hiring a private investigation firm to track my movements. Those were the cars. The Passat. The Mercedes. The Volvo behind my office. All billable hours for a corporate surveillance operation against a solo founder with a €50k loan. It got worse. They had bought the domain bedster.com — which I couldn't afford at the time (the owner wanted $10,000 USD) — and redirected it to their own website. Then they argued in court that this proved I had copied the name "bedster" from them. They registered the trademark through a company with documented ties to their legal team. They set the claimed damages high enough to require a specific type of court — one that required me to hire a lawyer. At €200/hour. From my €50k startup budget. Wonderful. My business partner buckled under the pressure. He'd been fired without notice from the corporation, accused of trade secret theft. He had a family. The pressure ended the partnership. Can't blame him. But I was alone. The police raided my office looking for "stolen documents." I wasn't there when they came. They called me during the raid and politely asked if I'd like to come in. I politely declined. The MacBook was safe. And since my platform was built on legitimately purchased API data from hotel distribution brokers, there was nothing to find. Because there was nothing to steal. It went to court. It ended in a "Vergleich" (settlement). The judge found no harm done. To either side. I proved that bedster.de predated their domain registration (I had business cards printed months earlier). There was no evidence of stolen data because there was no stolen data. The whole thing imploded. They paid the court costs. Chump change for them. My result? A forced rebrand to bedzy.de. A depleted bank account. No business partner. Psychological damage that would take years to process. And a startup that was technically alive but effectively dead.
The Billionaire in Mallorca
On my desperate quest to find investors, an old school contact connected me with a billionaire acquaintance in Mallorca. "Low costs, high yield" was enough to get me a meeting. Someone's assistant organized the flight tickets. I flew in. The villa was all white. The man was wearing all white. The typical billionaire aesthetic. He handed me a coffee-table book from his last "white flyer" tour — him and his wealthy friends had chartered a private jet around the world with a hired photographer documenting every moment. The book was beautiful and completely surreal. I presented the platform. He was interested until he understood the margins were "flexible" rather than radical. Interest faded. One of his sentences stuck with me forever: "I've got so many houses and employees taking care of the houses that it feels a bit like running a real estate company right now." He laughed. I was begging for €50k to keep my dream alive. He was complaining about owning too many houses. I flew home. Nothing came of it. But I appreciate the attempt. He did fly me out. He did listen. That's more than most people offered.
POST — Learnings · Afterthoughts · Timeline
What happened:
The platform died. Not from bad technology. Not from a bad idea.
From a coordinated campaign by a corporation with hundreds of
millions in revenue against a solo developer with a government
loan and a dream.
The rebrand to bedzy.de couldn't save it. The fire was out. The
money was gone. The partner was gone. The psychological damage
was done. I transitioned to freelance tech consulting in late
2010 because I needed to eat. The company was formally dissolved
by notary in December 2011.
The €3,000 gaming PC that would later be built for sim
racing and then repurposed as an FPGA build server? That career
path traces back to here. The freelancing that funded everything
after? Started because bedzy died.
Learnings:
- A corporation with enough money can destroy a competitor
not by building something better, but by hiring private
investigators, filing strategic lawsuits, grabbing domains
through third-party companies, and simply bleeding you dry with
legal costs. This is not conspiracy theory. It's documented.
- The legal system is not designed to protect solo founders.
When your opponent can set claimed damages high enough to
force you into expensive courts, the process itself becomes
the punishment — regardless of whether you win.
- The compliment hidden in the accusation: "It's impossible
that one person built this in months." They were right that
it shouldn't have been possible. They were wrong about why
it was.
- Counter-surveillance skills are not something you expect to
need as a Rails developer. But here we are.
- I built a fully automated hotel booking platform — API
integration, semantic search, fax automation, loyalty program,
real-time inventory — as a solo developer on Rails 2.3.5
in 2009. The tech was never the problem. Marketing is always
the problem. And having a corporation try to destroy you
doesn't help either.
- "I've got so many houses it feels like running a real estate
company." That sentence lives rent-free in my head. No pun
intended. Actually, full pun intended.
- What doesn't kill you just makes you harder. I did nothing
wrong. The court confirmed it. But the scars from being
hunted, hacked, raided, and sued by people with unlimited
resources? Those don't heal with a Vergleich.
- The pattern continues: build something ambitious, hit a wall
that has nothing to do with the quality of the work, extract
the learning, survive, move on.
Timeline:
- 2007-2009: Team lead, then area lead at a major German hotel
booking corporation. Culture clash led to departure.
- 04/2009: Left for BCG Platinion. "To learn how the pros do
it." Discovered the problem-solving style was orthogonal to how
I think. Left after 6 months.
- 10/2009: Took the leap. Self-employment. €50k government
startup loan (Gründungsdarlehen).
- 11/2009: bedster.de goes live. Office rented in startup
center near Düsseldorf. The dream begins.
- 11/2009: Surveillance begins. Three vehicles. License plates
documented. Police filed reports ignored.
- 11/2009: Former employer registers "bedster" trademark through
separate company. Buys bedster.com domain.
- 11/2009: Business partner fired without notice from former
employer. Accused of trade secret theft.
- 12/2009: Cybercrime. Phone accounts compromised. Call records
stolen. Identity impersonation at Vodafone and T-Mobile.
- Early 2010: Lawsuit arrives. Urheberrechtsverletzung + IP
theft. Police raid the office.
- 2010: Forced rebrand to bedzy.de. Legal fees eating the
startup budget. Investor pitches (BECTON Capital, various
angels, the Mallorca billionaire). None convert.
- 2010: Court date. Vergleich. No harm found. Name lost.
Corporation pays court costs. I pay everything else.
- 12/2010: Transition to freelance tech consulting. Need money.
- 12/2011: Bedzy UG formally dissolved by notary.
- 2012+: Freelancing. The skills from the startup era —
Rails, APIs, automation, surviving under fire — become
the foundation for everything that follows.
Status: Complete. Killed not by the market, but by a corporation
that decided a former employee building something better was a
threat worth eliminating. The tech still works. The code still
exists. The lesson is clear: in a fight between David and
Goliath, Goliath doesn't always throw the stone. Sometimes he
just hires lawyers until David can't afford to stand up.