[HN Gopher] Mechanical sympathy for QR codes: making NSW check-i... ___________________________________________________________________ Mechanical sympathy for QR codes: making NSW check-in better Author : dbaupp Score : 23 points Date : 2021-10-12 21:41 UTC (1 hours ago) (HTM) web link (huonw.github.io) (TXT) w3m dump (huonw.github.io) | lifthrasiir wrote: | The workflow is generally reversed in South Korea: the visitor | shows a generated QR code to the merchant's camera for the check- | in. (There are also multiple fallbacks available.) The QR code | is, to my knowledge, a very short living JWT credential and looks | like this: (I've redacted pretty much every nonce for the obvious | reason) 003|eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ | 9.eyJzdWIiOiIwMTIzNDU2Nzg5YWJjZGVmMDEyMzQ1Njc4OWFiY2RlZiIsImVucCI | 6Imh0dHBzOi8vd3NzLmNvb3YuaW8vMDEyMzQ1Njc4OUFiQ2RFZkdoSWoiLCJpc3Mi | OiJBQ01FIiwiZXhwIjoxNjAwMDAwMDAwLCJ2ZXJzaW9uIjoiMDAzIn0.AEwfg3OC3 | 4g07x_xVWekdUumxPTqbrRFvQkOVV_TQT4 | | That got encoded into a fairly large QR code---61 by 61 modules | (version 11, error correction level L)---and it is always painful | to get it recognized, mainly because every merchant's device is | different and some devices and/or apps are particularly less | responsive. | | It is very noticable that there is a lot of redundancy here: the | format of JWT payload will be very regular, always having `sub`, | `enp`, `iss`, `exp` and `version` (fixed to `003`) fields in a | verbose base64 format for example. It makes a fun challenge to | optimize this into something much smaller. | minaguib wrote: | This is pretty cool, from a "check-in-self-serve-here" | perspective. | | In contrast, in Quebec Canada, the QR codes are issued to people | once they get vaccinated, and contain the person's name and | vaccination(s) statuses, and digital signature by the issuer | directly in the QR code. | | The government then published 2 apps on the app stores: * App for | users to easily host the QR code (instead of email/PDFs/etc), but | more importantly: * App for businesses to scan the user-presented | QR code and validate the signature, to allow into the premises | (after also checking a photo ID to ensure person face matches ID | and ID name matches name in QR code) | | The above is because some businesses, like sit-down restaurants | (even if eating on the terrace), are _required_ to ensure patrons | are fully vaccinated. | | I don't know if the "scan" app also remembers who it scans for | contact-tracing purposes or not - but there's a separate contact- | tracing app for that, also published by the government, that uses | iOS's and Android's contact-tracing facilities. | IntemerateApe wrote: | This is awesome. Thanks for sharing! | drfuchs wrote: | For the geographically illiterate, NSW refers to the Australian | state of New South Wales (vs. Not Safe for Work, Naval Strike | Wing, Newman-Shanks-Williams prime number, Nintendo Switch, or | U.S. Naval Special Warfare Command). | wahern wrote: | I feel obligated to give a shout-out to the qrcode LaTeX package | at https://ctan.org/pkg/qrcode, written in pure LaTeX. Makes | creating documents and templates with QR codes a breeze. Though, | I'm sure most such printed documents are drafted using MS Word. | :( | dbaupp wrote: | Nice! Having documents programmatically generating the codes | from the underlying data is definitely much nicer and more | editable than hard-coding static images (I say this even after | writing the blog post that does ridiculous things with SVGs in | order to avoid JS, ah well). | | For these particular posters, I suspect they're generated in | HTML/JS that the business can then print in their browser (or | directly as a PDF, but I've seen some posters that have the | classic printed-from-web-page header and footer with URL etc). | | There's a lot of businesses in NSW/Australia, and all the | posters are near identical. Thus, they wouldn't be hand-crafted | each time, and programmatically inserting a custom code into a | word document would be a ... surprising implementation decision | (to me). | Andys wrote: | The way the govt did these codes was ridiculous. Many retailers | put them behind a glossy protective plastic, and they are so hard | to scan and really slow things down unnecessarily. I guess they | were rolled out quickly or by someone inexperienced with QR | codes. | zebracanevra wrote: | I find that the codes will in fact scan if you use a third | party QR app. Luckily, the URL will open directly to the | Service NSW app's sign in page, so whoever was in charge of | that got something right. | | I can't wait to see how dreadful the vaccination passport apps | will be. With the current "digital certificate" being a pdf | with zero security, it is sure to be laughable. | dbaupp wrote: | I'd guess it was probably a combination of a quick roll-out, | and also concern that people wouldn't know what to do with them | hence a lot of the text is emphasised. (I could also imagine | there was mostly testing in "laboratory" conditions, scanning | codes displayed on screens, but hard to say.) | noway421 wrote: | Really interesting write-up! New Zealand COVID Tracer app QR | codes are actually pretty similar. We don't use URLs, but we do | use a base64 encoded JSON prefixed with the "NZCOVIDTRACER" | string. | | NZ Covid Tracer App is actually open source and the QR code | reading function can be seen here: | https://github.com/minhealthnz/nzcovidtracer-app/blob/main/s... | | And here's the type for the JSON we use: | https://github.com/minhealthnz/nzcovidtracer-app/blob/main/s... | | Typical example of a QR code can be found here: | https://lenny.cf/all-qr-codes | dbaupp wrote: | Thank you! | | And interesting. It seems like the trade-offs are slightly | different, although unless I'm missing something, using URLs | does work slightly nicer for people without the appropriate app | installed (or scanning with the built-in camera app or other | scanner). | noway421 wrote: | Yeah that's a trade off we have - without the app installed | scanning the QR code yields "No usable data found". | PaulHoule wrote: | The brand guidelines for my three sided cards say version 2 and | at least an inch on the side. These scan great. If you can | tolerate a db lookup in the server version 2 is all you need. | ademarre wrote: | I think he could have saved even more space in his final pass by | uppercasing the business names: | | HTTPS://S.NSW.GOV.AU/C/121321/Test+NSW+Government+QR+code (binary | mode) | | HTTPS://S.NSW.GOV.AU/C/121321/TEST+NSW+GOVERNMENT+QR+CODE | (alphanumeric mode) | | He ruled out full alphanumeric mode early on, prior to ditching | Base64, but it's sensible to reconsider it by the time you reduce | the URL this far. He goes on to allude to simplifying or even | dropping the business names to save more space at the cost of | lost functionality, but just uppercasing them seems benign to me. | | It's a nice write-up all the same. | dbaupp wrote: | Thanks! That's true, the business name could be uppercase, but | it feels suboptimal to be changing text displayed to users (and | shouting at them). It would drop the final version from 5 to 4. ___________________________________________________________________ (page generated 2021-10-12 23:00 UTC)