[HN Gopher] Mechanical sympathy for QR codes: making NSW check-i...
___________________________________________________________________
Mechanical sympathy for QR codes: making NSW check-in better
Author : dbaupp
Score : 23 points
Date : 2021-10-12 21:41 UTC (1 hours ago)
(HTM) web link (huonw.github.io)
(TXT) w3m dump (huonw.github.io)
| lifthrasiir wrote:
| The workflow is generally reversed in South Korea: the visitor
| shows a generated QR code to the merchant's camera for the check-
| in. (There are also multiple fallbacks available.) The QR code
| is, to my knowledge, a very short living JWT credential and looks
| like this: (I've redacted pretty much every nonce for the obvious
| reason) 003|eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ
| 9.eyJzdWIiOiIwMTIzNDU2Nzg5YWJjZGVmMDEyMzQ1Njc4OWFiY2RlZiIsImVucCI
| 6Imh0dHBzOi8vd3NzLmNvb3YuaW8vMDEyMzQ1Njc4OUFiQ2RFZkdoSWoiLCJpc3Mi
| OiJBQ01FIiwiZXhwIjoxNjAwMDAwMDAwLCJ2ZXJzaW9uIjoiMDAzIn0.AEwfg3OC3
| 4g07x_xVWekdUumxPTqbrRFvQkOVV_TQT4
|
| That got encoded into a fairly large QR code---61 by 61 modules
| (version 11, error correction level L)---and it is always painful
| to get it recognized, mainly because every merchant's device is
| different and some devices and/or apps are particularly less
| responsive.
|
| It is very noticable that there is a lot of redundancy here: the
| format of JWT payload will be very regular, always having `sub`,
| `enp`, `iss`, `exp` and `version` (fixed to `003`) fields in a
| verbose base64 format for example. It makes a fun challenge to
| optimize this into something much smaller.
| minaguib wrote:
| This is pretty cool, from a "check-in-self-serve-here"
| perspective.
|
| In contrast, in Quebec Canada, the QR codes are issued to people
| once they get vaccinated, and contain the person's name and
| vaccination(s) statuses, and digital signature by the issuer
| directly in the QR code.
|
| The government then published 2 apps on the app stores: * App for
| users to easily host the QR code (instead of email/PDFs/etc), but
| more importantly: * App for businesses to scan the user-presented
| QR code and validate the signature, to allow into the premises
| (after also checking a photo ID to ensure person face matches ID
| and ID name matches name in QR code)
|
| The above is because some businesses, like sit-down restaurants
| (even if eating on the terrace), are _required_ to ensure patrons
| are fully vaccinated.
|
| I don't know if the "scan" app also remembers who it scans for
| contact-tracing purposes or not - but there's a separate contact-
| tracing app for that, also published by the government, that uses
| iOS's and Android's contact-tracing facilities.
| IntemerateApe wrote:
| This is awesome. Thanks for sharing!
| drfuchs wrote:
| For the geographically illiterate, NSW refers to the Australian
| state of New South Wales (vs. Not Safe for Work, Naval Strike
| Wing, Newman-Shanks-Williams prime number, Nintendo Switch, or
| U.S. Naval Special Warfare Command).
| wahern wrote:
| I feel obligated to give a shout-out to the qrcode LaTeX package
| at https://ctan.org/pkg/qrcode, written in pure LaTeX. Makes
| creating documents and templates with QR codes a breeze. Though,
| I'm sure most such printed documents are drafted using MS Word.
| :(
| dbaupp wrote:
| Nice! Having documents programmatically generating the codes
| from the underlying data is definitely much nicer and more
| editable than hard-coding static images (I say this even after
| writing the blog post that does ridiculous things with SVGs in
| order to avoid JS, ah well).
|
| For these particular posters, I suspect they're generated in
| HTML/JS that the business can then print in their browser (or
| directly as a PDF, but I've seen some posters that have the
| classic printed-from-web-page header and footer with URL etc).
|
| There's a lot of businesses in NSW/Australia, and all the
| posters are near identical. Thus, they wouldn't be hand-crafted
| each time, and programmatically inserting a custom code into a
| word document would be a ... surprising implementation decision
| (to me).
| Andys wrote:
| The way the govt did these codes was ridiculous. Many retailers
| put them behind a glossy protective plastic, and they are so hard
| to scan and really slow things down unnecessarily. I guess they
| were rolled out quickly or by someone inexperienced with QR
| codes.
| zebracanevra wrote:
| I find that the codes will in fact scan if you use a third
| party QR app. Luckily, the URL will open directly to the
| Service NSW app's sign in page, so whoever was in charge of
| that got something right.
|
| I can't wait to see how dreadful the vaccination passport apps
| will be. With the current "digital certificate" being a pdf
| with zero security, it is sure to be laughable.
| dbaupp wrote:
| I'd guess it was probably a combination of a quick roll-out,
| and also concern that people wouldn't know what to do with them
| hence a lot of the text is emphasised. (I could also imagine
| there was mostly testing in "laboratory" conditions, scanning
| codes displayed on screens, but hard to say.)
| noway421 wrote:
| Really interesting write-up! New Zealand COVID Tracer app QR
| codes are actually pretty similar. We don't use URLs, but we do
| use a base64 encoded JSON prefixed with the "NZCOVIDTRACER"
| string.
|
| NZ Covid Tracer App is actually open source and the QR code
| reading function can be seen here:
| https://github.com/minhealthnz/nzcovidtracer-app/blob/main/s...
|
| And here's the type for the JSON we use:
| https://github.com/minhealthnz/nzcovidtracer-app/blob/main/s...
|
| Typical example of a QR code can be found here:
| https://lenny.cf/all-qr-codes
| dbaupp wrote:
| Thank you!
|
| And interesting. It seems like the trade-offs are slightly
| different, although unless I'm missing something, using URLs
| does work slightly nicer for people without the appropriate app
| installed (or scanning with the built-in camera app or other
| scanner).
| noway421 wrote:
| Yeah that's a trade off we have - without the app installed
| scanning the QR code yields "No usable data found".
| PaulHoule wrote:
| The brand guidelines for my three sided cards say version 2 and
| at least an inch on the side. These scan great. If you can
| tolerate a db lookup in the server version 2 is all you need.
| ademarre wrote:
| I think he could have saved even more space in his final pass by
| uppercasing the business names:
|
| HTTPS://S.NSW.GOV.AU/C/121321/Test+NSW+Government+QR+code (binary
| mode)
|
| HTTPS://S.NSW.GOV.AU/C/121321/TEST+NSW+GOVERNMENT+QR+CODE
| (alphanumeric mode)
|
| He ruled out full alphanumeric mode early on, prior to ditching
| Base64, but it's sensible to reconsider it by the time you reduce
| the URL this far. He goes on to allude to simplifying or even
| dropping the business names to save more space at the cost of
| lost functionality, but just uppercasing them seems benign to me.
|
| It's a nice write-up all the same.
| dbaupp wrote:
| Thanks! That's true, the business name could be uppercase, but
| it feels suboptimal to be changing text displayed to users (and
| shouting at them). It would drop the final version from 5 to 4.
___________________________________________________________________
(page generated 2021-10-12 23:00 UTC)