[HN Gopher] Show HN: Scan QR codes to check-in guests registered... ___________________________________________________________________ Show HN: Scan QR codes to check-in guests registered via Google Forms(tm) Hi HN! I made a no-code platform for creating physical data collection apps, using QR codes [1]. It does not yet have a self- service config UI though, which limits adoption. That's why I recently released a Google Forms(tm) add-on for QR code check-in, based on the platform. This focused use-case makes it easy to provide a fully self-service config UI. How it works: 1. Create your Google Form as you normally would [2] 2. Activate the add-on if you hadn't already [3] 3. Craft a confirmation email to be sent to each form responder Upon each form submission, the add-on will send a PDF with a unique QR code (a V4 UUID) to the responder. Have guests present this code at the event, and record check-ins in bulk using the included QR scanner. See here [4] for more information, or try the Google Sheets(tm) version [5] (which doesn't send email). [1] https://admin.trak.codes/ [2] https://forms.google.com/ [3] https://workspace.google.com/marketplace/app/qr_code_ticket_... [4] https://blog.darkaa.com/qr-code-pass-per-response-google-for... [5] https://workspace.google.com/marketplace/app/qr_code_pass_fo... Author : komlan Score : 62 points Date : 2023-12-27 19:13 UTC (3 hours ago) (HTM) web link (workspace.google.com) (TXT) w3m dump (workspace.google.com) | alaskamiller wrote: | What's cool also is that this is from the West African tech | scene. | komlan wrote: | Busted! Curious what gave it away, my username? | davidjfelix wrote: | 4th link to blog has a link to homepage. Homepage lists | country in the footer. | komlan wrote: | Ah indeed ;) | oh_sigh wrote: | Is there actually an international West Africa tech scene? Or | is it nation by nation? | afandian wrote: | Just a reminder to anyone using Google forms that you may exclude | non-Google customers. | | My child's school uses them and it often the forms ask for a | login. Google doesn't necessarily respect your choice to make a | form public. | komlan wrote: | Indeed. This happens when the form is configured to collect | "verified" emails. | | A form can use a custom field (doesn't require login), user | input managed by Google Forms (named "Email", doesn't require | login), or the google email of the user ("verified" email, | _requires_ login). | | This add-on supports every one of these options. | afandian wrote: | Thanks, that's good to know. | rahimnathwani wrote: | I love the README/Overview on the linked page. It's really clear | what this is for, why it's better than other solutions etc. | komlan wrote: | Thanks! I stole this structure from Obviously Awesome [1] by | April Dunford, highly recommended. | | I just noticed the main submission link goes to the Google | Sheets add-on, instead of the Google Forms add-on [2]. Oh well. | | [1] https://www.aprildunford.com/books | | [2] | https://workspace.google.com/marketplace/app/qr_code_pass_fo... | mlhpdx wrote: | I like this for the "sum is greater than the parts" aesthetic, | which keeps the door open to so many applications. | komlan wrote: | Thank you! | | The main platform is currently used by national post offices | (physical mail tracking), health organizations (biological | samples), banks (fixed assets tracking), manufacturing plants | (parts inventory tracking), etc. | | QR codes make it easy to avoid data-entry errors in quite a | large set of use cases with physical objects. | EduardoBautista wrote: | The overview is one of the best descriptions I have ever seen for | what an app does and why I should use it. Well done. | komlan wrote: | Thank you! I stole [1] this structure from "Obviously awesome" | by April Dunford. | | [1] https://news.ycombinator.com/item?id=38786113 | samstave wrote: | This is WONDERFUL. | | EDIT: nto "But for use for" -- I meant "But in ADDITION" -- | | But - for tool/item/inventory management in a garage. | | Get a cheap label printer [0], create a form of your | tools/inventory with a matched set (code on tool, code on | location of tool home) - Tool home has a QR code that leads to a | tab in the sheet with all the tools that live in that location, | container. | | Put airtags on the high-value tools, with links in the sheet to | those. | | but scan a code on a tool - and it tells you tool details, | including owner, home, whatever data properties you like. | | If you like barcodes/QR codes and GIMP - You will love BarTender | (seagull Software [1]) | | It allows you to make ANY type of barcode you want, QR code, | badge, etc etc. | | Its AMAZING [Free*] software. (You only pay a cheapo $500 lic if | you have a high volume printer for printing thousands of product | labels fast - eles; its a super powerful free program with an | utterly amazing and knowledgable supprt staf f (no affiliation) | | Here is a test I did making "Card Carrying Conspiracy Theorist" | badges based on a comment from someone saying they were one. THe | QRs go to the /r/ profile - as does the bar code. | | The image can be set as a template then do a merge for pics and | employee data from a sheet.... | | https://imgur.com/a/eyAxpcb | | (I like Guilloche designs (the swirly woven bits you see on | money)) and so I used that motif - but the QR code placement and | calc is automatic via Bartender. | | I made a bunch of labels for a cannabis company - and I tied the | QRs through a tinyURL which did all the geocoding of the QR | scanning so that we could send product to a particular place, and | then track where and how many people scanned the QR (the QR went | directly to the lab test reports for the makup of the cannibis, | CBD, etc... | | So, then you could measure which market the CBD or THC were | drawing most interest - and see how sales were vs scanning. | | anyway - QR codes get a bad wrap. They are lame for menues - but | a goot idea is to scan a QR code, then just have a folder of | scanned links for purusal later - as opposed to launching safari | when I clearly dont ue safari. :) | | [0] https://www.amazon.com/qr-code- | printer/s?k=qr+code+printer&p... | | [1] https://portal.seagullscientific.com/downloads/bartender | komlan wrote: | Wow, happy to find another QR code enthusiast here! They | simplify a lot of things, indeed. | | Great use case! I did a tool inventory management use case | once, with the underlying platform [1]. | | It starts with generating QR codes for sticker papers [2], from | the app. Those never expire and are all different (v4 UUID). | You can then assign a QR to any new item, then scan it for | registration in the app, specifying room, drawer, etc. (and | gps, picture, etc. if needed). | | You can browse tools per room, drawer, etc., and scan anytime | to record an update. Each tool gets a history trail. | | You can even make data-entry easier by making special QR codes | for drawers; scanning them fills some form fields with presets, | so you don't have to manually select stuff and make mistakes. | | I mostly see use-cases where other people scan a QR you made, | but there are use cases where the QR codes are only ever | scanned by you and your staff. | | [1] https://admin.trak.codes/ [2] | https://share.darkaa.com/!9DXEQQTg2z/trak-qr-codes-demo-hn.p... | samstave wrote: | The QR code, use, whatever isnt the problem to solve to. Its | resolution. | | This has always been a psychological issue with Humans and | Signage. | | Signage is a HUGE FUCKING DEAL (If you have ever had to some | up with a signage policy for a Hospital with _thousands_ of | addressible spaces, where a certain population of 'stake | holders' (nurses) are involved - getting naming/numbering | correct in a large space where ALSO robots need to understand | the convensions... that is south fast. | | I have a bunch of solutions on this matter - if you really | want to deep into coding... (I orignially designed a coding | schema for Lucas Letterman which was shot down by the head of | ILM engineering as "the worst Idea He had ever seen" to later | incorporate that into his networking duties as head of | networking at goog) | | Anyway -- I am totally pro QR - but with GPTs, I feel like we | are finally at the cusp to leverage them in a meaningful way. | onetimeuse92304 wrote: | The issue is, at least for me, I consider all QR codes as unsafe. | Unfortunately, you don't know where the QR code leads you before | you scan it and then it is already too late. So you can't do the | equivalent of inspecting the link before you click it. | | Recently we were in a restaurant which required scanning a QR | code to get served (for some reason asian restaurants like doing | this). The codes were labels attached to the menu. I told the | waitress "I can't scan the codes because I don't know who put the | QR codes there". She told "the codes lead to their website". I | told her "I don't know that, it takes a moment to print a label | that looks exactly the same to my eye". She told me "it would | then not point to their website". I respond if she knows what | MITM attack is. She responded "if you can't afford a phone we | should leave and go somewhere else". | | The funniest is those QR codes left at random in public. I | imagine scanning these is like finding a random pendrive and | putting it in your computer. | abraae wrote: | > Unfortunately, you don't know where the QR code leads you | before you scan it and then it is already too late | | What are you so scared of? It isn't the 90s where by tricking | someone into following a dodgy link their windows machine was | instantly pwned. | simon_acca wrote: | Remote code execution vulns are still routinely discovered, | for example: https://cve.mitre.org/cgi- | bin/cvename.cgi?name=CVE-2023-4199... | EduardoBautista wrote: | I've never heard of this domain before, so I shouldn't | click on it because vulnerabilities in the browser are | still routinely discovered. | | Sorry for the sarcasm, but if you trust clicking on links | in a browser, QR codes should be fine as well. | fiddlerwoaroof wrote: | Yeah, if your threat model involves not trusting links, | you should be disabling JavaScript and CSS by default and | probably not browsing the web in the first place. Libpng | and other libraries frequently have fairly critical bugs | that are a bigger concern than MitM attacks. | ianbutler wrote: | Trust me when I say randos aren't dropping modern 0days on | restaurant menus. Not when a novel attack can fetch | millions through brokers. | simon_acca wrote: | Not only do I agree with you, but I don't think anyone | would be able to tell an attack was imminent if they were | to see the URL anyway. I was just providing facts to the | comment above that didn't seem to think RCE are a thing | anymore. | simon_acca wrote: | There's apps that just scan the qr code into a text field no | matter what its content is, then you can inspect the URL | manually. | | Unfortunately there's a deeper problem in this security model, | in that only a tiny tiny fraction of the web's userbase knows | how to assess a URL, and even experts can easily struggle | precommunicator wrote: | > So you can't do the equivalent of inspecting the link before | you click it. | | Of course you can. Use an application that allows it. | EduardoBautista wrote: | > Unfortunately, you don't know where the QR code leads you | before you scan it and then it is already too late. | | iOS shows the domain if it is a URL and you have to tap it. | It's no different from tapping on a link on a website, which I | would say is more insecure since you don't even get the domain | info before tapping. | chatmasta wrote: | There are less privacy assurances when opening a QR code, | since it can encode a URL with precise physical information | embedded within its query parameters (like "table number" at | a restaurant, for example). That kind of information isn't | available to the typical website. | | (FWIW, I actually wish more table QR codes _did_ contain | these parameters - why do I need to enter the table number in | the form after navigating to the online menu? I hate these | things btw...) | dweekly wrote: | This is true, but also mostly moot, sadly, due to the | pervasive use of URL shorteners for QR code services. | | So instead of seeing a nice hover-over of | "SuperDeliciousItalian.com/menu", as often as not it will be | "qr.to/f2CrS" or somesuch. | | So exposing the URL encoded in the QR code doesn't provide | all the information you need to assess its validity or | safety. | hnlmorg wrote: | That's a risk with any and all hyperlinks. There's nothing | unique to QR codes with that. | komlan wrote: | It depends on which app you are using to scan the codes. For | Trak [1], the main use case is to scan QR codes _you_ made | yourself (or someone from your company made). The scanner | simply rejects anything it doesn 't recognise as a valid (app- | specific) code. | | [1] https://admin.trak.codes/ | jddj wrote: | There are open source QR scanner apps on F-Droid which actually | make you tick a box saying "I've checked the above URL and I | want to visit that website" before they will open the browser. | Grazester wrote: | My QR code scanner shows me the content of the QR code. This is | my Google Pixel phone btw | ImportOllie wrote: | If you consider all qr codes unsafe then use a tool to check | them don't lecture the waitress on man in the middle attacks... | hnlmorg wrote: | Not only is this the wrong place to vent your annoyances with | QR codes (it's tangential to the Show HN) but you honestly come | across as an unpleasant customer if that's how you interact | with your restaurant servers (you could have just said "my | camera is broken, do You have an address I can type instead"). | zoezoey wrote: | This is awesome! ___________________________________________________________________ (page generated 2023-12-27 23:00 UTC)