Not trying too much to throw a blanket over the "wet blanket" post - but :
Whilst your observations are mostly valid - DANGER really only (possibly) applies if the TW file is editable by people other than the original author. If YOU are the only person adding QR codes - you should know what you're delivering. In order to keep the QR codes valid and safe - it is up to the author to RE-ASSURE the reader and provide some basic details that assist in that trust - you can find more information on this link *http://bit.ly/QRcodes1 <http://badqr.pen.io>* along with an example and an APP to provide you the information about the end result of activating the QR redirection - by showing you what to expect. The NORTON App is free and well-respected. On Friday, October 21, 2016 at 12:34:20 PM UTC+11, jwd wrote: > > Not to be a wet blanket but ... > > > Basically, QR codes can be used to transfer any block of text that isn’t > too long/complicated to fit. > > And that, of course, leads to the downsides of QR codes, e.g., > https://www.owasp.org/index.php/Qrljacking - the misuse of QR Codes to do > not so nice things. > > It seems to me that folks who use them on TW sites that allow federated > content are going to be implicitly trusting every other person with write > access to that federated content. Even static TW's on public sites are > going to have the same implications. It does not seem that there is > anything keeping from me putting a QR Code in a tiddler claiming to be my > contact info but instead sending the unsuspecting user to a phishing web > site first, or a Rick Roll. Or it might not be me but someone who simply > has obtained my login information to that publicly accessible content. > Maybe using Qrljacking. > > The TW community seems to be a very helpful one. But with its popularity > and capabilities increasing I am not sure that will remain universally true > indefinitely. A google of 'qr code vulnerabilities' mentions might give you > pause. > > -- > Jonathan > > > On Tuesday, October 18, 2016 at 9:01:16 AM UTC-4, Jeremy Ruston wrote: >> >> There’s been a rash of updates to v5.1.14 in the last 10 days, making it >> a good time to have a look at the prerelease at >> http://tiddlywiki.com/prerelease >> >> I’d like to highlight the new QR code generator plugin (installed in the >> prerelease so that you can try it out easily). I had little idea about QR >> codes before the recent correspondence here on the mailing list, but am now >> a convert. If you don’t have a QR code reader on your smartphone I’d highly >> recommend installing one to play with the prerelease. >> >> Basically, QR codes can be used to transfer any block of text that isn’t >> too long/complicated to fit. There are conventions for passing URLs, >> contact information, wifi details etc., but there is complete freedom; one >> can make a QR code of JSON if you want (actually a bad idea as the special >> characters appear to compress badly). >> >> The QR code plugin adds a generic macro for generating a QR code from a >> string, and also adds a couple of pre-built ways to use it: >> >> * A new view toolbar button that displays the current tiddler as a QR >> code. You can choose from the URL of the tiddler, the raw text, or the >> rendered text >> * Example forms for generating QR codes for contacts, wifi and generic >> codes >> >> Once I’d found the library, getting the plugin up and running was >> surprisingly easy — I had the first operational version within 30 minutes >> of starting work. A good illustration of the excellent returns on the >> effort involved in integrating existing JavaScript components. >> >> There’s a full list of changes in the release note, but I’d highlight the >> following bigger changes: >> >> * Extended search mechanism to require the search string to be a minimum >> length >> * New Hebrew translation, and preliminary support for RTL languages >> * Improved access to plugin information: >> ** New “Plugins” tab in the “More” sidebar tab, listing all installed >> plugins >> ** Better display of plugin tiddlers themselves, duplicating the gadget >> used in control panel >> * Fixed height of preview pane to use a scrollbar when fixed height >> layout is selected >> * Improved modals and notifications so that global macros are available >> * Extended the SetWidget to allow a single result to be selected from a >> filtered result list >> * Added new $:/info/url/* information tiddlers providing document >> location information >> * Added several new filter operators for string encoding/decoding strings >> according to HTML encoding, URI encoding, regexp escaping and JavaScript >> string encoding >> * Improved support for bulk loading tiddler files via tiddlywiki.files >> Files within TiddlyWikiFolders >> >> I’d like to get v5.1.14 released in the next couple of weeks, so any >> feedback/thoughts/questions are much appreciated at this point. >> >> As ever, thanks to everyone listed in the release note for their >> contributions to this release. >> >> Best wishes >> >> Jeremy. >> >> >> -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/f573c0b0-0860-4d42-97f8-ca850f169308%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
