Although the “QR” code is one type of two dimensional code (other common ones: Aztec Code,  MaxiCode)  the term “QR Code” has been extended to encompass any two dimensional code that is readable by scanner software on mobile devices.  The QR Code standard is a set standard and license-free, so the platforms for both consumption and generation are interchangeable.

So what’s to like about QR codes?

QR codes are easy to consume. All the major mobile platforms either support the QR Code standard natively or have free QR scanning applications readily available.  To consume a QR code, a smart phone user needs to simply “take a picture” of it with their phone.

QR codes are easy to create. Since the QR Code is based on a set standard, there are a number of web services that will produce them based on URL input. I’ve been using Kaywa’s generator, but URL shorteners, such as goo.gl and bit.ly now also generate them along with their shortened URL’s.

QR codes are easy to track. Much like a shortened URL or a vanity URL, there is opportunity to tag incoming URL’s to allow tracking of traffic generated by QR code scans. This is a key practice when attempting to determine use of and return from QR code usage.

Where are they useful? With the explosion in advanced smartphone usage, there is increasing opportunity to embed these codes in a wide variety of applications.  I have personally seen QR codes used in billboards, magazine advertisements, bus shelters, bus wraps, business cards, conference badges, and, oddly enough, men’s rooms.

So why aren’t they everywhere? The sad truth is that they aren’t everywhere.  They are still so rare to see “in the wild” that I am still surprised to see them, even in situations with obvious utility.

What are some other uses? I’d like to see QR codes everywhere where a web resource could be useful.  I’d like one on my appliances or in my car that can point me to product information.  I’d like one at Starbucks and Chipotle that would allow me to order and pay while standing in line.  I’d like to see them on TV that would allow me to connect with shows and their advertisers in addition to vanity URL’s.  The potential applications are legion.

Export from Tom's Planner

Tom’s Planner is a web-based collaborative project management tool. Despite the name, I have nothing to do with Tom’s Planner. It must be run by “that other Tom”.

Perhaps due to its moniker, but more likely due to its power, flexibility, and ease-of-use, Tom’s Planner has earned a spot in my toolkit.  With a simple drag-and-drop functionality, you can create Gantt charts and easily export them to an image, MS Project file, or even its own (public or private) web space.  That is pretty much all the application does, but it does it well, making it ideal for Project Managers that don’t want to deal with hassle of learning the intricacies of modern Project Management software.

Check it out!  They offer a fully-functional, registration-fee (!) demo at:
http://www.tomsplanner.com/tomsplanner.aspx?template=example

Twitter’s back-end system allowed an unlimited number of attempts and also allowed such a weak password, so Twitter’s development team is partially to blame.

A share of the blame should also go to Twitter’s web analysts. Much like you should set up some type of custom reporting based on server error messages (404′s and 500′s), setting up an alert system and analytics on administrative systems, particularly when it comes to access to those systems, should be a priority for the launch of any site.

However, the majority of the blame should be paced at the feet of the administrator.  Whoever did this is not alone.  A number of years ago I was involved in a site security audit where we essentially ran the following SQL statement (it wasn’t this simple, but you get the idea):

select password, count(password)
from users
group by password
order by count(password) DESC

The results of this on the site (and, I imagine every site) were shocking.  The top positions were held down by passwords such as “password”, “12345″, and the names of cartoon characters.

Factoring in proper nouns, capitalization differences, and prefixes and suffixes, there are only a couple of hundred million passwords that are based on the English language. If the hackers were able to brute-force attack the form at the rate of 10 tries per second, they could exhaust every iteration of every word in English in a month.

If you look at using random letters, numbers, and symbols in a password, the possibilities balloon. A six-character password of this type has over 200 BILLION combinations. At the same rate, it would take a brute-force attack over TEN YEARS to exhaust the possibilities. An eight-character password would take over fifty thousand years! So you can see the power of strong passwords.

To avoid a screw-up of such magnitude with your personal and professional applications, try the following two sites to generate strong passwords (and avoid ones that are actual words):

Automated Password Generator Online: This allows you to set criteria for your potential passwords such as length and character set.

GRC’s Ultra High Security Password Generator: This site generates three types of truly random strings with each page refresh. It also goes into the math of 512-bit encryption.

Good luck and stay safe!