When All You Have is a Hammer

I have a two year old son. He has a toy hammer. Whenever something breaks, be it building blocks falling over, Duplo coming apart or a snail shell getting slightly cracked, he has the solution. Inevitably you’ll hear “Oh no! Get hammer! Fix!”, followed shortly by smashing sounds and then the item being even more broken than it was before.

This reminded me of the saying “when all you have is a hammer, everything looks like a nail”, and got me thinking of some of the “technology hammers” that are often applied to problems that they shouldn’t be.

Here’s three examples of these “hammers”.

QR Codes

What if there was some was some way of secretly storing data inside a picture? And then you’d only be able to decode it if you had an app on your phone? How cool and magical would that be?

That’s the misconception that a lot of people have about QR codes: that they’re a safe and secure way to have your data written down. They’re hard to generate and the data can only be extracted by the right person.

But QR codes are not some magic storage locker. They’re an open standard that anyone can read or create. Here, try it out yourself with this online QR Code Generator.

You should see them as a tool that saves you typing in some data. Perhaps because it would be quicker, or because the system you’re entering the data into doesn’t have a keyboard. As an example for the former, scanning a WiFi password into your phone when visiting a friend’s house, or for the latter, scanning a discount coupon at a POS system.

Before using a QR code you should ask if you’d be OK with the data being written down in plain text instead. If you have a store membership card that has a customer number written on it, then having the same number also encoded as a QR code so it can be scanned at purchase time is probably fine.

On the other hand, giving a customer a discount with a redeemable QR code and expecting it to be secret because it’s encoded as a QR code is an incorrect assumption. For example here’s a made up QR code that gives the recipient a 10% discount. It embeds the text DISCOUNT10.

QR Code with 10% Discount
A QR code with the text "DISCOUNT10" embedded.

Knowing now that anyone can generate a QR code, what would happen if you’re suddenly presented with coupons for DISCOUNT50? Of course the back office system would need to know that this was a valid code, but it’s still worth pointing out the scenario, to show that just because it’s a QR code doesn’t mean it’s safe.

QR codes are not always the wrong choice, as long as you understand their limitations and remember that anywhere you put one you’re effectively writing down, in plain text, the data that it contains.

Instead: Secret Codes, One Time Codes, and Barcodes

Instead of embedding discount values directly in the QR code (e.g. DISCOUNT10), take advantage of the fact that QR codes can store a lot of information. Maybe for a 10% discount the code is 674462991b6172d94ea8 while for 50% it’s 75a12cf4be10bee7e256. Although this means you can’t guess the discount percentage, the codes could still be shared between people.

A more advanced solution is generating single use or time limited codes in your application’s backend. A mobile app, or even website, can render these into a QR code for scanning at the POS.

Or, disregard QR codes all together, in favour of good old fashioned bar codes. While they’re not as sexy as QR codes, their limitations mean they can’t be abused as easily. Knowing that they can only store a few numbers means you’ll be forced to implement a lookup based solution. They might also might be easier to read with a POS system’s existing barcode scanner.

Machine Learning

Machine learning really is the ultimate hammer of the current times. From identifying hot dogs to making humans obsolete by writing text, there seems to be no problem it can’t solve.

The efficacy of a machine learning tool is dependent on both the quantity and quality of your training data. Unless your training data points are significant in size you’re unlikely to get satisfactory results. How many do you need? That’s a bit of a How long is a piece of string? question.

There are some data that your business will naturally collect and “classify” over time. For example, if you’re wanting to predict customer churn, there’s no need to manually intervene and classify each customer as current or not. You should be able to determine this from your existing systems.

On the other hand, perhaps you wanted to classify new products from different external vendors into certain categories. These would need to be manually classified in the first instance, in order to build the training data.

Instead: Train Data Forever

In our last example, in order to classify the products quickly you probably want a GUI that’s quick to use. Something like this mockup interface.

Product Classification Mockup UI
A mockup of a simple UI for classifying a product.

Classification take place with a single button click. Then the next product to categorise is loaded, and the process repeats. Remember that this is something you would need to do anyway to get the training data classified.

If your GUI is fast enough then the person using it can probably categorise a product within a couple of seconds – with 100% accuracy. If you only have a handful of of new items to categorise each day then perhaps it would take five minutes total each morning to go through them – time that might otherwise be spent validating or fixing the machine learning predictions.

You might discover that this way of doing data organisation is good enough and you don’t need to invest in building a machine learning system (yet).

Website Chat Bots

Continuing on the machine learning topic: chat bots are an application of machine learning natural language processing. They should be able to intelligently provide answers to a customer’s questions, and even let them sign up for services.

In reality, chat bots have proven to be little more than macros or prompts around form inputs.

Not to pick on any one in particular, but here’s a screenshot from a Vergic bot:

Vergic Chat Bot Example
Example conversation with the Vergic Chat Bot.

It asks two questions: your name and your email address. It can then (presumably) use that information to create you an account.

But what happens when a user makes a typo in something they’ve “said” to the chat bot? How easy is that to fix? There’s no clear cues as to the action that should be taken; maybe the whole chat needs to be restarted?

Instead: Web Forms

If your chat bot is merely a frontend for collecting information, then consider using a normal web form. They’ve been around for about 30 years and users have got quite good with them.

Here’s a couple of mockup examples of where forms work better.

As a user, you might not know exactly what value to enter or select. Here’s a chat bot trying to find out your country.

Chatbot asking for country
Mockup of Chat Bot asking for your country.

The user enters an abbreviation and is then asked what they meant. They must reply in the affirmative to accept their answer.

Compare this to a simple drop down list where the available options are presented to the user for them to select from. The user would immediately knows which is the right option to pick.

Here’s another couple of examples showing how to get the user’s password, as part of the registration process.

We’re assuming the user is fine with “saying” the password “out loud” to a bot.

In this one, the user’s password doesn’t meet validation requirements. They are prompted to enter another one obeying the rules.

Chatbot asking for password with unknown requirements
Mockup of Chat Bot asking for your password, without knowing the requirements.

Unfortunately their second attempt did not meet the requirements either, and they had to try again as new requirements were revealed.

In this next example, for security, the user’s password is hidden from them as they type.

Chatbot repeating password back for confirmation
Mockup of Chat Bot repeating password back, for confirmation.

Unfortunately the loud-mouth chat bot repeated it back to them and revealed it anyway! This is in order for the user to confirm the password was entered correctly.

Capturing user data in this way also means browser autocomplete tools don’t function.

You’re probably thinking: “Well duh, chat bots aren’t the right place to capture user registration data – just use a form!”

And that’s exactly my point. If you’re going to be building a form anyway, just use it to capture all the data. You can even make it “smart” by showing or hiding parts of it to ensure users aren’t overwhelmed. Or dynamically reveal only the particular sections that a user should complete.

However you choose to do it, a form can provide a better solution for collecting user information – or use a normal search form to allow users to search for answers. If you really want a chat system on your web site, make sure it connects to a real human.


I don’t mean to say that these hammers should never be used. If you do indeed have a machine learning nail then go ahead and hit it.

But don’t go leaping headfirst into something just because it’s the current hot solution that everyone else is doing.

This post could have also been titled “if everyone else was jumping off a bridge”, “putting the cart before the horse” or any other number if idioms.

About Tera Shift

Tera Shift Ltd is a software and data consultancy. We help companies with solutions for development, data services, analytics, project management, and more. Our services include:

  • Working with companies to build best-practice teams
  • System design and implementation
  • Data management, sourcing, ETL and storage
  • Bespoke development
  • Process automation

We can also advise on how custom solutions can help your business grow, by using your data in ways you hadn’t thought possible.

About the author

Ben Shaw (B. Eng) is the Director of Tera Shift Ltd. He has over 15 years’ experience in Software Engineering, across a range of industries. He has consulted for companies ranging in size from startups to major enterprises, including some of New Zealand’s largest household names.

Email ben@terashift.co.nz