If you’re curious, the bus stop picture is portraying the 811/812 route on “Main Street”.
Unfortunately the bus stop in the picture doesn’t appear to have another advert with a bus stop on it. Which means it’s not really recursive.
Happily the bus stop sign is nowhere near as faded as some of them are.
Some people got just a little too hysterical last week when news of a security vulnerability in Myki came out.
The story broke on Monday, but it wasn’t until Wednesday that the mainstream media got hold of it, with the Melbourne Times running it first, spreading rapidly to The Age, AAP, 3AW and others — and along the way a good deal of misinformation came into play:
MORE than 1.1 million Myki cards are set to be phased out as hackers have found a method of cloning the tickets.
Two problems with this:
They weren’t hackers. “Hackers” implies bad guys sitting in darkened rooms trying to find a way to defraud the system.
They were actually scientists at a German university, doing cryptography research — what some refer to as “white hats”. They did the right thing and told the card manufacturers (NXP) about the problem some six months before publishing their results:
In April 2011 the University of Bochum, Germany, informed NXP that their cryptographic research group, led by Professor Paar, had successfully attacked the MF3ICD40. The research group also informed us of their intent to publish the attack at the annual Workshop on Cryptographic Hardware and Embedded Systems (CHES), held September 28 to October 1 2011.
What some of the reporting also missed is that it’s not a simple task to perform the hack and clone a card. It requires some sophisticated (and expensive; apparently costing $3000 or more) equipment and many hours of processing. It’s highly unlikely that in the short term, anybody will do it “in the wild”.
It’s possible the technology will get cheaper and more available, of course… that’s the nature of tech. But it’s specialised equipment that doesn’t work quite along the lines of Moore’s Law — it’s hard to conceive that within the next few years, high-end oscilloscopes will be common or cheap.
And it’s worth noting here that the earlier version of the same card, “Mifare Classic”, used in some systems including (until recently) the Transport for London network (eg Oyster card) and Brisbane and elsewhere got hacked many years ago, but these networks have not been subject to widespread fraud. In fact, a quick search around the place shows reported instances of it are very difficult to find.
Of course, it’s probable that authorities would be reluctant to make such fraud public if the offenders are not caught. Still, it doesn’t seem that fraudulent cards are common.
Putting the boot in
Among those putting the boot into Myki was regular Myki-kicker David Heath, in another of his “comment-disguised-as-journalism” pieces for IT Wire:
Picture this: you obtain a brand-new Myki (in some suitably anonymous name) and load a $1000 credit onto it. All fine (although a tiny bit crazy) thus far. Next, you clone the card 1,000 times and sell the clones for $200 each.
iTWire has reported extensively on the whole Myki saga on numerous occasions. Through all this history, virtually nothing positive has come out of the entire project. We have seen function contraction, cost blow-out and foolishness time and time again.
– IT Wire
Now I’m all for kicking Myki when it deserves it (heaven knows I’ve done it often enough myself). But surely anybody writing in IT must realise by now that it’s here to stay, that most of the people currently using it actually don’t mind using it, and that we’re way past the point of scrapping it and buying Oyster instead.
More importantly, a little research and rational thinking wouldn’t have gone astray here.
Firstly, you can’t load $1000 onto a Myki card. They have a limit of $999.
Secondly, it should be fairly obvious that any ticketing system with a little basic security will have safeguards against something like lots of copies of the same card being used around the system. As soon as the fraud was detected, that card number would be blocked for travel (as already happens when a card is reported lost or stolen).
Thirdly, who with a little common sense would buy a dodgy card for that amount of money? Would you even pay $100? $50? Would you buy one at all, knowing that the chances of it being detected and blocked, and worse (for you) that the ticketholder might well be caught and prosecuted? Would these theoretical criminals ever get their thousands of dollars of investment money back?
Surely punters aren’t that gullible. Hardcore fare evaders don’t use fake or cloned tickets. They jump barriers and dodge inspectors and other staff.
Hysteria aside, what’s the real situation?
ZDNet has some good coverage, which notes that in Myki’s favour (who’d have thought!) they didn’t actually skimp on the security:
Although this could have been a cost-cutting method, the TTA appears to have avoided cutting corners with respect to card security. There are four security measures that can be installed for the cards relating to key diversification, fraud detection, card blocking and card information binding. The TTA elected to include all four, pointing the issue further up the chain to the manufacturer.
Despite the cards being theoretically vulnerable, however, there isn’t a need to replace the cards as a matter of urgency. NXP stated that even if the lab equipment required to pull off the vulnerability is obtained, it could still take hours to days for the analysis of a card to be completed.
So yes, there’s a problem. But there’s no need to panic.
My take on it
Given the information available so far, it doesn’t seem to me to be necessary to go and recall the million cards issued and replace them all with the newer version straight away. The existing cards are rated for a life of four years, and that means that unless it is shown that this or another attack are actually practicable outside a laboratory it would make more sense to just replace them with the more secure version as they come up for renewal, eg from late-2012, rather than panic and rush out replacements now.
After all, rush into it now (at great effort and expense) and you might find in 12 months that another theoretical attack becomes apparent, and have to do it all again for no good reason.
From the sounds of it, this is what the TTA is doing; planning a migration rather than rushing new cards out. Unless there’s a more major problem we’re not hearing about, this seems to me to be a pretty reasonable course of action.
PS. Thursday: I’ve had it confirmed that there is checking for duplicate Myki cards, with found duplicates being blocked from use (not immediately, but pretty quickly after detection).
One day in 2008, Marita and I went to a party, and I blogged about the trip there on mysterious tram route number 7. I concluded:
In my book, in most cases the secret numbers shouldn’t be used. If a tram is travelling along a substantial part of the route, it might as well use the same route number. Most people won’t care that it doesn’t make it quite all the way. Or it could use a suffix such as D for Depot — though that would probably require the few 3 digit route numbers to be cropped back to two for simplicity.
I should probably point out at this point that my personal views do not necessarily represent PTUA policy, but they did in this case, and the Sunday Age got interested in the story.
Age 14/9/2008: On our tramway’s secret service. Yarra Trams said they wouldn’t be changing anything, and noted the rather astounding (I think) statistic:
they account for 10% of the kilometres that Melbourne’s trams travel each day and 8% of the network’s travel time.
In 2009 I noted that in Collins Street the problem was getting worse, with tram routes 29 and 47 both running to Kew Depot, but via different routes.
Fast-forward to 2011. It was highlighted again in May via the PTUA’s Problem Of The Day:
It’s hard enough navigating public transport without throwing in mystery route numbers. There are dozens of them on the tram network — not on maps, not in the timetables.
A new operator took over in late-2009, and unlike their predecessors, they are interested in this issue, and getting rid of obscure route numbers which barely anybody knows about, and bear no resemblance to their parent routes. (Whether or not it had gained media attention, one would hope it would be an aspect of operations they would have reviewed when taking over.)
Mysterious route numbers such as 81, 121, 77 and 92 will be phased out to help passengers to get to their destination on the next available tram.
The so-called phantom routes do not appear on the network map or timetables. They are services that are necessary to get trams to and from depots or to reposition them on the network.
This route renumbering initiative will make catching these services much easier. The new route identification format for these services will feature their parent route and the letter ‘a’ or ‘d’.
The letter ‘d’ means the tram terminates at the ‘depot.’
The letter ‘a’ means the service is ‘altered’ and is not running the full length of the route.
It’s a small thing, but a worthwhile exercise to make that underused 10% of tram service kilometres more useful to people. Bravo, Yarra Trams.
But solution of our problems involves hard cash. Of this, at present, public transport is getting less and less.
(Minister for Transport) Mr Wilcox emphasises that Government action depends largely on public demand. If such demands are not made funds go elsewhere.
He says that while the motor car owner readily provides funds for road building, there is no public transport users’ association to make demands on the Government.
(Found by Marita; emphasis added. It’s unknown if Frank Casey was partially inspired by this comment.)
The PTUA’s Annual General Meeting was last night. There was some optimism amongst the committee and membership about where public transport is going since the change of government, but even before that, the political debate has been moving along nicely.
An example we talked about last night…
At a parliamentary hearing last year as part of the Train Services inquiry, the view that buses don’t connect properly with trains was flatly denied by the government.
Mr BOWEN — You will certainly find that the buses to Daylesford still connect properly with the trains at Woodend, but if you try that in any of Melbourne’s suburbs, more likely than not you will find that there is no connection and no attempt at coordinating bus and train services.
Mr VINEY — That is not right. That is just not right.
I’m not sure what planet Mr Viney is living on. Perhaps the only train/bus connection he has ever encountered in Melbourne is one of the two that are specifically coordinated. I think the rest of us fully well know that it’s not the case elsewhere — and this is a major barrier to public transport not playing a greater role, because most suburbs will never have train lines, and most trips around greater Melbourne can’t be made on one service alone.
A subsequent study showed that in fact, coordination largely doesn’t happen because nobody is responsible for it.
The debate shifted. It became generally accepted that services don’t connect. I knew this was the case when I heard Steve Price on MTR, a man who I’m betting probably doesn’t catch a lot of buses, mention it explicitly.
The government went from denial to excuses.
Mr Pakula was questioned about why the Government was unable to get bus and train times co-ordinated.
“It isnt simple to co-ordinate every bus with every time,” Mr Pakula said.
“Buses and trains run at different frequencies.”
Who’s responsible for setting the frequencies? The government of course.
But this is progress. The first step to fixing a problem is to accept there is a problem.
And the Coalition realise it. This and other campaigning this year has helped push them into supporting a Public Transport Authority. It’s not expensive, but it has a lot of potential to improve things. Provided they get it right, it’s going to be an interesting, exciting year in public transport.
As for the AGM… there were no other
suckers nominations for President, so it looks like it’s me for another year!
And a special thanks to Vaughan Williams, who is retiring from the Committee after some twelve years hard labour, and was awarded Life Membership in recognition of this.
So how am I voting tomorrow? No comment.
But I will tell you what I know about the policies on my pet topic:
The Greens, as you might expect, have the best, most comprehensive public transport policy (though it’s not flawless by any means). Of course, we all know they are unlikely to be forming a government next week… though there’s a slim chance they might hold the balance of power, and therefore have a strong influence on policy.
The Libs’ public transport policy is stronger than the ALP’s, by a country mile. Feasibility studies (though not actual construction money just yet) for rail lines to Doncaster, Rowville, Melbourne Airport and Avalon Airport (the latter being a questionable priority), funding for new trains, Southland station, and perhaps most importantly, an independent Public Transport Development Authority to better plan, manage and co-ordinate the whole network. Its independence would allow it to advocate for and implement change at arms length from the politicians.
If the Libs’ policy has a major failing, it’s thinking that putting armed guards onto stations is the best solution to grow patronage at night. Security is an issue, but that’s putting all your eggs in one basket (and is a disproportionate response at most locations), when the biggest problems are a lack of services — making people wait way longer than they’d rather at stations and tram/bus stops. And the Libs are not shying away from the kind of massive road projects that will cut through neighbourhoods, swallowing billions of dollars for little tangible benefit to traffic congestion.
Both the major parties have largely ignored trams and buses. Perhaps this is not surprising, given the profile the train system has in comparison, but it’s short-sighted. Some suburbs of Melbourne will never have trains. It’s therefore critical that tram lines be extended where appropriate, and for other areas, Smartbuses (with the evening and weekend frequencies, and traffic priority all fixed) be implemented.
The ALP’s policy, by the way, isn’t devoid of content. Southland station, more trains to Geelong, lots more station staff, and a (bus, not rail) fix for the very embarrassing Huntingdale/Monash University bus overcrowding problem.
But it’s the Libs’ Public Transport Development Authority that really puts them ahead in this game. If it is implemented properly, with smart cookies on staff and the right powers, it would identify all the shortcomings of the network, seek the funding, then have the ability to fix them, much like VicRoads advocates for the roads it believes should be built.
Of course I don’t expect everybody to consider PT the one thing above all else that determines their vote. But it is clear that this time around, it’s up there as a key issue.
Happy voting. And hope you find a good sausage sizzle!
- PTUA Election Scorecard: Greens A, Labor C, Liberal/National B
- Herald Sun today: Main parties lead commuters up a dead end
I’m very pleased. After years of pressure, both major parties have pledged to build Southland station. The Liberals promised it last week, and yesterday the ALP came to the party. (As recently as last week, I ran into ALP’s Rob Hudson at Bentleigh station and he said he was pushing for it. At the time I’m not sure I believed anything would come of it.)
Southland was extended in the late-1990s across the highway to the railway line. It’s plainly ridiculous that such a major suburban destination should not have a railway station. While I’ve done it, Cheltenham station is too far for most people to walk (remember, they’ve had to walk to the station from home already, and the buses from the station to the centre depart from several different stops, making even their combined services unusable.
The local buses from nearby suburbs are hopeless. There are no Smartbuses; while the 600/922/923 runs reasonably frequently (due to the historical accident of it being a descendant of the Sandringham to Black Rock tram, and yes, it’s a bus route with three different numbers — ain’t it marvellous?) most of the others are hourly at weekends — the busiest shopping days. The result of course is chaos in the carparks.
So it’ll be good to see the station will finally be built.
A 2004 government study indicated the cost should be $10-14 million. The Libs pledge has come out at $13 million. Labor’s is at a whopping $45 million, which includes a full relocation of the bus interchange (some genius decided when it was built ten years ago that it shouldn’t be near a future station) — whereas the Libs’ only includes two bus bays, and presumably would have most buses either bypassing the station, or stopping briefly there on the way through. This would not necessarily be a problem, as all but one bus route connects with the Frankston line elsewhere.
And cruicially, it’s just the kind of intermediate trip generator that the Frankston line needs. These suburban destinations help a lot because there’s plenty of capacity on trains in and out of Southland at most times of day, meaning a lot more people can use PT for their trips without adding to pressure on overcrowded services.
- The PTUA put out its election scorecard on Wednesday. It’s been updated to take into account the latest pledges, but of the big three, the Greens still lead with an A, the Coalition on a B (largely due to these two parties’ pledges to introduce an independent public transport authority to better plan, manage and coordinate the network) and Labor on a C.
- Meanwhile the Democrats have leapt head-first into the chasm of irrelevancy by pledging to build maglev trains. Ian tells me there’s a maglev carriage for sale in Birmingham, from the former airport terminal connector line — maybe they can buy that one to start them off.
Find out more — and send an email to your local MP and state election candidates outlining your concerns about public transport — at www.PTthatworks.org.au
Update Wednesday: Labor has now released its transport policy.