Search Results for: fast pass

Write a job description for the next Nat Ford

2 comments

SFMTA Chief Nat Ford
Photo by Bryan

Now that Muni’s No. 2 in charge has resigned, who do you think should replace the top two positions at the San Francisco Municipal Transportation Agency? Carter Rohan, the deputy executive director, will leave near the end of July and is reportedly walking away with no severance package. Nat Ford, whose departure was announced last week, may be leaving with some sweet walking-away money.

So, if you had to write a job description for the next No.1 and No.2 at SFMTA, what would it be?

Commenter Susan had some ideas:

Criteria:

1- has to ride muni (and pay the $2 fee to get their fastpass loaded on clipper)

2 – has to buy a $100/year parking permit, and pay all their parking tickets

3 – has to take taxis (if they aren’t on strike) 1 time a week – probably when Muni fails – to realize how difficult it is to get a taxi.

“You too shall feel our pain,” right?

What do you think? Write us your job description for the next Nat Ford!

Category: News

What Does Your Clipper Card Say About You?

Leave a comment

clipper
Photo by Akit

Editor’s Note: Can your Clipper card leak private information about you, or are people just being paranoid? Rider Devin Carraway did some research into the privacy issue of RFID devices and even looked into the raw data that Clipper cards contain. Some of that data is accessible with some smartphone apps. Take a tour inside the Clipper card with Devin and decide for yourself.

If you pay attention to tech news, you’ve probably heard about the increasing ubiquity of RFID devices — small chips attached to antennae and embedded inside plastic housings, capable of simple storage and a little limited computation. Chances are you’re carrying a few around with you — RFID is used in card keys to open doors and key fobs to unlock cars. Companies use them for inventory, supply chain management, and theft prevention. Car-sharing companies use them to let you into the cars you’ve rented. FasTrak uses them to charge bridge tolls, and transit agencies use them in fare cards, like Clipper.

If you pay a little more attention to computer security news, you’ve probably also heard concerns over RFID’s security when it comes to your private information. Cards like Clipper are meant to be readable only with a tap, but as you probably know, usually a few inches will do. That’s with the power levels and antennae in the readers that SFMTA/BART are deploying.

With more power and a larger antenna, the range increases; the practical limits vary with the frequencies and chips involved. At Clipper’s 13.56MHz, you can read the card from a few feet with an antenna that can fit in a backpack. The most common concern is that RFIDs can then be read by anyone who can mount a reader on something that you walk past, without your knowledge or control.

When an RFID device is being read, most do nothing but announce a long number — but it’s a unique number, and it’s enough to recognize you next time. There are some innocuous uses for that, and some malicious ones.

Clipper is a fancier beast — Clipper cards contain MMIFARE DESFire chips. They have a
rudimentary operating system, with a file system capable of reading and writing data and simple cryptographic authentication. That’s pretty much all you need to implement a contactless fare system. They implement a standard protocol, part of a range of technologies emerging in portable gadgets. Some Android phones support it now, and the next iPhone is rumored to be adding it too. You might have heard of MIFARE one other place — the MIFARE Classic chip was used in London’s Oyster cards, and was badly flawed in ways that could be exploited to evade fares, clone cards, etc. NXP Semiconductor, who devised the chips, unsuccessfully sued to stop publication of research demonstrating those flaws.

To date there have been no published attacks against the DESFire in Clipper cards. Chances are there are still flaws — most software is like that. The Associated Press reported that an employee of Cubic Transportation Systems, the same vendor that makes and distributes Clipper cards, had a cottage industry selling perfectly usable forged fare cards in Boston, though not enough details have come out to know whether the methods involved could affect Clipper (the MBTA, meanwhile, terminated Cubic’s contract and plans to seek reimbursement for $5M in suspected losses).

I’ve been interested in what’s actually stored on these cards, and what could be read from it. So, I did a bit of experimenting. I paid cash for a fresh Clipper card. I ran up some trips on it, and then scraped it out using FareBot for Android. Here’s what you can read from my Clipper card, with equipment no more sophisticated than a cellphone:

  • Various unique card IDs, manufacturing dates, batch numbers, versioning data, etc.
  • Card balance
  • Passes loaded (which I didn’t test, but it’s in there)
  • What trips you’ve taken. For Muni, it’s when you tagged the reader. For BART, the card records every station you visited and when. Caltrain, Golden Gate Transit, and the ferries record fare zone and time at either end of the ride.
  • History of cash reloads. This includes the amount, the agency and the specific machine you visited.

Looking over the raw data a bit, the designers allocated themselves enough space to record 16 trips and six refill histories. There’s also a large (1280 byte) buffer of no documented purpose, but my sample card did have data with some clear patterns written there.

The good news, I suppose, is that Clipper isn’t storing very much about Muni trips — it’s pretty much nothing but what time you tagged to board the vehicle. On the other hand, BART is storying a large amount of information, especially on a card that can be read by anyone who can hold a phone up to your pocket. Records of past trips are useful for all sorts of nefarious parties and of no use to legitimate fare inspectors. Payment history really shouldn’t stored on the card either — all a fare inspector really needs is a fare balance, not a history of my financial transactions.

Clipper’s privacy policy doesn’t distinguish what they store on the card versus on their own servers. On the subject of security, the policy says that Clipper “will take all reasonable steps to safeguard personal information through physical, electronic and procedural means.” For me, it’s hard to interpret a universally readable card as meeting that standard.

How accessible is the data on your Clipper card? It depends. If you’re using it to stalk someone on BART using nothing but a cellphone, you’d have to get within a few inches of their pocket or purse when they’re not looking. Doable, if you’re motivated. Embarassingly easy on packed trains or buses, really, where it’s hard not to get close. If you wanted to scan a dozen people on a 38-Geary to see who just refilled their card and is likely to be carrying cash, you might have to do some conspicuous squirming around. To scan everyone coming out of Montgomery BART in the morning to see what station they live near, you might build a larger antenna and reader into a briefcase or newspaper box.

Would you? Enh.

The good part about technological crime is that those with the skills and equipment to do it usually have no motivation for petty crimes. The bad part is that it tends to facilitate major complex ones, and economies tend to generate around vulnerabilities these days. Security researchers worry about RFID because it enables clandestine spying on people’s activities, which I think Clipper certainly makes easier. Use of RFID in fare systems is also worrisome because transit systems are usually run by government agencies and built by contractors, which is an environment prone to fallible design and poor security design decisions.

At any rate, it was an interesting little tour. With NFC chips moving inside cellphones and controllable from software, I hope to see transit fare cards replaced with on-phone equivalents that are properly backed up against loss and only allow the data to be read when I authorize it.

Category: Funny: Muni LOLs Tags:

Muni driver: Why I decided to slow things down

Leave a comment

67 Uphill
Photo by Telstar Logisitcs

Muni rider Brian overheard this gripping tale on the 67-Bernal Heights.

A mugger shoots and murders the parents of a young Bruce Wayne, who studies for years to become Gotham’s dark knight. A space ship crashes on a farm, and inside is a baby boy wrapped in a red cape adorned with a letter “S” emblem; this boy grows up to be Superman. After being kidnapped by Vietnamese terrorists, scientist Tony Stark constructs a powerful iron suit to destroy his captors and escape, and Iron Man is born. Every great comic book character has a memorable origin story. But no superhero can top the story I heard about the man who drives the 67 bus.

It’s about 6 p.m. on a Tuesday when I hop on the 67-Bernal Heights to ride home to Bernal Heights. The driver says hello. He’s probably in his late 40s, donning a black baseball cap and dark sunglasses. I take a seat near the front, and I can see that the driver is cradling a crimson bible in his lap. At every stoplight he picks it up and reads a passage while he waits for the light to turn green.

At one red light, a young woman standing near the front of the bus notices his bible, too, and can’t hold back her curiosity. “Hello, sir. If you don’t mind my asking — how did you become religious?” the girl says. She sounds Dutch, and she’s holding a basket in her left hand, the bus pole in her right.

“Oh, I’m happy to tell ya,” the driver says. “God saved me when I was very young. You wanna know how he did that?”

“Of course.”

The driver looks pleased. The light turns green, and he starts his story as he hits the gas.

“So back when I was a teen, I used to always drive really fast. I’m talkin’ stupid fast, OK? I had a sports car, and I would take that thing up to maybe 120 sometimes on the freeway.”

The passengers sitting near me begin shifting their eyes in the driver’s direction, with concerned looks on their faces.

“So this one night at like 2 in the morning I’m speeding down the freeway and I hear a voice in my head.”

Slow down. Stop.

“I say to myself, that’s ridiculous, why should I stop? This is an empty freeway, it’s 2 in the morning. Ain’t no one out here. And then I hear the voice again.”

Slow down. Stop. There’s a car up ahead.

“So I hit my brakes and stop. And sure enough right in front of me there’s a car that’s been in an accident. Its headlights are shut off, and it’s sideways across the freeway. I came so close to driving straight into it!”

“Wow,” the woman says.

“So I’m stopped there on the freeway and I’m in shock, and I’m asking, how can this be? How can this be? And I started crying right there. God saved me! God saved my life that day. And so then I decided I would stop driving so stupid fast, and I would become a bus driver to take people places and keep them safe.”

He ends the story with a short sermon: “Thank the Lord. Praise Jesus.”

The bus comes to a halt at a stop. “Wow, that’s so amazing,” the woman says. “Thanks so much for sharing that with me. I’m getting off here, but would you like a date?” She takes a date out of her basket, hands it to him and hops off the bus.

The bus continues through the rest of the route, and I’m the only one left with the driver as we approach my stop. I shoot him a quick thank you as I step off.

The driver takes his right hand off the steering wheel, extends it toward me and says it again: “Thank the Lord. Praise Jesus.” The doors shut behind me, and the lights flicker off as the bus drives away.

Got a Muni story? There’s a website for that. Submit your story to Muni Diaries!

Category: diaries, reflection

Compliments on the F

2 comments

 

It’s not always easy to give someone a compliment. Rider Matthew F. sent this hilarious conversation he overheard on the F:

This conversation took place between a chatty transient and a business woman on the F line. The transient complimented the business woman on her leopard print shoes and asked if they were ‘real cat fur’. She said thank you and opened a magazine to avoid further conversation. But this did not deter him.

He then asked if she had breakfast and pulled out a slice of baloney cold-cuts to share with her. She politely declined. A few minutes of uneasy silence and some passenger chuckles went by before the guy opened his mouth again. He complimented the woman on her nice diamond ring. Normal compliment for a second. Then he followed up, “ You stole that, right?”

Fun times.

Saw something funny on your commute today? Share it here with your fellow riders.

Category: diaries, Funny: Muni LOLs Tags:

Muni Diaries iPhone App Review: Routesy Pro 3.0

One comment

Muni rider and perpetual student Angela helped Routesy developer Steven beta-test the newest version of his app. Here’s her review:

As a longtime SF public transportation rider, one of the websites I visit the most wheatear it be on my phone or my laptop, is NextBus.com. For the most part, NextBus does what it’s supposed to do, and if you’ve visited their website on your smartphone, you know that it’s visually bare and very basic. There are no maps or bookmarks. Every now and again, I would use the free Routesy app. But the reason I don’t rely on the free Routesy app often is that the app would crash on me and was just too unreliable.

Muni Diaries was looking for testers to play with a beta version of the new Routesy app. I volunteered and have been using the new app for a few weeks, mainly to look-up Muni schedules. I have to say, I like the new and improved Routesy. My first impression: this is a whole new app compared to the free Routesy I’m familiar with. They’ve updated their icon, an homage to the old Muni FastPass (RIP) and added two new transit schedules: Caltrain and AC Transit.

I initially had some issues with the GPS map feature after installing the app, i.e., it didn’t seem to know where I was. But this was fixed by closing and re-launching the app. I think this was a fluke because the GPS has been accurate eversince. As for the app crashing, well, it happened twice, but that’s it. I don’t know if this was due to my phone having too many apps running or AT&T’s notoriously bad service. My guess: it’s a little bit of both.

One of the first things I noticed with the new Routesy is the GUI. It’s much better compared to the old version. The list of Muni lines is much easier to see and read. The new app now gives you a list of Muni bus/metro lines with a drop-down menu giving you a choice of inbound or outbound route, which will then give you an arrival schedule. In the old app, I had to choose a route first, inbound or outbound, then pick the bus line to get the arrival time. This could be just a matter of preference (since it’s the same amount of steps to get the schedule), but I like the new version better. It made more sense to me. The only thing I would change is for the drop-down menu to be hidden or close automatically after getting the schedule. Right now, after you’ve chosen a bus/metro line, it stays open, and there is no way to close the drop-down menu.

The bookmark feature that I love in the free app is the also in the new app. This is such a great feature and a time saver! My favorite stops right there, no need to look for them every time. I also like the “other routes” option and map that shows up on the Muni bus/metro line that I’m looking at. I like that it gives me a heads-up that while the 14-Mission bus I’m waiting for won’t be here for another 20 minutes, the 49-Van Ness will be here in 5 minutes, and it will take me where I want to go. I don’t know whether any of the other transit apps have the bookmark or other routes feature. I know my old standby NextBus.com doesn’t have them.

As for arrival accuracy and when I compared it to NextBus.com, the new Routesy is off by a minute or three, but this doesn’t bother me too much as long as I know the bus I’m waiting for is on its way.

Would I pay $5.00 for the app? The price is a little on the high side but reasonable considering you’re getting Muni, BART, and now Caltrain and AC Transit schedules on your phone. And if the developer keeps updating and improving the app, I wouldn’t mind paying $5.00 for it.

You can buy the pro version of Routesy 3.0 here, or download the free version (2.5.5, does not include many features found in Pro 3.0) that Angela refers to above here (links open in iTunes).

Category: News Tags:

Holiday Photos: On the night train

Leave a comment

Market Street's vehicles and wires converge on the Ferry Terminal
Photo by FlickeringAbility

Yeah, we found it hard to work this week, too. But here’s a good Thanksgiving appetizer for you: Check out the Muni Diaries Etsy store beginning at midnight Friday (the minute after 11:59 p.m. Thursday, FYI) for a very special deal we’ve set up for you: We’ll be selling our Fast Past shirts at a 20 percent discount through this weekend!

Meanwhile, it’s been a slow half-week in the world of Muni news:

  • S.F. solves funding quandary for Central Subway (SFGate)
  • But! Subway funding plan not firm (says the hella slow-loading, new-look SF Examiner site)

By the time this post goes live, many of you will be well on your way to wherever you’re going. We wish you well, and hope to see you back next week, if not sooner. Stay safe, unfrozen, happy, and humble. And enjoy these rad photos.

Calling like a fading memory
Photo by Brandon Doran

F Market
Photo by Jaymi Heimbuch

_CC00202
Photo by angryf

Category: News
1 31 32 33 34 35 37