News   Dec 20, 2024
 1K     5 
News   Dec 20, 2024
 787     2 
News   Dec 20, 2024
 1.5K     0 

Metrolinx: Presto Fare Card

I do if the machine is working, but lots of reasons not to.

Surely there's always risk pulling the card out of wherever, that you'll drop something, etc. Often my hands are full ... I can well see why may will opt not to do so now it's optional.

And it's not like replacing a card you drop or lose accidentally is as hassle-free as Metrolinx says. From having to go somewhere and buy a new one, to waiting 24 hours for the block to take effect, to only then getting to re-register your card and then wait for the system to catch up and restore your pass. God help you if it's on one of the 95% of weekends where the PRESTO website is down 48 hours for maintenance.
 
I do if the machine is working, but lots of reasons not to.

Surely there's always risk pulling the card out of wherever, that you'll drop something, etc.

This isn't a concern for anyone who takes the subway or buses and has to pull out their card to get in. It wasn't a concern for streetcar users until a few years ago either. If anything, switching to Presto is an improvement here because people can leave the card in their wallet and hold that pouch up to the reader.

It really seems like people will grasp for the tiniest straws to complain about Presto cards.
 
If anything, switching to Presto is an improvement here because people can leave the card in their wallet and hold that pouch up to the reader.
In fact, that's advised against, and for even more reasons when they make the readers (that ones that are working) contactless compatible.

Here's but one example:

If you folks want to do a tap dance, then go right ahead. When your hands are full, you've got an 85 lb dog with you that requires both hands on the leash by law, there's idiots standing next to the reader blocking it, and you're all bundled up with gloves and whatever else, it's a freakin' hassle. And then there's those ahead of you fumbling to do the same thing. It wastes time, the stats aren't being used, and it isn't what was promoted initially for the plan.

So tap 'til your heart's delighted folks. I tap when necessary. I've been granted a transfer, and I use it as such. I have Proof of Payment, to the letter of the law (Bylaw 1 to be exact)
 
Last edited:
I do if the machine is working, but lots of reasons not to.

Surely there's always risk pulling the card out of wherever, that you'll drop something, etc. Often my hands are full ... I can well see why may will opt not to do so now it's optional.
I keep mine in a card holder in my front pocket and never have much of a problem taking it out to tap on any machine. Most of the time I usually try to get it out before I get to the machine so I don't waste my time or anyone behind me.
 
In fact, that's advised against, and for even more reasons when they make the readers (that ones that are working) contactless compatible.

Here's but one example:

If you folks want to do a tap dance, then go right ahead. When your hands are full, you've got an 85 lb dog with you that requires both hands on the leash by law, there's idiots standing next to the reader blocking it, and you're all bundled up with gloves and whatever else, it's a freakin' hassle. And then there's those ahead of you fumbling to do the same thing. It wastes time, the stats aren't being used, and it isn't what was promoted initially for the plan.

So tap 'til your heart's delighted folks. I tap when necessary. I've been granted a transfer, and I use it as such. I have Proof of Payment, to the letter of the law (Bylaw 1 to be exact)

What law says two hands on a leash? I've had my hands full plenty of times.. with a labrador and a dalmatian.. and still tap. The excuses people come up with...
 
What law says two hands on a leash? I've had my hands full plenty of times.. with a labrador and a dalmatian.. and still tap. The excuses people come up with...
So maybe your dogs are wooses...hey, if you want to tap, go right ahead. Do a dance for all I care. I paid my fare, I'm partially paralyzed from years of cancer, albeit really athletic besides with my legs, but juggling just isn't my thing. Both shoulders are fully torn (edit: For the sake of clarity: Right is over 85% torn last X-Ray, left is over 50%. Now approaching seventy years of age, they will continue to deteriorate) from loss of neck muscle from neck reconstruction. I'm lucky I can do what I do.

There's absolutely nothing in the law that I'm violating, so perhaps you're the one who should tap off?

"The excuses some people" hey....perhaps we should meet sometime?
What law says two hands on a leash?
Both municipal and provincial. "Under control". He's 85 lbs un-neutered and built like a Pit Bull, but extremely friendly, with a hell of a pull. With torn tendons both shoulders, that requires both hands.

For someone who claims to be so compliant, you sure lack a sense of awareness. And I'm far from being the only one, I see many folks struggling to get up the steps, and who are lucky to make it to the blue seats, who some oaf with two dogs and a superior attitude might be sitting at. What would he care?

Your insensitivity for others is surpassed only by your sense of righteousness.
 
Last edited:
I found that article a bit odd as I've done it twice loaded my Presto card from my phone and used it and it functioned normally.

It's something that works just fine 99.999% of the time, but goes horribly wrong if you do some very specific and very unusual set of steps. A Software QA Analyst's job is to find those specific & unusual steps (in this case, it seems like he's a freelancer trying to get his name some publicity). Whatever process he found to break the system was probably never tested because it's so bizarre that nobody at Metrolinx even thought of it. Pretty much every computer in the world has problems like that hidden somewhere.
 
Whatever process he found to break the system was probably never tested because it's so bizarre that nobody at Metrolinx even thought of it.
It certainly should be so bizarre that nobody thought of it.

Personally, I'm not convinced that Metrolinx and Accenture are at that level yet though ...
 
I found that article a bit odd as I've done it twice loaded my Presto card from my phone and used it and it functioned normally.

The important take-away from this is not that he corrupted his card (which isn't great but he can get it replaced if necessary) but that the readers do not protect themselves from corrupt data. Nobody did fuzz testing against the chunk of code that faces millions of potentially threats (programmable phones with NFC output).

Compounding this, the official Presto app seems to use the same code as the gate readers which means someone creating a malacious application for their phone can test it an infinite number of times in privacy before trying it on the readers in public.
 
Last edited:
It certainly should be so bizarre that nobody thought of it.

Personally, I'm not convinced that Metrolinx and Accenture are at that level yet though ...

Every computer in the world has similar problems waiting for somebody to dig them up. In some cases, a single vulnerability can affect every computer in the world. These are notoriously hard to find, and a random transit agency isn't going to be hiring top-notch software testers.

Compounding this, the official Presto app seems to use the same code as the gate readers which means someone creating a malacious application for their phone can test it an infinite number of times in privacy before trying it on the readers in public.

That would require breaking Presto's encryption, which is pretty much impossible (Presto's encryption is similar to what most of the world's RFID transit cards use). Without breaking the encryption, the malicious application you're thinking of would send nonsense to the card reader that would get ignored.
 
Every computer in the world has similar problems waiting for somebody to dig them up. In some cases, a single vulnerability can affect every computer in the world. These are notoriously hard to find, and a random transit agency isn't going to be hiring top-notch software testers.
A random transportation agency shouldn't, though the vendor for this (Accenture) is a massive global company with a half-million employees and billions a year in revenue.

They should be hiring top-notch software testers!
 
A consulting firm is going to assign its most valuable resources to the projects that make the most money, and no transit agency anywhere in the world has the money for that (certainly not for a fare card system that's just a matter of customizing existing software).
 

Back
Top