Metrolinx provided customer data from transit cards to police

In Ontario, Canada, the Presto card is the transit card that many daily commuters use. The company Metrolinx has provided customer information to the police without requiring a warrant in many cases.

According to the article,

The transit agency has received 26 requests from police forces so far this year and granted 12 of them, according to Metrolinx, which is the provincial transit agency that operates the Presto fare card system used across the GTHA and in Ottawa. It is not known how many requests Metrolinx granted in previous years because the agency only began tracking them in 2016.

The problem in this case is that while it may be legal for them to share information with the police, customers have been entirely unaware of what information is being shared and when and with who. Metrolinx’s privacy policy is not clear enough and they aren’t transparent enough. As one of the largest operators of public transit payment systems, they have to be held accountable and must offer clear information on how they respect customers and their personal data.

This is one of the biggest risks of moving to an all digital payment system that is controlled by one entity. In many cases customers are actively discouraged from using privacy-safe alternatives like cash or tokens.

To bring this back to open source and professionalism. If the transit card systems were open source they could be audited. If the administration software was open source it could be audited and improved to add police data requests as part of the database. Whoever built the system to gather customer data should have been professional and raised the privacy concerns that affect customers.

Google said to be planning a built-in ad blocker for Chrome

https://techcrunch.com/2017/04/19/google-said-to-be-planning-a-built-in-ad-blocker-for-chrome/

This is great news, a lot of web browser users typically do not look for adblockers, by having an adblocker built into the browser and activated by default, those users will be better protected from intrusive ads that slow down their web browsing experience.

However, the more security-minded users will want to audit the open source code for the built in adblocker.

CRTC to issue decision on video, music streaming services and data plans, net neutrality

CRTC to issue decision on video, music streaming services and data plans. The Canadian telecommunications watchdog will issue a decision today that affects net neutrality.

The definition of net neutrality is (from wikipedia):

Net neutrality is the principle that Internet service providers and governments regulating the Internet should treat all data on the Internet the same, not discriminating or charging differentially by user, content, website, platform, application, type of attached equipment, or mode of communication

The issue is that Videotron in Quebec was not counting a certain streaming service’s data usage against customer’s data cap. This meant if you streamed 300mb of data from the service, it would not count against your 4gb data plan, but if you used a competing service it would count.

That is a direct attack on net neutrality, where an ISP or mobile network provider is directly favouring one service over another, which distorts the free market. We will see today what the CRTC has to say about it.

Why Slack is inappropriate for open source communications

Dave Chaney has written a nice blog post detailing why Slack the chat tool is inappropriate for open source projects to use.

The reasons to prefer something other than Slack for open source project communications are:

  • Slack is closed source
  • Slack requires paid memberships, especially when integrations start to be used
  • Communications within Slack stay within Slack, they cannot be linked to the outside world (that’s a walled-garden, anti-open Web attitude, it makes sense in a corporate setting but not for open source projects).
  • Slack favours real-time communication, even while it tries to promote asynchronous communication

His recommendation?

Instead of closed, synchronous, systems I recommend open source projects stick to asynchronous communication tools that leave a publicly linkable, searchable, url.

The tools that fit this requirement best are; mailing list, issue trackers, and forums.

I’ve mentioned Zulip as an alternative before because it does have some great features and besides, it’s licensed under a free/open source license.

On Hacker News, you can see a lively discussion about this topic.

The lead developer of Zulip chimes in with a thought-provoking response to the blog post, suggesting that Slack isn’t the real problem (though it is a contributor):

…even with “asynchronous” media like email, bug trackers, or forums, often people reply basically immediately (within minutes or maybe hours), just like you can in chat, and it might be hours or days before everyone has a chance to see the conversation and respond.

The problem is that the messages have no organizational structure beyond the channel. In Slack and friends, there’s no easy way to see what _actual conversations_ happened while you were away, and it’s really hard for a channel to discuss multiple things, so conversations either die or become hard to read when someone starts talking about something else. Combined, this means you have to (1) read _everything_ in order to know what happened and (2) be continuously online in order to participate effectively. This may not matter if your community is super low-traffic, but if you have hundreds or thousands of messages being sent daily, this effectively excludes everyone who doesn’t have a LOT of time to spend on the chat community.

The solution in Zulip is to have threads for conversations, and it is possible to view discussions outside of Zulip with public URLs so it isn’t a walled-garden of conversation. Highly recommend checking it out.

Ten Steps to Successful Open Source Crowdfunding – Open Collective

Open Collective, the KickStarter-like service for funding free/open source projects, has published a practical 10-step guide to crowdfunding open source projects.

One of those steps is something more projects could do to raise money. It’s printing stickers and creating shirts emblazoned with the project logo:

People donate because they want you to use their money to power up the project. So get proactive! Print stickers and other merch, cover costs associated with conference talks, and financially support people who make key contributions.

Putting stickers on your laptop is a tradition for developers, they show off what you support,which software and programming languages you use. I wouldn’t mind stickers for Ubuntu, Red Hat, LibreOffice or PostgreSQL on my laptop.

Swag-style t-shirts are also great. When I was tending the FSF (Free Software Foundation) booth at LinuxCon 2016, it was awesome to see people buying t-shirts.

When you need to fund your free/open source projects, consider Open Collective!

Austin is fine without Uber and Lyft… until it isn’t

https://techcrunch.com/2017/03/12/austin-is-fine-without-uber-and-lyft-until-it-isnt/

Using a clickbait headline, TechCrunch reveals that Austin, Texas is doing just fine without the predatory companies Uber and Lyft.

The only time there has been an issue is when the servers running behind the scenes for the Austin-specific rideshare apps were overloaded.

The lesson isn’t that Uber amd Lyft do technology better and have the best uptime, the lesson is that rideshare apps should band together and share their tech and techniques. It benefits no one when all servers for rideshare are overloaded.

I’m hoping to see rideshare server technology like LibreTaxi to take off to make it even easier for cooperative rideshare companies to launch and oprate.