-
Notifications
You must be signed in to change notification settings - Fork 100
Project Meeting 2022.12.08
Jeffrey Newman edited this page Dec 14, 2022
·
6 revisions
- Admin
- Phase 8 RFP - proposer questions & schedule
- Code review updates
- Memory profile update
- Code management follow up / ActivitySim Strategic Development and Contribution Plan
- Vulnerability Report
- CS identified a discrepancy in trips where the trip mode is not the same for the chauffer and escortee. RSG clarified the reason for this behavior is that all the trip modes are being determined simultaneously. It could be prevented by devising some ways or rules to match modes.
- CS suggested two approaches –
- let it go.
- Add an additional annotator at the end that would make the changes to the child’s mode choice and pair with the chauffer’s choice.
- Action Item – RSG agreed to make the changes as per the second approach. It will also be user configurable.
Flexible Number of Tour and Trip IDs
- Reviewed and accepted by Joe flood
- RSG is testing the fix to the bug identified by CS
- RSG review ongoing
- WSP has reviewed comments from RSG and responded
- WSP review ongoing.
- Implementing the changes in ARC model.
- CS will address the changes required to make it compatible with sharrow.
- CS review ongoing.
- CS review ongoing.
- RSG review completed.
ARC Parking location choice model
- CS review ongoing.
- WSP review ongoing.
Memory Profiling
- WSP review ongoing
- Still not able to run MWCOG model. CS and WSP are working on it.
- WSP is also working on the memo
- No comments yet
- On cryptographic secure hashing: Jeff mentioned that there are no real concerns on this.
Cryptography secure hashing is required in public-facing apps; ActivitySim is not that.
The random numbers are used in a contained environment, so unsecured hashes are not actually a security risk but a stylistic choice. - There are some actual security holes in ActivitySim, and users need to be careful about downloading
and running models from unsecure sources. Running "activitysim create ..." followed by "activitysim run ..."
will download and run code -- whatever you got from the
activitysim_resources
repository will be executed. Thus anyone with write access to that repository (or who gains illicit access to that access level) can potentially put something toxic there. - CS will make some code changes to address the most flagrant arbitrary code execution holes.
- Jeff suggested consortium members to consider containerization or other security measures that can wrap around ActivitySim and mitigate the risks of running code from our open platform.