Agenda

• Admin
• Phase 8 RFP - proposer questions & schedule
• Code review updates
• Memory profile update
• Code management follow up / ActivitySim Strategic Development and Contribution Plan
• Vulnerability Report

Task and Code Review Updates

School Escorting

• CS identified a discrepancy in trips where the trip mode is not the same for the chauffer and escortee. RSG clarified the reason for this behavior is that all the trip modes are being determined simultaneously. It could be prevented by devising some ways or rules to match modes.
• CS suggested two approaches –
  • let it go.
  • Add an additional annotator at the end that would make the changes to the child’s mode choice and pair with the chauffer’s choice.
• Action Item – RSG agreed to make the changes as per the second approach. It will also be user configurable.

Flexible Number of Tour and Trip IDs

• Reviewed and accepted by Joe flood

Shadow Pricing

• RSG is testing the fix to the bug identified by CS

Estimation Fix

• RSG review ongoing

Disaggregate Accessibilities

• WSP has reviewed comments from RSG and responded

Skim Wrapper

• WSP review ongoing.
• Implementing the changes in ARC model.
• CS will address the changes required to make it compatible with sharrow.

Sharrow

• CS review ongoing.

PTV's Window Installer

• CS review ongoing.

Random Seed Generator

• RSG review completed.

ARC Parking location choice model

• CS review ongoing.

Operational Updates

• WSP review ongoing.

Memory Profiling

• WSP review ongoing
• Still not able to run MWCOG model. CS and WSP are working on it.
• WSP is also working on the memo

Code management follow-up:

• No comments yet

Discussion on vulnerability report:

• On cryptographic secure hashing: Jeff mentioned that there are no real concerns on this. Cryptography secure hashing is required in public-facing apps; ActivitySim is not that.
  The random numbers are used in a contained environment, so unsecured hashes are not actually a security risk but a stylistic choice.
• There are some actual security holes in ActivitySim, and users need to be careful about downloading and running models from unsecure sources. Running "activitysim create ..." followed by "activitysim run ..." will download and run code -- whatever you got from the activitysim_resources repository will be executed. Thus anyone with write access to that repository (or who gains illicit access to that access level) can potentially put something toxic there.
• CS will make some code changes to address the most flagrant arbitrary code execution holes.
• Jeff suggested consortium members to consider containerization or other security measures that can wrap around ActivitySim and mitigate the risks of running code from our open platform.