Slightly OT, but really good to see London Centric on the front page of HN. Britain's local media has basically collapsed in recent years - it's now owned by three conglomerates (Reach, Gannett/Newsquest, National World) who are completely uninterested in any form of journalism, only in the sort of clickbait that would have embarrassed even Buzzfeed in its 2012 pomp.
The London Evening Standard was one of the last remnants of even slightly decent local writing, and that too has now been shut down in favour of a weekly lifestyle paper called "The Standard". But there's a small number of indie publishers who are trying to fill the gap: the Manchester Mill and Liverpool Post, Bristol Cable, Oxford Clarion, and so on. London Centric is an attempt by an ex-Guardian writer to do the same for London and I hope it succeeds.
Hey, Jim here, author of that article and long term HN reader. Never dreamed of seeing one of my pieces on the homepage!
Anyway, I’ve kinda bet the farm on making proper London coverage work, so every subscriber makes a massive difference. So please do give it a go, send any London tips you want investigating (my personal WhatsApp is on the site), and if you hate it… well please tell me why on the way out of the door.
Are people really no longer interested in what happens locally?
I would pay for local news, even about places that I no longer live, but used to live and still have a passing interest in. But perhaps I would want to receive it as XML feed.
Even events (concerts, readings, exhibitions, screenings etc.) are typically scattered across many smaller lists or mailing lists, depending on location. For example, there is way more going on in London than what is listed by Time Out:
https://www.timeout.com/london/things-to-do/london-events-in...
Local communities may have their own sites or still rely on paper flyers.
Some facts of communal interest are published in government outlets that are still mandatated in some jurisdictions.
It would be wonderful if more of "what's going on" could be made available in curated digital form, for us to use and enjoy, and also to preserve it for future generations so that they can see what was happening in our age.
Agreed and interesting and good to see it has > 1k paying subs (out of 7k total) after a little more than a month - probably as a result of some great stories already. A promising start.
It's amazing how much bureaucracy they're willing to spend money on to means-test a fundamental service. If you just made transit free at the point of service you wouldn't have free cards for all under 16, and some over 16, and all over 60, and discount fares for people in poverty. Cities spend so much money outsourcing the IT for fare collection, and the administration of budget programs, and ultimately the experience is worse for the end users. It's a real case of the politically connected hoovering up tens of millions of dollars because suburban voters can't stomach a poor person getting to ride the bus for free.
TfL has built most of its fare collection systems in-house, indeed it licenses its fare collect technologies to other cities like New York. Also it’s not within TfLs or London Mayors gift to provide free transit, TfL is almost unique in that its costs are almost entirely covered by farebox collections, and they receive little to zero government subsidy.
If London made transit free, they have to find an additional £7 billion a year to cover the operating costs (most of which is mundane stuff like keeping the trains working). Total London council tax (which is the only form of tax the London mayor can control), raises about £37 billion a year. So making transit in the city free would involve increasing council tax by an additional ~20%, and council tax is a notoriously regressive tax that disproportionately impacts the poor more than anyone else.
Additionally TfL is already extremely efficient, it was audited by the previous government in an attempt to find further ammunition to discredit the London Mayor, but it seems they couldn’t find any inefficiencies worth publishing. So there isn’t much wiggle room to reduce TfL operating costs.
Regardless of how you slice it, there isn’t a practical way to provide free transit in London, and certainly removing the cost of the bureaucracy for means testing isn’t going to move the needle on the simple economic facts.
> In Gavin Newsom’s book Citizenville he talked about how, after becoming [San Francisco] mayor, he discovered that fare collection cost as much as the revenue generated from fares. He started the process of making the bus free but was told by so many advisors that the busses would become “dumpsters on wheels,” from a combination of homeless people using them for shelter and people not respecting services that are free, that the plan was scrapped.
> can't stomach a poor person getting to ride the bus for free.
If you don't accurately measure ridership you can't accurately serve that ridership. You'll waste money on useless services and you'll waste peoples time by not creating necessary services.
The system needs to exist.
It probably doesn't need to be outsourced. We're well past the internet revolution and it's time for these core competencies to be reabsorbed by government departments. Or it's time for private companies to be held liable for their complete and total failures to serve the public.
Ideally it should just be a system that lets you scan your identification card or drivers license. If you're of the correct age it should serve as a transportation pass. Simple. Compliant. Captures useful data.
With that many tourists using and abusing London public transport, why should only Londoners pay for the service (via taxes - the money must come from somewhere)?
I think lots of people who lack the experience have no idea quite how large and difficult cybersecurity is for a massive organisation whose systems span 20-30+ years or possibly even longer. There is no standardised tooling and very little that can be retrofitted to older systems. Firewalls are fine if the attack is against a port you do not need to use but otherwise you are left with a myriad of commercial offerings and a lot of "risk analysis".
The one basic tool that does seem lacking, however, is just basic network segmentation. I could understand a single system being hacked, especially an old system that is massively complex to replace but having to shutdown multiple systems including WiFi and office networks just smells like lazy "just connect all the wires together to make my IT life slightly easier". Having air gaps with separate computers, separate networks (even vlans) etc. is probably the most cost effective way to reduce your attack surface.
> Cybersecurity experts claim TfL’s software may have not been up to scratch, with some public-facing systems coded to be compatible with long-defunct browsers such as Internet Explorer 6.
This is rubbish, public-facing websites being compatible with defunct browsers is not indicative of any security issue
As soon as you read "outsourced their IT", one can always assume the aftermath would be a shitshow, as it is always done in response to the previous team not being able to run it, which means it is a goddamn mess. Having worked enough state and city government IT contracts in the past 25 years, you just assume the worst about everything and are often not disappointed. It's not a matter of if but when they'll be owned really, and most really wouldn't know what to do if they were still today.
Where does it say they outsourced their IT? The article mentions city hall outsourcing their IT to TfL, but city hall is sister organisation to TfL, they’re both organs of London regional government. The London Mayor is the chairman of TfL and the head of London regional government.
It’s not like they’re outsourcing to some private organisation, every single organisation is either a state organisation, or a state owned company.
always done in response to the previous team not being able to run it, which means it is a goddamn mess.
:
This is your relative tax dollars hard at work.
I think you are underestimating the gross lack of realistic investment and corresponding demoralization and qualitative decline in some public services; which latter is then used by the decision-makers who've created the situation as justification for swashbuckling "transformation" projects - advised by and given to overpriced consultants - they can put on their CVs before hopping to the next gig.
I agree. Public sector IT becomes a huge sprawl of technologies and cottage industry applications which makes administering these often rarely touched interfaces difficult to do properly when department budgets are tight and resources are busy fire fighting the processes that failed the night before.
It is also difficult to hire because wages are generally low compared to similar roles in private industry, yet they need skilled staff to manage these complex environments. A lot of services don't get the attention they need, not just patching and upgrades but development, requirements capture and usability all kept to a minimum cost to keep the sinking ship afloat.
All these constraints also lean to a culture of poor security, JFDI, rip and replace, insufficent hardware etc... just so the business can operate on whatever computer on wheels in the shipping depot or relatively expensive to replace electronic gate system with intergration to their custom fleet management software.
Government outsourcing to another related body has its cost advantages but the many domain administrator users, the huge flat VmWare estate and the hardware well beyond warranty doesn't dissapear.
Designed to serve immediate needs but without long-term maintenance or holistic design in mind. Outsourcing amplifies the issue.
> Earlier this month Andy Lord, the boss of Transport for London, sat down at a scheduled board meeting and praised his organisation’s response to a “highly sophisticated” cyberattack, which began with reports of “suspicious activity” on Sunday 1st September.
> “The vast majority of Londoners would not know this attack has happened,” the TfL commissioner told board members including mayor Sadiq Khan. Lord later added: “Because it’s been so well-managed people didn’t understand the scale and impact.”
Are these people completely delusional? They've taken away passenger's visibility to see what they were being charged for; they killed all of the open data feeds (though a few of these have just now been restored in the last couple of days). Back in September, they disrupted all of their staff's productivity by locking everybody out and forcing them to try and do their jobs without any access to technology. And.. there's still no end in sight for a restore of the contactless portal.
The way they've managed the incident and the collateral damage suggests there were not nearly enough security controls present in the first place (in terms of containing the breach). How many weeks on are we now without service restoration? For a cyberattack perpetrated by one seventeen year old?
If it was an SME who didn't do anything technical and had been caught completely unprepared, I might be more understanding.
I can believe, I live in London and depend on TfL all the time. It’s last 10 or so years, I’ve probably only bothered looking up my travel data a dozen or so times. 99% of the time I’m charged the right amount, and I don’t have to think about it.
Lots of people who should have been establishing effective security practices and monitoring and improving it were doing … something … but not that.
Total failure of management and governance at TfL and the British Library (which even had a “private sector security leader” on its board of governors for a decade or more before their total shitshow of a breach last year)
What is there for the Mayor to say? The trains still run, the busses still turn up, the traffic lights still go red, yellow, green.
For the vast majority of people, there little to no impact day-to-day. Sure the loss of live data is annoying, but trains still turn up every 2 mins, and busses every 5-10mins during the day. Even at night, busses still turn up every 15-20mins, so checking live data doesn’t give you that much of an edge.
> Hundreds of thousands of Londoners are being overcharged for travel, while London Centric spoke to one teenager who is having to skip meals because of cashflow issues brought on by the cyberattack.
This is just crazy, why not make public transport as cheap as peanuts to begin with? Why does everything have to be so damn expensive? Why the heck does a monthly transport pass have to cost, let me check, around 200 pounds?, what the fricking fuck?!?! Why don't the common people in the West rise up against this perverted shit? 2400 pounds per year just to have the privilege to take the bus/metro?
I don't live in London, but most people I've talked to who do don't have any monthly transport pass or anything like that. They just tap in with contactless. The transport is cheap enough that if you don't travel many times per day, there is really no need. As one example - a bus journey is 1.75 GBP regardless of the distance and number of individual buses taken, as long as all initial tap-ins are within one hour.
Looking at the TfL website, people on benefits get 50% rate discounts; students get 30% off; pensioners and children get completely free travel. It's really quite a good system actually.
> Why don't the common people in the West rise up against this perverted shit? 2400 pounds per year just to have the privilege to take the bus/metro?
Still cheaper than owning a car. The average driver in London pays £3200 a year for the privilege. Most Londoners don’t bother, cars are slowest, most expensive, and least pleasant way to move around the city.
As for the cost, that because a series of Tory governments stripped TfL of all its government funding. TfL has to cover all its cost from fares, advertising, and some other ancillary business. Hence the higher than average ticket prices.
I would also say that there’s nothing wrong with taking the bus/metro. Busses turn up every 5 mins, metros every 90s-180s. Everything is clean, comfortable (we have fabric and padding on our busses and metro seats) and reliable. Although rush hour can get very cramped and sweaty at its peak.
Doctor_Fegg|1 year ago
The London Evening Standard was one of the last remnants of even slightly decent local writing, and that too has now been shut down in favour of a weekly lifestyle paper called "The Standard". But there's a small number of indie publishers who are trying to fill the gap: the Manchester Mill and Liverpool Post, Bristol Cable, Oxford Clarion, and so on. London Centric is an attempt by an ex-Guardian writer to do the same for London and I hope it succeeds.
londoncentric|1 year ago
Anyway, I’ve kinda bet the farm on making proper London coverage work, so every subscriber makes a massive difference. So please do give it a go, send any London tips you want investigating (my personal WhatsApp is on the site), and if you hate it… well please tell me why on the way out of the door.
jll29|1 year ago
I would pay for local news, even about places that I no longer live, but used to live and still have a passing interest in. But perhaps I would want to receive it as XML feed.
Even events (concerts, readings, exhibitions, screenings etc.) are typically scattered across many smaller lists or mailing lists, depending on location. For example, there is way more going on in London than what is listed by Time Out: https://www.timeout.com/london/things-to-do/london-events-in... Local communities may have their own sites or still rely on paper flyers.
Some facts of communal interest are published in government outlets that are still mandatated in some jurisdictions.
It would be wonderful if more of "what's going on" could be made available in curated digital form, for us to use and enjoy, and also to preserve it for future generations so that they can see what was happening in our age.
klelatti|1 year ago
bdndndndbve|1 year ago
avianlyric|1 year ago
If London made transit free, they have to find an additional £7 billion a year to cover the operating costs (most of which is mundane stuff like keeping the trains working). Total London council tax (which is the only form of tax the London mayor can control), raises about £37 billion a year. So making transit in the city free would involve increasing council tax by an additional ~20%, and council tax is a notoriously regressive tax that disproportionately impacts the poor more than anyone else.
Additionally TfL is already extremely efficient, it was audited by the previous government in an attempt to find further ammunition to discredit the London Mayor, but it seems they couldn’t find any inefficiencies worth publishing. So there isn’t much wiggle room to reduce TfL operating costs.
Regardless of how you slice it, there isn’t a practical way to provide free transit in London, and certainly removing the cost of the bureaucracy for means testing isn’t going to move the needle on the simple economic facts.
carapace|1 year ago
~ https://news.ycombinator.com/item?id=21808851
akira2501|1 year ago
If you don't accurately measure ridership you can't accurately serve that ridership. You'll waste money on useless services and you'll waste peoples time by not creating necessary services.
The system needs to exist.
It probably doesn't need to be outsourced. We're well past the internet revolution and it's time for these core competencies to be reabsorbed by government departments. Or it's time for private companies to be held liable for their complete and total failures to serve the public.
Ideally it should just be a system that lets you scan your identification card or drivers license. If you're of the correct age it should serve as a transportation pass. Simple. Compliant. Captures useful data.
cdot2|1 year ago
mbirth|1 year ago
lbriner|1 year ago
The one basic tool that does seem lacking, however, is just basic network segmentation. I could understand a single system being hacked, especially an old system that is massively complex to replace but having to shutdown multiple systems including WiFi and office networks just smells like lazy "just connect all the wires together to make my IT life slightly easier". Having air gaps with separate computers, separate networks (even vlans) etc. is probably the most cost effective way to reduce your attack surface.
ChoHag|1 year ago
[deleted]
HL33tibCe7|1 year ago
This is rubbish, public-facing websites being compatible with defunct browsers is not indicative of any security issue
JSDevOps|1 year ago
walrus01|1 year ago
bastard_op|1 year ago
This is your relative tax dollars hard at work.
avianlyric|1 year ago
It’s not like they’re outsourcing to some private organisation, every single organisation is either a state organisation, or a state owned company.
mellosouls|1 year ago
:
This is your relative tax dollars hard at work.
I think you are underestimating the gross lack of realistic investment and corresponding demoralization and qualitative decline in some public services; which latter is then used by the decision-makers who've created the situation as justification for swashbuckling "transformation" projects - advised by and given to overpriced consultants - they can put on their CVs before hopping to the next gig.
That's your tax dollars at work.
aiiotnoodle|1 year ago
It is also difficult to hire because wages are generally low compared to similar roles in private industry, yet they need skilled staff to manage these complex environments. A lot of services don't get the attention they need, not just patching and upgrades but development, requirements capture and usability all kept to a minimum cost to keep the sinking ship afloat.
All these constraints also lean to a culture of poor security, JFDI, rip and replace, insufficent hardware etc... just so the business can operate on whatever computer on wheels in the shipping depot or relatively expensive to replace electronic gate system with intergration to their custom fleet management software.
Government outsourcing to another related body has its cost advantages but the many domain administrator users, the huge flat VmWare estate and the hardware well beyond warranty doesn't dissapear.
Designed to serve immediate needs but without long-term maintenance or holistic design in mind. Outsourcing amplifies the issue.
lol768|1 year ago
> “The vast majority of Londoners would not know this attack has happened,” the TfL commissioner told board members including mayor Sadiq Khan. Lord later added: “Because it’s been so well-managed people didn’t understand the scale and impact.”
Are these people completely delusional? They've taken away passenger's visibility to see what they were being charged for; they killed all of the open data feeds (though a few of these have just now been restored in the last couple of days). Back in September, they disrupted all of their staff's productivity by locking everybody out and forcing them to try and do their jobs without any access to technology. And.. there's still no end in sight for a restore of the contactless portal.
The way they've managed the incident and the collateral damage suggests there were not nearly enough security controls present in the first place (in terms of containing the breach). How many weeks on are we now without service restoration? For a cyberattack perpetrated by one seventeen year old?
If it was an SME who didn't do anything technical and had been caught completely unprepared, I might be more understanding.
avianlyric|1 year ago
cutler|1 year ago
com|1 year ago
Total failure of management and governance at TfL and the British Library (which even had a “private sector security leader” on its board of governors for a decade or more before their total shitshow of a breach last year)
But as usual, there will be no consequences.
jen20|1 year ago
chrisjj|1 year ago
I recommend "repercussions" ;)
manojlds|1 year ago
avianlyric|1 year ago
For the vast majority of people, there little to no impact day-to-day. Sure the loss of live data is annoying, but trains still turn up every 2 mins, and busses every 5-10mins during the day. Even at night, busses still turn up every 15-20mins, so checking live data doesn’t give you that much of an edge.
surfingdino|1 year ago
paganel|1 year ago
This is just crazy, why not make public transport as cheap as peanuts to begin with? Why does everything have to be so damn expensive? Why the heck does a monthly transport pass have to cost, let me check, around 200 pounds?, what the fricking fuck?!?! Why don't the common people in the West rise up against this perverted shit? 2400 pounds per year just to have the privilege to take the bus/metro?
HL33tibCe7|1 year ago
Looking at the TfL website, people on benefits get 50% rate discounts; students get 30% off; pensioners and children get completely free travel. It's really quite a good system actually.
avianlyric|1 year ago
Still cheaper than owning a car. The average driver in London pays £3200 a year for the privilege. Most Londoners don’t bother, cars are slowest, most expensive, and least pleasant way to move around the city.
As for the cost, that because a series of Tory governments stripped TfL of all its government funding. TfL has to cover all its cost from fares, advertising, and some other ancillary business. Hence the higher than average ticket prices.
I would also say that there’s nothing wrong with taking the bus/metro. Busses turn up every 5 mins, metros every 90s-180s. Everything is clean, comfortable (we have fabric and padding on our busses and metro seats) and reliable. Although rush hour can get very cramped and sweaty at its peak.
ChoHag|1 year ago
[deleted]