The Tech Failings of Hawaii's Missile Alert 232
Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019.
In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
Uforgiveable (Score:3, Insightful)
Re:Uforgiveable (Score:5, Insightful)
What's worse, is that the menu items were right under each other. "Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation.
While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
I don't get the people calling for this guy to get fired. Like none of those assplugs have ever made a mistake on their job. How many know someone in the office that accidentally did reply to all, or forward some email chain to external Eric rather than the internal Eric.
Shit happens. Clearly the design of that system isn't the best.
Re:Uforgiveable (Score:5, Insightful)
What's worse, is that the menu items were right under each other. "Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation. While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
I don't get the people calling for this guy to get fired. Like none of those assplugs have ever made a mistake on their job.
I was perhaps not clear. I'm calling for the people who designed and implemented a system that was so mistake prone to be sent on permanent vacation. The guy who sent out the alert was just a person making a mistake on fatally flawed software.
Their design and implementation indicates either a lack of knowledge of life critical systems, or a callous indifference to it. You have to place interrupt safe (yeah an oxymoron) points at places. Running a alert test? Have a nice Alert test physical switch. Switch guard, different color. Actual alert? Another switch with a guard and a different color. Never a menu item. The colors indicate the difference, the switch guards function as an "Are You Sure?" message. A degree of separation between testing the system and activating the system must be in place. There was essentially no separation in this incompetent implementation. How many know someone in the office that accidentally did reply to all, or forward some email chain to external Eric rather than the internal Eric. Shit happens. Clearly the design of that system isn't the best.
Re: (Score:2)
I was perhaps not clear. I'm calling for the people who designed and implemented a system that was so mistake prone to be sent on permanent vacation. The guy who sent out the alert was just a person making a mistake on fatally flawed software.
I was not meaning you in particular. Just in general that there is a lot of people calling for that.
Re: (Score:2)
I was perhaps not clear. I'm calling for the people who designed and implemented a system that was so mistake prone to be sent on permanent vacation. The guy who sent out the alert was just a person making a mistake on fatally flawed software.
I was not meaning you in particular. Just in general that there is a lot of people calling for that.
Understood. My position is not vengeance like most people, just complete shock that such a terrible system would be implemented. So many times, we see that these systems are just about guaranteed to fail.
I guess that is the price we all pay for a world of Yes Men, and people thinking only the way things will work, and not the way they might fail.
Re: (Score:2)
Most likely the responsible guys are not the programmers but the "product managers".
Programmers like to play with their software. You can not call it "testing" but everyone once a while "clicks through" his work.
But as soon as a programmer raises his finger he gets put down as "you have no clue anyway!"
Re: (Score:2)
Most likely the responsible guys are not the programmers but the "product managers".
I definitely agree. The programmers get their directions from the managers.
Re: (Score:2)
Re: (Score:2)
Their design and implementation indicates either a lack of knowledge of life critical systems
Who says the system remains in the vanilla state that existed when it was released? Maybe the labels are under user control, or the user specifically requested these labels, or they came out in different releases, etc. Given that this is likely custom government software, it was probably built on a set of skimpy requirements and not analyzed by anyone who might have known better.
Well My failsafe is that switch, or Key to activate the system. If that was removed, I'd consider that a criminal act.
Re:Uforgiveable (Score:5, Insightful)
What's worse, is that the menu items were right under each other. "Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation. While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
I don't get the people calling for this guy to get fired. Like none of those assplugs have ever made a mistake on their job. How many know someone in the office that accidentally did reply to all, or forward some email chain to external Eric rather than the internal Eric. Shit happens. Clearly the design of that system isn't the best.
I agree. Shit happens. Just was unfortunately some really bad shit in this case. I haven't made such public mistakes, but I've made some big ones. He is just a scape goat here.
The real problems I see here is that A) it wasn't blatantly obvious (through using a different workflow and by clear visual (and audio?) indicators) that he was going down the live path rather than Test and B) that having permission to use the EBS doesn't automatically carry the ability to send a "oh shit! we didn't mean to do that" message as well.
At the point where the workflow path deviates between Test and Real it should be impossible for someone, no matter how rushed/tired/bored, to get it wrong. Glaringly different color schemes. Audio prompts. Full screen dialogs so they can't be paying attention to something else. Extra steps down the Live path. Having a second account confirm the action. Etc...
Make it so that you have to be either blatantly ignorant or blatantly malicious to get to the point of sending a Live alert when you shouldn't. The timeliness nature of the system, however, does present some challenges since you want to delay getting the alert out as little as possible.
Now what I think is really being missed here is that this was a blessing in disguise. Yes it inconvenienced and scared the crap out of a lot of people, but based on all the reports I've seen no one had a clue what to do with it. Given the short time involved for a missile to get from NK to Hawaii and the devastation a nuclear warhead would do I question the point of giving warning (I'd rather die blissfully ignorant rather than in a panic or linger through injury/radiation poisoning), but if there is going to be a warning people need to know what to do and react accordingly.
They are concerned enough to spend money on the warning system, but have they spent the money on enough bunkers to hold the population of the islands? Are they located so that everyone has a reasonable chance of getting to one regardless of traffic/panic of everyone else trying to get there?
Hindsight 20/20, Foresight 20/200 (Score:5, Insightful)
You're right. If I had mod points, I'd give you a bump. Your insight that the blessing here outweighs the cost is one I haven't seen given enough attention. Fresh eyes will be looking at how the process should work to prevent mistakes and that's a good thing. Likely they'll find other areas that need improvement.
Using a system intended for conveniently notifying the public with information to instead notify the public of an emergency is a dangerous mistake, one of which they're now aware. Finding out that the public doesn't know how to respond is priceless information that they have now. The guy who clicked the wrong menu option may not deserve a medal, but put him on the committee determining how to fix the system and plan responses. Redemption is a strong motivator.
Now the public knows that they need a response plan for such an emergency. Having public pressure to get prepared is perhaps the greatest thing that could happen. People trying to get the public prepared would have been frustrated before this, but now they'll have the public on their side. That's the kind of thing that makes budgets happen.
Cost vs benefit (Score:2)
They are concerned enough to spend money on the warning system, but have they spent the money on enough bunkers to hold the population of the islands? Are they located so that everyone has a reasonable chance of getting to one regardless of traffic/panic of everyone else trying to get there?
A reasonable question with and unfortunately unreasonable answer. You have to weigh the costs of providing such shelter against the likely benefits. Odds are you'll find that building and maintaining such shelters is too costly to justify even presuming they would work as intended. (and it's not clear how useful such shelters would be) Folks in Hawaii are thinking about the problem [cnn.com] seriously but the answers aren't simple ones.
Re: (Score:2)
"Missile alert" and "Missile alert Test". Both items give the same "are you sure" confirmation.
Their fix will probably be to add an extra "are you REALLY sure?" confirmation to the real one.
These guys probably stopped reading the text in the confirmation box years ago. It's easy to form bad habits like that.
Re: (Score:3)
Don't even put it in the same location. And reverse responses e.g., yes cancels the alert and no triggers it. It was an approach used at a refinery I worked at (left handed valves etc.), and also was relayed to me by a coworker who was a submarine Nuclear Reactor Operator. Force people to think. This is SOP in mission critical applications, and I mean mission critical as in people will die. Not mission critical in terms of a person not making their bonus so they can't buy that new Mercedes.
Force them to think? Good luck (Score:2)
Force people to think.
HA! Good luck with that. In my experience far too many people will fight tooth and nail to not have to engage their brains.
Re: (Score:2)
If anyone should be fired it should be the designer of the software that allowed this option so easily without a possibility to undo and without any kind of confirmation dialogs.
The error is in process, not execution (Score:4, Insightful)
While it was certainly a bone headed mistake, it was one what was easily possible for someone in a hurry. As this fellow was just wrapping up his shift, he was clearly trying to get everything done in time.
It this was indeed the setup the mistake was idiotic programming and software design. The end user screwing it up was entirely predictable and probably inevitable. The problem occurred when the system was designed. If a system can fail because of the design, it almost certainly will fail sooner or later.
Part of my day job is to write work instructions and design procedures. When something goes wrong the first question I have to ask is "what did I do wrong", NOT "who screwed up"? 90+% of the time the problem was unclear/wrong/misleading instructions, a badly designed process, or some other problem where the person tasked with carrying out the instructions was set up to fail. In other words, my fault. We as engineers tend to take too little responsibility for our own failures and blame user error [wikipedia.org] when in fact the error was a badly designed program or procedure. We tend to think we are the smartest people in the room and while that may be true sometimes it doesn't mean we are perfect.
Re: (Score:2)
Re: (Score:2)
Agreed. Even a minor muscle twitch at the wrong moment or needing new glasses can cause the wrong menu item in a list to be clicked.
The click sequence for test vs live should be different, starting with selecting from the test rather than the live menu. Perhaps even make the user select "enable live" from somewhere before the live menu will drop down. That makes it a lot harder to do accidentally.
On the bureaucratic side, permission to send an alert should include permission to send a false alarm and all cl
Re: (Score:2)
It is not the fellow that did this that should lose his job and possibly do time. It is the ones that signed off on this design and the ones that proposed it.
Re: (Score:2)
Re: (Score:2)
A mechanical switch is prone to failure so will need to be tested regularly, and runs the risk of being tested with the system in "live-fire" mode. The switch output is going to be converted to a software signal anyway, so it makes the system more complicated for no real benefit. There's no reason why a software trigger can't be protected with a confirmation dialog, like "You are about to send a live missile alert, type 'YES' to continue"
Re: (Score:2)
Plain old mechanical mercury switch is good for around 70-90 years after the initial test, and require no secondary yearly testing as long as the mercury hasn't leaked. And that it can along with the wiring be checked with a spot inspection. They're still used in a lot of stuff, that require one-off emergency trip fails. One of the heavy industry companies I worked for exclusively used them as part of the auto-stop system in the event of an emergency. Because they always work, sure mercury is toxic, it
Re: (Score:2)
Plain old mechanical mercury switch is good for around 70-90 years after the initial test, and require no secondary yearly testing as long as the mercury hasn't leaked. And that it can along with the wiring be checked with a spot inspection. They're still used in a lot of stuff, that require one-off emergency trip fails. One of the heavy industry companies I worked for exclusively used them as part of the auto-stop system in the event of an emergency. Because they always work, sure mercury is toxic, it hurts the environment. But when you want a 99.99999% of there being zero failure? Sometimes old tech is still best tech.
I'm having fun here arguing with people who think that software is more dependable than things like mercury switches. Even more so, they are arguing the superiority of a system that has already demonstrated failure.
Re: (Score:2)
A mechanical switch is prone to failure so will need to be tested regularly, and runs the risk of being tested with the system in "live-fire" mode.
Everything is susceptable to failure. Mechanical switches caan certainly be more reliable than a software program.
The switch output is going to be converted to a software signal anyway, so it makes the system more complicated for no real benefit.
So are you positing that all mechnical switches and keys be removed from nation's nuclear arsenals because a computer only system is safer?
So these computer thingies. They don't have any switches in them? Computer keyboards and on off switches will be prone to malfunctions, certainly more so than a heavy duty industrial quality. There are inputs and outputs like Ethernet connectors as well.
Re: (Score:2)
That's why you use a normally closed switch, rather than a normally open. By default, the switch is in the "ON" position, actuating it causes it to break the circuit, thus indicating the actuation. In emergency stop type buttons, mashing the big red mushroom breaks the circuit, causing the equipment to be de-energized. These are extremely reliable.
Re: (Score:2)
Mechanical switches come in very, very reliable variants if you spend more then $1 on them. And you can easily have a backup switch on a separate circuit. And, even better, you can get them with a protective cap.
Re: (Score:3)
Not a routine looking one anyway. But a strangely shaped bright red dialog box that only appears in this context might be a good idea.
Or better yet, some unusual additional but easy to perform action that is also hard to do accidentally like "type in user name".
Re: (Score:2)
Not a routine looking one anyway. But a strangely shaped bright red dialog box that only appears in this context might be a good idea.
Or better yet, some unusual additional but easy to perform action that is also hard to do accidentally like "type in user name".
That still doesn't negate software failure. Need a human in the loop who is willing to think.
Re: (Score:2)
I don't know. In my experience every design choice has unintended (although hopefully not unaccounted-for) consequences.
You have to add up all the foreseeable failure modes of a system with a mechanical switch -- including but not limited to a mechanical failure when you actually need to use it -- weighted by the probabilities of those failure modes. Just throwing a mechanical switch into a system because you had a failure is not engineering. In engineering you don't just focus on the desired result of a
Re: (Score:2)
I don't know. In my experience every design choice has unintended (although hopefully not unaccounted-for) consequences.
You have to add up all the foreseeable failure modes of a system with a mechanical switch -- including but not limited to a mechanical failure when you actually need to use it -- weighted by the probabilities of those failure modes. Just throwing a mechanical switch into a system because you had a failure is not engineering.
In no way shape or form is the idea to "throw a mechanical switch into a system:" because you had a failure. The mechanical switch should have been in the initial engineering design from teh very beginning, because it will prevent a failure. A failure that happened because people who don't know any better thought that the entire thing could have been controlled without failure by menu items.
But that didn't happen did it? If this system was part of the launch system for nuclear missliles the world would
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
The larger blame lies with the government and the (I hate the term, but it's so applicable here.) sheeple who call for this sort of a warning system.
There is no legitimate reason to have this sort of warning in place. None! North Korea has established that it can hit the ocean with its missiles most of the time. (They took out a neighborhood in one of their cities within the last 6 months!) Until North Korea is a) demonstrating that it can actually get an ICBM within 100 miles of its intended target, and b)
Re: (Score:2)
The larger blame lies with the government and the (I hate the term, but it's so applicable here.) sheeple who call for this sort of a warning system.
There is no legitimate reason to have this sort of warning in place. None! North Korea has established that it can hit the ocean with its missiles most of the time.
Warning systems are not just for North Korea. Russia and America also have some big boomy candles. My guess is that both Hawaii and the west coast are in the targets. These systems were in place a long time ago. Russia has early warning systems as well.
Re: (Score:2)
In order to put the system into "Live." should require a physical interconnect such as a key.
I would imagine from the "console" where you'd choose "Live" be prompted to turn the key. Then once it verified the circuit has been closed you'd then be able to choose from the live menu which thing you wanted to send, you'd then be presented with a big blinking red dialog box saying something like "THIS
Re: (Score:2)
A system like this should be engineered to have some set of distinct modes like "Standby", "Testing" and "Live". In order to put the system into "Live." should require a physical interconnect such as a key.
Bingo! "Sokath, his eyes opened"
All critical systems I have worked with need that key or guard, which closes a switch. Which goes someplace, which activates the final step, whatever that is. Previously it was activating some machinery which might kill people if it started when they were around it. Now it isn't usch an issue on present systems.
I would see this system as one enabling the computerized message to go out to everyone. Activate the key which is the switch, and the computer knows it is go t
Re: (Score:2)
I seldom call for people's jobs, but I'll make an exception in this case..
I agree! And I also seldom call for people to be fired.
But, just to be totally clear -- the person/people who should be fired is NOT the operator who selected the wrong drop-down box on the badly-designed UI. And NOT the one who coded it, either.
The real culprit here is whoever reviewed, and approved the architecture. Probably a _much_ higher level person than the one who will most likely be blamed -- given what I know about typical government and corporate scapegoating habits.
Re: (Score:2)
I agree! And I also seldom call for people to be fired.
But, just to be totally clear -- the person/people who should be fired is NOT the operator who selected the wrong drop-down box on the badly-designed UI. And NOT the one who coded it, either. The real culprit here is whoever reviewed, and approved the architecture. Probably a _much_ higher level person than the one who will most likely be blamed -- given what I know about typical government and corporate scapegoating habits.
Exactly. The person who accidentally activated the alarm was almost blameless, the programmers were just working with their marching orders.
I'm expecting the guy who empties the trash cans and mops the floors to be the chosen culprit.
Re: (Score:2)
Indeed. Setting a trigger this loose is asking to get shot. Only the truly incompetent do this.
Re: (Score:2)
Indeed. Setting a trigger this loose is asking to get shot. Only the truly incompetent do this.
My guess is that the decision was made on a financial basis, perhaps some suits in a conference room. It really indicates a lacl of knowledge about programming and computers in general.
Perhaps it wasn't considered a life critical system. I'd differ given that it scared the crap out of a lot of people, hopefully no one was injured or killed.
But we've all accidentally hit a wrong menu item, especially when using a mouse. An emergency system needs anumber of attributes
It needs good accuracy - we don't
Re:Uforgiveable (Score:5, Insightful)
Whilst I believe that you are right in identifying an mechanical failsafe as an incorrect approach I don't think this should fall to the user to pick from two items next to each other on a drop-down. Intelligent, highly-skilled operators make mistakes in these sort of circumstances and a bit of decent UI design goes a long way in preventing such things (without the need for mechanical safeguards).
Something as simple as giving obvious visual clues between test and live messages (icons, colour, font weight etc), separating the items on the drop down into obvious lists for test and live messages etc.
Getting only a _little_ more complicated in UI, a subsequent message confirming a live message (possibly with an action that requires a user to type 'live' or something to ensure that the validation request has been received and understood) would almost certainly eliminate any chance a live message being sent in place of a test one.
Decent design does not rely on users doing the right thing any more than it has to.
Re:Uforgiveable (Score:4, Insightful)
Yes this is clearly a system design problem and something that can be solved in several obvious ways. The easiest would be to have a confirmation stage that makes it very clear if it's a test or if it is a "sharp" alarm that will be triggered.
Note that how to make it very clear is still a problem but one that have been studied.
That the same system that can send an alert can't also send a false alarm alert is also an obvious systems design flaw.
Re: (Score:2)
Another aspect of this is that it is apparently just as easy to accidentally select the test option instead of the actual alert option. If a shift change is enough to mix these up, in an actual emergency an operator could easily end up thinking he sent an alert out when he really just triggered a test.
Re: (Score:3)
Re: (Score:2)
A favorite of mine is when the RAM is refreshing and you end up double-clicking because you thought the first click wasn't registered.
Re: (Score:3)
You are incorrect about a mechanical switch/guard. We are well past that era. What we need is someone other than Homer J. Simpson level people manning the system.
Your thinking is exactly what produced this system. Physical switches are so 1968! We can trigger the alert through a menu, and since we need a shortcut we'll use Ctrl+D so it will be easy.
So anyhow, the situation stands in evidence as to how software people and pus dripping edge folk produce failures.Deal with it.
Re: (Score:2)
What a well reasoned posting, I especially like the respectful way you describe the people involved in a system you have no f-ing clue how it operates.
And no, that thinking isn't the problem which should be obvious if you spent some seconds thinking about it - assuming you have an IQ higher than an amoeba.
Re: (Score:2)
What a well reasoned posting, I especially like the respectful way you describe the people involved in a system you have no f-ing clue how it operates.
And no, that thinking isn't the problem which should be obvious if you spent some seconds thinking about it - assuming you have an IQ higher than an amoeba.
Speaking of respectful. Wanna talk about fail safe systems? Use the big words - I might just understand a lot more than you think I do.
There's your challenge, Accepted? Prove that a software only system is fail safe.
Re: (Score:2)
and since we need a shortcut we'll use Ctrl+D so it will be easy.
Yo dawg, I heard you like shortcuts so I made the shortcut the same button that makes shortcuts (bookmarks).
Their Software (Score:2)
What the dialog box probably was:
Send Message?
Test: (check box...off by default)
(Send Button)
Re: (Score:2)
How about 2 for wild fires (one actual, one test), then there would be 2 more for mud slides. I guess tornado warnings would require two as well. What about civil disturbance - should that require a physical switch?
I'm not defending GP's idea of using a switch, but this is obviously not what he meant. One switch for all live alerts would serve the purpose. There are plenty of reasons to criticize that as a bad idea without getting silly.
Re: (Score:2)
How about 2 for wild fires (one actual, one test), then there would be 2 more for mud slides. I guess tornado warnings would require two as well. What about civil disturbance - should that require a physical switch?
I'm not defending GP's idea of using a switch, but this is obviously not what he meant. One switch for all live alerts would serve the purpose. There are plenty of reasons to criticize that as a bad idea without getting silly.
if you have a fail safe in the system, it does not cut the computer out. You simply select the message to be sent, then use the mechanical switch to send it. The concept is that a physical action of raising the guard is a step that makes you think foro a second - am I sure? then the last step is the switch - am I really really sure??
I understand this is a tech site, where many people believe in the infallibility of computers, and that humans are considered the weak link. I would suggest that they do som
Re: (Score:2)
Wow. What an ignorant statement. Let me guess - you have never worked in an emergency setting. So how many physical switches do you want? You already want 2 for missile alerts. How about 2 for wild fires (one actual, one test), then there would be 2 more for mud slides. I guess tornado warnings would require two as well. What about civil disturbance - should that require a physical switch? Then there's any type of hazmat incident.
Why don't you learn a bit about emergency management before you make an ass of yourself!
I am a technical consultant for Emergency communication systems. And I have to say, little Coward - you would be escorted to the front door as your last involvement with that 'tude. Rather than just an argument which has nothing to do with what I posted, you are at best amusing, but have no place in emergency management.
Arguing for a system that has failed, and we know why it has failed, is a pretty weak starting point. It was going to happen, it was going to happen because it was a menu item for activat
Hi, I'm Clippy (Score:5, Funny)
"Hi, I'm Clippy! Are you sure you want to send a missile alert?"
"No, Clippy"
"OK then, launching missiles".
UI failure (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Strong confirmation? "Send Alert?" [Yes] [No]
Follow up Tweet? (Score:5, Insightful)
Takes time (Score:5, Insightful)
Seriously, contact all the major TV and radio stations in the area first.
Which should take some time, unlike sending a tweet on an account already owned by the emergency center.
Also, the contacting of TV and Radio station might be hampered by people actually attempting to follow the instruction of the previous wrong alert.
Though most TV and Radio crew might wonder how come there's an alert about a missile attack on their *phones* while, at the same time they do not receive a full list of information that they have to broadcast immediately to the population while interrupting the normal programming.
So, while the HEMA guys are heading for the simplest thing to do to communicate information (blasting it on accounts that they actually own, like Twitter), the TV and Radio station should be the one trying to contact HEMA to understand why they weren't asked to broadcast any emergency information (it might have been an error like in this case. Or in the alternative case of an actual live attack, the general population might be missing critical information that the Radio should have been broadcasting and that got stuck somewhere in the process).
Re: (Score:2)
Seriously, contact all the major TV and radio stations in the area first. The expectation that everyone should get critical information from "social" media is a joke.
Contact all major TV and radio stations? The GenY/Z'er is still wondering what the fuck a radio is, and they cut the TV and cable cord long ago. They consume all of their "news" via Social Media and streaming now. You got something to say, it better be in an Insta-Netflix-Tweet format. The joke is assuming the younger generation knows about ancient tools of communication.
Hell, even the POTUS uses Twitter to get his messages-on-fire out to the masses. Love it or hate it, social media has become the de
Re: (Score:2)
Hell, even the POTUS uses Twitter to get his messages-on-fire out to the masses. Love it or hate it, social media has become the de facto standard to communicate to the masses, so we might as well modify our emergency broadcast systems to accept this fact.
I have seen exactly zero restaurants and businesses that have replaced their televisions with Twitter feeds.
Re: (Score:2)
Seriously, contact all the major TV and radio stations in the area first. The expectation that everyone should get critical information from "social" media is a joke.
Given how most media these days just republish and comment on tweets anyway, it worked out OK though.
(/sarc)
Re: (Score:2)
Of mice and menus (Score:2)
Who hasn't had the same issue with drop-down menus in standard software? Unfortunately there is no 'bitch-slap' feedback button to the designers or the software producer.
Menus are designed with so called logically ordered groups, but in many cases have things underneath each other which look the same, but have different effects. And a slip of the mouse sometimes makes the wrong selection.
Prod vs. Subprod? (Score:3)
Re: (Score:2)
Re: (Score:2)
I don't know if you are serious...
Any system that isn't actively working all the time have to be regularly tested to ensure that it is working. How else would one know if the system can do what it's designed to do when the time comes?
E.g. nuclear launch is trained and tested not only to ensure the people involved are ready to do their job if required, but also so that the system up until the last operation (arming of the warheads/actual launch) is known to work. And yes that is being tested "in production".
Re:Prod vs. Subprod? (Score:4, Insightful)
This is actually a test OF the prod system. You can have a totally separate system for testing, but you do need to test the production system to make sure that some system hasn't broke, bird eaten through a wire, or service credential expired. Data Centers test transfer switches once a month in production. Across the midwest, they test tornado sirens once a month.
Re: (Score:2)
OK, all you have to do is create a simulator. Which captures every nuance of all the alert paths with will be taken; twitter, FB, radio, shortwave radio, police radio, fire department radio, hospital alert systems, maritime systems, etc. Get it?
Re: (Score:2)
YES. Mod parent up, please, anybody who has points!
Plan B (Score:2)
If This Were A Prison Administrator App (Score:2)
It would have a menu with consecutive items reading "kill prisoner" and "release prisoner".
I'm almost disappointed (Score:2)
the alert wasn't sent by WOPR.
Differentiated confirmation actions (Score:2)
Slashdot Moderation UI (Score:2)
Re: (Score:2)
North Korea (Score:3)
The single biggest failing.... (Score:3)
No single person can be blamed for that, however.
Re: (Score:2)
Re: (Score:2)
Message is message fail (Score:2)
In addition to a poor design it is a happy path system and doesnâ(TM)t account for real world exceptions. The project obviously chose fast and cheap over good.
Re: (Score:2)
I was there, had 38 minutes of contemplation... (Score:2)
I was there, vacationing in Hawaii. Got the alert, noted the time. Then I finished eating breakfast while listening to the morning riot of birds as the last hints of sunrise's color faded into daylight. I'm old, and my kids were thousands of miles away...
The biggest failure wasn't the bogus "BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL."
The biggest failure, in my opinion, is the waste of a whole lot of tax money on stupid shit, and unaccountable politicians, gov [wikipedia.org]
A few points (Score:2)
The test can go at the click of a button, but the "Live" message should have an "Are you sure you want to send a LIVE message? This is NOT a test!" prompt before shooting out.
If nothing else, the chaos caused should be used as a talking point so people are a little more prepared for a live event. Though I doubt that will happen.
Why the hell do they have the authority to send a live message, but not the authority to send a false alert message? That was a dumb decision.
Yea the guy made a mistake. It sucke
37 minutes (Score:2)
Something is fishy here....
Comment (Score:2)
Yeah, well, in his defense the system was Emacs-systemd, and he got a little confused as to whether it was C-x C-m M-a or C-x C-m M-t in the current runlevel...
(Yeah, couldn't decide whether to hate on emacs or systemd, so here's both!)
But, but ... (Score:2)
Earthquake people prefer short direct messages (Score:2)
Re:There was no tech âoefailingâ. (Score:5, Insightful)
Re: (Score:2)
Wrong. The screw-up here is a system that makes it far too easy to screw up. It was bound to happen given this abysmally bad design.
Re: (Score:2)
Give that some systems are worse than others in inviting operator error, you can't just assume it's not the tech because operator error was involved. However even if the tech is as good as humans can possibly make it, that still wouldn't prevent operator error.
This kind of fault is hard to test for, because it's a non-functional requirement. You can't simply do a functional test and check off "prevent accidental message from being sent". At best you can simulate various scenarios, but those simulations a
Re: (Score:2)
"you're dealing with testers, not people who are habituated to the system and who thus use it differently."
This is a direct violation of Agile. developers should be given close contact and ability to collaborate with the end users. Not having 5 degrees of separation between developers is the key to bad software. You end up playing telephone and with no understand of the real problem.
I am appalled at the SW development I have seen in large SW companies. the waste, mis-management, slippage, and distain users
Re: (Score:2)
First of all, Agile doesn't work in every situation unless you stretch the definition to include non-agile practices where warranted. Second, the distinction between users and testers isn't as clean as you suggest. Users *are* testers until they become habituated to the system.
Re: (Score:3)
The UX probably already asks if you are sure you want to send something.
Ah, the old AC favorite - I'll just make some facts up which I assume are true.
Re: (Score:3)
Classically, you have to break a piece of glass or at the very least turn a key to trigger something like this. The UI design bears all of the blame here. It was asking for something like this to happen. It is absolutely no surprise it happened. The ones at fault are the ones that did design this broken UI and the ones that signed off on it. These should at the very least lose their jobs and probably face criminal penalty, because negligence does not get any more gross than this.
Re: (Score:3)
Is it because we put art majors in charge of UI design? Is that it?
Could be.
I've almost given up on pushing back on UI design.
Their two overriding and incompatible drives are to 1. hide complexity and 2. make things super easy.
The result is that it's super easy to do things that you don't understand.
Re: (Score:2)
No, we put BAs in charge. Arts majors would probably know more about it than your typical manager.
Re: (Score:2)
But we can't ignore the fact that the President, who tweets about anything that upsets him, couldn't be bothered to interrupt his golf game to say that this was a false alarm.
Regardless of how much you don't like him, it's not the president's job to correct false emergency alerts. There was a chain of command about 20 people long who should've done something about this but they were all asleep at the wheel. Yeesh, I'm really starting to think that Trump derangement syndrome is a real thing.