Hacker News new | comments | show | ask | jobs | submit login
It Was Bad UX, not a “Wrong Button” in Hawaii (washingtonpost.com)
148 points by zonotope 9 months ago | hide | past | web | favorite | 126 comments

I think this whole thing could be seen as a blessing in disguise, but I don't hear anyone talking about it. We seem totally unprepared for this kind of event. The message said take shelter, so why were people running around screaming and crying in the streets?

People were throwing their kids into storm drains. Clever, but what happens to them after that?

Where do we go? How long do we have to stay there? Who is going to pass out the iodine pills? Where's the clean water? What will we eat? Who will come get us when it's all over?

It seems like we gave a damn about this many years ago during the Cold War. There were drills in schools, public service messages, people bought bomb shelters, there was the Civil Defense. Once in awhile I see one of those public bomb shelter placards on a building and wonder if there really still is one or if it is just some old artifact someone forgot to take down.

We laugh at all this stuff like ironic hipsters and now we see the results.

No one stopped caring. What we stopped doing was pretending the civilian population could be protected against nuclear holocaust.

The bomb that obliterated Hiroshima was a toy next to a thermonuclear bomb, which is 1000 times as powerful. If one lands on Oahu, there won't be anyone to pass out iodine pills in Hawaii, or anyone to pass them out to.

Hawaii is just stupid to spend a nickel on an early warning system. The only reason it exists is that too many people don't understand what they're supposedly being warned, or that they are utterly defenseless.

Sometimes, the only protection is prevention. This is one.

Looking at NUKEMAP [1] and playing with Honolulu as a target using the various weapons that are common to nuclear arsenals your claims just sound totally false.

It seems like there would be a great chance of survivability in many areas if one were properly sheltered. This doesn't even take into account that Oahu is a mountain which would shield many inhabitants from the air blast.

I frankly am glad you are not in charge of the early warning system in Hawaii.

[1] http://nuclearsecrecy.com/nukemap/

And to extend this hypothetical a little: the nuclear arsenal of people attacking the US is not as good as the one in the US.

Odds are anyone dumb enough to throw a nuke at the US is doing so with some really cunning plan in mind hoping for retaliation, and doing so with a nuke that's far from optimal. Russia and China are better served by eating up the US economy (and government!), than balls-to-the-wall war, so it's more likely an country that 'also has nukes' than the players with the real budgets.

For anyone wondering, highest estimate for Korea is 280kt. It would take a chunk out of Honolulu but no where near what people assume.

As someone living in Hawaii, I’m more worried about the aftermath and how people react. More chaos will be caused by them rather than the bomb.

> Hawaii is just stupid to spend a nickel on an early warning system.

The early warning system also includes messages for tsunamis, amber alerts, landslides, and high surf. I can't imagine the inclusion of a PACOM warning required any significant additional spending.

North Korea has H-Bombs now? With accurate missiles?

For whatever reason there came to be a general belief that the drills were pointless or just propaganda. In reality they were very worthwhile and provided meaningful preparedness training. The bomb isn't what always kills people: it's the building falling on top of you that will kill or maim you, and knowing what to do when the building is falling down can drastically improve your chances of survival.

The assumption that most people have is just that nukes just evaporate people like in Terminator 2. That's not the case for most of the danger zone.

This fascinating book on the topic of preparedness is available for free here: http://www.oism.org/nwss/

It includes a lot of detail, diagrams, and explanations about topics like fallout. Unfortunately many students who become politicians tend to be dramatically misinformed about how nuclear weapons work which leads to some systematically incorrect assumptions that have wide-ranging consequences.

Most of what people believe about nuclear weapons and nuclear technology in general is false.

Part of it is that there's a public risk with this sense of 'preparedness'.

If large amounts of people feel comfortable with nuclear war breaking out because they have their bomb shelter stocked in the backyard that poses an existential risk for everyone.

While people may overestimate the vaporization radius of a specific bomb we definitely don't want a larger underestimation of the affect of large scale nuclear conflict.

This was kind of the point of the pugwash conference, to remove nuclear weapons from political escalation more generally. If we're not successful at this and it escalates or becomes political that might be the end of it.

“In view of the fact that in any future world war nuclear weapons will certainly be employed, and that such weapons threaten the continued existence of mankind, we urge the governments of the world to realize, and to acknowledge publicly, that their purpose cannot be furthered by a world war, and we urge them, consequently, to find peaceful means for the settlement of all matters of dispute between them.”


I think we should be making a lot of effort to prevent this kind of event than to prepare for this kind of event. It was a blessing in disguise indeed because it made people realize that talk is cheap and showmanship really can lead to some horrible outcomes.

Great point. I wonder what Russia, China, North Korea, and Iran think about our reaction, and what ways they see to manipulate it. Most Americans now consider war as "something our all-powerful military does in other places and protects us from worrying about at home." The lack of preparedness you are describing is the result of a mindset that believes any and all attacks will be stopped before reaching the homeland.

There was a very similar incident in 1971 ("code word hatefulness"). Back then, three tapes were kept next to a EBS transmitter, two real alerts and one for testing. One day, an operator accidentally loaded the real alert rather than the correct test alert, and many stations prepared to tell the country the nuclear war was imminent.

The fix was to:

> …In the past three tapes, one for the test and two for actual emergencies, were hanging on three labeled hooks above the transmitter… In the future only the test tape will be left near the transmitter. The two emergency tapes [will be] be sealed in clearly marked envelopes and placed inside a nearby cabinet.


I'm glad the popular discourse has made it from "train employees better" to "design better interfaces" in this case. But as you point out, this is far, far from a new problem.

It's as if we lived in a world where bridges have been built for decades with structural engineers as optional, rather than required by building code. If your project had a budget for a structural engineer, you hired one, but if not, fine, you just had your construction contractor do their best.

And so now a bridge just collapsed again (fortunately everyone got off in time) and we're talking about how we really ought to design bridges better, but no one is suggesting the obvious, that we legislate building codes that require structural engineers as part of the bridge-building process.

I know this is a controversial idea, as it opens up the question of UX design certification and licensure (if you require UX for critical infrastructure, what are the qualifications?), which can lead to all sorts of unintended consequences of gatekeeping, exclusion, and administrative bloat. But I think Hawaii makes it clear that the status quo is unsafe and unsustainable.

> I know this is a controversial idea, as it opens up the question of UX design certification and licensure (if you require UX for critical infrastructure...But I think Hawaii makes it clear that the status quo is unsafe and unsustainable.

Or even a "code" like the National Electrical Code, which one would be required to comply with when working on critical infrastructure. That's how electricians apply the safety experience gained from previous unsafe practices.

That's a good example. Shockingly poor foresight.

It's similar to the "A gun is always loaded" principle. Unless you can tell at a glance that a firearm is not in a ready-to-fire state, you treat it as if it is. People are clumsy and forgetful, and you only have to mess up once.

Leaving the live rounds right next to the blanks, in that way, is pretty indefensible. (Ignoring of course that blanks can still kill, for this analogy.)

>Unless you can tell at a glance that a firearm is not in a ready-to-fire state, you treat it as if it is

That's when you need to treat it like it is the most.

You'd really exercise more caution with a broken-open shotgun than a closed one?

Not more, but I wouldn't let my guard down just because it's playing dead.

>Unless you can tell at a glance that a firearm is not in a ready-to-fire state

Chance you are actually able to say that vs. chance you made a mistake in reasoning that conclusion? Still not a bet worth taking.

The at a glance condition is probably the one where you stick a brightly colored piece of plastic in the chamber to act as an unarmed flag. Still best to be careful at all times IMO.

A blank round looks totally different from a 'live' round with a projectile.

Don't assume there is just one kind of blank, and don't assume blanks can't kill you.


The first bullet here is a blank.

A 'bullet' can't be a blank, as a bullet is a (normally) inert projectile.

Going for the 'technically correct' award, are we?

Yes, the correct term is indeed 'cartridge'.

Not really, your entire argument is silly. You should be running through ACTS/PROVE regardless of the state of your firearm or its load.

The point of a drill is to drill the procedure into people, so that when it is required the people are operating on autopilot without the need to actively think about the actions that they are performing. I would prefer to see the only two tapes next to the transmitter are the emergency tapes. If there is a drill then the drill setup will replace these tapes with the test tapes, and maybe place a corrupt tape there once in a while. With this fix, in an emergency situation it's suddenly someone has to remember to get the tape out of the cabinet (was it Alice's or Bob's cabinet that we put them in?) and use that rather than follow the process that has been rehearsed. This whole scenario whiffs of improper drill setup, not a failure of following the drill.

"Scolding the ape" is not a viable UI option. The time for "carrot and stick" has passed. Today's solutions need to leverage volition and obviation, to prevent the opportunity for human error to occur.

I'm not scolding the ape, I'm scolding the organ grinder. When a drill deviates from the actions taken in an emergency it becomes a pantomime of little value.

I totally agree that the solution should leverage obviation to prevent human error in an emergency, that's what a drill is all about.

> When a drill deviates from the actions taken in an emergency it becomes a pantomime of little value.

Sending an emergency alert isn't an action that requires split-second muscle memory. I think slight deviations in the drill vs. the real thing are fine in this case, in order to prevent false alarms.

There's no one-size-fits-all solution here, you have to analyze the trade-offs around speed and the cost of a false alarm.

It hasn't prevented a false alarm, which is why it hit the news... it's interesting that there is a lot of hang up on false negative (false alarm) and very little discussion about a false positive (hitting the test button instead of the real alarm)

> It hasn't prevented a false alarm, which is why it hit the news...

That's because they forgot the lesson decades ago. It seems like the 1971 event is a forgotten piece of cold war history. I haven't seen any mention of it in the couple of news articles I read.

> it's interesting that there is a lot of hang up on false negative (false alarm) and very little discussion about a false positive (hitting the test button instead of the real alarm)

We haven't ever had a nuclear missile attack, and even if we had one, there's very little anyone could actually do to protect themselves. The alert seems more of a courtesy than a real actionable warning. The fear and panic of a false alarm are real, though. Also, if there are too many false alarms, they turn into crying wolf and will be ignored.

The article is confusing. It states that the "errant employee actually was working with a drop-down menu on a computer program". But the photo is clearly of a list of normal "a href" elements.

I'm asking, because if it was truly a drop-down (select element) then the UX would be even worse. At least with a list of links, there is the odd chance that the person would spot the correct choice. Using drop-downs, once the incorrect choice was made, there is really very little chance of realising the error.

It's likely the article got the term of art wrong. I wouldn't put too much stock in it. Trust the direct proof over hearsay.

I saw (on Twitter) another image that was a dropdown with choices such as "Missile Alert" and "Test Missile Alert" right next to each other.

I don't know which image is real.

The one in the article is sourced as from HIEMA.

For all developers asked to design something or not given a design - CSS padding is your friend.

Add spacing and then add more. It won't make it a masterpiece but it'll prevent misclicks and make the UI easier to read and understand.

Also, use headings like "Amber Alerts", "Weather" and "War".

And, use semantic titles like "[TEST] Tsunami" or "ALERT! - Tsunami"

If a developer were in a position to actually change this, the options should be in separate lists, or even separate pages. If only CSS and HTML is available, they should be in two columns.

The screenshots are so bad, not even the juniors I work with would consider deploying this. It's mind boggling.

>The screenshots are so bad, not even the juniors I work with would consider deploying this. It's mind boggling.

Not defending the UI too much but I'm imagining this is something built and deployed on government contract in the late 90s or early 2000s (when it was considered high technology that they could do this from a web page in the first place?), occasionally migrated to whatever marginally newer system is required by law while consuming the minimal amount of funding.

It's a damn shame but a lot of govt. stuff ends up in this exact boat because nobody wants to pay to improve something that "already works."

I think you're a bit off with the time frame. The system sends push notifications to citizens in a specific area, or am I mistaken? Are these texts?

The Wireless Emergency Alerts system (https://en.wikipedia.org/wiki/Wireless_Emergency_Alerts) dates back to 2006, but it is quite plausible that the backend this interface controls predates that if it was originally a desktop interface for the Emergency Broadcast/Emergency Alert System.

I wonder how much money they spent for this...

Also, colors.

Make all tests blue, all real alerts red. A tiny and simple change, but makes such a difference.

EDIT: I decided to create a mockup with only tiny changes:

1. the current version https://s3.kuschku.de/public/01_current.PNG

2. Color-coding added https://s3.kuschku.de/public/02_colors.PNG - already a significant change, with only one line of CSS

3. Semi-Sorted into groups, and always moved drills to the top of the group (so a person searching top-to-bottom finds the drill first): https://s3.kuschku.de/public/03_sorted.PNG

The result is done with 3 lines of CSS, and an additional class on each link. Tiny change, costs you a single-digit dollar amount to implement, and can be so much more effective.

I will say color makes a bigger impact on people that are not paying attention. I built a batch script to automate a lengthy process we had to do to a few dozen offline computers. I had field techs telling me it ran but didn't work. Found out that they were not reading the output of the command line. It would ask them to run it as Administrator. Quick fix, I made the box background go red and the text yellow when it hit this issue and never had a problem since.

you can also use colors like red, yellow and green (in this case, why not some yellow for tests and red for actual alerts ?).

And for certain actions (such as deleting a file or letting a population know an IBCM is coming at them), it could be a good idea to add a msgbox asking "are you sure you want to ? [yes] [cancel]" ^^

CSS padding won't save that menu.

I still can't believe how terrible it is.

It has the same feel as a dropdown on a blog.

Nothing of the level of severity is presented. I'd expect such a serious button to be part of a well designed dashboard.

Plus I'd expect it to be an actual button, with colours.

The section of test systems should be separated with distance from live systems.

I don't adding more spacing is the way to go. Tests and actual alerts should be different menus.

Yes, thousands of ways to make it better. But I've worked with many developers who feel lost on how to make something look good. Without any design training, just use headings and spacing and it improves the look and feel by multiples and is something they can easily do without wondering if it looks good or not.

Developers don't design. They implement.

"Design is how it works." - Steve Jobs

Developers are designers, some just don't know it.

I'll put this is the same bucket as "my code is my comment"

I think the vast majority of software is developed without the handholding of a UX specialist. So they do "design" in those cases, right?

Ah, but then you replace clicking the wrong link due to interface confusion with clicking the wrong link due to flash-of-unstyled-content.

A lot of conversations seem fixated on what's the worst that could happen if the wrong message was sent, but very few of these people are considering what's the worst that could happen if the right message wasn't sent. Also, it's very likely that the dropdown message text was not added by a developer, and this addition of the messages by non-technical users should also be part of that UX conversation.

Tsunami warning: Everyone seeks high ground.

Missile warning: Everyone flees to basements.

Right next to each other, no way that'll go wrong.

Apropos to nothing, the actual user experience between a Tsunami and a Nuke are quite different.

If the nuke is off target and lands in the water you could have both?

> Ige, in his speech, deplored the fact that employees of the emergency management agency were getting death threats since the events of Saturday.

Sounds like they need to prosecute some people for terroristic threats to the fullest extent of the law.

I understand being pissed off about the false alarm, but sending death threats should be an automatic jail sentence at minimum.

The state sent out a death threat! People are just letting the government know how they feel.

The design of this system is grossly negligent, which IS a management problem. It does look like a web page. How is the page served? An internal secure setup on a private network? Is the browser ever updated? Is there javascript? The number of failure modes on this type of setup is unconstrained. How are updates tested? It appears to me that somebody just put something together without any design or validation process at all. This is fine in many settings, but not for critical public safety infrastructure.

A warning, whether mistaken or not, is not a death threat, and a death threat is not just a complaint.

>A warning, whether mistaken or not, is not a death threat, and a death threat is not just a complaint.

I don't think there is exactly the same crime in all the states of the US, but there is in some states (as well as in many other countries) the crime of "false public alarm".

Example, you start crying "Fire!" in a crowded cinema or public place:


P.S.: Meantime in Japan:


but this was not the governemnet, it was the NHK and they were very fast to send a correct message.

There's a difference between crying "Fire!" to willingly cause panic over nothing (ie: intent to cause harm), and a mistake...

Text from your first link even says that:

> A person is guilty of a crime of the third degree if he knowingly causes such false alarm [...]

>There's a difference between crying "Fire!" to willingly cause panic over nothing (ie: intent to cause harm), and a mistake...

Sure there is a difference, but - again not all states/countries Laws are the same - it may depend on who has to prove that it was a mistake.

And of course it may be classified as an actual crime or as a minor civil infraction.

Somehow we've landed in a world where death threats, swatting, etc don't generally have any real consequences, and that makes me very sad.

Why do you see that as terrorism?

Because that's literally the law:

> TERRORISTIC THREAT > > (a) A person commits an offense if he threatens to commit any offense involving violence to any person or property with intent to: > > 2. place any person in fear of imminent serious bodily injury;

The operator did not threaten to commit violence.

The OP was referring to the people threatening the operators for the mistake.

That's a fucked up law. If some guys in a bar start arguing about a spilled drink and one says "I'm gonna punch you!", that shouldn't be considered terrorism!

Terrorism used to mean violence or a real threat of violence committed for political reasons. Now it just means any crime committed by someone whose motives (or whose ethnic group) the speaker disapproves of.

it's not "terrorism" it's a "terroristic threat" - same root, but different words and very different meaning as commonly used. no one is equating a drunken bar confrontation and suicide bombing, except you.

He didn't equate them though, that was his whole point.

he says he thinks the words mean the same thing to the authorities -- which they do not; that would be crazy.

The intent of most death threats these days, almost certainly including these, is simply to express dissatisfaction, not to "place any person in fear of imminent serious bodily injury", even if that's how an outside observer unfamiliar with cultural context might interpret it.

That is ridiculous. While it may be done out of dissatisfaction, it is most definitely made for the purpose of "placing the person in fear of imminent serious bodily injury."

It is ridiculous because it is an accurate statement about modern internet culture, which is ridiculous.

> The intent of most death threats ... is simply to express dissatisfaction

Are they? There are plenty of other ways to do that without (pardon me) going nuclear. Many death threats go so far as to include someone's family, friends, and other acquaintances. If it's mere dissatisfaction being expressed, why go that far if not to put someone in fear?

For the same reason different populations might complain by calling the customer support hotline on the back of the box or by submitting a pull request. That's how this group has learned is "the way" to do this.

The UX in most software made for the government is terrible. At the end of the day, I think anyone clicking any button in that list should have been well aware of what those buttons do especially since clicking that button was a routine part of the shift change process in that shop.

Bad UX, sure. But that person dun goofed.

Aka, blame the user, not the design. The FAA got away from that because it caused too many planes to drop out of the sky. Sure, user errors will happen, but designs should try to avoid them and mitigate their consequences.

I've been a software engineer in the defense industry my entire career. No contract I've ever been a part of included a UI/UX designer, I rather doubt the customer would have been willing to pay for one.

Interfaces are always designed by the programmers alone, and they are universally awful.

Heck, several years ago I remember having to learn Blender so I could create 3D models for some simulation software (no one else to do it, guess it's me again -> here have some rockets that look like something out of 1950s scifi). Apparently the folks writing the contract didn't think we'd need anyone with any 3D art skills to create 3D visualization software.

Often times a web page will have buttons that dance around the screen, if the page is still loading elements. That can cause misclicks too.

I hates that so much, especially on mobile sites which load so slowly that a miss click takes ages to recover from.

I don't think this is at all accidental.

Actually the Hacker News mobile app for iOS has done this for as long as I can remember and it's extremely annoying that it still hasn't been fixed. After opening the app, if I click a post right as it updates, I'll often click whatever just loaded in its place.

People are going to goof at a certain rate. We need to design systems to withstand at least some rate of goofing. We wouldn't get rid of seat belts and just tell people to not goof. Sometimes the goofing is criminally negligent, sometimes it isn't. In this case, I'd say it wasn't.

I've been "arguing" with people here as to what a better interface would look like, and it's interesting at how much disagreement there is. A lot (like too many) seem to think adding a yes/no dialog box would make things better, but it's well known users don't read dialog boxes.

My preference would be a mcDonald's menu style UI, showing the text that will be sent in a 6x5 grid of buttons. Easy to press; easy to see what you're sending; no funky "are you sure" messages that'll be auto-clicked.

I would argue for a menu like this: https://twitter.com/iamlucamilan/status/953201356545974272

Combined with a confirmation dialog like this: https://twitter.com/Ajedi32/status/953303114995597312

Very much agree with the redesign of the page. Simple, much better.

The confirmation box however might be dangerous:

If employee panics they might easily fail to get that right resulting in a failure to warn in time.

> If employee panics they might easily fail to get that right resulting in a failure to warn in time.

It's not like the box goes away. You have plenty of time to fix your typing. Not only that, but bad UI is a bad UI problem. Not being able to operate a system correctly under stress is a problem often solved with a combination of tactics, including UI, but also stress management, response, etc.

People who operate ballistic missile systems, defense systems, etc. on a daily basis are pretty well versed with how to handle the situation from a stress level. Anyone sitting behind an Iron Dome console is probably pretty cool under high stress in this exact situation.

> You have plenty of time to fix your typing.

By the time you are aware of an incoming icbm I guess every second matter to save as many lives as possible.

> Not being able to operate a system correctly under stress is a problem often solved with a combination of tactics, including UI...

I think we actually agree. I'm not saying training isn't really important. I'm just saying that reading more than one paragraph then typing (including case sensitive text) might be hard when you fear an actual icbm.

I don't agree, for critical actions such as this it needs some level of protection that can be handled by trained professionals. e.g. You do not want to make it easy to send a nuclear bomb, but you also need to make sure that if there's ever a need for it, it can be done quickly by trained professionals.

It doesn't even need that. It should start by grouping the options by severity - separate the real alerts from the test alerts via section headers and you solve 99% of the problem.

My concern with severity groups is you have users and managers deciding which messages go in which severity groups. That ignores the impact of politics and short termism on the decision making process. (e.g. How severe is a missing child?). Before you know it, everything will be in severe, and your users will be asking for a "really, really severe" category.

Makes sense, but I would hope even the most inept manager could recognize that "AMBER Alert" and "Nuclear Annihilation Imminent" are different degrees of severity.

I think kemitche was saying was they would have two groups. One would be "Test Alerts" and the other would be "Real Alerts" not that we needed to have a philosophical break down of alerts by severity. severity may have not been the best word but He did explain his definition in the next few words.

Indeed - something like this [1]. There's scope for further improvements, but this alone would be a vast improvement.

Given the cost of a mis-click, I'd also implement a Github-style confirmation box that can't just be subconciously clicked-through ("To confirm that you wish to send a PACOM Alert, type 'pacom alert'").

[1]: https://twitter.com/iamlucamilan/status/953201356545974272

The major problem with the UI is that various types of tests and actual alerts are displayed together on one list.

The system should start with two options: test vs. real alert, which open up separate menus. Those menus should be visually distinct (e.g., different color background, options for former all end in (TEST)".

ISTM there should be a phrase they have to type in that's specific to each option. Those "are you sure? [y] [n]", "are you _really_ sure? [y] [n]" dialog boxes are easy to blindly click through. Typing is a physical action. Or, even better—have it require _two_ employees.

Personally I'd go for a radiobutton list, with a submit button. That way there's time to double-check your selection. Furthermore the real alert should probably pop up a bright red page with flashing warning lights and siren sounds indicating that the user is entering a serious situation.

This all is assuming that falsely sending a test alert is no big deal.

I vote for a single big red button in a translucent plastic case hung on the wall.

The problem in this particular case is that almost anything would be better. Probably the only thing to make this worse would be to also mislabel things.

Which is why there are plenty ideas for a better design.

This doesn't add up for me and doesn't pass the smell test. Looking at that dashboard and the way it's set up and knowing PACOM stands for Pacific Command, I'm not buying this story at all. Look at the way that screen is designed. You don't just click one of those and it sends the alert off. The link sets the type of alert (i.e. Amber) and the destination/recipients (i.e county, statewide, etc.). It doesn't set the content. Logically, this must be true. An amber alert needs specifics like, most commonly, the license plate of a vehicle. That means someone clicked that link and then manually filled out the text "this is not a drill". That makes this peculiar sentence from the article make more sense - "I wish I could say there was a simple reason for why it took so long to get the correction to the false alert out". That line from the article struck me as odd the first time around, especially since no explanation at all was offered from what I saw. I believe they really thought there were incoming missiles and that's why they didn't rescind the alert immediately. Let's also remember that when this alert went out the person who sent it as well as anyone else working with them would have received it on their own phones and someone surely would have said "holy shit you just sent out a real nuclear war alert!" And then they would have gone back and filled out different text/content for an updated alert. There is precisely zero chance it took 38 whole minutes for everyone in that place to realize it was a real alert and figure out how to send a follow up.

In the news, I followed, it was said that one of the causes for the delay of the "False alarm, all clear" message had been the clearance of the particular wording with various authorities, because it hadn't been implemented before. This hints to a set of prefabricated message which are to be selected by this application. However, you may be right on that screen not being all of the selection process in its entirety.

Edit: Also, I guess, there's still some kind of message authenticator, which has to be entered in the process?

It's possible the test procedure does send an authentic-looking alert to the devices of staff at this facility? Even in that case I would think their phones would be ringing off the phone in seconds with incoming calls from loved ones wondering what the hell is going on...

Exactly. No matter what, they would have been contacted by the outside world, probably directly by Admiral Harris (the commander of the Pacific Fleet). 38 minutes makes no sense at all unless they were really trying to figure out if they were under attack or not.

They probably viewed this admission of error as being less embarrassing as not knowing that they weren't under attack when Japan released a statement within a few minutes saying it wasn't true. They look even more incompetent in that scenario.

Bad UX? There's no UX at all (and on that matter - please stop selling your UX position to companies).

Every software users interact with has a particular UX. It’s in the words it stands for!

Did anybody read about or see the NBC segment where they were exploring the exact D.O.D. bunker in Hawaii where the emergency phone, and I assume alert system computer, were held. Did this actually happen? Was NBC actually in the same room as the computer where the alert originated before the alert actually was sent out?

Let me know if I'm being misinformed by low-life YouTube conspirators.

Why are we talking about dropdown boxes and modal confirm messages? Shouldn't it be basically impossible for the same system that sends test messages to also send real messages?

If it takes two people turning two keys to launch a missile, shouldn't it take the same to send a missile warning?

> If it takes two people turning two keys to launch a missile, shouldn't it take the same to send a missile warning?

Hell no. A missile launch involves a large expenditure of resources, and (sometimes) lots of destruction. A missile warning should not.

In some ways I think the poor design decisions start with making a system of this nature, with this purpose, digital in the first place. With the current state of weapons systems, multi-domain tactics, and the technical capabilities of near-peer rivals, or the types of state actors capable of launching a ballistic missile, a massive cyber/electronic attack will almost certainly precede the kinetic weapons wave. Really, I would want a ballistic missile warning system to be as simple, physical, and reliable as, literally, a big button that sets off the warning broadcast over loudspeakers. It is impossible to prepare for every contingency that may arise from an unexpected all-out attack, but the obvious ones with clear solutions should be mitigated.

Their solution to the problem was to add an additional "BDM False Alarm" entry to the list of alerts which will send out the message that the previous alert was a false alarm and there is no threat.

Perhaps they should also add a "false alarm that this was a false alarm, there really is a threat after all" option in case the "false alarm" option is selected accidentally after warning about a real threat. /s

I don't know how anyone in Hawaii can be expected to trust or take these alerts seriously after this.

Could be both. The UI looks like a home-built web 1.0 page from 2001.

No, it's mobile first... ;-)

Adding some color and better labeling would be good. Also I would have a confirmation dialog box to confirm what will happen when the button is pressed.


Why is that?

Taking the opposite side side of the argument, good UX only matters for inexperienced employees. People that mindlessly click are going to mindlessly click "yes" on the confirmation dialog

Experienced employees will not mindlessly click on Yes, because they have experience with it going wrong.

Having yes/no labels on buttons, or this kind of random labeled links in haphazard order is always bad. Experienced users may not do errors, but their life would still be better if the UX was good. UX is the same as accessibility, if it is good it does not bother you but it can always help, even if you think you do not need it.

So use a confirmation dialog that can't be mindlessly clicked through: https://i.imgur.com/P18lgRb.png

Disagree. Experienced employees make mistakes, too.

Experienced users can adapt to almost any interface that they use regularly. Presumably missile alerts, even test alerts, are done rather infrequently (1 x month?). So in that case a foolproof interface is even more important.

Good UX also matters for: Tired employees. Stressed employees. And of course everyone impacted by the decisions of tired & stressed employees.

Do we know if the test button also includes a confirmation dialog? In that case, the two actions are pretty much indistinguishable.

Good UX would eliminate any mindless clicking, for example: * significantly different workflow than the test workflow * requiring multi-person confirmation * showing the resulting action with (time-limited) undo * and more...

>good UX only matters for inexperienced employees

No. People are people. They will make mistakes - even smart and experienced individuals.

At each level, people with grave responsibilities did not take their responsibility seriously enough. From the top to the bottom.

Button-pusher: obviously.

Interface designer: clearly.

Manager responsible for project: also

The manager's manager: yes

The whole department head: how is this person making decisions?

The people who set the budgets and procedures: How do they know that work is being done well enough?

Vern Miyagi: From decades in the army, your process designers should understand best practices in the design of emergency systems, and yet they clearly did not. Why?

Arthur "Joe" Logan: Same question.

Ironically http://dod.hawaii.gov/hiema/hawaii-emergency-management-agen... fails with a Javascript error about "superclick is not a function".

Anyway it goes all the way up, apparently through the military chain of command. So I say Thanks Obama.

What? I think you need to balance your list's narrative with the reality that delegation includes some abdication of understanding. It is necessarily an abstraction from the work itself. While responsibility may lie with a superior for the error itself and the process that gave rise to it, it is a responsibility of seniority - owning the outcomes of the organization you run - not responsibility for the act itself.

Moreover, there is another dimension in that inertia in the org structure itself can't be pinned on any one person. Organizations by their very nature are supposed to be tolerant of changes and gaps in the knowledge of their members. This tolerance leads to inertia. the Inertia of the military is extreme and difficult to change. The more abstraction between the leader and the actual work, the more difficult it is to evaluate and enact the right change in the right way in the right timeframe.

So, while your comment may in essence be right that there is a chain of command failure around this issue, it also strains credibility to claim that this failure belongs to Obama, one year into his successor's presidency, when the structure that this event took place in is much older than either of them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact