Univ. of Illinois Goes War-of-the-Worlds On Students 168
theodp writes "'Strange beings who landed in New Jersey tonight are the vanguard of an invading army from Mars.' (Orson Welles, 1938). 'Active shooter at BUILDING NAME/INTERSECTION. Escape area if safe to do so or shield/secure your location.' (Univ. of Illinois, 2011). An alert message sent out Thursday to 87,000 emails and cell phones warning recipients to escape from an 'active shooter' at the University of Illinois was an error, the Office of the Chief of Police confirmed. 'The alert sent today was caused by a person making a mistake,' explained an email. 'Rather than pushing the SAVE button to update the pre-scripted message, the person pushed the SUBMIT button. We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.'"
It Takes TWO controllers (Score:2)
To turn keys that initiate the Minute Man launch sequence...
Re: (Score:3)
To turn keys that initiate the Minute Man launch sequence...
But this system can be triggered by someone with poor hand-eye coordination. This is why developing your FPS skills are more important than ever!
Re:It Takes TWO controllers (Score:4, Funny)
Just a typo (Score:3)
It's part of a new network detection system for big, non-artificial breasts detected by a camera system. The roll out is initially for Los Angeles and Beverly Hills, the AI is being perfected by the NCSA guys.
Umm, 'scuse me? (Score:5, Interesting)
But Schroyer said some students were shaken by the initial alert and criticized the university for taking about 12 minutes to send an email confirming it was false.
"That was unacceptable in my opinion," he said.
Really? 12 minutes is too slow? The thing sent out 87,000 e-mails (which takes a while no matter how big and distributed your mail system is), and the person who made the error probably didn't notice until either they got the e-mail or somebody who did told them.
I think 12 minute response time for something like this is pretty impressive.
Re: (Score:2)
apparently those same students thought that the sender had their email open as well and recieved it right away. Of course you need to the proper people that this happened and compose the confirmation. At this point said person is really wanting to make sure they get it correct which takes a few minutes.
But I guess that is not good enough for the TGIF (twitter, google, ipad, facebook) generation and their I want it now mentality
Re:Umm, 'scuse me? (Score:4, Informative)
At the school I work for, there was a major outcry when we implemented a universal SSO for the ever-increasing amount of online tools put out by our school.
There were numerous articles in the school paper decrying the change.
5 years later, and we could only imagine the outcry if we got rid of it: "WHAT DO YOU MEAN I'D HAVE TO MAINTAIN A SEPARATE PASSWORD FOR EVERY SYSTEM!!!???"
Students complain for the sake of complaining.
Re:Umm, 'scuse me? (Score:5, Insightful)
Two things I've learned working at a University:
1) Students will complain about anything.
2) Faculty will complain more than students.
Don't you mean "Ten things I've learned..."? (Score:2)
Re: (Score:2)
it ties your all of your records to a single point of failure. We have that for faculty where I am. I happen to be on the department faculty e-mailing list, though I'm not faculty, and I see what they say about it, and some faculty absolutely refuse to participate in certain online activites specifically because of SSO. If you have a vote for say members for a committee, or room bookings, or your e-mail, it's the same as the marks database, and your HR record etc.
I'm torn. On one hand, a single point
Re: (Score:2)
There's no reason why SSO needs to be a SPOF. At work, our SSO is done via LDAP/LDAPS (the former by idjuts too stupid to realise, the latter by those who actually read corporate guidelines). That LDAP server can be distributed. The database back end can use High Availability tools (whether it's IBM TSA with DB2 or it's an Oracle shared-everything cluster or whatever) to ensure that it remains on-line through a failure.
OpenID solutions do likewise - first off you have highly-available OpenID providers, l
Re: (Score:2)
You've addressed the technical SPOF issue, but you've not addressed the human SPOF issue: The whole idea of SSO is one set of credentials. When those credentials are compromised, everything protected by them is compromised at the same time.
That is, the IDEA of SSO is what creates a single point of failure.
The counter to this point of failure might be to institute/allow gradated/granulated credentials to the same account. They COULD all be the same (IE mimic SSO), but that would be a degenerate case.
But p
Re: (Score:2)
Why wouldn't something like requiring an extra form of ID for more secure applications not solve this problem?
For instance, I went to Penn State, and one can log on to the faculty system portal with the same simple logon/password that students have, or email, HR, or just about anything else. However, the value from an RSA token is required to, for instance, change grades. Wouldn't that solve the problem?
Re: (Score:2)
I would love to see the flak from trying to get faculty members to use an RSA token. 'What if I lose it', 'isn't this dumping responsibility on me because IT can't build a secure system.' I argue this regularly with both my bank and department chair. My world of warcraft account (with authenticator) is at least in principle more secure than they are. And honestly, there's nothing on my WoW account that cannot be replaced by a rollback.
I'd probably just require an RSA token (or equivalent) for everything
Re: (Score:2)
Probably embarrassed that one of their own had done such a poor job of designing the alert system interface.
Implemented! (Score:5, Funny)
Do you want to cancel the alarm?
[Cancel] [Cancel]
Bert
Easy solution (Score:3)
Re: (Score:3, Insightful)
Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.
Re: (Score:3)
Re: (Score:3)
Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK.
This is true if you're discussing confirmations that come up for frequent actions. However, if your normal action (save) just happens without any confirmation, and your non-normal action (submit— how often do they actually need to use this system?) pops up a confirmation, it tends to catch you off guard and make you take notice that something unexpected is happening. This would be precisely the correct use of a confirmation dialog.
Re: (Score:2)
Re:Easy solution (Score:4, Funny)
Better idea: A modal dialog pops up, with a big red countdown from thirty seconds before the 'ok' and 'cancel' buttons become enabled, to make sure the user reads it. It also plays an audio clip at full volume to tell everyone else in the office to check it.
Michael Bolton: That is the worst idea I've ever heard in my life.
Samir: Yes, this is horrible, this idea.
Re: (Score:2)
In my line of work (government public safety communications), it takes two proactive steps to send out an alert:
First, press/click the "unlock" button.
Second, press the "send alert" button.
Pressing "send alert" without "unlock" first does nothing -- it's just a dead button.
This works fine. It's not unlike a safety cover [google.com] on a toggle switch: The act of opening the cover indicates that you're serious about your next action, and the system does not question you when you throw the switch since you've already c
Re: (Score:2)
"Are you sure" dialogs are generally just an annoyance caused by lazy developers. They'd rather ask for verification (one line of code) than write functionality to allow the user to "undo" what they did if it turns out that they did it incorrectly. Of course, sometimes you're dealing with something that simply can't reasonably be "undone", and that's where there should always be an extra step, whether it's an extra step after the fact, such as a confirmation dialog, or an extra step before the fact, such as
Re: (Score:3, Insightful)
Anyone who does usability studies can assure you that it's a bad idea to have a button labeled "submit" close to one labeled "save".
I am pretty sure this was some kind of web app. A lot of web apps use the standard "submit" button for saving form entries.
This was neither an ID-ten-T, nor a system glitch, but a badly thought through design.
Re: (Score:3, Insightful)
Well, yes. Most of the time people think "Of course I want to do !" when they see a dialog, because they actually did intend to press that button at the time. But they do solve the problem of "Oh no, I didn't mean to click that!" (I've accidentally sent uncompleted emails an embarrassing number of times), and really are useful for things that cannot be undone. Such as, oh, I don't know, sending mass text messages.
This most certainly was an interface problem. If someone is intending to update a template, if
Re:Easy solution (Score:5, Insightful)
This was not an ID10T error. This was bad human interface design.
The user had two choices: "Save" and "Submit". My first reaction to seeing that was "what's the hell is the difference between Save and Submit?"
Apparently:
"Save" = update the template
"Submit" = send out the alert
IMHO, that's a terrible choice of verbs. You could almost reverse the two and still have them make just as much sense. How about "Update" and "Send"? Or this might even be one of those rare times when you want to use longer button names -- "Update Template" and "Send Out Alert". Much less likely for a mix-up like this if those were the button titles.
Re: (Score:2)
Yep. I would probably have labelled the buttons "Save Text" ( normal grey ) and "SEND ALERT" ( Red, and in a completely different location, with a big ALERT Icon on it. )
( And, of course, the "SEND ALERT" shouldn't be the default action of the form that gets triggered when you hit enter. Just saying. ;-P )
Re: (Score:2)
This was not an ID10T error.
Sure it was!
It's just that the ID10T in this case was the interface designer and not the user (for once..).
Re: (Score:2)
err, no. It depends on the user and user training. A person trained in a specific piece of software can be trained to read messages under specific instance. Many people using SCADA tools do so everyday.
Re: (Score:2)
That's why you don't make the confirmations a yes/no box on big things like that.
You make them a text box where it says you have to type a specific message that basically requires you *think* before you send it. For example, requiring someone to type "SEND THIS MESSAGE" to actually send out a message over the warning network would probably have gotten them to think twice.
I mean, even World of Warcraft requires that you type "DELETE" in a text field in order to delete a character or rare item - you'd think a
Re: (Score:2)
On our systems the users have to type YES just to reboot.
Re: (Score:2)
In City of Heroes, it was the same thing - you had to type the character name. I guess my point was just that there are pretty obvious ways to make it so you don't accidentally scare the shit out of 87,000 people by telling them someone is rampaging through their campus.
Re: (Score:2)
Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.
To be fair though, it does say this was a mistake of choosing between 'save' and 'submit'. Those choices could have been worded a lot more clearly. Something like 'save template' and 'activate alarm' would be much clearer to an end user.
Re: (Score:3)
Easier yet would be separating the "I want to set an alarm" path from the "I want to change the scripts" path. Having both functions in the same dialog is simply asking for trouble.
And hey, they were using custom software. It doesn't have to precisely follow the methods for creating an email template, does it?
And... why are people fixated on just the words? Why not make the "send alarm" button have Big Red Friendly Letters, a different button shape, or perhaps have the button slide away from the mouse, r
Re: (Score:2)
Re: (Score:2)
Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.
People don't read confirmations for everyday tasks that always pop up numerous times a day. If it is a task that is presumably rare, like mass-mailing tens of thousands of people over an emergency alert system, they are probably going to pay attention to what the confirmation dialog says.
Just because I click through idiotic confirmation dialogs without reading them every time I open a document I downloaded from the internet doesn't mean that I click haphazardly through confirmations while reinstalling my OS
An ID10T error? OR was it? (Score:2)
Re:Easy solution (Score:4, Interesting)
Re: (Score:2)
Or label your buttons better than "Submit" and "Save". I honestly couldn't tell you which I would expect to activate the system.
Re: (Score:2)
Better solution: Ditch the whole system
Little good comes from causing mass panics. Student populations have been entirely disarmed by schools generally adopting the same "Oh my god we have to do something about any danger we can IMAGINE" attitude that government suffers from. There is nothing any of them can do.
What they really need to do is realize how many students and schools there are, and compare that to the number of "active shooter" incidents and realize that... this is an utter waste of time and mon
Irony (Score:5, Funny)
The perfect Interface (Score:2)
This is how to design the perfect interface:
Offices should have sensors that detect gun shots and trigger an email alert.
This would be double plus good:
What makes people angry are false reports. Not with this system.
Re: (Score:2)
I understand your point, but those alert systems are for a wide variety of issues. Say there's a really bad chemical spill in an area where students typically walk through... are you implying that the administrators should shoot the spill to trigger the alarm?
Although, some of the ice at Penn State (which sent out notices using their system when the weather closed down the school) might best be dealt with using a steady application of gunfire.
Don't they have a test system? (Score:3)
It sounds like they have no way to test the message other than it sending it out to every address in the alert list.
Let's say in this case after updating the message templates, the person hit 'save' rather than 'submit'. On the bright side, then no message would have been sent. On the not-so-bright side, no message would have been sent!
Don't you want to know before there's an actual emergency that your emergency message is working? Not that this incident was an intentional test, but shouldn't they have a test after updating the message template?
Re: (Score:3)
It sounds like they were adding some campus specific default messages into the system to use in a hurry.
Scary (Score:2, Interesting)
The really scary part is that we live in a society where the police have to pre-prepare texts and emails to warn students that someone is shooting up their school.
Re: (Score:3)
No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this. To be honest considering the time it takes to fire off an email saying "get the hell away from here" having prepared messages for this is kinda dumb in my not so humble opinion.
I wonder what the odds are in fact of getting shot at school...
Re:Scary (Score:5, Insightful)
No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this. To be honest considering the time it takes to fire off an email saying "get the hell away from here" having prepared messages for this is kinda dumb in my not so humble opinion.
I wonder what the odds are in fact of getting shot at school...
But schools are gun-free zones. No murderer would ever carry a gun into a gun-free zone and start shooting! It's not allowed.
Re: (Score:2)
No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this.
Ten to one the set of various emergency messages has been vetted by the school lawyers in an attempt to reduce liability.
I wonder what the odds are in fact of getting shot at school...
For all practical purposes, zero.
Re: (Score:3)
Re:Scary (Score:4, Insightful)
The really scary part is that we live in a society where the police have to pre-prepare texts and emails to warn students that someone is shooting up their school.
"pre-prepare"?!?
Re: (Score:3)
Now I have to watch some George Carlin when I get home :(
Re: (Score:2)
Yes, being prepared to be prepared. Makes sense to me! :)
Re: (Score:2)
Yeah. It really goes to show that correspondence writing skills are being sorely neglected throughout the education system.
Re: (Score:2)
No, we don't have to do this at all. Our society today is no more dangerous than society 10, 20, 50, or 100 years ago. The only difference is that we hear about every violent act that takes place across the country and across the world. There is less violent crime today than there was during the '40s and '50s, but in the '40s and '50s you didn't have the 24 hour news channels or constant internet access telling you about it, and telling you that you should be worried, and telling you that there were 2 mo
Re: (Score:2)
Why is it scary to be prepared? we live in a world where many ecenrios are prepared for, even if their use is unlikely. It's about risk mitigation. WHat is the effort and risk of adding a text message like that? low risk, low effort. You would be foolish not to put it in their.
I am sure there are many other alerts this is used for. school closures, and what not.
Re: (Score:2, Troll)
It's a University, people in the administration of those institutions waste massive amounts of taxpayer money doing other random stuff that nobody asks for and nobody wants. At least they did something somewhat productive with their time. When you can explain to me why a 15,000 University where individual departments take charge of their own IT need ~1,500 heads in the Central IT department to keep a network, a datacenter and some phones running, let me know.
Re: (Score:2)
Re: (Score:3)
You don't think it makes sense to sit down ahead of time and think of appropriate wording for an emergency email before an actual emergency occurs? Quick... where should we tell them to go? or should we tell them to stay put? What's the best way to word this to get their attention, but without creating too much panic?
In an actual emergency, you wouldn't want to take even 5 seconds to think of those answers.
Re: (Score:2)
The really scary part is that both the authorities think they are properly protecting citizens by sending electronic messages and the the citizens think they are properly protected by receiving said warnings. To the point that if authorities don't send any they are considered accountable or accomplices and if citizens don't receive any they are feeling safe.
Whew (Score:2)
I was passing BUILDING NAME/INTERSECTION just when I got the text and really panicked.
Poor design (Score:2)
Poor GUI bite another person in the ass.
INterface guidlines (Score:5, Insightful)
And this is why "[SAVE MESSAGE TEMPLATE FOR LATER USE] [SEND MESSAGE IMMEDIATELY]"
is better than "[OK] [CANCEL] [ABORT] [ERROR] [RETRY]"
Re: (Score:3)
This is actually one of the improvements in Windows Vista:
The TaskDialog [microsoft.com] is the OS functionality for easily showing a dialog with descriptive button labels instead of just old school MessageBox with OK/Cancel/etc.
Re: (Score:2)
Look at the first "Look and feel" dialog. What the hell is that "cancel" button doing in there? There are two choices. One of them is already selected, but the OK button is greyed out. I think, since I've never used Vista.. Even if that greying out means it's simply not focused, what is the purpose of the OK/Cancel there? Does the cancel mean the same as the second option? Does it mean it's going to ask you again the next time? It should be clearly said there, not left to user's guesstimation. I guess it's
The solution... (Score:2)
Re: (Score:2)
Re: (Score:2)
That was the most convoluted fix I saw presented.
My opinion was that the screen for editing the templates shouldn't have a "SEND" button on it at all.
Re: (Score:2)
Re: (Score:2)
To the rescue... (Score:4, Informative)
Clippy: [wikipedia.org]
Notification System (Score:5, Insightful)
I'm an alumni of the U of I, and I work here as well. I get these notifications. I thought I'd bring up 2 points:
Overall, I'm satisfied with the system and I was impressed by the very explicit letter from the chief both explaining the error and accepting the blame for the mistake. She also detailed the upcoming efforts to address the error. I'd like to see the same level of accountability from my ISP or phone company.
Re: (Score:2)
When I saw the "active shooter at BUILDING NAME/INTERSECTION", my first thought was that I'd prefer comatose, asleep or just plain lethargic shooters.
It really was pretty quick between the mistake and the correction especially with that many emails going out for each. I check email fairly often, but the correction was already there when I saw the message. They mentioned that the updating was being done in response to comments from those getting alerts previously. I assumed that was from the Green St. fire n
Awful summary (Score:3)
This has nothing to do with War-of-the-Worlds, except that there was false panic. The Orson Welles broadcast was done as a fictional story, this incident was an accidental broadcast of an alert.
Next up, a headline saying "Oncologist Pretends to be Orson Welles with Wrong Diagnosis!"
So they are admitting... (Score:2)
...it was an INSIDE job?
Translation (Score:2)
We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.
most likely means: The same contractors who messed up basic usability in the original implementation will now get paid again to "fix" it. BTW what is with people using wrong words? Additional "security" features, my ass, this is HMI 101, nothing to do with security.
Re: (Score:2)
... if there was a real shooter, and it still said BUILDING NAME/INTERSECTION. Thanks for the heads up, morons!
Maybe that's what they can send when there's a shooter at every building and intersection.
personalization (Score:2)
No, the real version will say "shooter at BUILDING NAME/INTERSECTION, looking for INSERT NAME HERE".
Re: (Score:2)
Better yet:
No, the real version will say "shooter at BUILDING NAME/INTERSECTION, looking for owner of %SEND_TO_PHONENUM%".
Re: (Score:2)
And worse, suppose it wasn't an active shooter, but a passive one?
WTF is an "active shooter"? Anyone? Please???
"active shooter" (Score:3)
"Active shooter" is police jargon for a Columbine-type situation.
The opposite isn't "passive shooter", but the term signifies (at least in some jurisdictions) a situation in which immediate action needs to be taken, rather than, say, waiting to call out the SWAT team.
Re: (Score:2)
Active Shooter means the person is actively seeking out people to kill and going for body count so the only real hope of resolving the situation is taking them down as soon as possible.
I think they went with "active shooter" because "homocidal maniac" as too long and "massacre" was just awkward.
Re: (Score:2)
This message is to inform OSU students, faculty and staff that shots were fired this morning at an off-campus residence where multiple students reside. There were no injuries in the incident. However, we are notifying campus community members, as there have been no suspects arrested in the matter.
No mention of where this happened or what time. This was sent four hours after the event.
A previous, more timely notification of a different incident near campus (at a frat house) resulted in a flock of students descending on the area to rubberneck. I can understand why they don't publish specific location data, but "a shooter somewhere in town shooting at someone and we haven
Re: (Score:2)
The reaction you describe (students arriving at the location they were warned off of) would seem to indicate that the system was not only not helpful, it was counter productive. And sadly, you can't simply use misdirection ("no, the shooter is over THERE, not here") to redirect the herd, that'd simply open you up to all kinds of liability.
The only use to the message you report is "tell us if you see anything suspicious". Providing details might give people expectations, cause people NOT to see something.
Re: (Score:3)
Clicking one wrong button lead to 87,000 emails being sent out saying there was a gunman on the campus and you're asking if the system is broken? What would it take for you to be sure the system was broken, if pressing the wrong button actually unleashed a gunman onto the campus?
Re: (Score:2)
Re: (Score:2)
Your car must be controlled in real-time. It doesn't have the luxury of checking each time you make a potentially hazardous action. It may surprise you to learn that this is not the case for computers.
Even then, you'd have to push the wrong pedal hard and maintain pressure to accidentally drive into something. That's not even close to the same thing as clicking a button.
Hopefully this was all obvious to you and you were simply being facetious. I'd rather the world was populated with assholes than idiots.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Ultimately this seems like a very over-elaborate system anyway. Why do they need to have a bunch of prepared single line warnings anyway. In the time it takes to select one of probably several warnings from the system, a user could have typed the message in themselves.
The whole thing could probably be handled with an updated email distribution list and _maybe_ a shortcut on the desktop to quickly start a new message to said list.
Re: (Score:3)
They set up a template so that, in the stress of the moment, the person sending the message wouldn't forget to include some important detail (e.g., location of the emergency, what to do, etc.)
Re: (Score:2)
Re: (Score:2)
I am picturing a glowing screen with a a blinking popup dialog box reading "Are you SURE you want to send this message? [OK] [CANCEL]" with blood dripping down the screen.
Re: (Score:2)
If Submit is an unacceptable label, then so is Save, File, Edit, Help, Save As, etc...
Re: (Score:2)
In regards to the question of whether we're in more danger than we were in years past, I would agree that we are not, but point out that if UT had had such a system in 1966, it might have saved some people then, too.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Or if the school is really worried about it, a mandatory three day course at the beginning of each semester. Along with properly responding to a fire alarm or where to find, when and how to use an AED, one of the classes would of course be navigating an obstacle course while being shot at, how to take cover and how to best evade and escape the shooter. Concealed carry permit holders get a paintball gun to shoot back with if they choose.
A chance to shoot paintball guns at freshmen? I'd sign up to teach that
Re: (Score:3)