Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bug GUI Security Software IT

Bogus Security Alerts Hit National Weather Service 35

Posted by timothy from the donald-normal-field-day dept.
kobee writes "The National Weather Service is adding a confirmation dialog to their system for issuing regional EAS (Emergency Alert System) warnings, after it accidently alerted parts of Florida and Georgia to a bogus radiological emergency Wednesday. Wired News reports an NWS operator 'entered the code "RHW" instead of "RWT," keying a radiological hazard warning instead of a required weekly test.' Something similiar occured in Las Vegas the day before."
This discussion has been archived. No new comments can be posted.

Bogus Security Alerts Hit National Weather Service More

Bogus Security Alerts Hit National Weather Service

Comments Filter:
  • Seriously, this stuff gets past QA?
  • So that explains the extra glow after sunset...
  • So now they will just key, RHW[Enter][Enter], the extra enter to say yes the the annoying confirmation dialog that pops up everytime you want to do anything--including the weekly test.
    • The parent is correct. It's been shown many times that users don't read [joelonsoftware.com].

      This sort of change will only add non-value added time to releasing warnings while offering virtually no error proofing. Something like a drop down with the full text of the warning would be a slightly better solution.

    • Perhaps the confirmation only pops up for real emergency broadcasts, and not the weekly test? The article was unclear on this point. If it is indeed for all of them, a confirmation is useless. But if you can catch the less likely conditions only, I can see that working. And I think the overhead is worth it if it works, because false alarms really diminish the systems value.

      But you are probably right, and they are probably going make the classic 'confirm everything' mistake, making it esentially confir
    • When I worked in a shipping department, we had a situation like that. After entering an order, we had quite a few codes to enter and confirm, stuff like whether the order was finished, what printer to send it to, etc. The codes we entered never changed, so we had the whole key sequence memorized. Twenty keys, on five different screens, and we'd enter every one of them before the system had pulled up the second screen. Users never look at confirmation screens.

      You mention a possible alternative in your last p
  • This must be bad UI code. Three letter acronyms for entry without verification? You got to be kidding me. This is just an accident waiting to happen. At least some type of pull down or grouping by category would have been better. What is wrong with the designers of this software??
    • You're assuming it's a UI. Have you ever looked at raw weather forecasts? It's all fucking TTY shit. In this day and age it's all coded and packed for 150 Baud transmission. I doubt they are using a new-fangled GUI.
      • Two things from the article make it relatively safe to assume that the system does, in fact, have some sort of GUI:
        • a 1997 replacement
        • another window will pop up and say, 'Do you really want to issue this radiological hazard warning?'

        But, having dealt with government systems, I can understand your point.

      • Someone may have beat me to this but I'll bite...

        What do you think a UI is?? I know a GUI is graphical but I think you making an assumption here that all UIs are GUI..Am I right?

        I have used 300 baud modems, I bought mine in 1986. That was when you could watch (litterally ) watch your programs download character by character. Aww those were the days.... I don't miss that much.
    • I work for the NWS at a local field office and am familiar with the software involved in the warning process. The user interface really isn't the problem. The issue is that the systems are designed to get warnings out to the public as quickly as possible. As soon as a meteorologist hits the send button the product is rushed to all the places it needs to go without any additional delay. Adding a confirmation dialog may reduce false alarms, but if the forecaster is actually taking the time to read the confirm
      • I have to balk at that because even if you required a double entry text field that would more than likely catch those typos that the user entered. It is in fact the user interfaces fault for not assisting the user in performing his/her job effectively and efficiently. After all what is a user interface for if not that??

  • Clippy (Score:3, Funny)

    by Deathlizard ( 115856 ) on Monday August 01, 2005 @03:50PM (#13216750) Homepage Journal
    So they are basicially going to bring clippy back from the dead?

    I can see it now. you type the letter T and Clippy comes up and says "It looks like your issuing a Tornado warning! do you need any help?"
  • More than thirty five years of cryptic commands!
    Only on UNIX would you have commands like:

    unw - update national weather
    inw - initiate nuclear war
  • It is just your regularly scheduled weekly test...
  • I suspect that one of the causes of this incident is the use of arcane codes like RHW or what have you. Ask anyone who's had to read a METAR [wikipedia.org]---these brief weather reports are short enough to fit on the teletypes for which they were originally designed, but the more obscure codes will trip you up occasionally or send you scurrying off for a list of abbreviations.

    It's 2005. There's very little cost to writing out "thunderstorm" or "mist" or "radiological alert". I bet this mistake would never have happened if
    • I'm not going to assert very stringly that plain English WX might be useful, but the codes are not that obscure and are fairly easy to learn worldwide, even if you don't speak English or even use a Latin alphabet - and only the tip of what constitutes the offical definitions of weather observations codified in "FMH-1", the Bible of meteo observational arcana:

      http://www.nws.noaa.gov/oso/oso1/oso12/fmh1/fmh1to c.htm [noaa.gov]

      All helps ensure that weather descriptions are easy to read all round the world no matter what
      • But some of them ARE obscure. It's impossible for two-letter codes based on a mixture of languages not to be obscure in spots---and different spots for different people, of course. "FU" makes sense for "smoke" in French but not in English. I've never learned the etymology of "BR" for mist, but "Baby Rain" makes a good mnemonic, I suppose. And so on. PO? GR? BC? MI?

        Anytime it takes an extra application of brainpower to encode or decode a message, mistakes can happen. As an example---I was flying out of Latro
  • The user interface should pop up a window with a big orange standard Radiation Hazard Warning [orau.org] and ask for confirmation that is what the user wanted to do.

    Of course, this kind of interface may come with risks. In my last job the project was called 'RAD' for 'Risk Assessment Database' and we wanted our logo to be a big yellow and black radiation sign. this was at a big bank [bankone.com] in downtown Chicago. Unfortunately, it turned out one of the neighboring departments had an employee who either had cancer or whose wif
    • You know, just thinking about that for a second...that is actually a staggeringly good UI solution to this problem. Confirm, yes - and have half or more of the dialog be a huge iconic depiction of whatever code was entered. Require a 2 second delay to play it really safe. Even if the operator habitually ignored the dialog text, the huge picture that is almost instantly recognizable by the fantastic human brain as "WRONG" and should register with even the most seasoned keystroke-memorizers.

  • Radio stations, public ignored '71 nuke alert also (Score:5, Interesting)

    by mbstone ( 457308 ) on Monday August 01, 2005 @04:44PM (#13217289)

    'NUCLEAR ALERT' PROVES FALSE

    By Paul L. Montgomery,
    New York Times, Feb. 21, 1971

    A "human error" yesterday put Americans on an emergency alert of the type that would be used in a nuclear attack.

    It was 40 minutes before the error was cleared up at the National Emergency Warning Center at Cheyenne Mountain, Colo.

    An employee at the center, in a confusion over punched tapes that are prepared in advance, put on the wire to the country's radio and television stations at 9:33 A.M. a message saying that the President had declared a national emergency and that normal broadcasting was to cease "immediately."

    The message contained the code word "hatefulness," which was to be used only in the event of a real alert.

    In the subsequent turmoil, a number of stations around the country went off the air after telling listeners of the "emergency." Others quickly checked and found that the transmission was an error and continued normal broadcasting.

    "I saw the authenticated message and thought, 'My God! It's Dec. 7 all over again!'" said Chuck Kelly of WWCM in Brazil, Ind., who took his station off the air for 22 minutes.

    The National Emergency Warning Center frantically tried to cancel the message several times, but it was not until 10:13 A. M. that it found the proper code word-"impish"--to indicate that the cancellation was authentic.

    The false alert did not affect any of the country's military arms because the error originated with the office charged with informing civilians of impending disaster. However, Secretary of Defense Melvin R. Laird ordered an immediate investigation.

    Louis I. Smoyer, chief of the warning center, said that the error occurred when a civilian operator at the center put on the wire a tape for a real alert instead of a test tape.

    The operator, W. S. Eberhardt, who has worked 15 years at the center, said afterward: "I can't imagine how the hell I did it."

    Because the false alert looked exactly like the real one, and because many broadcasting stations did not follow the procedures called for in a real emergency, the incident raised questions about the effectiveness of the civilian warning system.

    A spokesman for the Office of Civil Defense in Washington, asked if the system would work in a real emergency as it did yesterday, replied, "That's one of the things I've always wondered about."

    The warning center is part of the nuclear alert complex in the base of Cheyenne Mountain, 10 miles south of Colorado Springs. The center,
    protected by thick concrete and mounted on springs to allay nuclear shock, is operated by the Office of Civil Defense. Communications in the center are staffed by civilian employees of the Army Strategic Communications Command.

    In an actual nuclear alert, the warning of impending attack would come from the North American Air Defense Command (NORAD) in the mountain, which operates the radar warning systems ringing the United States and Canada.

    The warning would then be transmitted to the American and Canadian Joint Chiefs of Staff to the Governments of the two countries, to the Polaris missile fleet, to the Strategic Air Command, and to the National Emergency Warning Center, which is the link with the civilian population.

    Under Civil Defense strategy, the radio and television stations are the primary means of warning civilians that an attack is impending.

    The warning center is directly connected into the Associated Press and United Press International radio news wires, which go to the country's stations. The circuit is tested at least twice a week, and there is an elaborate system of codes so that what happened yesterday supposedly could not happen.

    Every three months, each radio station is sent a list of the code words for each day that must be included in a message from the warning cent

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close