Univ. of Illinois Goes War-of-the-Worlds On Students

theodp writes "'Strange beings who landed in New Jersey tonight are the vanguard of an invading army from Mars.' (Orson Welles, 1938). 'Active shooter at BUILDING NAME/INTERSECTION. Escape area if safe to do so or shield/secure your location.' (Univ. of Illinois, 2011). An alert message sent out Thursday to 87,000 emails and cell phones warning recipients to escape from an 'active shooter' at the University of Illinois was an error, the Office of the Chief of Police confirmed. 'The alert sent today was caused by a person making a mistake,' explained an email. 'Rather than pushing the SAVE button to update the pre-scripted message, the person pushed the SUBMIT button. We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.'"

It Takes TWO controllers

[Jeremiah+Cornelius]

To turn keys that initiate the Minute Man launch sequence...

Re:It Takes TWO controllers

[ackthpt]

To turn keys that initiate the Minute Man launch sequence...

But this system can be triggered by someone with poor hand-eye coordination. This is why developing your FPS skills are more important than ever!

Re:It Takes TWO controllers

[517714]

In this case FPS skills apply whether the warning is mistaken or not.

Just a typo

[GPLDAN]

It meant to say "Reactive HOOTERS at State & Main."


It's part of a new network detection system for big, non-artificial breasts detected by a camera system. The roll out is initially for Los Angeles and Beverly Hills, the AI is being perfected by the NCSA guys.

Re:Just a typo

[gv250]

It meant to say "Reactive HOOTERS at State & Main."

Except the Hooters restaurant in Champaign is at the corner of State & Fox.

Umm, 'scuse me?

[Guspaz]

But Schroyer said some students were shaken by the initial alert and criticized the university for taking about 12 minutes to send an email confirming it was false.

"That was unacceptable in my opinion," he said.

Really? 12 minutes is too slow? The thing sent out 87,000 e-mails (which takes a while no matter how big and distributed your mail system is), and the person who made the error probably didn't notice until either they got the e-mail or somebody who did told them.

I think 12 minute response time for something like this is pretty impressive.

Re:Umm, 'scuse me?

[halfEvilTech]

apparently those same students thought that the sender had their email open as well and recieved it right away. Of course you need to the proper people that this happened and compose the confirmation. At this point said person is really wanting to make sure they get it correct which takes a few minutes.

But I guess that is not good enough for the TGIF (twitter, google, ipad, facebook) generation and their I want it now mentality

Re:Umm, 'scuse me?

[DisKurzion]

At the school I work for, there was a major outcry when we implemented a universal SSO for the ever-increasing amount of online tools put out by our school.

There were numerous articles in the school paper decrying the change.

5 years later, and we could only imagine the outcry if we got rid of it: "WHAT DO YOU MEAN I'D HAVE TO MAINTAIN A SEPARATE PASSWORD FOR EVERY SYSTEM!!!???"

Students complain for the sake of complaining.

Re:Umm, 'scuse me?

[jdoverholt]

I'm curious, as the school I work for is currently rolling out SSO for the various staff and student systems, what sort of things were they complaining about? Try as I might, I just can't comprehend anybody thinking it's a bad idea.

Re:Umm, 'scuse me?

[McKing]

Two things I've learned working at a University:

1) Students will complain about anything.
2) Faculty will complain more than students.

Re:Umm, 'scuse me?

[Sir_Sri]

it ties your all of your records to a single point of failure. We have that for faculty where I am. I happen to be on the department faculty e-mailing list, though I'm not faculty, and I see what they say about it, and some faculty absolutely refuse to participate in certain online activites specifically because of SSO. If you have a vote for say members for a committee, or room bookings, or your e-mail, it's the same as the marks database, and your HR record etc.

I'm torn. On one hand, a single point of failure, since you have to know people will use the same PWD for work/school as they do else where is a serious risk. But having too many systems where they need to keep separate passwords, and therefore write them all down, is probably equally bad. Building 'throw away' passwords for every little thing seems like a difficult system to build and manage effectively.

Re:Umm, 'scuse me?

[nomadic]

Unsurprisingly, all complaining students are enrolled in the Business Administration program. The four remaining CS students could not be reached for comment.

Probably embarrassed that one of their own had done such a poor job of designing the alert system interface.

Re:Umm, 'scuse me?

[Tanktalus]

There's no reason why SSO needs to be a SPOF. At work, our SSO is done via LDAP/LDAPS (the former by idjuts too stupid to realise, the latter by those who actually read corporate guidelines). That LDAP server can be distributed. The database back end can use High Availability tools (whether it's IBM TSA with DB2 or it's an Oracle shared-everything cluster or whatever) to ensure that it remains on-line through a failure.

OpenID solutions do likewise - first off you have highly-available OpenID providers, like Google, which would use both highly-available web servers and highly-available databases. Second, you can (usually) link more than one OpenID to your account, giving you the flexibility to use one of a number of providers depending on how paranoid you are about SPOFs.

SSO probably can be implemented poorly. But it's not a requirement. SPOF should not be an issue if the business deems it "critical infrastructure". And it doesn't need to be expensive, either - a second $800 box will likely suffice for production use.

Re:Umm, 'scuse me?

[sabt-pestnu]

You've addressed the technical SPOF issue, but you've not addressed the human SPOF issue: The whole idea of SSO is one set of credentials. When those credentials are compromised, everything protected by them is compromised at the same time.

That is, the IDEA of SSO is what creates a single point of failure.

The counter to this point of failure might be to institute/allow gradated/granulated credentials to the same account. They COULD all be the same (IE mimic SSO), but that would be a degenerate case.

But perhaps you were suggesting that with "more than one OpenID"?

Re:Umm, 'scuse me?

[Vegeta99]

Why wouldn't something like requiring an extra form of ID for more secure applications not solve this problem?

For instance, I went to Penn State, and one can log on to the faculty system portal with the same simple logon/password that students have, or email, HR, or just about anything else. However, the value from an RSA token is required to, for instance, change grades. Wouldn't that solve the problem?

Re:Umm, 'scuse me?

[Sir_Sri]

I would love to see the flak from trying to get faculty members to use an RSA token. 'What if I lose it', 'isn't this dumping responsibility on me because IT can't build a secure system.' I argue this regularly with both my bank and department chair. My world of warcraft account (with authenticator) is at least in principle more secure than they are. And honestly, there's nothing on my WoW account that cannot be replaced by a rollback.

I'd probably just require an RSA token (or equivalent) for everything, and integrate it into the employee ID card. I'd have a hard time arguing any systems should be less secure than any other. HR: tax information, and where your pay goes, while, around here at least, your salary is public people probably don't want everything in HR public. E-mail: medical information on students with disabilities asking for accommodations etc. Room bookings, a student could reschedule an exam/class on top of something else to try and get out of things. But I dunno, it sounds like the system at penn state is a better compromise than what we have.

 

Re:Umm, 'scuse me?

[Vegeta99]

Works pretty good. In fact, when some jerk tries to make something work outside the SSO system (It's kerberos for normal logons, not sure what the extensions are for the RSA SecureIDs - I'm a humanities major for fuck's sake), it usually leads to a CS student hacking them.

We had to change our passwords yearly. Not sure how often the RSA IDs got changed out. But I never heard of a single student getting away with a grade change, and PSU had upwards of 60k students including all branches, 13+ branches, and god knows how many profs and admin staff with RSA keys. The most "hacking" I saw in all of 5 years there was one kid getting access to send mail on the all-students list.

God, I can imagine the flak from faculty. I had 4 numeric digits after my ID, ID's were issued by initials followed by a sequential number (I believe). I was rjl5020. I had profs with not a single number after their ID. How hard do you think it was back in the 90's to get them to agree to a username in the first place?

Implemented!

[kanweg]

Do you want to cancel the alarm?
[Cancel] [Cancel]

Bert

It would suck...

[sltd]

... if there was a real shooter, and it still said BUILDING NAME/INTERSECTION. Thanks for the heads up, morons!

Re:It would suck...

[magarity]

... if there was a real shooter, and it still said BUILDING NAME/INTERSECTION. Thanks for the heads up, morons!

Maybe that's what they can send when there's a shooter at every building and intersection.

Re:It would suck...

[Kilrah_il]

And worse, suppose it wasn't an active shooter, but a passive one?

WTF is an "active shooter"? Anyone? Please???

Re:It would suck...

[Obfuscant]

Oregon State University just had a shooting "incident" and activated their alert system. Here's the first paragraph from the alert:

This message is to inform OSU students, faculty and staff that shots were fired this morning at an off-campus residence where multiple students reside. There were no injuries in the incident. However, we are notifying campus community members, as there have been no suspects arrested in the matter.

No mention of where this happened or what time. This was sent four hours after the event.

A previous, more timely notification of a different incident near campus (at a frat house) resulted in a flock of students descending on the area to rubberneck. I can understand why they don't publish specific location data, but "a shooter somewhere in town shooting at someone and we haven't caught him yet" isn't very helpful.

Re:It would suck...

[sabt-pestnu]

The reaction you describe (students arriving at the location they were warned off of) would seem to indicate that the system was not only not helpful, it was counter productive. And sadly, you can't simply use misdirection ("no, the shooter is over THERE, not here") to redirect the herd, that'd simply open you up to all kinds of liability.

The only use to the message you report is "tell us if you see anything suspicious". Providing details might give people expectations, cause people NOT to see something. "Aw, it happened across the way. Surely OUR Joe wasn't acting suspicious. We aren't anywhere near there."

Re:It would suck...

[Shadow+of+Eternity]

Active Shooter means the person is actively seeking out people to kill and going for body count so the only real hope of resolving the situation is taking them down as soon as possible.

I think they went with "active shooter" because "homocidal maniac" as too long and "massacre" was just awkward.

Easy solution

[pak9rabid]

How about prompting for a CONFIRMATION before spamming thousands of text messages/emails out?

Re:Easy solution

[dkleinsc]

Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.

Re:Easy solution

[pak9rabid]

Yes, but seeing *something* pop-up when the action you're taking doesn't usually produce a pop-up should be indication enough that something isn't right, even if the user doesn't take the time to read it.

Re:Easy solution

[Rary]

Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK.

This is true if you're discussing confirmations that come up for frequent actions. However, if your normal action (save) just happens without any confirmation, and your non-normal action (submit— how often do they actually need to use this system?) pops up a confirmation, it tends to catch you off guard and make you take notice that something unexpected is happening. This would be precisely the correct use of a confirmation dialog.

Re:Easy solution

Anyone who does usability studies can assure you that it's a bad idea to have a button labeled "submit" close to one labeled "save".

I am pretty sure this was some kind of web app. A lot of web apps use the standard "submit" button for saving form entries.

This was neither an ID-ten-T, nor a system glitch, but a badly thought through design.

Re:Easy solution

[blacklint]

Well, yes. Most of the time people think "Of course I want to do !" when they see a dialog, because they actually did intend to press that button at the time. But they do solve the problem of "Oh no, I didn't mean to click that!" (I've accidentally sent uncompleted emails an embarrassing number of times), and really are useful for things that cannot be undone. Such as, oh, I don't know, sending mass text messages.

This most certainly was an interface problem. If someone is intending to update a template, if they can accidentally send an uncompleted message to thousands of people, the interface designer horribly screwed up. Those options should be no where near each other. Humans routinely make small mistakes, and blaming the user for interface problems only makes things worse.

Re:Easy solution

No, no it won't.

-- UX Designer

Re:Easy solution

[Chuckstar]

This was not an ID10T error. This was bad human interface design.

The user had two choices: "Save" and "Submit". My first reaction to seeing that was "what's the hell is the difference between Save and Submit?"

Apparently:
"Save" = update the template
"Submit" = send out the alert

IMHO, that's a terrible choice of verbs. You could almost reverse the two and still have them make just as much sense. How about "Update" and "Send"? Or this might even be one of those rare times when you want to use longer button names -- "Update Template" and "Send Out Alert". Much less likely for a mix-up like this if those were the button titles.

Re:Easy solution

[geekoid]

err, no. It depends on the user and user training. A person trained in a specific piece of software can be trained to read messages under specific instance. Many people using SCADA tools do so everyday.

Re:Easy solution

[thesandtiger]

That's why you don't make the confirmations a yes/no box on big things like that.

You make them a text box where it says you have to type a specific message that basically requires you *think* before you send it. For example, requiring someone to type "SEND THIS MESSAGE" to actually send out a message over the warning network would probably have gotten them to think twice.

I mean, even World of Warcraft requires that you type "DELETE" in a text field in order to delete a character or rare item - you'd think an emergency warning system would be better designed.

The ID10T error was 99% on the end of the people who designed the system such that a mistake like this is possible, and 1% on the end of the person who clicked "ok."

Re:Easy solution

[aix+tom]

The design we have in place to reset a specific data pool in our system:

The first try required the user to enter a random 5-letter code that gets *displayed* to him, sorta like a captcha, but it's not there to prevent bots it's there to prevent users on auto-pilot.

Then we had the first case of "OH, I did it by mistake" a few month later.

Then we changed it, that the 5-letter code got *mailed* to the person requestion the reset.

Then we had the next case of "OH, I did it by mistake" a few month later.

Now when someone clicks that button different 5-letter codes get sent to everyone in the department (~6 people) and at least 2 have to be entered to do the reset.

I wonder how long it will take for THAT to be done "by mistake"

Re:Easy solution

[magarity]

Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.

To be fair though, it does say this was a mistake of choosing between 'save' and 'submit'. Those choices could have been worded a lot more clearly. Something like 'save template' and 'activate alarm' would be much clearer to an end user.

Re:Easy solution

[aix+tom]

Yep. I would probably have labelled the buttons "Save Text" ( normal grey ) and "SEND ALERT" ( Red, and in a completely different location, with a big ALERT Icon on it. )

( And, of course, the "SEND ALERT" shouldn't be the default action of the form that gets triggered when you hit enter. Just saying. ;-P )

Re:Easy solution

[SuricouRaven]

Better idea: A modal dialog pops up, with a big red countdown from thirty seconds before the 'ok' and 'cancel' buttons become enabled, to make sure the user reads it. It also plays an audio clip at full volume to tell everyone else in the office to check it.

Re:Easy solution

[pak9rabid]

Better idea: A modal dialog pops up, with a big red countdown from thirty seconds before the 'ok' and 'cancel' buttons become enabled, to make sure the user reads it. It also plays an audio clip at full volume to tell everyone else in the office to check it.

Michael Bolton: That is the worst idea I've ever heard in my life.
Samir: Yes, this is horrible, this idea.

Re:Easy solution

[Ritchie70]

On our systems the users have to type YES just to reboot.

Re:Easy solution

[sabt-pestnu]

Easier yet would be separating the "I want to set an alarm" path from the "I want to change the scripts" path. Having both functions in the same dialog is simply asking for trouble.

And hey, they were using custom software. It doesn't have to precisely follow the methods for creating an email template, does it?

And... why are people fixated on just the words? Why not make the "send alarm" button have Big Red Friendly Letters, a different button shape, or perhaps have the button slide away from the mouse, requiring the user stalk and corner it in order to click on it?

Re:Easy solution

[Radical+Moderate]

How about instead of Yes and No buttons on the confirmation, you have buttons that read "I DO want to cause wide spread panic such as this organization has never seen", and "I DO NOT....."

Re:Easy solution

[Belial6]

In our system the button that resets all of the application's configuration data requires that the user type in "Break this application". We have yet to have someone claim that they accidentally type the letters to spell out "Break this application".

Re:Easy solution

[demonbug]

Anyone who does usability studies can assure you that people won't read confirmations, they'll just blindly click OK. And it's worth noting here that this was entirely an ID10T error, not a computer glitch, although I'm sure a fair number of folks will try to blame it on the computer.

People don't read confirmations for everyday tasks that always pop up numerous times a day. If it is a task that is presumably rare, like mass-mailing tens of thousands of people over an emergency alert system, they are probably going to pay attention to what the confirmation dialog says.

Just because I click through idiotic confirmation dialogs without reading them every time I open a document I downloaded from the internet doesn't mean that I click haphazardly through confirmations while reinstalling my OS. Uh, maybe that's not the best example... but you get the point.

Re:Easy solution

[Confusador]

Or label your buttons better than "Submit" and "Save". I honestly couldn't tell you which I would expect to activate the system.

Re:Easy solution

[adolf]

In my line of work (government public safety communications), it takes two proactive steps to send out an alert:

First, press/click the "unlock" button.

Second, press the "send alert" button.

Pressing "send alert" without "unlock" first does nothing -- it's just a dead button.

This works fine. It's not unlike a safety cover on a toggle switch: The act of opening the cover indicates that you're serious about your next action, and the system does not question you when you throw the switch since you've already clearly indicated your intent (either electronically, or mechanically in this brief analogy).

And if it didn't work fine, my phone would be ringing regularly with complaints and requests to come up with a better solution.

We also have variations that include pressing and holding a dedicated, physical unlock button while activating an alert. In this particular scenario, the button exists on a separate hardware piece, and it takes two hands (or some clever discomfort) to make it work. The operation is not dissimilar from the safety interlocks on an industrial press.

At no time is a confirmation displayed. It would be easy to do so (it's just software), but it would only waste time when people actually need help.

Of course, my examples are all for voice communications. But in this new-fangled textual world of alerting folks, everyone seems to have forgotten these concepts, which elsewhere have been in use for many decades...

These new-school HTML jockeys[1] have a lot to learn, it seems. I wish they'd GTFO my lawn, and stop presenting "Are you sure?" prompts wherever they can't understand how to implement reasonably idiotproof systems.

[1]: I deduce that it is a forms-oriented HTML-based system simply because of the "Submit" term confusion. I'd research it to find it if I'm right or wrong, but this being Slashdot, I'm quite certain that someone will flatly tell me that wrong I'm in short order.

Re:Easy solution

[osu-neko]

Unfortunately, this kind of very good design advice is the kind of thing they never teach you at school. I went to an accredited and highly rated college full of wonderful classes teaching all the features of good software design -- from the point of view of creating robust, stable, and maintainable code, with useful documentation. The amount of time spent on UI issues was essentially nonexistent. As long as the code does what it's supposed to do, if the user is confused into pressing the wrong buttons, the code can't be blamed for doing what the user requested, right? It's just a training issue, amirite?

Re:Easy solution

[osu-neko]

I mean, even World of Warcraft requires that you type "DELETE" in a text field in order to delete a character or rare item - you'd think an emergency warning system would be better designed.

Funny you should mention that. Coming to WoW after having played GW for years, I always viewed this as an example of the generally poorer user interface design at Blizzard vs. ArenaNet. In GW, when you select a character and hit "Delete", you get a confirmation box where you have to type text, but you don't type "DELETE" -- you type the name of the character, thus both confirmed you really meant to hit "Delete" AND that you selected the intended character before doing so. WoW's system does guarantee you don't delete a character when you didn't mean to, but it fails to make guarantee you delete the intended character. Unsurprisingly, Blizzard Support does occasionally have to deal with people who accidentally delete the wrong character.

Re:Easy solution

[TheCarp]

Better solution: Ditch the whole system

Little good comes from causing mass panics. Student populations have been entirely disarmed by schools generally adopting the same "Oh my god we have to do something about any danger we can IMAGINE" attitude that government suffers from. There is nothing any of them can do.

What they really need to do is realize how many students and schools there are, and compare that to the number of "active shooter" incidents and realize that... this is an utter waste of time and money to even worry about. They are more likely to have a serious fire, and they already have problems with much lesser crimes like theft, and students drinking themselves into the hospital.

Once they do have such an incident, the chance of a second one that they need it again for.... well... it could be a long time. I hope they are not paying yearly for this "service". Most telling, is that they were saving this message ahead of time. In the unlikely event that it happens, why not type the message in at the time?

If they need such a system, I see it being WAY more useful for announcing snow days, or facilities shutdowns, since they are more likely to actually happen.

Re:Easy solution

[WillDraven]

This was not an ID10T error.

Sure it was!

It's just that the ID10T in this case was the interface designer and not the user (for once..).

Re:Easy solution

[Rary]

"Are you sure" dialogs are generally just an annoyance caused by lazy developers. They'd rather ask for verification (one line of code) than write functionality to allow the user to "undo" what they did if it turns out that they did it incorrectly. Of course, sometimes you're dealing with something that simply can't reasonably be "undone", and that's where there should always be an extra step, whether it's an extra step after the fact, such as a confirmation dialog, or an extra step before the fact, such as the "unlock" button or some other "safety cover" type of concept, as you described. For emergency systems, what you describe makes sense. For systems in general, any sort of extra step to validate intent is the right approach. If developers used confirmation dialogs appropriately (i.e. extremely sparingly), they would be quite effective and not nearly as hated as they are.

My favourite case of unnecessary and outrageously annoying confirmation dialogs: I was working with an internally built application (I didn't build it), and launched a screen that shows a simple listing of records, and allowed me to add/edit/delete these records. I wanted to delete all of the existing records. The only way to delete a record was to right-click on it and select "delete" from the context menu that appeared, which resulted in an "are you sure" dialog. There were about 70 records I needed to delete, and it did not allow multi-select. The context menu did not allow selection of items using the keyboard, so there was no convenient "right-click, D", it had to be "right-click, navigate down to Delete, click, navigate back up to the next record", plus, of course, clicking "Yes" on the confirmation dialog. Then, just to add insult to injury, when I had finally gotten through all of that, I clicked the "OK" button to close the window, which prompted me with "are you sure you want to save the changes to the database?" So, all those deletions weren't even committed to the database yet, despite forcing me to confirm every single one of them. I wanted to beat the developer with a crowbar.

Re:Easy solution

[thesandtiger]

In City of Heroes, it was the same thing - you had to type the character name. I guess my point was just that there are pretty obvious ways to make it so you don't accidentally scare the shit out of 87,000 people by telling them someone is rampaging through their campus.

Irony

[ncttrnl]

Sounds like UI needs a better UI on their emergency notification system.

Re:Irony

[astern]

ZING

Don't they have a test system?

[mcmonkey]

It sounds like they have no way to test the message other than it sending it out to every address in the alert list.

Let's say in this case after updating the message templates, the person hit 'save' rather than 'submit'. On the bright side, then no message would have been sent. On the not-so-bright side, no message would have been sent!

Don't you want to know before there's an actual emergency that your emergency message is working? Not that this incident was an intentional test, but shouldn't they have a test after updating the message template?

Re:Don't they have a test system?

[aztektum]

It sounds like they were adding some campus specific default messages into the system to use in a hurry.

Re:Don't they have a test system?

They periodically test the system, sending out a message that says something like, "This is a test of the Illini-Alert system. There is no actual emergency."

In this case, they had used the system the previous day to send out an alert about a fire on campus. From what I hear, it exposed some issues with the system that they were trying to correct. I don't know why a programming change would require the template to be updated but it's clearly a poorly designed system.

Scary

[Mullen]

The really scary part is that we live in a society where the police have to pre-prepare texts and emails to warn students that someone is shooting up their school.

Re:Scary

[Reapman]

No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this. To be honest considering the time it takes to fire off an email saying "get the hell away from here" having prepared messages for this is kinda dumb in my not so humble opinion.

I wonder what the odds are in fact of getting shot at school...

Re:Scary

[VolciMaster]

The really scary part is that we live in a society where the police have to pre-prepare texts and emails to warn students that someone is shooting up their school.

"pre-prepare"?!?

Re:Scary

[LighterShadeOfBlack]

Yeah. It really goes to show that correspondence writing skills are being sorely neglected throughout the education system.

Re:Scary

[MozeeToby]

No, we don't have to do this at all. Our society today is no more dangerous than society 10, 20, 50, or 100 years ago. The only difference is that we hear about every violent act that takes place across the country and across the world. There is less violent crime today than there was during the '40s and '50s, but in the '40s and '50s you didn't have the 24 hour news channels or constant internet access telling you about it, and telling you that you should be worried, and telling you that there were 2 more violent crimes this year than last year (despite the fact that it is statistically insignificant or even against their argument on a per capita basis).

Re:Scary

[Anrego]

Now I have to watch some George Carlin when I get home :(

Re:Scary

[causality]

No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this. To be honest considering the time it takes to fire off an email saying "get the hell away from here" having prepared messages for this is kinda dumb in my not so humble opinion.

I wonder what the odds are in fact of getting shot at school...

But schools are gun-free zones. No murderer would ever carry a gun into a gun-free zone and start shooting! It's not allowed.

Re:Scary

[geekoid]

Why is it scary to be prepared? we live in a world where many ecenrios are prepared for, even if their use is unlikely. It's about risk mitigation. WHat is the effort and risk of adding a text message like that? low risk, low effort. You would be foolish not to put it in their.
I am sure there are many other alerts this is used for. school closures, and what not.

Re:Scary

[guruevi]

It's a University, people in the administration of those institutions waste massive amounts of taxpayer money doing other random stuff that nobody asks for and nobody wants. At least they did something somewhat productive with their time. When you can explain to me why a 15,000 University where individual departments take charge of their own IT need ~1,500 heads in the Central IT department to keep a network, a datacenter and some phones running, let me know.

Re:Scary

[Chuckstar]

You don't think it makes sense to sit down ahead of time and think of appropriate wording for an emergency email before an actual emergency occurs? Quick... where should we tell them to go? or should we tell them to stay put? What's the best way to word this to get their attention, but without creating too much panic?

In an actual emergency, you wouldn't want to take even 5 seconds to think of those answers.

Re:Scary

[UBfusion]

The really scary part is that both the authorities think they are properly protecting citizens by sending electronic messages and the the citizens think they are properly protected by receiving said warnings. To the point that if authorities don't send any they are considered accountable or accomplices and if citizens don't receive any they are feeling safe.

Re:Scary

[Jah-Wren+Ryel]

No, we live in a society that THINKS they have to pre-prepare texts and emails to warn students of this.

Ten to one the set of various emergency messages has been vetted by the school lawyers in an attempt to reduce liability.

I wonder what the odds are in fact of getting shot at school...

For all practical purposes, zero.

Re:Scary

We don't, though.

Football kills more kids every year than school shootings.

Re:Scary

[SuricouRaven]

I suspect the chances of getting shot on the way to or from school are higher - and the chances of getting hit by a car on the same journey a lot higher still.

Re:Scary

[Bucky24]

pre-prepare is when you prepare to prepare. It's like meta-preparation.

Re:Scary

[Mullen]

Yes, being prepared to be prepared. Makes sense to me! :)

Re:Scary

[Black+Gold+Alchemist]

Which university?

Re:Scary

[picoboy]

The really scary part is that we live in a society where the police have to pre-prepare texts and emails to warn students that someone is shooting up their school.

"pre-prepare"?!?

Which makes this discussion a pre-prepare post-mortem?

scary, but..

[BitwiseX]

at least all these students know that there's a system in place, and that it works!

I just hope it doesn't turn into an inordinate amount of "Are you SURE?" prompts.

"Are you sure you want to send this alert?" YES / NO
"Are you SURE? You're saying there's a shooter on the loose.." YES / NO
"OK, so you're certain.. *BLAM*

I kid...I'm sure they'll implement a better system then that.. but really.. is it broken? How long have they had this system? How many false alarms have there been before?

Re:scary, but..

[LighterShadeOfBlack]

Clicking one wrong button lead to 87,000 emails being sent out saying there was a gunman on the campus and you're asking if the system is broken? What would it take for you to be sure the system was broken, if pressing the wrong button actually unleashed a gunman onto the campus?

Re:scary, but..

[Garble+Snarky]

Pushing one wrong pedal in my car can cause thousands of dollars of property damage, if I'm parked in front of a store. Is my car broken?

Re:scary, but..

[LighterShadeOfBlack]

Your car must be controlled in real-time. It doesn't have the luxury of checking each time you make a potentially hazardous action. It may surprise you to learn that this is not the case for computers.

Even then, you'd have to push the wrong pedal hard and maintain pressure to accidentally drive into something. That's not even close to the same thing as clicking a button.

Hopefully this was all obvious to you and you were simply being facetious. I'd rather the world was populated with assholes than idiots.

Re:scary, but..

[Bucky24]

"Hopefully this was all obvious to you and you were simply being facetious. I'd rather the world was populated with assholes than idiots."

I hate to be the one to say this, but it happens to be populated with people who are both.

Re:scary, but..

[Belial6]

If pressing that one wrong pedal plows into 87,000 people, then yes. It is broken.

Re:scary, but..

[cusco]

Symantec used to have a product (WinFax, I think) that would ask you four times if you actually wanted to uninstall it. Between that and the BSOD that it regularly caused I learned early to loathe their products.

Whew

[Arancaytar]

I was passing BUILDING NAME/INTERSECTION just when I got the text and really panicked.

Instead of a confirmation...

[DeweyQ]

All the poor souls who are looking down and reading a text while the shooter stalks... How about a "heads up" policy being instituted at the school? Or a directional gunfire analysis certificate mandatory for all students? Or a "Typing Under Pressure" exam followed by a "How to Use the Illi-Alert System" for all shooting alert writers?

Re:Instead of a confirmation...

[Zan+Lynx]

Or if the school is really worried about it, a mandatory three day course at the beginning of each semester. Along with properly responding to a fire alarm or where to find, when and how to use an AED, one of the classes would of course be navigating an obstacle course while being shot at, how to take cover and how to best evade and escape the shooter. Concealed carry permit holders get a paintball gun to shoot back with if they choose.

A chance to shoot paintball guns at freshmen? I'd sign up to teach that every chance I got!

Re:Instead of a confirmation...

[Bucky24]

I read in an article a while back that when you know a shooter is around, silence your cell phone if you're hiding, since the shooter will hear a ring and know you are around (and probably shoot you). And so these guys sent out emails? If you're in a school checking your email then you're probably in a class. Which means you're checking it on your smartphone. My phone beeps when I get an email. Irony?

Though I suppose you could be in a computer lab checking your email. But seriously, if a shooting is happening on campus I don't want an email. I want the cops.

Poor design

[geekoid]

Poor GUI bite another person in the ass.

Re:For the love of...

[Anrego]

Ultimately this seems like a very over-elaborate system anyway. Why do they need to have a bunch of prepared single line warnings anyway. In the time it takes to select one of probably several warnings from the system, a user could have typed the message in themselves.

The whole thing could probably be handled with an updated email distribution list and _maybe_ a shortcut on the desktop to quickly start a new message to said list.

We were unable to send an alert..

[jswinth]

"We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error."

After implementing the "additional security" we will hear how they were unable to send an alert for an actual event because the Chief of Police was dealing with the problem and couldn't come in to put his code in.

INterface guidlines

[hoggoth]

And this is why "[SAVE MESSAGE TEMPLATE FOR LATER USE] [SEND MESSAGE IMMEDIATELY]"

is better than "[OK] [CANCEL] [ABORT] [ERROR] [RETRY]"

Re:INterface guidlines

[Mr+44]

This is actually one of the improvements in Windows Vista:

The TaskDialog is the OS functionality for easily showing a dialog with descriptive button labels instead of just old school MessageBox with OK/Cancel/etc.

Re:INterface guidlines

[cras]

Look at the first "Look and feel" dialog. What the hell is that "cancel" button doing in there? There are two choices. One of them is already selected, but the OK button is greyed out. I think, since I've never used Vista.. Even if that greying out means it's simply not focused, what is the purpose of the OK/Cancel there? Does the cancel mean the same as the second option? Does it mean it's going to ask you again the next time? It should be clearly said there, not left to user's guesstimation. I guess it's an improvement, but that page is definitely not something that should be pointed to as an example of good UI design.

Re:Button Label Fail

[hoggoth]

I am picturing a glowing screen with a a blinking popup dialog box reading "Are you SURE you want to send this message? [OK] [CANCEL]" with blood dripping down the screen.

Re:For the love of...

[BBTaeKwonDo]

>a user could have typed the message in themselves

They set up a template so that, in the stress of the moment, the person sending the message wouldn't forget to include some important detail (e.g., location of the emergency, what to do, etc.)

The solution...

[Bobfrankly1]

The solution is a lot more simple then everyone is making it. "Update" should be a button you click with a mouse. Actually sending the message shouldn't be a button, rather it should be a multi-key sequence/shortcut that either sends the message or better yet, produces the actual send button. The shortcut can be listed on the dialog box where it currently exists, and a properly composed paragraph can encourage reading of the short warning about sending, since the operator is reading for the shortcut already. The lack of being presented right away with a simple button *should* (there are ALWAYS exceptions to the rule) prevent accidental occurrences like this one. The extra work involved should break the pattern/trance we tend to fall into when doing repetitive tasks.

Re:The solution...

[Bobfrankly1]

Or as an alternative, display both buttons, but require the send button to be accompanied by a few held down keys. Directions can be in the same dialog box, but the unexpected behavior of the button that can't simply be clicked will prompt comprehensive reading, at which point the operator can make an informed choice about what button to push. Both of these are elements that I've seen integrated somewhere else, and though I can't remember where, I do remember how they broke me of my point click repeat monotony.

Re:The solution...

[Marc_Hawke]

That was the most convoluted fix I saw presented.

My opinion was that the screen for editing the templates shouldn't have a "SEND" button on it at all.

Re:The solution...

[Bobfrankly1]

Convoluted breaks the pattern. Although I agree that the screen for editing templates shouldn't have a SEND button, it depends on how the software was designed in the first place. Requiring simple, but abnormal keyboard input should be a relatively simple change to the software, no matter how it was designed.

Re:The solution...

[Belial6]

Or, have the templates edited using a completely different UI than the one used to send actual messages. A system with proper workflow would have the decision to send the message or not made BEFORE the message is even typed, not after.

Re:I already have redundant systems

[IdolizingStewie]

I suspect this meant more for a student who has a class in BUILDING NAME/INTERSECTION 10 minutes from now. I would hope that you wouldn't have to tell people to hit the deck when they hear gunfire.

In regards to the question of whether we're in more danger than we were in years past, I would agree that we are not, but point out that if UT had had such a system in 1966, it might have saved some people then, too.

To the rescue...

[fahrbot-bot]

We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.

Clippy:

"It looks like you're about to panic thousands of people. Would you like help?

• Get help panicking people.
• Just panic people without help.
• Don't show this tip again.

Reply to ALL?

[AirDave]

The real question is what happened after the everyone starting hitting Reply to All?

Notification System

[dlapine]

I'm an alumni of the U of I, and I work here as well. I get these notifications. I thought I'd bring up 2 points:

1. Fortunately, given the spring break, the actual number of people on campus able to read this was was quite low.
2. Unfortunately, we just had a fire on Green street 2 days ago, and we got an alert from the same system informing us about it. So this warning was probably taken very seriously for those 12 minutes.

Overall, I'm satisfied with the system and I was impressed by the very explicit letter from the chief both explaining the error and accepting the blame for the mistake. She also detailed the upcoming efforts to address the error. I'd like to see the same level of accountability from my ISP or phone company.

Re:Notification System

[Hartree]

When I saw the "active shooter at BUILDING NAME/INTERSECTION", my first thought was that I'd prefer comatose, asleep or just plain lethargic shooters.

It really was pretty quick between the mistake and the correction especially with that many emails going out for each. I check email fairly often, but the correction was already there when I saw the message. They mentioned that the updating was being done in response to comments from those getting alerts previously. I assumed that was from the Green St. fire notifications.

Having it be spring break was definitely a good thing for both the previous fire, and the mistaken alert.

personalization

[wsanders]

No, the real version will say "shooter at BUILDING NAME/INTERSECTION, looking for INSERT NAME HERE".

Re:personalization

[magarity]

Better yet:

No, the real version will say "shooter at BUILDING NAME/INTERSECTION, looking for owner of %SEND_TO_PHONENUM%".

Awful summary

[Darinbob]

This has nothing to do with War-of-the-Worlds, except that there was false panic. The Orson Welles broadcast was done as a fictional story, this incident was an accidental broadcast of an alert.

Next up, a headline saying "Oncologist Pretends to be Orson Welles with Wrong Diagnosis!"

"active shooter"

[wsanders]

"Active shooter" is police jargon for a Columbine-type situation.

The opposite isn't "passive shooter", but the term signifies (at least in some jurisdictions) a situation in which immediate action needs to be taken, rather than, say, waiting to call out the SWAT team.

Don't you mean "Ten things I've learned..."?

[Radical+Moderate]

I work at a university too, and you're right about all ten!

Re:For the love of...

[Belial6]

That or have your templates entered through an entirely different executable/interface. Heck, don't even let the templates be edited on the system that sends the real messages. While you may need to send a real message quickly, you will never need to save a template in the heat of the moment, and if you are editing the templates frequently enough that walking over to a completely separate machine is going to have any real effect on productivity, then your problem isn't with the computer.

Re:Button Label Fail

[Belial6]

Wrong. Submit is a perfectly find button name. It is simple, it is direct, and it is understood by the population. It is not always appropriate, but the label of "Submit" is not why this happened. It happened because of a mistake earlier in the workflow of the application. The screen that you use to make templates should never have been the same screen that is used for sending messages.

If Submit is an unacceptable label, then so is Save, File, Edit, Help, Save As, etc...

Re:Poor UI design?

[Belial6]

By having the same form used to generate templates as used for sending real messages, the developers had already made a mistake in their application's workflow.

Re:I already have redundant systems

[Belial6]

Dramatically more lives could have been saved by banning football. My point being that you are talking about an number that is statistically irrelavent. Besides, you are just as likely to simply move the venue as you are to actually stop it.

A little late, but U of I student here

[Renstar]

The message we got actually said "BUILDING / INTERSECTION NAME" as the location of the alleged incident. To anyone with half a brain it was more than obvious that it was sent in error. I just waited and waited for the explanation. I never actually expected a corrected version with an actual location.

The bigger issue is the use of this system at all. It has been used twice so far (not including yesterdays bout of criminal stupidity). The first was for an "impending tornado" that never touched down. We already have a warning system for that. There are big loud sirens that everyone should be listening for when a nasty storm is rolling through and a watch/warning has already been issued by a non-university organization. The second was just earlier this week for a fire in a non-campus building to warn university employees based in nearby buildings. Who were already evacuated.

The university has now cried wolf three times. Time to file the alerts directly to spam.

So they are admitting...

[LittleBigScript]

...it was an INSIDE job?

An ID10T error? OR was it?

[formfeed]

Word has it, there is this professor at UI who drinks only rain water and whiskey. He thinks fluoridation is a part of a mind control conspiracy. Could it be that he triggered the alarm?

The perfect Interface

[formfeed]

This is how to design the perfect interface:

1. Administrators should have guns.

2. Offices should have sensors that detect gun shots and trigger an email alert.

This would be double plus good:

1. No accidental click but a meaningful action that relates to the incident that is reported.

2. What makes people angry are false reports. Not with this system.

Re:The perfect Interface

[JabberWokky]

I understand your point, but those alert systems are for a wide variety of issues. Say there's a really bad chemical spill in an area where students typically walk through... are you implying that the administrators should shoot the spill to trigger the alarm?

Although, some of the ice at Penn State (which sent out notices using their system when the weather closed down the school) might best be dealt with using a steady application of gunfire.

Translation

[tibit]

We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.

most likely means: The same contractors who messed up basic usability in the original implementation will now get paid again to "fix" it. BTW what is with people using wrong words? Additional "security" features, my ass, this is HMI 101, nothing to do with security.

Re:I already have redundant systems

[cusco]

Silencers aren't really that 'silent'. It's not like in the movies, you still hear a gunshot if you're anywhere near, just not as loud.

Good point

[formfeed]

Good point. And thank you for improving the system...

Say there's a really bad chemical spill in an area where students typically walk through... are you implying that the administrators should shoot the spill to trigger the alarm?

Of course not. To warn the campus of chemical spills, administrators should have a bottle of muratic acid on the shelf. If they want to trigger the chemical alert system, just spill it on the office floor, and this activates the chemical alert warning.

Absolutly no way of confusing the trigger events, and as I said: never ever a false warning.