Interesting to see this on HN. I currently work for the company that redesigned the HMI/UI following this incident. Or rather, it's how my company was founded. In the aftermath, the US Navy Command in San Diego contacted several UCSD professors in the Cognitive Science and Psychology department who specialized in high-impact decision making under stress and cognitive load. The Navy was apparently impressed with the detailed analysis and recs provided by these faculty and continued to collaborate with these folks on this an other projects. Eventually they were getting so much work from the Navy they founded a company focused on human factors engineering and interface design for complex systems.
The two original founders recently retired and our new CEO is a former Captain of the USS Zumwalt.
Another article in that series is also related to a UX mistake: Air France Flight 447.
This crashed, in part, because the inputs from two control sticks (one for pilot and other for copilot) were averaged if they disagreed, unlike on a Boeing (at the time at least) where they're physically connected so you can't have contradictory inputs in the first place, and you'd feel the other pilot fighting you. When the plane stalled, one pilot correctly pushed down to come out of the stall (after which they would be able to pull back up) while the other pulled up instead (which is wrong but does feel like the instinctively correct thing to do). The inputs cancelled out so had almost no effect. By the end both pilots were pulling up, but that hadn't been the case earlier on when the problem could have been resolved.
The captain had been on a rest brake and only re-entered the cabin at the last moment. He finally figured out the problem but it was too late to do anything.
> “Go on, pull,” Dubois said. Was this comment a sardonic resignation to fate?
Since we're on the topic, you know how much HN complains about touchscreens on cars? Now find out how replacing old school analog controls with software touchscreens UI partly led to the USS John S. McCain colliding: https://features.propublica.org/navy-uss-mccain-crash/navy-i...
This is a fascinating article. I feel like I am in my life constantly fighting against either haphazard UI like the one featured there, and the Apple-style UIs which attempt to optimize for beauty by shoving nearly everything (regardless of usefulness) into layers of "••• junk drawers" or little (i) icons.
On a ship worth hundreds of billions of dollars, it was never considered that the Big Red Button should have a plain English red sign saying "Emergency Take-Control-Here Button. Press to return control to THIS station."
The software designers as well could have used plain and direct language too, and made it easy to do the right thing, and require deliberateness to do a weird thing. If it's wildly irregular to have 2 people independently doing port/starboard thrust control, the process should be like "Transfer Thrust Control", followed by a modal with a giant "BOTH SIDES" button and two tiny "Port only" "Stbd Only" buttons.
Also when you are moving around something as important as control of your ship, why not have a simple voice announcement, what does a loudspeaker cost, 20 dollars a piece? "The Thrust control has been transferred to the Lee Helm" or "All Controls were transferred to the Bridge because the Red Take-Control Button was pressed at that station."
Sometimes I think only thoughtless people and Jony Ive-worshipers are doing UI design.
> they saw this contact heading towards them labeled as an F-14 fighter.
What's wild to me is the assumption that Iran would suddenly launch a single F-14 fighter to attack a ship. Was there no moment where they thought "maybe there has been a mistake?" - like where Stanislav Petrov chose to interpret the Soviet early warning system telling him an ICBM was incoming as being a result of some faulty instruments.
Granted the stakes were slightly different - downing one airliner is less severe than risking starting a global nuclear annihilation.
> What's wild to me is the assumption that Iran would suddenly launch a single F-14 fighter to attack a ship.
What is sudden about that? "Two months before the incident, the U.S. had engaged in Operation Praying Mantis, resulting in the sinkings of the Iranian frigate Sahand, the Iranian fast attack craft Joshan, and three Iranian speedboats. Also, the Iranian frigate Sabalan was crippled, two Iranian platforms were destroyed, and an Iranian fighter was damaged. A total of at least 56 Iranian crew were killed"
And on the very day their helicopter received small arm fire from an Iranian patrol vessel, which they were pursuing when the shoot-down happened.
In this situation the idea that Iran would launch a fighter against them is not that wild.
UI failings aside, a few points, mostly from the US Naval Institute's Proceedings[2] (which has references to the Official Investigation "Fogarty report"[3])
- it was standard practice to illuminate Iranian military aircraft with missile fire control radar as a warning for them to turn around. "When you put that radar on them, they went home. They were not interested in any missiles," Captain Carlson recalled.
- the captain of the Vincennes was known as trigger-happy and the Vincennes was nicknamed the Robo-Cruiser.
- the Vincennes was inside Iranian territorial waters at the time of the shoot-down
- data from USS Vincennes' tapes, information from USS Sides and reliable intelligence information corroborate the fact that TN 4131 was on a normal commercial air flight plan profile…squawking Mode III 6760, on a continuous ascent in altitude from take-off at Bandar Abbas to shoot down."
- "Capt. Rogers was a difficult student. He wasn’t interested in the expertise of the instructors and had the disconcerting habit of violating the Rules of Engagement in the wargames." [2]
- Commander Lustig, the air-warfare coordinator, even won the navy's Commendation Medal for "heroic achievement," his "ability to maintain his poise and confidence under fire," enabling him to "quickly and precisely complete the firing procedure.
- all hands aboard the Vincennes and the Elmer Montgomery received combat action ribbons."
a US frigate (uss stark) was severely damaged by a single Iraqi plane in the previous year. the captain did not expect an Iraqi attack, so he tried to warn the plane off multiple times, ultimately allowing it to fire two missiles which hit his ship. the missiles would likely have been shot down if the Stark's countermeasures were working correctly. but they weren't, and 37 Americans died.
given that context, it doesn't seem wild to take an Iranian plane as a serious threat.
As far as I understand it, a single F14 could launch a single Exocet missile, and make a VERY large hole in an aircraft carrier, and if the conditions were right, putting it to the bottom of the sea. Or the same for a battleship. I seem to recall that being a large concern even then, if not especially then.
>What's wild to me is the assumption that Iran would suddenly launch a single F-14 fighter to attack a ship.
Limited hit and run attacks were typical Iranian behavior at the time.
The US tested to see if the F-14 could launch a Harpoon anti-ship missile just a couple of years prior to this because Iran had both F-14s and Harpoons. The test was successful.
It is highly unlikely that Iran ever equipped the F-14 with Harpoons but the thought that they would because it was a capability they possessed was a very real fear at the time.
Maybe (probably?) it did seem crazy, but the officers sought verification from the system and seemed to get it.
They were probably unaware that there was an airliner in their vicinity, as it had been incorrectly tagged as an F-14. I don't know where the actual F-14 was, but quite possibly nowhere in the vicinity of the ship.
All evidence is that Captain Will Rogers was a very different kind of person than Stanislav Petrov. The US military is famous for preferring "forward leaning" types.
The Paypal iOS app used to behave strange with numbers. The interface was designed that you had to type in the amount you wanted to send in cents. If you wanted to send USD 50, you had to type 5000. Paypal then would add a comma after the second digit from the right. What made it even stranger: The numbers were aligned right, so it had the feeling of typing backwards. I never really got used to it.
A few weeks ago, without a note, the whole interface changed. Now you HAVE to fill in the comma. If you just type in 5000 like you did before, you would send USD 5000 instead of USD 50. I personally know of one person who send way to much money and I suspect it is because of this UX change.
I wonder when a tesla will show up in a courtroom with a situation like this.
I'm not talking about autopilot.
I'm talking about the continuous (past ridiculous) removal of physical controls from their vehicles.
For example, the original model S/X had dedicated controls for lots of functions - turn signals, gear shift, wipers, autopilot, steering wheel tilt, etc. On the steering wheel, there were two buttons and a scrollwheel on each side of the steering wheel. Press the center of the steering wheel for the horn. The door had mirror adjustment and windows + lock
Unfortunately a few critical controls were on the touchscreen - defrost front and back were big ones, but all the climate controls, and other nonsense too - all pretty much hidden with multiple taps, or small targets or both.
not all of this is bad - putting lots of detailed but non-critical settings like miles vs km are the perfect thing to have on a touchscreen.
but it needed more dedicated controls.
When the Model 3 came out, it started removing controls. There are two stalks, the turn signal also sort of controls headlights and wipers, the shifter is overloaded with autopilot.
It has two scrollwheels without buttons, you have to push them left and right.
all other controls are on the touchscreen.
It really needs dedicated controls for important things.
And then the updated model S/X came out. wow.
there are NO stalks. turn signals are touch areas on the steering wheel. so are high beams, horn, wipers. the scroll wheels do different things at different times.
shifter? nope - it guesses what direction you want to go. many more things involve
the touchscreen, like going into park. (there is also a touch drive selector in the center console, but you have to look down and touch it to wake, then to select)
Aside: it is the second day in a row that a thread from Mastodon ends up on the frontpage of HN. When was the last time I Twitter thread did the same, and does anyone else doubts that Twitter is no longer at the center of tech-related conversation?
A lot of the recent OpenAI events that were posted here were links to Twitter and I’ve seen plenty of people point this out as evidence that Twitter still is at the centre.
One difference is that Twitter no longer shows threads to logged-out users, while Mastodon does. If someone posted the same thread to both sites, the Mastodon one would be better to link to.
I wonder how this compared to plain air traffic control technology of that era? Were ATC doing it better? (Obviously there are a lot of ATC-driven disasters of that era too).
I first thought this was a post about flat design, then went and read the whole toot. Man, who'd expect UI to be bad enough for life and death operations.
Someone should post more details about the actually confusing UI that lead to this event. Would be a good lesson to most of us.
It also appears that Lockheed won a contract for using this system in 2023 [1]. Can someone share if they actually fixed the UI issues with it recently?
Reading the different takes on the incident leaves one with the impression that there was a lot more going on there than just the stuff with the user interface.
What an insane story. Crazy to think that some of these engineering errors led to such a disastrous outcome...
I do resonate with someone's comments in the above sections reflecting on whether or not such a narrative would be given if it was say, a UI mistake from an enemy country.
As already pointed out, civilian transponders are not really "IFF", they're a tool for ATC to keep track of you.
Military IFF transponders don't emit unless they get interrogated by a valid code, and then only briefly.
The interrogating plane would typically only interrogate if you show up as a radar contact, and at that point, being able to say "I'm friendly" is very useful. You're not hidden anyway.
Note that the name "Identification Friend or Foe" is misleading; IFF can only positively identify friendlies. A nonresponsive bogey (unknown) may still be a friendly with bent IFF, wrong codes, etc.
I have tried to find the sentence you quoted in the article and was not able to. But it is not true that "every large aircraft (...) carries an IFF". IFF is strictly military. What civilian aircraft do have (large and small) is a transponder. The article talks about this but in a confusing way.
You may wonder, but computers extremely important in our life, I bet, you don't release how we depend on high tech now (was not such before war).
I will list how I remember, not by importance.
1. Electric grid is core of infrastructure, and it depend on computers. Even if in many cases could use decentralized power sources, but need it to feed bank networks for money payments; water supply, heating, also need electricity. And Russians actively use hacker attacks to turn off power in Ukraine.
2. Air defense. God bless America and developers of Patriot! After last spring we received this wonderful tech, we could feel much safer, just periodically hear "Citizens may hear explosion, as system automatically intercept ballistic missile. Alarm siren was not triggered".
3. For our people in trenches, information is literally life, because Russians have large number old, but dangerous tech, like artillery and air approx 1960s.
And now also got cheap new tech from East - most annoying drones (UAV).
So if one side got knowledge, where some opponent military unit, they immediately fire on it if possible.
Even become usual thing, artillery duels, when artillery units on each side, try to destroy each other. And as they are long distance units, they don't see opponent, just know from intelligence, that on some coordinates appear opponent.
That time when a badly implemented government contract drop down menu UI design was blamed for the false alarm Hawaiian incoming ballistic missile emergency sms [1] only for it later to turn out to have been caused by regular old human communication error and poor safeguards [2].
There seems to be a lot of trust in IFF in this incident, what would stop Iran from reprogramming their F-14's IFF to identify as as civilian aircraft (or if reprogramming isn't feasible, retrofitting a stolen civilian airliner's IFF system into an electronics pod on their F-14, I'm sure the Iranian government wouldn't have any trouble getting an aircraft from Iranian Airlines)?
Do warships do any verification beyond reading the IFF ping aside from looking for attack patterns like climbinb/decending, etc, it still seems possible for an attacker to get within missile range while still appearing on radar to be a civilian craft.
I'm so conflicted reading this story. On one hand, yes, there were choices made during the design of the system that directly contributed to this tragedy. And a lot of innocent lives were lost, so saying that's "shit happens, it's an edge case" rings very hollow.
On the other hand, this was a very peculiar set of circumstances, very much an edge case. Is it reasonable to expect designers of combat systems to triple check their choices and run more test scenarios to identify and address such edge cases? I'd say yes. However, I think it's unreasonable to expect them to design a perfect system for a highly volatile and chaotic use case such as war.
Reusing identifiers after such a short time was a pretty galactic design cockup. I'm a consultant and if I came across that in a design doc or while analyzing a system to form an understanding in my head of how it works, it would have immediately screamed out to me as asking for this kind of trouble. Operator punched the ID in for (civilian) aircraft A, and unknowingly got the trajectory data for (military) aircraft B.
Coding for the 90% common conditions are easy, it's the edge cases where things get hard and true engineering talent shines through. Ignoring them is simply incomplete design.
It's not tolerated in other fields of engineering (eg. civil) and it shouldn't be in ours either.
Sorry, I don't see where's the edge case. In a given area there are going to be lots of planes. If there is risk of confusing them and making decisions based on non-reconciled information, it seems a pretty critical flaw.
This was not an edge case, it was a swiss cheese failure that was just waiting to happen.
In a tech company this would correctly be thought of as a systemic failure as opposed to a personal one.
There are so many questionable design choices here for a system that is supposed to be used in high-stress situations. A lot of it reads as someone thinking "ooh yeah it would be cool if it did X" instead of "what's the simplest and dumbest possible way to do this".
> However, I think it's unreasonable to expect them to design a perfect system for a highly volatile and chaotic use case such as war.
When it comes to safety-critical systems, the right engineering choice is to lean towards a 'safe' default. For example, the safe default would be to always slave the cursor:
> Once "hooked," the contact would be tracked by Aegis. But critically, unless the operator took the additional step of "slaving" the cursor to that contact, as the contact moved away the cursor would not follow it.
And here, don't reassign a tracking number, at least not within in a short timeframe:
> Vincennes assigned her the tracking number 4474; Sides assigned her 4131. Aegis unified the contacts under the number 4131. 4474 was then available for re-use, so Aegis assigned it to a US A-6 bomber, which happened to be descending.
Yes - but the implications of reassigning the number immediately to another contact seems something that should have been noticed in the design phase.
> Vincennes assigned her the tracking number 4474; Sides assigned her 4131. Aegis unified the contacts under the number 4131. 4474 was then available for re-use, so Aegis assigned it to a US A-6 bomber, which happened to be descending.
> But he didn't realize that its tracking number had changed. He thought it was still tracking number 4474,
Given the stakes of an “edge case” in a war machine, not to mention their cost, it doesn’t seem unreasonable to expect the number of such cases to be zero.
I think a highly volatile and chaotic use case is exactly where I'd expect them to design a perfect, or at least orders of magnitude less susceptible to operator error, system.
Of course it's hard for me, a spoiled millennial who got into programming via online games, to imagine what war computers were capable of in 1988, but as described in the thread, this scenario sounds so utterly routine that I am surprised that it basically involved a game of telephone to confirm basic facts about a plane.
"A tracked entity gets confused with another tracked entity" or "an entity's status of hostile-or-not gets lost" sounds like exactly the cases that should be impossible to get wrong as a fundamental goal of this kind of operation.
> On the other hand, this was a very peculiar set of circumstances, very much an edge case. Is it reasonable to expect designers of combat systems to triple check their choices and run more test scenarios to identify and address such edge cases? I'd say yes. However, I think it's unreasonable to expect them to design a perfect system for a highly volatile and chaotic use case such as war.
Even if this is your position, it doesn't excuse the Navy's blaming of the crew after it happens. Even if the design issues could be written off as a reasonable mistake, the mistake still lies with the design and not with the crew.
It really peeves me to hear the phrase “edge case” used as a defense of incorrect software. As if software should not be expected to deal with edge cases.
Edge cases are not rare. If you have a lot of people using your system, or people who use it a long time, hitting an edge case increases in likelihood to the point that it becomes inevitable. It’s a fallacy to think that an edge case being mathematically unlikely implies that it is unlikely to ever happen. See also murphy’s law.
Is this a mastodon instance? Mastodon is a twitter clone that doesn't allow long posts? All the posts but the first come collapsed and I have to click on each to read it. Is someone measuring engagement?
This could have been an article worth reading, instead it is chunked in tweets (or whatever they are named now) on X. I'd be interested in the topic, but hate the reading experience to much to read it.
Everything's possible, but there would be no debate about UI mistakes if it was Iran shooting down a US plane. They would've done because they are evil by nature, or at least perceived as such. In that case the media and the public buys into its own reality, but of course the UI discussion could be a distraction from the public maybe starting to question if that's actually the reality.
Also from the Wiki page about this shootdown:
In 1991, political scientist Robert Entman of George Washington University compared U.S. media coverage of the incident with the similar shootdown of Korean Air Lines Flight 007 by the Soviet Union five years earlier by studying material from Time, Newsweek, The New York Times, The Washington Post and CBS Evening News. According to Entman, framing techniques were used to frame the Korean Airlines incident as sabotage while framing the Iran Air incident as a tragic mistake,[67] stating "the angle taken by the U.S. media emphasized the moral bankruptcy and guilt of the perpetrating nation. With Iran Air 655, the frame de-emphasised guilt and focused on the complex problems of operating military high technology."[68][a] By "de-emphasizing the agency and the victims and by the choice of graphics and adjectives, the news stories about the U.S. downing of an Iranian plane called it a technical problem while the Soviet downing of a Korean jet was portrayed as a moral outrage."
[+] [-] subroutine|2 years ago|reply
The two original founders recently retired and our new CEO is a former Captain of the USS Zumwalt.
[+] [-] quietbritishjim|2 years ago|reply
https://admiralcloudberg.medium.com/the-long-shadow-of-war-t...
Another article in that series is also related to a UX mistake: Air France Flight 447.
This crashed, in part, because the inputs from two control sticks (one for pilot and other for copilot) were averaged if they disagreed, unlike on a Boeing (at the time at least) where they're physically connected so you can't have contradictory inputs in the first place, and you'd feel the other pilot fighting you. When the plane stalled, one pilot correctly pushed down to come out of the stall (after which they would be able to pull back up) while the other pulled up instead (which is wrong but does feel like the instinctively correct thing to do). The inputs cancelled out so had almost no effect. By the end both pilots were pulling up, but that hadn't been the case earlier on when the problem could have been resolved.
https://admiralcloudberg.medium.com/the-long-way-down-the-cr...
The captain had been on a rest brake and only re-entered the cabin at the last moment. He finally figured out the problem but it was too late to do anything.
> “Go on, pull,” Dubois said. Was this comment a sardonic resignation to fate?
[+] [-] grotorea|2 years ago|reply
[+] [-] xp84|2 years ago|reply
On a ship worth hundreds of billions of dollars, it was never considered that the Big Red Button should have a plain English red sign saying "Emergency Take-Control-Here Button. Press to return control to THIS station."
The software designers as well could have used plain and direct language too, and made it easy to do the right thing, and require deliberateness to do a weird thing. If it's wildly irregular to have 2 people independently doing port/starboard thrust control, the process should be like "Transfer Thrust Control", followed by a modal with a giant "BOTH SIDES" button and two tiny "Port only" "Stbd Only" buttons.
Also when you are moving around something as important as control of your ship, why not have a simple voice announcement, what does a loudspeaker cost, 20 dollars a piece? "The Thrust control has been transferred to the Lee Helm" or "All Controls were transferred to the Bridge because the Red Take-Control Button was pressed at that station."
Sometimes I think only thoughtless people and Jony Ive-worshipers are doing UI design.
[+] [-] smcl|2 years ago|reply
What's wild to me is the assumption that Iran would suddenly launch a single F-14 fighter to attack a ship. Was there no moment where they thought "maybe there has been a mistake?" - like where Stanislav Petrov chose to interpret the Soviet early warning system telling him an ICBM was incoming as being a result of some faulty instruments.
Granted the stakes were slightly different - downing one airliner is less severe than risking starting a global nuclear annihilation.
[+] [-] krisoft|2 years ago|reply
What is sudden about that? "Two months before the incident, the U.S. had engaged in Operation Praying Mantis, resulting in the sinkings of the Iranian frigate Sahand, the Iranian fast attack craft Joshan, and three Iranian speedboats. Also, the Iranian frigate Sabalan was crippled, two Iranian platforms were destroyed, and an Iranian fighter was damaged. A total of at least 56 Iranian crew were killed"
And on the very day their helicopter received small arm fire from an Iranian patrol vessel, which they were pursuing when the shoot-down happened.
In this situation the idea that Iran would launch a fighter against them is not that wild.
[+] [-] sillywalk|2 years ago|reply
- it was standard practice to illuminate Iranian military aircraft with missile fire control radar as a warning for them to turn around. "When you put that radar on them, they went home. They were not interested in any missiles," Captain Carlson recalled.
- the captain of the Vincennes was known as trigger-happy and the Vincennes was nicknamed the Robo-Cruiser.
- the Vincennes was inside Iranian territorial waters at the time of the shoot-down
- data from USS Vincennes' tapes, information from USS Sides and reliable intelligence information corroborate the fact that TN 4131 was on a normal commercial air flight plan profile…squawking Mode III 6760, on a continuous ascent in altitude from take-off at Bandar Abbas to shoot down."
- "Capt. Rogers was a difficult student. He wasn’t interested in the expertise of the instructors and had the disconcerting habit of violating the Rules of Engagement in the wargames." [2]
- Commander Lustig, the air-warfare coordinator, even won the navy's Commendation Medal for "heroic achievement," his "ability to maintain his poise and confidence under fire," enabling him to "quickly and precisely complete the firing procedure.
- all hands aboard the Vincennes and the Elmer Montgomery received combat action ribbons."
...
[1] https://www.newsweek.com/sea-lies-200118
[2] https://www.usni.org/magazines/proceedings/1993/august/vince...
[3] https://archive.org/details/FormalInvestigationintotheCircum...
[+] [-] leetcrew|2 years ago|reply
given that context, it doesn't seem wild to take an Iranian plane as a serious threat.
[+] [-] xen2xen1|2 years ago|reply
[+] [-] snakeyjake|2 years ago|reply
Limited hit and run attacks were typical Iranian behavior at the time.
The US tested to see if the F-14 could launch a Harpoon anti-ship missile just a couple of years prior to this because Iran had both F-14s and Harpoons. The test was successful.
It is highly unlikely that Iran ever equipped the F-14 with Harpoons but the thought that they would because it was a capability they possessed was a very real fear at the time.
[+] [-] wil421|2 years ago|reply
A single plane shooting down a ship is not unheard of but the US has done it in pairs to the whole Iran navy.
[+] [-] ARandomerDude|2 years ago|reply
"Well, I just thought a single F-14 was probably not that big of a deal."
[+] [-] mannykannot|2 years ago|reply
They were probably unaware that there was an airliner in their vicinity, as it had been incorrectly tagged as an F-14. I don't know where the actual F-14 was, but quite possibly nowhere in the vicinity of the ship.
[+] [-] ghaff|2 years ago|reply
[+] [-] michael1999|2 years ago|reply
https://admiralcloudberg.medium.com/the-long-shadow-of-war-t...
[+] [-] Nition|2 years ago|reply
"Sure that plane looks like it's moving fast and diving straight towards us, but it's just an Airbus A300."
[+] [-] moritz64|2 years ago|reply
The Paypal iOS app used to behave strange with numbers. The interface was designed that you had to type in the amount you wanted to send in cents. If you wanted to send USD 50, you had to type 5000. Paypal then would add a comma after the second digit from the right. What made it even stranger: The numbers were aligned right, so it had the feeling of typing backwards. I never really got used to it.
A few weeks ago, without a note, the whole interface changed. Now you HAVE to fill in the comma. If you just type in 5000 like you did before, you would send USD 5000 instead of USD 50. I personally know of one person who send way to much money and I suspect it is because of this UX change.
Thoughtful design matters!
[+] [-] m463|2 years ago|reply
I'm not talking about autopilot.
I'm talking about the continuous (past ridiculous) removal of physical controls from their vehicles.
For example, the original model S/X had dedicated controls for lots of functions - turn signals, gear shift, wipers, autopilot, steering wheel tilt, etc. On the steering wheel, there were two buttons and a scrollwheel on each side of the steering wheel. Press the center of the steering wheel for the horn. The door had mirror adjustment and windows + lock
Unfortunately a few critical controls were on the touchscreen - defrost front and back were big ones, but all the climate controls, and other nonsense too - all pretty much hidden with multiple taps, or small targets or both.
not all of this is bad - putting lots of detailed but non-critical settings like miles vs km are the perfect thing to have on a touchscreen.
but it needed more dedicated controls.
When the Model 3 came out, it started removing controls. There are two stalks, the turn signal also sort of controls headlights and wipers, the shifter is overloaded with autopilot. It has two scrollwheels without buttons, you have to push them left and right.
all other controls are on the touchscreen.
It really needs dedicated controls for important things.
And then the updated model S/X came out. wow.
there are NO stalks. turn signals are touch areas on the steering wheel. so are high beams, horn, wipers. the scroll wheels do different things at different times.
shifter? nope - it guesses what direction you want to go. many more things involve the touchscreen, like going into park. (there is also a touch drive selector in the center console, but you have to look down and touch it to wake, then to select)
Just a mess. It makes you a worse driver.
[+] [-] rglullis|2 years ago|reply
[+] [-] JimDabell|2 years ago|reply
[+] [-] georgehotelling|2 years ago|reply
[+] [-] quickthrower2|2 years ago|reply
[+] [-] vkaku|2 years ago|reply
Someone should post more details about the actually confusing UI that lead to this event. Would be a good lesson to most of us.
It also appears that Lockheed won a contract for using this system in 2023 [1]. Can someone share if they actually fixed the UI issues with it recently?
1 - https://news.clearancejobs.com/2023/03/13/lockheed-martin-wi...
[+] [-] jgilias|2 years ago|reply
Basically, heading and location came from one plane, identification from another plane, and altitude yet from another one for reasons.
[+] [-] jansan|2 years ago|reply
[+] [-] upofadown|2 years ago|reply
* https://admiralcloudberg.medium.com/the-long-shadow-of-war-t...
Reading the different takes on the incident leaves one with the impression that there was a lot more going on there than just the stuff with the user interface.
[+] [-] squirrel23|2 years ago|reply
I do resonate with someone's comments in the above sections reflecting on whether or not such a narrative would be given if it was say, a UI mistake from an enemy country.
[+] [-] next_xibalba|2 years ago|reply
This is weird, I'm sure I don't have all the facts. In a conflict, why would a military aircraft ever want to identify itself?
[+] [-] proaralyst|2 years ago|reply
[+] [-] 8372049|2 years ago|reply
Military IFF transponders don't emit unless they get interrogated by a valid code, and then only briefly.
The interrogating plane would typically only interrogate if you show up as a radar contact, and at that point, being able to say "I'm friendly" is very useful. You're not hidden anyway.
Note that the name "Identification Friend or Foe" is misleading; IFF can only positively identify friendlies. A nonresponsive bogey (unknown) may still be a friendly with bent IFF, wrong codes, etc.
[+] [-] outworlder|2 years ago|reply
[+] [-] Towaway69|2 years ago|reply
Logically speaking:
- no identification: risk being shot down by both sides
- correct identification: risk being shot down by the enemy
- fake civilian identification: no risk of being shot down?
[+] [-] simne|2 years ago|reply
You may wonder, but computers extremely important in our life, I bet, you don't release how we depend on high tech now (was not such before war).
I will list how I remember, not by importance.
1. Electric grid is core of infrastructure, and it depend on computers. Even if in many cases could use decentralized power sources, but need it to feed bank networks for money payments; water supply, heating, also need electricity. And Russians actively use hacker attacks to turn off power in Ukraine.
2. Air defense. God bless America and developers of Patriot! After last spring we received this wonderful tech, we could feel much safer, just periodically hear "Citizens may hear explosion, as system automatically intercept ballistic missile. Alarm siren was not triggered".
3. For our people in trenches, information is literally life, because Russians have large number old, but dangerous tech, like artillery and air approx 1960s. And now also got cheap new tech from East - most annoying drones (UAV).
So if one side got knowledge, where some opponent military unit, they immediately fire on it if possible.
Even become usual thing, artillery duels, when artillery units on each side, try to destroy each other. And as they are long distance units, they don't see opponent, just know from intelligence, that on some coordinates appear opponent.
[+] [-] jimmySixDOF|2 years ago|reply
[1] https://blog.prototypr.io/dangerous-drop-downs-%EF%B8%8Fbad-...
[2]https://en.m.wikipedia.org/wiki/2018_Hawaii_false_missile_al...
[+] [-] Johnny555|2 years ago|reply
Do warships do any verification beyond reading the IFF ping aside from looking for attack patterns like climbinb/decending, etc, it still seems possible for an attacker to get within missile range while still appearing on radar to be a civilian craft.
[+] [-] mattszaszko|2 years ago|reply
On the other hand, this was a very peculiar set of circumstances, very much an edge case. Is it reasonable to expect designers of combat systems to triple check their choices and run more test scenarios to identify and address such edge cases? I'd say yes. However, I think it's unreasonable to expect them to design a perfect system for a highly volatile and chaotic use case such as war.
[+] [-] rkagerer|2 years ago|reply
Coding for the 90% common conditions are easy, it's the edge cases where things get hard and true engineering talent shines through. Ignoring them is simply incomplete design.
It's not tolerated in other fields of engineering (eg. civil) and it shouldn't be in ours either.
[+] [-] gpderetta|2 years ago|reply
[+] [-] ZephyrBlu|2 years ago|reply
In a tech company this would correctly be thought of as a systemic failure as opposed to a personal one.
There are so many questionable design choices here for a system that is supposed to be used in high-stress situations. A lot of it reads as someone thinking "ooh yeah it would be cool if it did X" instead of "what's the simplest and dumbest possible way to do this".
[+] [-] h0l0cube|2 years ago|reply
When it comes to safety-critical systems, the right engineering choice is to lean towards a 'safe' default. For example, the safe default would be to always slave the cursor:
> Once "hooked," the contact would be tracked by Aegis. But critically, unless the operator took the additional step of "slaving" the cursor to that contact, as the contact moved away the cursor would not follow it.
And here, don't reassign a tracking number, at least not within in a short timeframe:
> Vincennes assigned her the tracking number 4474; Sides assigned her 4131. Aegis unified the contacts under the number 4131. 4474 was then available for re-use, so Aegis assigned it to a US A-6 bomber, which happened to be descending.
[+] [-] helsinkiandrew|2 years ago|reply
> Vincennes assigned her the tracking number 4474; Sides assigned her 4131. Aegis unified the contacts under the number 4131. 4474 was then available for re-use, so Aegis assigned it to a US A-6 bomber, which happened to be descending.
> But he didn't realize that its tracking number had changed. He thought it was still tracking number 4474,
[+] [-] ughitsaaron|2 years ago|reply
[+] [-] ben0x539|2 years ago|reply
Of course it's hard for me, a spoiled millennial who got into programming via online games, to imagine what war computers were capable of in 1988, but as described in the thread, this scenario sounds so utterly routine that I am surprised that it basically involved a game of telephone to confirm basic facts about a plane.
"A tracked entity gets confused with another tracked entity" or "an entity's status of hostile-or-not gets lost" sounds like exactly the cases that should be impossible to get wrong as a fundamental goal of this kind of operation.
[+] [-] CogitoCogito|2 years ago|reply
Even if this is your position, it doesn't excuse the Navy's blaming of the crew after it happens. Even if the design issues could be written off as a reasonable mistake, the mistake still lies with the design and not with the crew.
[+] [-] ninkendo|2 years ago|reply
Edge cases are not rare. If you have a lot of people using your system, or people who use it a long time, hitting an edge case increases in likelihood to the point that it becomes inevitable. It’s a fallacy to think that an edge case being mathematically unlikely implies that it is unlikely to ever happen. See also murphy’s law.
[+] [-] amadeuspagel|2 years ago|reply
[+] [-] nottorp|2 years ago|reply
[+] [-] cryptos|2 years ago|reply
[+] [-] locallost|2 years ago|reply
Also from the Wiki page about this shootdown:
In 1991, political scientist Robert Entman of George Washington University compared U.S. media coverage of the incident with the similar shootdown of Korean Air Lines Flight 007 by the Soviet Union five years earlier by studying material from Time, Newsweek, The New York Times, The Washington Post and CBS Evening News. According to Entman, framing techniques were used to frame the Korean Airlines incident as sabotage while framing the Iran Air incident as a tragic mistake,[67] stating "the angle taken by the U.S. media emphasized the moral bankruptcy and guilt of the perpetrating nation. With Iran Air 655, the frame de-emphasised guilt and focused on the complex problems of operating military high technology."[68][a] By "de-emphasizing the agency and the victims and by the choice of graphics and adjectives, the news stories about the U.S. downing of an Iranian plane called it a technical problem while the Soviet downing of a Korean jet was portrayed as a moral outrage."
[+] [-] throw555chip|2 years ago|reply
https://en.wikipedia.org/wiki/Iran_Air_Flight_655
For the most truthful view of what happened that day:
https://www.britannica.com/event/Iran-Air-flight-655