87 comments

[ 2.9 ms ] story [ 127 ms ] thread
We have the most competent people possible running our country and the world economy. There was no way to avoid this.
Maybe it has something to do with 50 years of neoliberal corner-cutting, especially hollowing out the public sector.
Yes, the people who jumped over themselves to present half-baked GPT chatbots as the future of their multi-billion dollar search businesses.
Not a zoom bomb, it was just one guy signed in.
Their settings for this meeting allowed arbitrary users to show their desktops and/or webcams, and didn’t have users muted by default either. Sounds like PEBCAK.
If such a mistake is too easy to make, this sounds to me like a UX design issue.
It's more of a mismatch between the intended use case of zoom of having meetings compared to what they wanted to accomplish.
It seems like the kind of defaults that should depend on the visibility of the meeting. Public -> No webcams and muted by default, normal -> webcams and mics.
Most security issues are from one perspective or another
The UX is fine (see https://uis.georgetown.edu/zoom/meeting-controls/participant...), the universe just built a better idiot
Are you sure? Some very basic mass meeting settings are spread across at least five or six menus and popups, all available once the meeting has already started. You can't set the "people can't unmute themselves by default" flag without muting everyone else in the meeting first, it seems.

Half or more of these options should go in a single "meeting configuration" screen in my opinion.

If you just start using the software, you'll have to go through every menu and click every button just to discover the ways people can disturb your meeting. This seems like a terrible user interface for any meeting that's either important or features more than a handful of people.

Calling the user an idiot does nothing to fix the problem. If this setting is buried under advanced settings, most users will never look for it. It sounds like the system could be more upfront about how these things are configured before launching the meeting. It would likely be helpful to remember settings from last session and warn the user if they are deviating from those settings. Perhaps they need to have a saved settings function where a user can save a batch of settings to be reused. I might also wonder how user accounts are setup, to make sure this organization is using this account only for official use, to help make it easier to keep track of these saved sessions.

I don't know about you, but I am an engineer. My job is to consider how the product can be improved, not say "it's fine" and blame the user.

If Zoom does not improve these things, they may lose customers to a competitor who does. Then the engineer that says "it's fine" will be out of a job.

There isn’t as much malice in my calling the user an idiot as it might seem. I was recalling a quote by Rick Cook, “Programming today is a race between software engineers striving to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.”

I don’t think that quote means that users are idiots for not being able to use your UX, nor do I think is it saying that you shouldn’t devote effort to making your UX clearer and easier to use. In my view, the message is that UX is a bit like an arms race, or a Red Queen race, or some other kind of race - that is, you should always be improving your UX, and simultaneously you’ll never have the perfect UX that everyone can use for everything they want to do without any confusion.

This affects how you react to an instance of confusion: it is not a signal that the UX in question necessarily needs to be changed, as it may be working well for every other user and a change will introduce more confusion. It IS a signal to investigate the UX in question and see if it can be improved, you shouldn’t discard the signal entirely. But that investigation might sometimes conclude the UX design is acceptable!

Phrases like “PEBCAK” and “a better idiot” are colorful and thus can appear dismissive and insulting without context, but they do have useful and charitable interpretations too.

(To your specific point, in the course of my dev work I have done some UX engineering, and “automatically persist settings from previous session” is actually a feature I have implemented, although iirc the motivation in our case was more about convenience. We found users ended up with more misconfigurations afterward - they would change the settings just fine for one-off unusual cases because they were actively thinking about the settings they needed. Afterwards they would go back to their usual case and NOT be thinking about settings, so they would get caught out, they would change just the one setting they got caught out by, get caught out again, and so on. Multiple misconfigured sessions after every unusual session was an immediate pain point after we made the change, and we ended up reverting it. Long-term, the solution we found the fewest issues with was having the administrator accounts set specific defaults for each user account and the users could choose to deviate from those settings each session. The administrators were generally in a position to weigh each user’s usual use-case along with the risk if that user was misconfigured. It provided most of the convenience we wanted, and it also gave companies the opportunity to develop policies around which settings to use. Even the colorful language has a role to play - I have had the exact thought process of “this user story doesn’t sound like a particularly impressive case of idiocy, so there probably is something wrong with our UX here” quite a few times. The unwillingness to label the user an idiot directly motivated improvements to UX in those cases.)

The fact that you had to share a third-party website walking people through the steps of configuring it means the UX is not fine.

Zoom is powerful but not easy to configure if you don't use it every day. I certainly had my problems too and I'm working in tech and not "bad with computers" usually.

User being too idiot to user the interface almost by definition means it's bad UX. If your userbase is not attentive/smart enough to use the interface, it's an interface problem, not a user problem.
> The UX is fine, the universe just built a better idiot

That is a disgustingly arrogant viewpoint to have as a dev/designer, and one of the reasons why most software is stagnant shit.

It's what leads to atrocities like HN's current CSS XD

[dead]
Exactly. The situation was just "a non-mission critical thing had a one-off misconfiguration," which is the least alarming thing in the history of technology.
Maybe if you're a worldwide powerhouse organization responsible for moving markets with reports and forecasts, you should cough up the coin to run your own conference infrastructure or adopt Workplace.
Maybe if you're the leading provider of meeting software used the world over, you should work to ensure that it is incredibly trivial to host a secure meeting
[dead]
> Microphones and video were not muted by the organizer upon joining.

We are decades into videoconferencing software, and 3 years into heavy usage of it by everyone from CEOs to my grandma and we're still fucking up the fundamentals? This is why the government is a joke.

The government? Everyone screws it up.

Let’s not talk about projecting/displaying presentations either.

Every week we go through this at work STILL. I sit there with my system working perfectly. I can hear. I can talk. They can hear me. They can see me. It's fine. But there are 3 other people in there that are muted and can't figure it out, someone is called in and on their computer, echo everywhere, someone can't hear, someone can't get their mic to work, someone just gets frustrated and screams that we should "do it in person".

I just don't get it anymore. I can't figure out how any of this is challenging for anyone. Especially when they've all done it 50+ times now.

Oh, and the team member who only has her forehead in the shot? Or the person who constantly changes their background through the whole meeting? Or the person who just gets up and walks away in the middle.

Can you feel it? It's Sunday night here for me. Monday is quickly approaching and I just can't stomach the thought of doing this all over again.

I have problems with being muted when I join with Google Meet in Safari desktop that goes away when I re-join without doing anything else at all. Many times it's really just bad software and not just user incompetency. The worst part is that it doesn't happen all the time or to all the users, so the engineers don't care or don't have enough steps to reproduce the bug.
Every virtual meeting in the non-tech world is like this. Zoom is way easier for people than its alternatives but in a world of fools nothing is foolproof.
It has nothing to do with "government", except I suppose that it is "of the people" and the people, in aggregate, are "dumb" (actually: people know about the domains that matter to them, and not others).

That being said: almost every day at least one meeting causes me to wonder just how much of the GDP is lost in these teleconference handshake failures. That's something I'd like to see an economics paper on.

I don't think this had much to do with the govt. This was a conf hosted by a random bank association and one of the speakers was a Fed governor. Fed had nothing to do with the setup, infra, etc.
> We were a victim of a teleconference or Zoom hijacking and we are trying to understand what we need to do going forward to prevent this from ever happening again

I don't know if there are more details elsewhere, but I feel like a solution here is to not host the meeting in such a way that allows others to share anything (or at least only allow authorized users to join)? Although I would think that a 'broadcast' of the meeting followed by text-based follow-ups from people not physically present would be an even better system.

Maybe there are more requirements that I don't know about.

I think what likely happened is that the zoom call was started by a non-technical person who didn’t realize how to properly configure the permissions on the meeting. So once the meeting got started it turned out anyone had permission to share their screen and hijack the call with whatever they wanted to show.
I use zoom for a couple groups I'm park of. It's actually hard to set screen sharing on by default. To the point where if I use the link I sent out to join not as the meeting organizer, I have to leave and come back before anyone can share. My work zoom link gets around this restriction..

The fact that zoom full screens any share makes this worse.

At this point most organizations should have someone adept enough to boot misbehavior. It's a little tricky.

Hold the meetings in person. Zoom has been a disaster for collaboration. If people try to bomb your in person meetings you can have the police arrest them for trespass.
Zoom specifically has a mode for this. I've been in Zoom meetings with C-level staff and 2k+ people listening in.

The people viewing couldn't turn on their cameras or microphones. They could only listen and present questions in a moderated chat channel.

Maybe a distraction to avoid answering difficult economic questions? Was it rescheduled or just not happening? Didn't see the article mention it.
Let's be real about the scope here, clearly this is not indicative of the downfall of modern banking infrastructure (or the government itself, as it seems some commentors would have you believe).

This was a small event featuring one board member. As the article points out the zoom session itself was run by the hosting institution, some consortium of small banks (I hear those are really known for their technical chops /s). Run enough of these and something bad is bound to happen.

Sure, maybe the Fed should improve its policies on meeting hosting rules and make sure people are informed on best practice, but the fact that a Fed-affiliate intern messed up their Zoom settings is hardly damning.

Yes, it seems like a small matter. Perhaps before the next meeting he should be asked, “Does the female form make you uncomfortable Mr Governor?”

https://youtu.be/bDDGZxb6YhM

Professional AAA game programmers write bugs that permanently delete players' save data. Senior engineers at web hosting companies accidentally delete customer's entire servers. Employees at internet backbones accidentally screw up the configuration so bad that huge swaths of the internet go offline.

This isn't a UX problem. This isn't a government problem. This is the human experience.

Maybe we can improve the human experience by improving the… user experience.
Exactly. It doesn't matter if UX was the problem, it can be part of the solution.
You're very right. I may have misspoken a little - I just meant that there will always be high profile mistakes. Bu obviously that's no reason to avoid improving the tools.
And soon to be the AI experience, trained upon fallible human experiences.
More like, this is the state of software in 2023. In software industry, there is an extremely vague sense of correctness while software is being developed, if there is any. Product managers have no idea what that is, and there is usually no specification to test or verify software against. Every engineer has their own voodoo ways to test or verify software, and guess what, some teams don't even do either! There are entire companies, philosophies built around how testing and verification being waste of time. On top of this, software depends on gazillions of dependencies whose correctness is similarly untested and unverified.

As a corollary, you get software that fails left and right for unexpected reasons.

Yeah people don't give a shit about correctness. By people I mean PMs. And it seems fine for a long time until things get ruined like any of those examples. "How could this have happened?" said the people who refused to accept that testing can added tens of engineer-days to the estimate.
You can only ask a PM "how would you like the system to behave in this specific scenario" so many times and get non-answers or no answer before you start saying "screw it, I think it should behave like this, ship it"

My favorite response is "that feature's deprecated"

Yeah....I know...but it still exists in prod and it's going to be affected. "Deprecated" does not mean "obsolete".

And yet, extraordinarily complex systems seem to work somehow, which means each of the zillions of pieces is pretty much doing the right thing.
That's your opinion, and it seems to be the opinion of some people, I respect that. However, I strongly disagree. I use software all day every day (like most of us here, if not all) and I can confidently say none of the complex systems I use work at all. All software is buggy, most software is frustratingly buggy, and surprising amount of professional software is imho unusuably buggy. When I interact with a new software, my assumption is that it will not work. Unless proven otherwise, software of no complexity works in practice.
Unless you are an exceptional person, software has permeated your life. Most of the ways in which it affects you are invisible because it works so well.
My claim is not that "no software has any part that works", my claim is that "all software has some part that is buggy" which seems trivially demonstrably true in my life. I have unfortunately nothing to offer but anecdotes, but I go by my day and almost every moment something fails. I open jira tons of errors. I open an Android app, tons of issues. I open LinkedIn in browser, sometimes text box doesn't work. I open facebook, it has gazillions of weird problem that pop up every moment.

In fact, I'll go against the wind a little more. A sibling comment in this chain claimed when software has bugs, it's resolved quickly. Wow, I cannot disagree more. I know bugs in tons of software I use that's been there for years, since I started using it. In fact, my principle is the exact opposite, if a software has a bug, unless you yourself fix it [1] chances are that bug won't be fixed.

[1] if open source

>... software of no complexity works in practice.

That's trivially disprovable by mere fact that you have used software to send your opinion to everyone this forum also using untold amount's of software, and that we have received it and are replying to it. Unless you are using some black and white definition of `works` where everything acts exactly as expected 100% of the time, in which case I would suggest not doing anything ever because there is no agreed upon definition of behavior on anything more complex than basic math. Once you start defining behaviors there are a million ways to interpret any sentence

"none of the complex systems I use work at all"

None of them?

I think by far the best working software I use today is Emacs, and yes it's full of bugs that frustrate me every day.
That's the crazy thing, right?

I'm a software engineer. I've seen how poorly software is written, how badly it's tested, and how many stupid mistakes developers make. I've been the one making staggeringly stupid mistakes!

And yet... the vast majority of the software we use just kinda works. And if it's broken, it doesn't tend to stay that way for long.

It's easy to see problems as a developer, but our software could be so much worse.

I think I'd push back a little bit on this. Watching non-technical people try to use apps and websites makes me feel an immense amount of guilt. It's crazy the amount of problems that I ignore because I am so used to them or because I understand the inner workings of things. When a non-technical person sees one of those problems, it's sometimes a show stopper. It wastes a lot of brain cycles for them to figure out what error messages mean, why there's a pop-up explaining some new arcane feature unrelated to their goal, why their form submit didn't go through, etc.

The fact that software is so pervasive definitely speaks for itself, but we still have a very long way to go.

I can't disagree with you about that. The article here is about a misconfigured zoom meeting, which is shockingly easy to do. And if you've ever seen technical people struggling with Jira, you'll know it's not just an issue for non-technical users.

But I think it is a different quality of the software. Contrary to other people in these comments, I think we make software that actually does work in the vast majority of cases. "Working" isn't really the same as high performance, feature rich, or intuitive software, though.

> why there's a pop-up explaining some new arcane feature unrelated to their goal

This is one of the worst things apps and websites have started to do. I can hardly open an app without encountering this. Note to devs and PMs who think these are a good idea: I don’t read them, I dismiss them immediately, and every time you do this I like your app a little bit less. Stop it.

My favorite thing is gmail or chat telling me about some new feature using an overlay instead of, I dunno, emailing it to me or sending me a chat message.
It's gotten ridiculous. I log into my bank and click on my checking account and instead of taking me to a page with all my recent transactions it instead takes me to some page to set up savings buckets or something that I'll never use.

My internet was down the other day so for something to do (I didn't think it would actually work, and it didn't) I logged into Comcast's site on my phone to see if there was an outage or something I could troubleshoot from there. I had to click through maybe half a dozen notifications of things I don't care about in the slightest just to get to the "home" page of my account.

And that's just the first two things I thought of. That sort of miserable design where they try to get me to look at things I don't care about and will never care about just because it might make them money is so pervasive, it's everywhere.

A lot of the software you interact with on a daily basis is made to be robust at least from a system point of view. Firmwares are tested because if they fail horribly the product will get returned or cause real damage. Communication protocols are designed to be fault tolerant. Critical infrastructures operate far from their peak capacity and are doubled. There are buffers everywhere limiting the impact of a brittle piece.

People seldom realise how much engineering is necessary to make the modern world tick and that goes for software too.

Until the moment you do anything weird or unexpected, then it goes haywire

As someone who hates "average" and "normal", this is a big problem, particularly when the goalposts on that have moved to pretty much anything that anyone wants to do beyond elementary-school education-level difficulty

The ease-of-use assholes that have ruined software can kindly go eat a dick

This is life.

People fail to recognize so much of life is imperfect down to our own biology and the design of the systems that span our planet as well.

At some point, there is no return on the investment of perfect design.

It seems our entire world is underpinned by “perfect is the enemy of good.”

- https://cosmosmagazine.com/science/human-egg-cells-are-imper...

- https://biology.mit.edu/revealing-an-imperfect-actor-in-plan...

- https://news.harvard.edu/gazette/story/2020/04/human-knee-ev...

Most complex systems don't work correctly. They just don't fail catastrophically very often. They fail in small ways instead. A lost user account, an incorrect payment, a missing parvel, a poorly routed call. These things happen regularly - millions of times a day in fact - but out of hundreds of billions of interactions its hard to notice them.

We're so used to things failing we stop noticing and think slightly broken is the same as working properly. That's kind of OK until it's your payment, or your parcel, or your account.

> More like, this is the state of software in 2023.

I don't believe it's ever been any different.

It's not that hard to not fuck up that bad. It's hard for PMs to accept the cost of it preemptively though.
Somehow thousands of passenger flights happen every day and the planes don't fall out of the sky.

Perhaps it's possible to do better.

How old do you suppose that software is?
There are hundreds of different pieces of software used every day to keep planes flying, both on the aircraft and on the ground.
Given what it costs to make software for planes, maybe the status quo isn't so bad.
And yet someday we may look back and see this as the good old days.
Maybe this incident was an accident, untargeted random, or purely recreational trolling, but a couple questions...

Was this one of those Federal Reserve events in which (if retail investor news is to be believed) the slightest facial twitch can move the stock market in microseconds?

What kinds of public/semi-public meetings/events can be disrupted by Zoom bombing, with effects such that often someone will have huge financial incentive to do it?

The only fed meeting in history that was not boring
Anyone involved in deciding the federal reserve should be immediately fired.
Haha I can’t even correctly type my online rants given how busy I am now. I meant to say … anyone deciding to use Zoom should be fired. Search for the security history of that app, particularly as it pertains to their macOS version …
why did they use a meeting (every participant is visible) instead of a webinar (only presenter's video is visible)?
So... Someone at the Federal Reserve didn't set up their zoom meeting correctly and an opportunistic prankster entered stage right and made them all embarrassed. This is barely a story other than where it happened. They should be happy it wasn't worse. And maybe bring on a few more interns to help with the setup.
Jeesh. It's not that hard to setup a Zoom meeting to avoid this sort of thing. I recently had to setup 13 separate Zoom rooms all with 10 breakout rooms with these restrictions to avoid this soft of thing.
But keep in mind, you clearly have a lot of experience using zoom. Whoever set this up may not have done it very often. If you're new to it, none of this stuff is obvious.
>A few minutes before the event was to start, one participant using the screen name "Dan" began displaying graphic, pornographic images,

Dan the 1st, Dan the 2nd ? When every Dan can connect to your meeting, you have bigger problems.