This is a fundamental organizational and societal problem. An engineer would look at the situation and think "what is the best way to get the failure rate below a tolerable limit?" But a lawyer looks at the situation and thinks "how do I minimize liability and bad PR?" and a bureaucrat thinks "how can I be sure the blame doesn't land on me when something goes wrong?" And the answer to both of those questions is to throw an alarm on absolutely everything. So if there is a problem they can always say "our system detected the anomaly in advance and threw an alarm." Overall the system will be less safe and more expensive, but the lawyer's and bureaucrat's problems are solved. Our society is run by lawyers and bureaucrats, so their approach will win out over the engineer's. (And China's society is run by engineers, so it will win out over ours.)

Useless warnings are a great CYA tactic.

THe more of them you have, the more likely it is that there's a warning if something happens. Whether the warning is ever noticed is secondary, what matters is the fact that there was a warning and the operator didn't react to it appropriately, which makes the situation the fault of the operator.

The criticality of the alerts should be classified, and presented with the alert. Users should have the ability to filter non-critical messages on certain platforms.

Unfortunately, some systems either don't track criticality, or some of the alerts are tagged with the wrong level.

(One example of the latter is the Ruckus WAP, which has a warning message tagged at the highest level of criticality, so about two or three times a month, I see the critical alert: "wmi_unified_mgmt_rx_event_handler-1864 : MGMT frame, ia_action 0x0 ia_catageory 0x3 status 0x0", which should be just an informational level alert, with nothing to be done about it. I've reported this bug to Ruckus a few times over the past five years, but they don't seem to care.)

I think it's regulated in places, as it was certainly an HMI concern ever since Three Mile Island. Our customer is really grilling vendors for generating excessive alarms. Generally for a system to pass commissioning it has to be all green, and if it starts event bombing after you're going to be chewed.

The only way for this kind of issue to be resolved is with regulation and safety standards.

Are you sure that's not what caused the problem in the first place? Unqualified and/or captured regulators who come up with safety standards that are out of touch with how the system needs to work in the real world?

I wonder if you could calculate a "probability of response to major alert" and make it the inverse of the total or irrelevant alerts. Then you get to ask "our probability of major alert saliency is onlt 6%. Why have the providers set it at this level, and what can we do to raise it?"

> Eventually, we tried removing the dialogs altogether and the incident rate approached zero. If you take away the guardrails completely, it radically alters the psychology and game theory around user interaction. Imagine climbing a tall building with multiple layers of protection vs having none at all.

I think there's evidence and studies on this. IIRC removing traffic lights forces people to be much more alert, reducing accidents.

Fun fact: Bhutan is perhaps the only country in the world without traffic lights!

In litigious countries confirmations and alerts also serve as a mitigation against lawsuits.

My gripe is with multi-layer approvals for permission request tickets. If it's only 1 layer, the only layer will make sure the person it's correct. However once there are >1 layer, each layer will think the other n-1 layers will check and turn out no one will check and blindly approve things...

> If you take away the guardrails completely, it radically alters the psychology and game theory around user interaction

Cool! Did workers expect consequences for incidents? Did they get rewarded for lack of incidents?

Meaning, I imagine a world where there are no consequences for incidents and removing guardrails doesn’t lower incident rates because people aren’t incentivized to care?

Or you’re saying they naturally cared and removing guardrails allowed them to take ownership?

This is a big topic in aviation. But the example you link to is about ACARS messages which are sent to the ground via data link, not visible to the crew.

The ECAM system is what displays issues to the crew. There is a lot of logic there on what to show and what to inhibit. For example some errors aren't shown during takeoff since it's more important to focus on safely starting the climb, they would only be shown once past 400ft altitude.

There is also a priority order based on criticality, they don't just show up in chronological order. Engine fire for example is a red warning and would always come above a yellow caution message. It's designed in a way where the results of the major problem (e.g. engine on fire, and then loosing electric power from that side) are lower priority than the problem itself.

Good alert deduplication and dependency rules are worth so much. "Dear alerting, don't start throwing a fit about those 600 systems over there if you can't even reach the firewall all traffic to those systems goes through". Suddenly you don't get throttled by your SMS provider for the volume of alerts it tries to send, and instead just get one very spicy message.

Snark aside, this also impacts resolution time, because done well, this instantly points out the most critical problem, instead of all the consequences of one big breaking. "Dear operator, don't worry about the hundreds of apps, the database cluster is down".

I think that you are confusing ACARS messages (those transmitted from the aircraft via airband radio or satellite) with ECAM messages (those that are displayed to the pilots). The former are mainly for operational reasons, for example so that ground engineers get forewarning of a failing component. ECAM messages are flight safety critical messages requiring pilot action and they are organised by priority.

ECAM messages are recorded by the DFDR/CVR but are not normally transmitted via ACARS. Pilots were not normally aware of ACARS messages (see MH370).

Your point is a fair one though. In the case of AF447 the crew, against their training, made no attempt at all to work their way through the multiple ECAM messages with the appropriate checklist so they died. The final report on QF32 shows what a high workload this can be.

Since AF447 was lost for nearly two years the ACARS messages were all that the investigators had to go on until they found the wreckage and the DFDR and CVR. Incidentally, one problem with those ACARS messages was that they are only timestamped to the minute and may arrive out of order which makes the interpretation of them more difficult.

This is the flight where one pilot tried to pull up to recover from the stall, and the warning for dual input (which Airbus just averages together) was snoozed by the system yelling about the other errors and was reduced to a light they didn't notice. The captain commented towards the end"no don't climb". The stall alarm was the one the system chose to display over all others and was mishandled (by the pilot who didn't know how to recover from a stall).

Boeing there's physical feed back, when one control moves so does the other.

This was not the first time pilots were having conflicting input without noticing.

>https://bea.aero/uploads/tx_elyextendttnews/annexe.01.en.pdf

It's hitting cars too. Our 2026 Chevy equinox has so many alarms and chimes that we have zero control over, the worst one has no notification of what its alerting us of.

As a pretty decent driver, this terrifies me, because I first think, "What am I missing?" But then it hits me - these alarms and chimes are breeding generations of drivers, not just young ones, who are grossly incompetent and should not be driving.

The fact that I cannot control what alarms go off is asinine. And they put a lock on how low you can turn the chime volume. So, basically, you're telling me that I have to harass my neighbors at 5 am when I load the car for work, because you want to chime nonstop when the door is open and I have zero control to turn it off or lower than the locked minimum. Oh, and don't forget the threats of voiding the warrantee if you dig deeper to disable anything. My favorite alarm and warning pops up randomly when you're driving, sometimes blocking the map, and it says something to the effect of, "Remember to stay focused on driving!"

I see this slipping into not just alerts and notifications, but also ads. Waze does not care if they block my directions by blasting an ad on part of my screen, which has absolutely caused me to miss exits since they don't want to tell you the exit ahead of time on longer strips, only, "drive for 45 miles"...

I see this like popups, and if industry can't handle themselves they need to be forced to stop doing this altogether and find a rework, since it's clearly affecting private and public machines that could burnout or kill people.

We talked about alarms and alarm fatigue often when considering whether to show an alarm and at what priority when I was involved in a medical device.

Ah, but you see, the alarms from the device I am building are most important, because somebody might sue me if I can't shift responsibility onto the user.

I rented a car last July, and I specifically picked out a small one because I wouldn't need to carry any cargo or passengers around.

As soon as I drove off the lot, 3 warning indicator lamps lit up, including "Tire Pressure" so I stopped at a service station, thought for a moment, then drove back to the rental lot.

The other indicator had something to do with crash protection, and I think we worked out how to disable the system. After putting air into my tires, I was good to go.

So I'm thankful that those lamps indicated some actual conditions. I always kind of make a point of taking out the Owner's Manual and leafing through it, however briefly, just to see that it covers everything. They're still fairly comprehensive. I really appreciate that.

My Volkswagen has assistance features which routinely fail on snowy days and can’t seem to be disabled. The best you can do is disable them for a minute (!) at which point they start blaring again. Its ironic because the time you need the most focus is the time the car lets you focus the least.

I had the misfortunate of needing to hire a car in the UK last year. Ended up with an entry level 2025 Kia (Ceed Estate). Compared with the 2012 Audi A4 I'm used to driving it was a nightmare.

Similar experience, lots of flashing and beeping which is just distracting whilst also being wrong often enough to be really annoying (this is a known problem with speed limits).

Exceeding the speed limit, needing to change gear and by far the worst, active lane assist which pushes you back into your lane if you cross the white line without indicating (I only found this out afterwards as the hire place didn't mention it or leave a manual) and something which can happen frequently if you're driving down narrow country roads where indicating wouldn't have seemed appropriate and may just confuse others.

I spoke to one of the mechanics at my local garage who said you can't permanently turn these features off as they turn back on when you start the car.

I wonder if anyone has who's had an accident caused by being distracted by all these alarms has successfully sued?

My car will beep every 15 minutes when the washer fluid is low. “Low” being some arbitrary value, and not even remotely close to empty. Last time it happened. I had just started on a long motorway drive on a clear day and it just pinged and pinged and pinged. The beep is actually louder and harsher than the emergency anti collision break alert.

I’ve also never used as much windscreen wash in any other car as I have in this one

Wait until you see an actual failure; you will get individual alerts for every dependent system as if the dependent system failed directly. A single communication glitch with the ABS for example will trigger 5+ alerts for ESP, lane keeping assist, and so on... and even things like the check engine light, despite the engine being totally fine and maybe just operating in a degraded mode.

We've gone so over the top on weather fearcasting. Just look out the window if you want to know what the weather is. Save the "the world is ending" messages for truly life-threatening, property-damaging weather (and no, temperature alone doesn't qualify---it's easy to know it's cold or hot by just stepping outside).

And those are all just timers.

11 might be a larger share of ships worldwide than you'd expect. The complete list of US-flagged privately-owned merchant ships is less than 200:

https://www.maritime.dot.gov/sites/marad.dot.gov/files/2025-...

Internalize gains, externalizing cost of events or accidents.