Three Mile Island Memories 309
theodp writes "Thirty years after the partial nuclear core meltdown at Three Mile Island, Robert Cringely describes the terrible TMI user interface, blaming a confluence of bad design decisions — some made by Congress — for making the accident vastly worse. While computers could be used to monitor the reactor, US law prohibited using computers to directly control nuclear power plants — men would do that. So, when the (one) computer noticed a problem, it would set off audible and visual alarms, and send a problem description to a line printer. Simple, except the computer noticed 700 things wrong in the first few minutes of the TMI accident, causing the one audible alarm to ring continuously until it was shut off as useless. The one visual alarm blinked for days, indicating nothing useful. And the print queue was quickly flooded with 700 error reports followed by thousands of updates and corrections, making it almost instantly hours behind. The operators had to guess at what the problem was."
Job's got it right.... (Score:1, Insightful)
See, See. UI is important!!!!
(Stares complacently at his Mac)
Three-Mile Island (Score:4, Insightful)
Never has the gravity of an accident (of any kind) been so exaggerated. Before or after.
Re:Job's got it right.... (Score:4, Insightful)
I don't blame the UI at all. I bleme the belief that the goal of an UI is to lower the required understanding (and thus salary) of the operators.
How the UI worked is irrelevant. Operators who understood what they were doing would have checked what needed to be checked, and taken the precautions the situation warranted, no matter what kind of warnings were lost because of a bad UI.
Alas, the way for an electric company CEO to get big bonuses isn't by spending more money on smart people, but cutting costs which makes the short-term investors happy. So they spend $50k on an idiot-proof interface, and hire an idiot. The problem is that Nature is a whole lot better of churning out interface-proof idiots than programmers are at making idiot-proof interfaces.
It's high time that Western society started valuing knowledge and understanding again, and not just ability to study for requirement tests. Reinstate the journeyman/master system and accredited guilds, and ditch college diplomas as the worthless piece of gilded paper they are.
Re:Job's got it right.... (Score:5, Insightful)
If your user interface lags behind by two hours and the UI is the only way to find out about the extremely complicated and intricate details coming out of a myriad of sensors that are inaccessible to people for safety reasons... I suppose you might be entirely wrong.
In this case, yes, the user interface was necessary for the operators to do their job. Are you going to tell me that submarine operators should rely on their "gut feeling" rather than a measurement of external pressure or depth to determine whether the submarine is safe? These are jobs that can't be done by even the most skilled operator because the information is completely walled off from them for the safety and integrity of the facility.
As far as I can tell, you're advocating that we should hire psychics to determine the safety of the nuclear plant and pay them exorbitantly because spending a single dime on a good interface is wasted money. Sometimes, a $50,000 idiot proof interface is exactly what's called for, rather than intentionally using outdated technology and hoping a printer will provide information fast enough to prevent imminent disaster.
Regulation and Bean Counting (Score:4, Insightful)
I wasn't there so I can't say Cringely is wrong about the government regulation of nuclear power, however, I have worked in the semiconductor industry which utilizes some of the deadliest chemicals known to man and their are mandated regulations from various government agencies, EPA, OSHA, etc., that result in the controls, interlocks, and containment systems used to make the industry safe. I'm also pretty sure that the issue in Bhopal was more a lack of regulation than a lack of respect for the dangers. There should have been powerful laws and inspectors to shut down the plant before it killed thousands.
Where we both do agree is on the belief that we can expect more Bhopal and economic melt down events due to bean counter management. Over the past 20 years I've noticed a managerial shift towards a focus on cutting costs and less of a focus on the technology and science behind the manufactured products. In the past two years I've engaged in heated debates with peers and managers over the purpose and focus of engineering resources. Its seems that decision makers are forgetting that the core of a technology based manufacturing corporation is the technology not the cutting of fixed costs by reducing head count, wages, service contracts, etc. Accounting and business management are tools to support the core skills, they are not the core themselves. When accounting and business management undermines the ability of a technology based business to develop and manufacture the core technology of their business you can expect a gradual degradation of the business until it is no longer viable.
Comment removed (Score:5, Insightful)
Re:Job's got it right.... (Score:5, Insightful)
I think you got it backwards. They didn't want to withold information from humans or remove control from them, so they didn't automate enough and the humans in the loop got swamped with more than they could handle.
Anyone remember Centralia?! (Score:4, Insightful)
I live about 15 miles away from TMI and I have for 20 years. I've never felt unsafe or felt like I was in danger. People seems to enjoy comparing TMI to being a potential Chernobyl, but there's simply no way that the two can even be compared.
On the other hand, head up to Centralia, PA where the whole town has been demolished because of a fire that has been running through the ignition of a natural, coal vein. A fire ignited some coal, and now the whole town has been abandoned, homes have been razed, there are very few buildings to speak of, there are dangerous leaks of carbon monoxide and other lethal gases, the ground has swelled and cracked from the heat, and this fire is expected to last 250 years.
Now
Re:I, for one, welcome our new regulator overlords (Score:3, Insightful)
Re:Job's got it right.... (Score:5, Insightful)
Right. If I need a nuclear reactor managed, I'll call you. Good to know the old talent of understanding exactly what the state of a nuclear reactor is by looking at a rock isn't lost. I'm just going to go and plug myself into my other computer now and manipulate it with my mind. Screens and command lines are for pussies, I can feel what it's doing well enough.
Good or bad UI, it better present the information (Score:3, Insightful)
>Operators who understood what they were doing would have checked what needed to be checked
What needed to be checked was the level of water in the core.
There was no instrument for that. I'm not kidding. See _Safeware_, by Nancy Leveson.
(It's a harder problem than it sounds like, if you think about the conditions in the core, but still ...)
The operators, deprived of an accurate picture of what was happening, followed their training, which was to prevent overfilling the cooling system.
The UI failed on functionality, and even if it had succeeded there, ease of use saves time and bandwidth in a crisis.
Re:Three-Mile Island (Score:5, Insightful)
How much radiation do we all absorb every single year due to the TONS of uranium and thorium oxide particles released by burning coal?
The modern environmentalist movement is the epitome of intolerant idealism. Fossil fuels are a horrible and destructive source of power and they really are slowly poisoning the planet and everyone agrees about this. But then why the hell won't you let us get away from them? We try to build new hydroelectric dams, and we hear about how the lake will destroy the local ecosystem. We try to build wind farms, but Ted Kennedy sues because they'll get in the way of his view and they kill birds. We try to build solar plants in the middle of the Mojave desert, and the Sierra Club protests. We try to ramp up solar cell production, even, and protestors are demonstrating because of the chemicals used in silicon processing. We try to build nuclear power plants, but despite one western incident (which resulted in at most almost no casualties) happening in fifty full years, a safety record probably unmatched by any other industry in history, you refuse. We try to build a repository to get rid of the waste, and Harry Reid stops it. I have not a single doubt in my mind that when the first commercial fusion plant opens, you will be protesting because some of its components will eventually become radioactive and need to be disposed of.
You demand that we engineers and scientists come up with a better alternative, then kick us in our faces every time because nothing is perfect. Nothing we ever come up with is ever going to be good enough, is it? Not even a magic-based reactor that poofs free electric out of nowhere! Well, welcome to real life. Enjoy your stay - America now burns more coal than ever because we aren't deploying the one presently-viable alternative (nuclear) that we have.
Re:Three-Mile Island (Score:3, Insightful)
What they *really* are against is corporations, not the environment. See, nuclear plants, dams, wind farms, etc. are all controlled by corporations, and the environmental movement *hates* that. What I don't get is why they're still ok with the old corporations that own the coal mines and coal/gas power production.
Being against corporations is fine, but don't pretend to be "environmentalists" if you aren't.
Re:I, for one, welcome our new regulator overlords (Score:3, Insightful)
Re:Three-Mile Island (Score:2, Insightful)
Re:Job's got it right.... (Score:3, Insightful)
I am telling you that the operators should rely on their understanding of, interest for, and experience with the systems to make a decision what to check. Those who have merely been taught by the book or "given training" are incapable of this. They will be limited by what the book tells them, and fail to make the required decisions.
As they did at Three Mile Island.
The solution isn't to give the drones better training in being drones. It's not giving them a better interface. The solution is to not hire drones.
Re:Job's got it right.... (Score:4, Insightful)
Thats just wrong. For something as dangerous and deadly as a nuclear reactor, you practically want a monkey to be able to figure out what they need to do.
You DO NOT require someone with a PHD to make the plant safe. You practically want the plant to be idiot proof and scram at the first blush of trouble.
By making it require (rare) operators that understand the plant as a systemic whole, you make them irreplaceable, and from a design for long long long term safety point of view thats just wrong. Over time, understanding of large complex systems at plants degrades, and with a plant lifetime of 20-50 years you will see whole generations change in the lifetime of the plant.
Re:Three-Mile Island (Score:5, Insightful)
It is odd that so many protest nuclear. Looking at things from an environmental standpoint, a modern fast reactor has high power density so it minimizes the land that must be bulldozed. It has no significant atmospheric emissions. Because of the nature of the waste, it won't be piled up outside waiting to leech into groundwater.
With reprocessing appropriate to a fast reactor, the waste is greatly reduced in bulk and remains dangerous for 500 years rather than thousands.
The 'spent' fuel rods currently in storage at existing nuclear plants contain 95% useful nuclear fuel if re-processed for a fast reactor. That means that building a fast reactor and keeping it fueled now would result in a net REDUCTION of nuclear waste.
Until now, reprocessing has been forbidden in the U.S. because it results in plutonium that could be diverted to weapons. The reprocessing to produce fuel for a fast reactor never produces suitable weapons material. The actinides that would make a bomb fizzle remain mixed with the plutonium at all times.
We have actually seen close to a worst case nuclear accident. A terrible reactor design where the operators did every don't in the manual. It was a terrible event to be sure, but from an environmental standpoint, it seems to have created a nature preserve. By comparison, TMI was frightening but caused no real harm.