Three Mile Island Memories 309
theodp writes "Thirty years after the partial nuclear core meltdown at Three Mile Island, Robert Cringely describes the terrible TMI user interface, blaming a confluence of bad design decisions — some made by Congress — for making the accident vastly worse. While computers could be used to monitor the reactor, US law prohibited using computers to directly control nuclear power plants — men would do that. So, when the (one) computer noticed a problem, it would set off audible and visual alarms, and send a problem description to a line printer. Simple, except the computer noticed 700 things wrong in the first few minutes of the TMI accident, causing the one audible alarm to ring continuously until it was shut off as useless. The one visual alarm blinked for days, indicating nothing useful. And the print queue was quickly flooded with 700 error reports followed by thousands of updates and corrections, making it almost instantly hours behind. The operators had to guess at what the problem was."
I, for one, welcome our new regulator overlords. (Score:2, Interesting)
Obama's 'new regulatory framework for the 20th century' crowd: Choke on that please.
Re: (Score:2)
Re: (Score:3, Interesting)
As I tire of pointing out and people never tire of not understanding, lack of regulation does not mean free-for-all, might is right or whatever.
An unregulated nuclear industry does not mean plants can pour waste in other people's property. Since governments regulate commons they must either take responsibility to ensure they are not destroyed or privatize them to internalize the externalities.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
You are aware, of course, that under american and british law, this results in unlimited shareholder liability, aren't you?
Or are you just parroting ignorant claims about how corporate law and liability works.
AFAIK, there has *never* been a time or an anglo-american jurisdiction in which a corporation inadequately capitalized for the business which is entering does not leave its shareholders liable.
But then, I'm just an attorney.
hawk, esq., not offering this as legal advice. If you need that, pay for it, r
Re: (Score:3, Interesting)
to adapt a suggestion given by a libertarian acquaintance years ago . . .
Never mind government regulation. Require a half-trillion dollar liability policy. The insurance company will regulate far tighter and more effectively than the government.
hawk, who isn't advocating this, but finds it an interesting proposal
Re: (Score:3, Insightful)
Re: (Score:2)
So the problem @TMI was TMI. (Score:3, Interesting)
So the problem with Three Mile Island (TMI) was Too Much Information (TMI). But I didn't read the article, as that would have been TMI.
Re: (Score:2)
So the problem with Three Mile Island (TMI) was Too Much Information (TMI). But I didn't read the article, as that would have been TMI.
Sounds much closer to a breach of the KISS protocol.
Ugh. (Score:2)
And because of this insignificant little incident that killed nobody, and had little to no effect on the health of people near it, nuclear power, a safe, clean, mature power generation technology, was (and continues to be) drastically set back. It's stuff like this that makes me worried that humanity as a whole will be just too incredibly stupid to make it through this century without killing ourselves in one of many ways.
Re: (Score:2)
True and it made a so so movie a smash hit and convinced millions of people that a work of fiction was a documentary.
Re: (Score:3, Interesting)
If you read the article, you'd realize it was a very significant wake up call. Death was narrowly avoided because the reactor containment vessel was over-engineered compared to the typical design. The tragedy is that the lesson the public learned was that nuclear power was too dangerous to use at all, when the reality was that it was poorly designed and mismanaged.
Re: (Score:2)
Sounds like it was engineered just right. Bean-counters often use "over-engineered" when something is built to withstand the rare but serious malfunctions. Instead, they'd rather things be built to be "good enough" to run fine most of the time. Problem is, a minor issue can become a critical one if you don't build your devices to withstand the rare but serious issues.
For example, a failover server setup is 100% overbu
Re:Ugh. (Score:5, Informative)
Sounds like it was engineered just right. Bean-counters often use "over-engineered" when something is built to withstand the rare but serious malfunctions. Instead, they'd rather things be built to be "good enough" to run fine most of the time. Problem is, a minor issue can become a critical one if you don't build your devices to withstand the rare but serious issues. For example, a failover server setup is 100% overbuilt...until the primary fails.
But it wasn't engineered this way to secure it against a partial meltdown. It was above average for reactor containment vessels actually in use at that time, and the average containment vessel would have failed. The only reason it was able to withstand it was that it happened to be on the final approach path of a former airforce base, and had originally been engineered to withstand a bomber crashing into it.
Re: (Score:2)
Honestly, I thought Cringely's decision to try and tie TMI to the current financial crisis was a bit of a stretch, but it applies perfectly here. TMI officials took a huge risk [coulda wiped out a bunch of the Northeast] and only avoided catastrophe because of luck (the reactor had a strong than normal containment vessel.)
Wall Street basically did the same the mortgage boom -- they just lost the bet. Now we're all paying.
Where both failed was properly planning for what happened when something really went wr
Tech is more than the machine (Score:2)
Technology is more than the machine.
If you don't know what is going on and you are clearly not in control your system has failed - catastrophically.
The TMI cleanup started in August 1979 and officially ended in December 1993, having cost around US$975 million. From 1985 to 1990 almost 100 tons of radioactive fuel were removed from the si
Re: (Score:2)
Coincidentally, a billion dollars is almost exactly the value of the oil burned by the US every single day, at $50/barrel.
Re:Insignificant? (Score:2)
There was a partial core meltdown. That, no matter how you choose to define it, it NOT insignificant.
Re: (Score:2)
>managed to turn your everyday joe against it too.
Nah, "Everyday Joe" here, and I'm a 100% supporter of nuclear power, even though I was 17 miles away from TMI throughout the whole incident. Knowing then what we now know, I'd have probably edged a little further away.
I'm sure TMI pushed a few fence-sitters over the edge. Not enough to make a vast difference, though, in my view. Feel free to break ground in my back yard for a new plant as early as Monday morning. I'll go move my car so the trucks can
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not really. It's SERIOUSLY hot for a couple of days at most. After that, it's hot enough to be dangerous to sleep on or eat, but otherwise not a big deal.
After the decade it's supposed to sit in a cooling tank before it is shipped off to a storage site (which doesn't exist, since noone wants it around), it's still something you don't want to eat, but sleeping on a pile of it is no big deal, as long as you use clean s
Three-Mile Island (Score:4, Insightful)
Never has the gravity of an accident (of any kind) been so exaggerated. Before or after.
Re: (Score:2)
Yes, exactly. Three Mile Island was used for years by the environmentalists to "prove" that nuclear power was unsafe, and effectively consisted of a bomb just waiting to go off. If they wanted a disaster, they should examine Chernobyl.
Granted, we learned much about what worked--and what didn't--but I should think that Three Mile Island ought to be praised as successful! It averted creating a much worse disaster with cons
Re: (Score:2)
I think people don't like nuclear because they don't understand how vastly much safer and cleaner it is than where the bulk of our power comes from today. Whether it's different from a bomb is pretty irrelevant. Some care about environmental damage and some care about personal danger; nobody cares precisely where it comes from.
Re: (Score:2)
Well that and there is a lot of money to be made in stopping it.
Coal companies hate it.
And hundreds or thousands of "activists" had made a good living protesting it.
Re: (Score:2)
Yep its safe. You can you build at least 30 miles away from where i live
Re: (Score:2)
Re: (Score:2)
If it was small enough and easy to maintain, I'd probably pay to build a micro nuclear power plant in my back yard. It'd have the added advantage of heating the pool from runoff water.
Re: (Score:2)
David Hahn [wikipedia.org], is that you?
Re: (Score:3, Interesting)
Yep ... and as I think I posted once before in another Slashdot topic, I actually work with a guy who used to be an engineer at the firm that was ordered to make some piping for the Three Mile Island reactor, on a "rush" basis, when the problems first started there.
He claims he spoke with people at the reactor site, asking them "How could something like this happen in the first place?" and was taken off to the side, and told that it would take a very specific sequence of adjustments to a number of valves to
Re: (Score:2)
People don't like nuclear mainly because of the problems of disposing the waste, and of decommissioning the plants when they reach the end of their lives.
Re: (Score:2)
Fundamentally radioactive transuranic waste with a half life of 220,000 years is why I don't like nuclear power.
And the solution to the long-lived nuclear waste is to build breeder reactors [wikipedia.org].
India and Japan are going to kick everyone's butt in this area. If the rest of the world doesn't embrace this technology, India and Japan (and perhaps Russia and China) will have the cheapest energy in the world.
Re: (Score:2)
It's possible to build gas-cooled (helium) breeder reactors or molten salt reactors.
It's an engineering problem and it can be solved.
Re: (Score:2)
The stuff we pull out of the ground has a half life of millions of years and if accidentally inhaled or consumed, just as deadly.
The earth is chock full of radioactive goodness, and you're terrified of the fact that we're harnessing it? I don't get it.
If you consider radioactive material safe when it's in a mine, why is it suddenly no longer safe when we put radioactive waste into a mine shaft?
Time for rehabilitation camp for you... (Score:2)
Just step away from the facts and assume the position. You are going to be rehabilitated so you can increase your herd stampede skills, and improve your fear mongering tactics. We will make you into a more compliant citizen...just another brick in the wall.
On a side note, when the plant was operating, the fishing near the cooling water outlet pipe in the river was great!
Re:Three-Mile Island (Score:5, Insightful)
How much radiation do we all absorb every single year due to the TONS of uranium and thorium oxide particles released by burning coal?
The modern environmentalist movement is the epitome of intolerant idealism. Fossil fuels are a horrible and destructive source of power and they really are slowly poisoning the planet and everyone agrees about this. But then why the hell won't you let us get away from them? We try to build new hydroelectric dams, and we hear about how the lake will destroy the local ecosystem. We try to build wind farms, but Ted Kennedy sues because they'll get in the way of his view and they kill birds. We try to build solar plants in the middle of the Mojave desert, and the Sierra Club protests. We try to ramp up solar cell production, even, and protestors are demonstrating because of the chemicals used in silicon processing. We try to build nuclear power plants, but despite one western incident (which resulted in at most almost no casualties) happening in fifty full years, a safety record probably unmatched by any other industry in history, you refuse. We try to build a repository to get rid of the waste, and Harry Reid stops it. I have not a single doubt in my mind that when the first commercial fusion plant opens, you will be protesting because some of its components will eventually become radioactive and need to be disposed of.
You demand that we engineers and scientists come up with a better alternative, then kick us in our faces every time because nothing is perfect. Nothing we ever come up with is ever going to be good enough, is it? Not even a magic-based reactor that poofs free electric out of nowhere! Well, welcome to real life. Enjoy your stay - America now burns more coal than ever because we aren't deploying the one presently-viable alternative (nuclear) that we have.
Re: (Score:3, Insightful)
What they *really* are against is corporations, not the environment. See, nuclear plants, dams, wind farms, etc. are all controlled by corporations, and the environmental movement *hates* that. What I don't get is why they're still ok with the old corporations that own the coal mines and coal/gas power production.
Being against corporations is fine, but don't pretend to be "environmentalists" if you aren't.
Re:Three-Mile Island (Score:5, Insightful)
It is odd that so many protest nuclear. Looking at things from an environmental standpoint, a modern fast reactor has high power density so it minimizes the land that must be bulldozed. It has no significant atmospheric emissions. Because of the nature of the waste, it won't be piled up outside waiting to leech into groundwater.
With reprocessing appropriate to a fast reactor, the waste is greatly reduced in bulk and remains dangerous for 500 years rather than thousands.
The 'spent' fuel rods currently in storage at existing nuclear plants contain 95% useful nuclear fuel if re-processed for a fast reactor. That means that building a fast reactor and keeping it fueled now would result in a net REDUCTION of nuclear waste.
Until now, reprocessing has been forbidden in the U.S. because it results in plutonium that could be diverted to weapons. The reprocessing to produce fuel for a fast reactor never produces suitable weapons material. The actinides that would make a bomb fizzle remain mixed with the plutonium at all times.
We have actually seen close to a worst case nuclear accident. A terrible reactor design where the operators did every don't in the manual. It was a terrible event to be sure, but from an environmental standpoint, it seems to have created a nature preserve. By comparison, TMI was frightening but caused no real harm.
Like the old saying goes... (Score:2)
Bad Computers! (Score:2)
While computers could be used to monitor the reactor, US law prohibited using computers to directly control nuclear power plants -- men would do that.
Given the state of automated control back in those days, that's not really a bad policy. Even today, aircraft autopilots (triply redundant) are not reliable enough so that Boeing requires that pilots must be able to disconnect them and fly manually.
Granted, UIs have improved immensely since mid 1960's technology. The 700 alarm problem is easily mitigated with modern SCADA systems that can distill such volumes of data and pinpoint a few possible root causes. But I don't think you want you'd want to automate
Re: (Score:2)
Even today, aircraft autopilots (triply redundant) are not reliable enough so that Boeing requires that pilots must be able to disconnect them and fly manually.
Rubbish. Pilots are there because people feel safer. And if the fly-by wire systems etc fail, your plane crashes, pilot or no pilot. So you have 2 modes of failure. If the pilot is insisting on flying into the ground and/or software bugs.
Commercial pilots are trained to work like a machine. I would be just as happy if they weren't there.
Re: (Score:2)
Not really knowing anything about the modern capabilities of auto-pilot systems, I'm curious what you think would have happened with the Hudson River incident if there had been no human pilot around.
Re: (Score:2)
Commercial pilots are trained to work like a machine. I would be just as happy if they weren't there.
I wouldn't, at least not right now. Any machine^H^H^H^H^Hsoftware doing a job is going to be limited by the imagination of the spec writers and developers, and (for trainable systems) by the situations the trainers thought to put the system through.
I wonder if anybody's built any machines that would have done as well as this guy? [wikipedia.org] Yeah, there's shitty pilots out there, but I'm still a big fan of having a biological "backup" available to override the machines, because (again, right now) they're still better
Re: (Score:2)
Commercial pilots are trained to work like a machine. I would be just as happy if they weren't there.
... if you happen to know anyone who can design an autopilot system that can account for nearly as many external/environmental variables as a human being -- I would too.
Re: (Score:2)
Anyways, airline pilots will be the last to go, after military recon pilots, bombers, cargo, and finally fighte
Re: (Score:2)
If you RTFA you would see the point the author makes of how simple nuclear reactors are in comparison to other much more complex automated processes AT THE TIME. Chemical plants, in his example.
Now you just can't compare automating flight to a nuclear plant. A plane autopilot is orders of magnitudes more complex.
I think the question is: do you really DON'T want to automate everything and run the risk of leaving any decision making to a poorly trained or just hungover operator?
Re: (Score:2)
Now you just can't compare automating flight to a nuclear plant. A plane autopilot is orders of magnitudes more complex.
Simpler. Been there, done that. Since the early days of 'two crew' flight decks and the requisite automation (757, 767, 747-400). I've also worked around (but not on) nuclear plants and their designers. The physics of a nuke may be simple, but the number of subsystems, alarms and whatnot in a plant is pretty substantial.
And when you put computers in charge ... (Score:2)
Jimmy Carter (Score:3, Interesting)
Our President at the time, Jimmy Carter, was also a micro-manager and a former nuclear engineer:
U.S. Navy reactor operators, the sort who served under Jimmy Carter in the 1950s,
Is not and never was a nuclear engineer, much less did he command a nuclear sub. He served as an enlisted man on several diesel-electric subs and started, but did not complete, a Naval class in nuclear engineering. He resigned from the Navy (as a lieutenant) before any nuclear subs were commissioned.
The FEMA guys were just plain stupid.
NO U
So, the computer notices things are wrong ... (Score:2)
If the alarm goes off in a nuclear plant, operating procedure should say: Check briefly if the computer is acting up, and then shut the whole frickin' plant down. Why wasn't it done? Let me guess: It costs a whole bunch of money. So, the accident happene
Re: (Score:2)
It's not entirely simple to shut a nuclear plant down... You can't just hit a few keystrokes and the thing turns off.
And with only one visual alarm, and one audible alarm, you have no clue what is happening.
Re: (Score:3, Interesting)
Don't let Cringely convince you that he actually knows anything about nuclear power plants--those guys had a whole room full of alarms, gauges, meters, etc., giving them a lot of info about the whole plant.
Shutting down the reactor could probably have been done by the operator within a couple of seconds by flipping a switch. IIRC, though, the automatic safety system shut it down at the beginning of the incident because it detected a situation that warranted it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
same shit happened in chernobyl - lack of useful information (and of course knowingly stupid design).
Re: (Score:3, Informative)
A nuclear plant isn't like a gas plant where you can turn off the tap.
If you have a nuclear reaction that is going out of control, then you have to get it in control. Shutting the plant down would mean you don't have the ability to use things like the control rods to do this.
Re: (Score:3, Informative)
If you think you can just "turn off the tap" at a gas plant, you are sorely mistaken. Pressures start to build when you do that, so if you block the gas off in one section, it will build in another. You've got a lot of systems to kill before you can turn off the gas - the source must go first, then at about the same time pumps pushing the gas along (these may be in the same spot, which makes that easier), then you can kill any processing systems along the way, and then you can close the tap.
If you DO have
Re: (Score:2)
Simple, except the computer noticed 700 things wrong in the first few minutes of the TMI accident, causing the one audible alarm to ring continuously until it was shut off as useless.
Yeah I don't quite get that bit either. And they *did* have an entire room full of monitoring equipment, not just a solitary line printer, so I'm not sure the computer's involvement is as big as Cringlely's making it out to be.
If the alarm goes off in a nuclear plant, operating procedure should say: Check briefly if the computer is acting up, and then shut the whole frickin' plant down. Why wasn't it done? Let me guess: It costs a whole bunch of money. So, the accident happened due to greed.
Well, no--the reactor was shut down automatically by the control systems at the outset of the incident. If I recall correctly, they were at near full power when some event caused a main turbine trip and then a reactor shutdown. Because of the sudden removal of steam load, and becau
Re: (Score:2)
Ah, there's a better description of the incident here [wikipedia.org], just so people don't have to take my crappy recollection at face value. :P
Re: (Score:2)
Re: (Score:2)
Bleh (Score:5, Interesting)
U.S. Navy reactor operators, the sort who served under Jimmy Carter in the 1950s, were selected primarily for their temperament. ... their Navy job--as at TMI--was to follow the manual. All knowledge was inside the book. So knowing the book was everything. Unfortunately knowing the book isn't the same as knowing the reactor. So knowing the book was everything. Unfortunately knowing the book isn't the same as knowing the reactor.
No. Just fucking no. There's a significant (and necessary) emphasis on following procedures and getting the books out for any planned change to the plant to make sure you're doing things right. But Cringely makes it sound like nuclear operators are just slightly trained mouth-breathers that only know how to look things up in the book and do what it tells them. I can't speak for the civilian training, but the Navy does NOT do things that way.
When something goes wrong, they depend on you having enough internalized knowledge about the plant, its controls, and its indicator systems to work out what's going on and (if necessary) do something about it. Once you've got stuff at least marginally under control, *then* you get the books out to check the applicable procedures to make sure you haven't forgotten something, and to figure out how to recover from whatever happened without causing any more problems.
The Navy puts a lot of effort put into making sure their operators know how and why things work the way they do. They would never have got to the 21st century with the track record they have if all they did was train people to look at the book.
Absolutely true (Score:2)
This time, it's not Congress' fault (Score:2)
This is just plain bad design, and not Congress' fault.
If this alarming system--with the same crappy design--had been "directly connected" to the controls, god knows what would have happened.
Re: (Score:2)
Regulation and Bean Counting (Score:4, Insightful)
I wasn't there so I can't say Cringely is wrong about the government regulation of nuclear power, however, I have worked in the semiconductor industry which utilizes some of the deadliest chemicals known to man and their are mandated regulations from various government agencies, EPA, OSHA, etc., that result in the controls, interlocks, and containment systems used to make the industry safe. I'm also pretty sure that the issue in Bhopal was more a lack of regulation than a lack of respect for the dangers. There should have been powerful laws and inspectors to shut down the plant before it killed thousands.
Where we both do agree is on the belief that we can expect more Bhopal and economic melt down events due to bean counter management. Over the past 20 years I've noticed a managerial shift towards a focus on cutting costs and less of a focus on the technology and science behind the manufactured products. In the past two years I've engaged in heated debates with peers and managers over the purpose and focus of engineering resources. Its seems that decision makers are forgetting that the core of a technology based manufacturing corporation is the technology not the cutting of fixed costs by reducing head count, wages, service contracts, etc. Accounting and business management are tools to support the core skills, they are not the core themselves. When accounting and business management undermines the ability of a technology based business to develop and manufacture the core technology of their business you can expect a gradual degradation of the business until it is no longer viable.
Just Plain Incompetance (Score:2)
"Computers! Error! Component Failure! Congress! Unpredicatble! etc, etc, etc. Excuses, excuses.
How hard can it be to monitor the temperature of a nuclear reactor? Apparently, this task is somehow beyond the competence of nuclear plant supervisors for some obscure reason. Blaming regulation is beside the point. A first year undergraduate engineering student would be able to build a reliable temperature monitor.
Re: (Score:2)
A first year undergraduate engineering student would be able to build a reliable temperature monitor.
Right. Because there are so many combinations of materials that can withstand temperatures in the thousands of degrees F and the intense neutron flux in a commercial reactor core for any prolonged period. Core status is measured by the temperature of the water entering and leaving the core - the core power can be calculated by how much the water heats up. Safety limits are usually given in terms of power, because the behavior has to be calculated.
Untrue (Score:2)
You sir - how good are you on thermocouple alloys that don't mind neutrons and containments which can withstand not only neutrons but variable corrosive conditions at high temperatures? It's not just a matter of sticking a stainless steel jacketed thermocouple i
US Naval Academy Curricula (Score:2)
Uh, I think the guy is needlessly cynical. I know a lot of Navy guys that run our nukes and, they do know them inside and out.
Comment removed (Score:5, Insightful)
Anyone remember Centralia?! (Score:4, Insightful)
I live about 15 miles away from TMI and I have for 20 years. I've never felt unsafe or felt like I was in danger. People seems to enjoy comparing TMI to being a potential Chernobyl, but there's simply no way that the two can even be compared.
On the other hand, head up to Centralia, PA where the whole town has been demolished because of a fire that has been running through the ignition of a natural, coal vein. A fire ignited some coal, and now the whole town has been abandoned, homes have been razed, there are very few buildings to speak of, there are dangerous leaks of carbon monoxide and other lethal gases, the ground has swelled and cracked from the heat, and this fire is expected to last 250 years.
Now
I always viewed both as procedural failures (Score:2)
In both cases (Chernobyl and TMI) procedure was violated or nonexistent for what the operators were trying to do. In Chernobyl's case, operational procedure was violated in several instances to conduct a test for which no procedure existed. In TMIs case, procedure was violated in tagging out pumps leading to a problem in which there was no procedure for diagnosis.
Neither plant would have been "inherently" unsafe or dangerous if operated within their design envelopes under established procedure. Once the hum
Re: (Score:2)
RBMK was inherently unsafe - a SCRAM operation may never ever produce a reactor explosion and this is what happened. also, the reactor was operated within the original design envelope (i read the original manual). after the explosion the manual was heavily rewritten.
Re: (Score:2)
MOD PARENT UP!! (Score:2)
Exactly right, this reactor type is inherently dangerous, and moreover, you can't overcome something inherently dangerous with procedure.
Re: (Score:2)
But Chernobyl DIDN'T scram.
They pushed the button for it, but when they did, the reactor was too far gone. The rod channels had warped, and the rods didn't go all the way in - only their graphite tips.
If they hadn't overheated it to the point of warping the rod channels, the rods would have gone all the way in and the reactor would have scrammed successfully.
Otherwise, even with the heavy rewriting of the manual, the design would still be unsafe, and they wouldn't still be operating today.
Government, what a shock (Score:2)
I'm not surprised at all that the Three Mile Island breakdown was ultimately caused by government. Legislation tends to have unforeseen effects like this. I'm sure the builders would've loved to put in computer control and this tragedy would've never happened. When, when will we learn, when?
Government, get out of the way.
Re:Job's got it right.... (Score:4, Insightful)
I don't blame the UI at all. I bleme the belief that the goal of an UI is to lower the required understanding (and thus salary) of the operators.
How the UI worked is irrelevant. Operators who understood what they were doing would have checked what needed to be checked, and taken the precautions the situation warranted, no matter what kind of warnings were lost because of a bad UI.
Alas, the way for an electric company CEO to get big bonuses isn't by spending more money on smart people, but cutting costs which makes the short-term investors happy. So they spend $50k on an idiot-proof interface, and hire an idiot. The problem is that Nature is a whole lot better of churning out interface-proof idiots than programmers are at making idiot-proof interfaces.
It's high time that Western society started valuing knowledge and understanding again, and not just ability to study for requirement tests. Reinstate the journeyman/master system and accredited guilds, and ditch college diplomas as the worthless piece of gilded paper they are.
Re:Job's got it right.... (Score:5, Insightful)
If your user interface lags behind by two hours and the UI is the only way to find out about the extremely complicated and intricate details coming out of a myriad of sensors that are inaccessible to people for safety reasons... I suppose you might be entirely wrong.
In this case, yes, the user interface was necessary for the operators to do their job. Are you going to tell me that submarine operators should rely on their "gut feeling" rather than a measurement of external pressure or depth to determine whether the submarine is safe? These are jobs that can't be done by even the most skilled operator because the information is completely walled off from them for the safety and integrity of the facility.
As far as I can tell, you're advocating that we should hire psychics to determine the safety of the nuclear plant and pay them exorbitantly because spending a single dime on a good interface is wasted money. Sometimes, a $50,000 idiot proof interface is exactly what's called for, rather than intentionally using outdated technology and hoping a printer will provide information fast enough to prevent imminent disaster.
Re: (Score:3, Insightful)
I am telling you that the operators should rely on their understanding of, interest for, and experience with the systems to make a decision what to check. Those who have merely been taught by the book or "given training" are incapable of this. They will be limited by what the book tells them, and fail to make the required decisions.
As they did at Three Mile Island.
The solution isn't to give the drones better training in being drones. It's not giving them a better interface. The solution is to not hire d
Re:Job's got it right.... (Score:4, Insightful)
Thats just wrong. For something as dangerous and deadly as a nuclear reactor, you practically want a monkey to be able to figure out what they need to do.
You DO NOT require someone with a PHD to make the plant safe. You practically want the plant to be idiot proof and scram at the first blush of trouble.
By making it require (rare) operators that understand the plant as a systemic whole, you make them irreplaceable, and from a design for long long long term safety point of view thats just wrong. Over time, understanding of large complex systems at plants degrades, and with a plant lifetime of 20-50 years you will see whole generations change in the lifetime of the plant.
Re: (Score:3, Interesting)
Look fella, you just cannot have that requirement, that a person with full understanding of how the plant operates be on site at all times! What happens if the day shift all gets killed on the busride home from the company outing? or if there are say 10 guys who really have an understanding of the plant, and the plant gets bought out by some crap company and they decide to go pump gas for a living...
WHO WILL MAKE SURE THE PLANT IS SAFE THEN?
You have to design for the worst case.
Re:Job's got it right.... (Score:5, Insightful)
I think you got it backwards. They didn't want to withold information from humans or remove control from them, so they didn't automate enough and the humans in the loop got swamped with more than they could handle.
Re:Job's got it right.... (Score:4, Interesting)
This. Most of the US civilian nuclear power industry is, to say the least, heavily influenced by the military nuclear power industry and the cult of personality surrounding Admiral Rickover. If nobody is in control, nobody can be held accountable when the fan hits the shit.
Er, in what way is that "nobody is accountable" attitude reminiscent of the nuclear Navy? They're obsessive when it comes to accountability. Every time I saw any fecal matter hit a rotary device, they were pretty damn rigorous about getting to the bottom of it and finding out who did what.
Re: (Score:3, Funny)
Hey!
This is slashdot. Stop using facts to confront ignorant hysteria!
hawk
Re: (Score:3, Funny)
Why do you hate stockholders?
Re:Job's got it right.... (Score:5, Insightful)
Right. If I need a nuclear reactor managed, I'll call you. Good to know the old talent of understanding exactly what the state of a nuclear reactor is by looking at a rock isn't lost. I'm just going to go and plug myself into my other computer now and manipulate it with my mind. Screens and command lines are for pussies, I can feel what it's doing well enough.
Good or bad UI, it better present the information (Score:3, Insightful)
>Operators who understood what they were doing would have checked what needed to be checked
What needed to be checked was the level of water in the core.
There was no instrument for that. I'm not kidding. See _Safeware_, by Nancy Leveson.
(It's a harder problem than it sounds like, if you think about the conditions in the core, but still ...)
The operators, deprived of an accurate picture of what was happening, followed their training, which was to prevent overfilling the cooling system.
The UI failed on fun
The Operators Were Not Cheap (Score:5, Interesting)
I used to work in the nuclear power plant operator training industry. Believe me, whatever else those operators were, they were not cheap. The CEO could not skimp on salaries and hire idiots. In fact, in a time when $40K was an excellent salary, the training costs per operator was more than $1 million.
On the other hand, there were cultural obstacles. In Europe (Sweden), they hired engineers with masters degrees to become nuclear plant operators. In the USA, they were mostly high school grads who were union members and promoted from running older coal plants. Union politics, not merit decided who got promoted. They were not the best and brightest. Of course in Sweden they also attract the best and brightest to be civil servants. Can you imagine that happening here?
There are always plenty of suggestions as to where society should apply its best and brightest. It is much harder to place the worst and dumbest. Consider the bottom 25%. They have to have jobs. No matter where you assign them, the public will in some way be depending on those jobs being done well. So filling jobs becomes less of a question of rational allocation of resources, but more a matter of attractiveness and recruiting.
A plant operator must stand there and do nothing but monitor year after year, yet react swiftly and accurately in those rare seconds of pure terror, and then have the whole world second guess how well they did it. In addition, they have to do shift work for 24x7 operation. Most people think that it is a hell of an unattractive job. I think that the plant owners do a hell of a job trying to find and retain the best people they can get, and to enrich the jobs to make them less boring. It takes much more than deep pockets to succeed.
So you tell me. You play CEO and tell me how would you convince Google engineers to quit Google and become operators, and how many of the lower quartiles you would assign to invent Google. Convince those bright college students that they don't want to be environmental scientists, but nuclear power plant operators instead.
Re: (Score:3, Funny)
There are always plenty of suggestions as to where society should apply its best and brightest. It is much harder to place the worst and dumbest. Consider the bottom 25%. They have to have jobs.
I don't really think that it would be that hard to find jobs for the under-achievers:
1. President
2. Presidential advisers
3. Congress
4. Investment bankers
5. Actors and actresses
6. CEOs
7. Lawyers
I'm sure that I have missed a few key positions, feel free to help me out.
Re: (Score:2)
I'm not sure anybody would argue that UI is not important. The frustration stems from the fact that the UI is as important as it is, and is done as poorly as it often is.
I can't tell you the number of times I've had to figure out some arcane system just to change a minor setting. Hours have been spent tracking down a minor check box, because the UI was designed horribly.
Re:Job's got it right.... (Score:5, Informative)
See, See. UI is important!!!!
I'm a nuclear engineer and I think the use of the term UI for the control room is somewhat 'simplistic'. I personally think a major issue was over design in a certain area (redundant alarms), and lack of safety systems that would prevent the core from melting even with a LOCA in place. It was two hours after the shutdown when the fuel melting began at TMI-2. This was a scenario where the operators couldn't understand what was happening. Now from an operator's perspective (who sits in the operator room) you're not looking at a "UI" in the traditional CS sense. Here is an image of a control room: http://www.ornl.gov/info/ornlreview/v38_1_05/images/a11_controls_full.jpg [ornl.gov] The events leading up to the disaster started on the secondary side (non-core) leading to a LOCA (Loss of Coolant Accident). For those unfamiliar with the term "secondary side". The secondary side of a Nuclear Power Plant is similar to that of any power generating plant, meaning the secondary side does not contain the reactor core.
Re: (Score:3, Interesting)
That control room is very similar (if a bit larger and whiter) to the control rooms in gas plants, oil rigs, and pump/flow stations in oil fields today. The stuff may seem old as heck, but really a lot of that stuff you can't just replace with a fancy new computer. The best you can do in the control room is upgrade to digital displays and consolodate sections a little bit. But that may not even be ideal, because the analog systems will be able to run for a lot longer during a power failure than a digital
Re:Job's got it right.... (Score:4, Funny)
tmi2> sshutdown -r now
sshutdown: Command not found.
tmi2> halt -c
halt: invalid option: -c
Try `halt --help' for more information.
tmi2> help halt
help: Command not found.
tmi2> shut it down, damnit!
shut: demand not found.
tmi2> assume nuclear defense position
assume: Command not found.
tmi2> stick your head between your legs
stick: command not found.
tmi2> *%&*^&$
[from system: system going down for meltdown NOW!]
[from system: assume nuclear defense positon]
[from system: stick your head between your legs and kiss your ]
***line down***
Re: (Score:2)
For a moment there I thought you were talking to power plant operators, reminding them to read the error messages being displayed. And thinking "Yeah, if only they had some user driven 'system failure' moderation, they wouldn't be in as much trouble.
Re: (Score:2)
Well, someone has to manage all the non-technical stuff. I certainly do not want to be caught in a stall with not a square to spare; or go to the cafeteria to find they are all out of soup crackers, or worse yet, coffee.
Re: (Score:2)