Fukushima Nuclear Worker Accidentally Toggles Off Cooling Pumps 190
An anonymous reader writes "A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 — thankfully a backup kicked in before any critical consequences resulted. The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools, filled nearly to capacity as they are with over 12,000 spent fuel rods? From the article: 'The latest incident is another reminder of the precarious state of the Fukushima plant, which has suffered a series of mishaps and accidents this year. Earlier this year, Tepco lost power to cool spent uranium fuel rods at the Fukushima Daiichi plant after a rat tripped an electrical wire.'"
Evidently not that vulnerable (Score:5, Insightful)
since a backup system kicked in to prevent any critical consequences.
Re:Evidently not that vulnerable (Score:5, Insightful)
I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.
Ideally you have no unexpected failures, and at least one redundant backup.
The sad thing about all this is that at least one of the Fukushima reactors began to fail before the tsunami even hit the buildings (due to the original quake). Would a simple quake now bring the rest of the system to failure state? Japan is an earthquake haven.
Re: (Score:2)
It's a spent fuel pool, not a reactor core, and even so the backup kicked in with short notice and even if it hadn't, other sensors would've likely flagged down the problem or tripped alarms if it had been left unattended for a very long time.
Re:Evidently not that vulnerable (Score:5, Interesting)
Can't speak directly about the japanese systems since they have some more modern stuff, but in the US they are *old*. We haven't started building a new plant since 1974 or a new reactor since 1977 (though they did start some new reactors at existing plants earlier this year).
The control rooms at these places are filled with tons of manual buttons and switches. Many of them look like this [cryptome.org]. I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password. Sure, switches might have those little covers you have to lift up to press a button, and the most important switches could be controlled with a key, but if somebody wants to push a button, it is getting pushed.
We hear a lot about how much reactor design has come along in the 35 years it has been since we last built one (just think about how long ago that was)...but don't forget that along with efficiency and physical safety, there have been a LOT of improvements in monitoring and control (only a fraction of which have been able to be integrated into the old plants).
Re: (Score:2)
One thing worth noting though is that often these systems use ancient control schemes.
That's not inherently a bad thing though - especially in this type of environment.
Re: (Score:2)
Actually, it is. Electronic gauges don't typically stick. Don't get me wrong, a mechanical backup should be mandatory so that an electronics failure doesn't result in being unable to get readings at a critical moment, but using them as the primary readout mechanism is a recipe for disaster [wikipedia.org].
Re: (Score:3)
I think the point they were trying to make, is that an electronic switch is a lot more fragile than a hardware switch. Electronics are particularly susceptible to damage from radiation, which is why you can't just send in robots to do all the cleanup work in a reactor accident. Chips get fried just like we do, sometimes even faster.
So technically, once you drag the irradiated corpses out of an analog control room, you'll be able to use the same switches that are already there. With electronic switches, t
Re: (Score:2)
The little cover is called a 'Molly guard.'
Molly was the daughter of the inventor. The name is quite literal: They were invented to guard switches from Molly.
Re: (Score:2)
Re:Evidently not that vulnerable (Score:5, Interesting)
One thing worth noting though is that often these systems use ancient control schemes.
The control systems were state of the art when it was built: In the early 80s. These reactors have a life expectancy of 50 years. They generally don't get a refit until halfway through that service life, when many of its non-structural components like pipes, tubing, turbines, and pumps, have degraded to the point that the ongoing maintenance cost exceeds the replacement cost.
I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password.
No, it has about a year's worth of training, and time in a simulator ensuring that every plant operator has a full and complete understanding of the machine they'll be working with. It also has multiple people checking each others' work. It also has ongoing training and random inspections by an independent government body, as well as regular inspections by management, to ensure operational safety and compliance with the protocols they were trained in.
You're right that a switch doesn't have a dialog box that pops up when you push it... but these buttons aren't being pushed by Joe Average just following a three ring binder. There has been only a handful of cases in which this training failed, and it took numerous failures at all levels to allow it to happen; And the systems these events happened at were immediately pulled from active service or retrofitted so that it couldn't happen again.
The nuclear industry's safety record is unmatched in the larger industry of energy production. Every year we tolerate a major oil spill. Every year we hear about gas stations experiencing catastrophic failure of safety systems leading to massive neighborhood-sized fireballs. We only hear about nuclear accidents about once every decade or so, and the majority of them result in a big mess and lots of costs for the plant operators, but do not endanger public safety or harm the environment.
All that said... Fukishima has been mismanaged from day one, and a lot of the failure is down to Japanese culture; An inability to be transparent and admit when there's a problem. This retiscence to work the problem is what led to the disaster, and what has since amplified the failure enormously.
The international community in the hours and days following the disaster repeatedly offered assistance, including the US Army Corp of Engineers, who were dispatched to an aircraft carrier who was sitting about 200 miles off the coast in international waters with a full team prepped and on standby, ready to assist in evacuation and containment efforts. These were some of the most highly trained people on the planet; They had each spent years training for it. They were a phone call and 30 minutes away by helicopter from being on the scene and ready to assist.
The phone never rang.
To this very day, the plant managers continue to underfund the cleanup and containment efforts. They continue to keep insufficient equipment and personnel onsite. They have no published plan on how they plan on cleaning up the affected area. Even the Russians, after Chernobyl, put their entire military into containment and isolation of the area... and while many people died, and they were not adequately trained, or equipped, they sent people in by the busload to try and stop it from getting worse. Now I'm not saying Japan should have done that... thrown away thousands of lives to a radiological inferno, like the Russians did... especially not when state of the art equipment and well-trained personnel were ready to assist and knew how to minimize the risk to life.
But I am saying this disaster has been made needlessly worse, much worse, because the Japanese government, their culture, and the corporate culture within TEPCO, are functionally incompetent. And there's no equipment on the planet that can fix what is essentially a problem between the ears of TEPCO management and Japanese government leaders.
Re:Evidently not that vulnerable (Score:4, Insightful)
I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.
Ideally you have no unexpected failures, and at least one redundant backup.
I think the bigger point here is that even though someone pressed the wrong button, the system didn't go into a catastrophic failure mode. You can't expect that every failure possiblity be prevented, only that no single failure leads to a catastrophic failure.
Re: (Score:3, Insightful)
Ideally you have no unexpected failures, and at least one redundant backup.
In this case, they did have redundant backups. The first backup plan was the one that automatically kicked in. The second backup plan, is that sometime over the next few minutes, hours, or days, but long before it was actually a problem, someone would have noticed that no water was being pumped, and would have turned the pumps back on. It would have only been a problem if left long enough for the cooling water to boil off, and that would have taken awhile. TEPCO has made a lot of big mistakes, but this
Re:Evidently not that vulnerable (Score:4, Insightful)
While I AM of the opinion that Fukushima remains a challenge and threat to entire humankind, these kinds of articles are not helpful. The backup system in this case is kind of irrelevant, but more so than that, now over 3 years since the reactor core was offloaded into the cooling pool, all calculations and evidence (from intentional, several days long cooling outages) points to that the pools could remain without cooling for weeks with no "critical consequences". Moreover, in such a case that something is amiss would be detected long before critical consequences allowing the situation to be rectified.
General consensus is that even in case of sudden loss of water in the pool, 3 years old irradiated fuel bundles could easily be cooled by air convection from their own heat alone, although for somewhat obvious reasons that hasn't been tested out. In addition radiation would then make working on the site even harder than now. The critical failure mode for this particular setup is loss of coolant with air convection blocked (such as by rubble from the initial explosion, or the temporary cover they had installed in the early months) or structural failure of the building in case of another earthquake in particular, or simply from the prior damage and ground subsidence due to groundwater changes etc. Or prompt criticality incident due to unfavorable geometry of the nuclear material from damage or attempts to remove the fuel bundles.
The occurrence of human error is, "human", but extremely worrisome in that they have zero margin of error once the removal of the fuel bundles from the pool starts in the coming months. Due to the sheer number of the bundles in the pool (1535 give or take), any chance of mistake would spell almost certain disaster. Even if they somehow press the chance of serious human error to 0,01 percent (one percent of one percent) per bundle the chance of everything running smoothly is 0,9999 to the power or 1535 or 85,8%, leaving a 14.2% chance of disaster for the whole operation. A worker allegedly failing in this basic task under less stressful circumstances isn't necessarily relevant, but it's tempting to consider it not boding well for the future prospects.
Re: (Score:2, Informative)
[Useful comment needed]
This isn't wikipedia, where people can trot out two simple words and feel justifiably smug, you know.
Re: (Score:2)
[Useful comment needed]
This isn't wikipedia, where people can trot out two simple words and feel justifiably smug, you know.
Exactly! This is where your trot out xkcd [xkcd.com] and feel smug!
Re: (Score:2)
[Useful comment needed]
This isn't wikipedia, where people can trot out two simple words and feel justifiably smug, you know.
Exactly! This is where your trot out xkcd [xkcd.com] and feel smug!
This is also where you pray that maybe the New Slashdot will feature an edit button.
Re: (Score:3)
Question is, how long do you want to rely on backups to save your ass when the primary problem is accidentally hitting a button? The backup's there as a just-in-case, but it's not something you really want to rely on happening just in case it happens to fail the one time.
Remember, there were a few emergency gensets set to supply power to the reactor cooling systems as well, but it seems a tsunami wiped out them out, and the ones it didn't
Re: (Score:2)
Re: (Score:2, Insightful)
Go hit the red button in your data center to see how vulnerable it is. it has a backup system I assume so it can't be that vulnerable.
Re: (Score:2)
the button to shut off the backup is on a wall right at butt level
Come here, I want to ass you some questions about the button locations.
Re: (Score:3)
One of their safety guys forgot to eat breakfast that morning. He relied on his backup reserve of stored fat to get him through until lunchtime, but that's not good enough, he could have kept forgetting to eat and what then? He runs out of stored reserves and starves to death, right there in the middle of conducting a safety examination.
Why if enough of the safety guys forgot to eat, every single one of them could die, and then there would be NONE left. No way in hell am I relying on a backup system tha
Homer! (Score:4, Funny)
It was homer simpson who did it.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3, Informative)
[3-eyed fish knowingly blinks its eyes (sequentially)]
Re: (Score:3)
DOH!!
The Boss (Score:2)
Who is this Homer Simpson??
Re: The Boss (Score:5, Funny)
Re: (Score:2)
/applaud
Re: (Score:2)
Didn't he write The Iliad?
I thought he wrote 2001: A Space Odyssey?
Re: (Score:2)
Thank goodness this isn't powered by Kinja.
Wow ... (Score:5, Insightful)
Am I imagining things, or does it sound like a nuclear plant is being operated by a company without the barest idea of how to do that?
Accidentally flipping off the cooling pumps in a nuclear plant sounds like something which shouldn't even be physically possible.
Re: (Score:3, Insightful)
Re:Wow ... (Score:4, Insightful)
Because they didn't know how to protect primary systems.
Re: (Score:3, Insightful)
Re:Wow ... (Score:5, Informative)
the U.S. Navy is one of the largest and one of the oldest operators of nuclear power plants (by hours critical) and has a spotless safety record
If you don't count there loss of the nuclear submarines USS Thresher and the USS Scorpion, the radioactive contamination of the USS Guardfish, or both the USS Puffer and the USS Proteus discharging radioactive water into the oceans.
Not to mention I am sure there are a number of other incidents that haven't been declassified yet.
I don't know how well the US Navy ranks amongst other operators of nuclear power plants, but "spotless" is not an accurate description. They may do very well comparatively and the overall harm may be minimal, but they have made their share of mistakes.
Re:Wow ... (Score:4, Informative)
In training we covered the incidents of the Thresher and the Scorpion, and neither will discharge anything of genuine concern around them. Even immediately following the shutdown of the reactors and assuming reactor coolant pumps and natural circulation failures, the decay heat would easily be absorbed by the sea water that would have filled the reactor compartment, thus it can safely be assumed that the core remained intact. The other areas that contain high amounts of contamination are the primary shield water tank, the ion exchanger, and the charcoal filters. These systems are closed systems designed to operate at incredibly high pressures and are made of very corrosion resistant materials. Although eventually leaks will form from corrosion, but the leakage would be very slow as there is not significant difference in densities, temperatures, pressures, etc, to cause rapid loss, and the leaks themselves would be quite small.
The other 'incidents' are more public embarrassment than actual environmental concerns. The 'radioactive' water that is discharged comes from the water that circulates through the reactor. Technically, there are radioactive contaminants that emit a small amount of gamma radiation. These contaminants are actually particles that will typically settle in the seabed, IIRC, and are typically borderline measurable in most plants as the water is continually circulated through an ion exchanger (resin bed) and an activated charcoal filter. However, the Navy is so anal it treats anything remotely contaminated as radioactive material. The 'father of Nuclear Power', Admiral Hyman Rickover, famously drank a glass of this water at a Congressional hearing to demonstrate how benign the water really is. I think it is also important to note that the Proteus is not a nuclear powered ship, but a sub tender.
Prior to some year, I forget which (1970, maybe?), the Navy would discharge all kinds of crap at sea, which is actually quite typical of many industries and nations even today. However, the Navy stopped discharge of highly radioactive materials, such as ion exchanger resin, and has set a fleet-wide goal to only discharge so much total annually, I think it's something like 50 Ci, and while I was in would regularly come in under that number.
'Radiation' can come from many other sources than nuclear power plants. I don't know if the limits have changed, but it used to be that coal plants would discharge far more radioactive materials than nuclear power plants, but this would never get mentioned anywhere except nuclear power propaganda. When we were going through our radiological controls training, we learned that porcelain dentures are among the highest sources that people are exposed to. One of the Navy's training facilities has a containment vessel built completely around a nuclear power plant, which is unusual, as containment usually only goes around the reactor compartment. This vessel was made of a material that contained a high amount of alpha radiation, and the subsequent painting with lead-based paint made the vessel itself a far higher in-practice contamination risk than the nuclear plant it contained! Keep in mind this is a product of the private contractor that build the vessel, not the Navy, and the vessel was quite old and built in a time when most people and organizations had less concern for such things.
Re: (Score:3)
In training we covered the incidents of the Thresher and the Scorpion, and neither will discharge anything of genuine concern around them.
I'm amazed you would take the Navy's word for that. Do you think they would really say "oh yeah, those two were ecological/radiological disasters, oops"?
Although eventually leaks will form from corrosion, but the leakage would be very slow as there is not significant difference in densities, temperatures, pressures, etc, to cause rapid loss, and the leaks themselves would be quite small.
And because it's far away under the sea that means a small leak is okay, right?
Re:Wow ... (Score:5, Insightful)
Keep in mind too, that the Navy is not interested in making a profit. It's goal is to keep it's resources available (afloat, underway and mission capable) under the most difficult circumstances. They can afford to have many times the number of people operating a power plant and they utilize their people to keep their plants operating sans automation. The Navy is not interested in being efficient either. They routinely power cycle their plants and burn though more fuel than they other wise would. They also are not risk adverse. In time of war, they would have no problem pushing their reactors beyond the design limits if the mission demanded it.
Electric power generation is about efficiency and safety. It's more efficient to automate and not pay operators, so they automate their plants, and operate within very narrow operating parameters. They are risk adverse and would rather scram a reactor and go off line than risk operating outside of their design limits.
The navy does have an enviable safety record. But what you really are saying is that the safety of nuclear power is really something to be trumpeted. Except for some research accidents, the worst US event in history was Three Mile Island and that was pretty much nothing. When you put Japan into the mix, things get more interesting, but who can really complain about that? The earthquake was well beyond design limits and even then the damage, while significant, is going to be manageable. It's just going to take a few decades for things to radioactively cool.
Re: (Score:2)
Totally agree with most of that. I think incredibly few captains would bother operating beyond a reactor's stated limits even in wartime. The reason is that you are really only going to get a few more RPM from your screws for an enormous percent increase in reactor power, and at those speeds, this results in only a marginal increase in actual speed of the ship. It just doesn't pay off, while the risks to the equipment are very real. It wouldn't do any good to have an important electrical component fail beca
Re: (Score:2)
My "Cycle the power" is just a theory based on things I can surmise. Electrical producers like to run their nuke plants at constant outputs for days, weeks, or months, a luxury I'm assuming is not necessarily one the Navy has. Power producers can run deep into their fuel cycles and by slowly lowering the power output can keep the xenon poisoning at bay, For the Navy would be an unacceptably risky portion of the fuel cycle, due to the "non mission capable" should a reactor be shutdown too quickly. You just
Re: (Score:3)
When you put Japan into the mix, things get more interesting, but who can really complain about that?
How about the people who were told "we designed this reactor to be safe in a country where there are frequent, large earthquakes and tsunami", but now find themselves forced out of their homes and communities? Seems like they have a genuine grievance.
Then there are the 120m other Japanese who are paying for the clean up. I'm sure they would rather not, and the promise of nuclear power bringing cheap energy is now completely impossible to achieve.
Re: (Score:3)
Accidentally flipping off the cooling pumps in a nuclear plant sounds like something which shouldn't even be physically possible.
The coolant pumps are not an internet service - they're heavy machinery operating in or near something dangerous. When heavy machinery goes wrong, it often does so energetically. That's why it's possible to shut them off.
Re: (Score:2)
It's sounds more like they're being operated by a Coal / Oil company that wants to see nuclear energy banned everywhere.
Just another sign of TEPCO's incompetence... (Score:4, Interesting)
That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.
Re:Just another sign of TEPCO's incompetence... (Score:4, Insightful)
That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.
If the Japanese government is anything like our government, (or most governments), suddenly tossing them into a critical situation in a plant they are not familiar with (which is already fundamentally compromised), is just BEGGING for a far worse Chinese fire-drill than is currently going on.
If it is in fact a political problem as you suggest, then implying that the government should do anything differently is pointless, because governments are, by definition, political.
Re: (Score:2)
No, this is an example of how you hear about this sort of trivia BECAUSE it's Fukushima.
Let's see. This particular incident reduces down to "minor operator error, safeguards worked as designed"....
Weird (Score:3)
That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?
Re: (Score:3)
It's like the trigger on a gun. The idea is that it's easy to operate when you need it, and the safety aspect is covered by responsible use. The problem is that in a crisis or the aftermath of one the systems and discipline break down.
Re: (Score:3)
Anybody who notices that they've started leaking badly, or throwing parts around, or otherwise misbehaving.
These are big machines operating in the real world. I, for one, am glad that they can be shut off quickly, though they shouldn't need to be.
Re: (Score:2)
Yeah, but who needs the idea to switch off the friggin' cooling pumps easily in the first place? I mean, unless one lives happily in hell the main risk of "spent" fuel rods is not that they do freeze over...
Well, do you want to be able to shut them down quickly when something goes wrong and instead of refilling the coolant they are pumping the radioactive water out of the cooling towers? Think of a swimming pool and its pump. A hose on the outside breaks, and instead of recirculating out and back into the pool, you just have something pumping water OUT of the pool.
Or what happens when your sensors pick up noise in the pumps. Do you want to shut them down quickly so that damaged bearing can be replaced and
Re:Weird (Score:5, Funny)
That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?
I suggest one more step in the process might be effective.
They need a slight reconfiguration of the Cooling Pump Switch [environmentteam.com]. It would be relatively cheap, and pretty much idiot proof.
Re: (Score:2)
I was envisioning a small guillotine but what was in your link would do...
Re: (Score:2, Funny)
Clippy: Hello! It looks like you are trying to shutdown the cooling pumps. Would you like me to:
- Shutdown the cooling pumps
- Turn out all the lights
- Turn off everything (default)
Re: (Score:2)
The simplicity of shutting down the pumps would have no safety-issue in a properly design system.
Many process control systems designers do levels of protection:
Level 3: Process Control
This level handles the normal operation of the plan. Regulates coolant flow to the pools and announces alarms if you get into a "high temp" state.
Most of the time Offshore in the oil business this level does not take any actions other than notifying the operator.
Level 2: Process Shutdown (PSD)
This level WILL take action on a "
Re: (Score:2)
That kind of thing sounds good to the armchair engineer... who never thinks that there might be situations where the pumps might need to be shut off in a hurry. Or of the facts that adding complexity failure modes - making the system less safe, not more.
Re: (Score:2)
It's a cooling system. If it leaks, it starts spraying radioactive high-pressure water around. I imagine the off switch is a big red button on the wall.
Re: (Score:2)
Depends how much of an emergency is needed.
I would think adding a couple other buttons or switches and requiring them to be toggled in sequence would add a much greater level of safety from accidental shut off while not requiring much more effort by an operate to execute when shit hits the fan.
Huh? (Score:5, Insightful)
'The latest incident is another reminder of the precarious state of the Fukushima plant...'
So something unexpected occurred, but automatic backups stepped in and prevented any negative consequences. While the plant may or may not be in a precarious state, this is hardly the example to be using for a FUD article. Hell, change the spin around and it could be used in a TEPCO press release showing how far they've come in stabilizing the situation.
Re:Huh? (Score:4, Funny)
The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools,
Did you also notice that this is pretty much how the Linux command line and programming is? One single button push can ruin your whole week. Yet, everyone here calls that a feature and blanches at Windows when it says "Are you sure you want to do this?"
I bet the engineer who pushed the button was a slashdotter... "ARE YOU SURE YOU WANT TO CAUSE A MAJOR NUCLEAR EVENT? y/N? _" ... oh fuck you, NukeOS, I know what I'm doing!
Re: (Score:2)
When someone fubars a server it tends not to release nuclear waste. On top of which they get fired, unlike TEPCO.
Re: (Score:2)
When someone fubars a server it tends not to release nuclear waste. On top of which they get fired, unlike TEPCO.
No, but the underlying psychology is the same; We want computers and equipment that do what we say without questioning it. Asking for confirmation insults our intelligence, whether you're a system administrator, or a nuclear engineer. This isn't about getting people fired, or slamming your religion of choice; This is about human nature, and where we draw the line between computers doing what we say and computers doing what's safe.
Re:Huh? (Score:5, Insightful)
They failed to train the employees properly and allowed a critical function to be operated by someone who clearly didn't understand it. In this instance the backup saved them, but relying on backups is not a good policy. To put it another way, they can't ignore this incident and simply rely on the backups in future, they have to take steps to correct it.
Re: (Score:2)
Pretty much every control system in the world relies on 'backups' for safety.
Building a system where the regular "process control" wont fail if equipment breaks is prohibitively expensive and is rarely done.
You build a system that works unless something breaks, then you add a second "Process Shutdown" or "Emergency Shutdown" system on top of that to handle all the safety functions.
For instance, at most oil rigs you have emergency shutdown solenoids on valves to the flare boom. If an emergency shutdown is tr
Re: (Score:2)
Pretty much every control system in the world relies on 'backups' for safety. Building a system where the regular "process control" wont fail if equipment breaks is prohibitively expensive and is rarely done.
You build a system that works unless something breaks, then you add a second "Process Shutdown" or "Emergency Shutdown" system on top of that to handle all the safety functions.
For instance, at most oil rigs you have emergency shutdown solenoids on valves to the flare boom. If an emergency shutdown is triggered these solenoids open the valves and normalize the pressurized systems. This ESD system logic is usually completely separate in function from the process control system. In essence it is what you could call a "backup" system.
Yes, backups are placed for safety purposes. No, that doesn't mean an incident hasn't occurred just because the backup system saved your ass. Relying on the backup system to cover for your incompetence just means that one day there will be a failure of the backup system and your incompetence will manifest at the same time. Then you will go from a near miss to possibly a catastrophe.
Here's a story from a while back in my career. I had a client with a RDBMS for running their service management. It was ho
No help for human nature (Score:2)
Every now and then, someone WILL lean against the wall and stumble back against the server room's Emergency Power Disconnect switch.
And the very next day, someone will fit a flip-up cover for it.
Where's the problem? (Score:4, Insightful)
A human made a mistake which was caught and corrected by an engineered system. Seems like a non-story.
Re: (Score:2)
I think it's a story in that it apparently only takes a single mistake to toggle off the cooling pumps. Even standard rack servers have bezels that keep you from accidentally powering them down unless you really mean to get to that part of the server.
Re: (Score:2)
I think it's a story in that it apparently only takes a single mistake to toggle off the cooling pumps. Even standard rack servers have bezels that keep you from accidentally powering them down unless you really mean to get to that part of the server.
It very likely did. What happened is that the worker was intentionally shutting down the power to some systems, but accidentally turned off the pumps. He could have been trying to turn off Pump Room #2 and accidentally flipped the switch for Pump Room #3. If he got the switches confused, a faceplate or bezel isn't going to stop it.
Re: (Score:2)
On the surface, yes, it does seem like a non-story. But there are some news to be had from it, both good and bad:
The good news is, as you pointed out, that the engineers that designed the system knew what they were doing. The bad news, however, is that the engineers that run the system, don't know what they are doing. Alas, stupidity always finds its way and it may be just a matter of time before a human mistake does not get caught by the engineered system. This story is a sign that something is wrong, and
Re: (Score:3)
I've been hearing bad things about Japan's nuclear industry for over a decade now. I personally think the best "minor" event was when a technician witnessed a criticality event outside of a reactor, while carrying the nuclear material in a metal bucket. He wasn't even aware of what the blue flash signified. I wasn't either, until that story, but I don't work with nuclear materials. The news stories surrounding this incident mentioned a number of minor to moderate handling violations. Ah, here's [wikipedia.org] a link
Disaster only strikes ONCE (Score:3)
Fukusima will never end.
Re: (Score:2)
Not during our lives. It's going to take a long time before things cool off enough to allow approaching the facility close enough to decommission it.
Hopefully we won't be seeing weekly updates on /. though..
Simpsons did it. (Score:2)
Darn that lousy Tibor!
Working as intended (Score:2, Insightful)
"A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 - thankfully a backup kicked in before any critical consequences resulted."
Um - that's what backups are for. Seriously, this is just another ignorant journalist generating controversy from thin air to get the site he works for some page views.
Re: (Score:3)
normally, that would be a proper reaction. but we're talking about a place that put their "main backups", the most critical safety system outside of containment, underground. asking to be flooded. I'd be very suspect about any of their backup systems
Re: (Score:2)
The terminology here is confusing to say the least. I highly doubt it was a "backup system" that did this. More likely process safety functions took over for process control functions...
Re: (Score:2)
A backup system doesn't know if the failure (lack of water flow, or change of level or temp, or whatever triggered them in this case) is caused by accident or actual failure - and that's proper design, because you want to rely on the backups activating regardless of the cause. A failure is a failure regardless of the cause.
if it was a operating plant, there would be alarms (Score:3)
but that didn't help the Three Mile Island operators any, now, did it?
you have to be at the top of your game to keep the dragons at bay in a nuke plant.
there is so much fouled up at Fukushima Daiichi that the training manuals and game plans are straight out the window and into the fire. this means you can't follow the manuals any more. and THAT means that a one-man job needs to be cross-checked at every step by somebody who is in position to monitor the stage being worked on.
and THAT... means the same old team can easily be outclassed by the breeding dragons in the lairs. we have already seen TEPCO stumbling around so many times like it takes two members of the shore patrol to drag them back to the ship for Captain's Mast.
TEPCO is, has not been for a long time, and will never be in a position to manage the catastrophe they set forth. this is no place for yes-men who are slaves to 40-year-old process.
Re: (Score:3)
Re: (Score:2)
They did in that they refused to take proper care of the waste in order to save money.
Re: (Score:2)
Keep in mind when ti was built, plate tectonics was barley a recognized thing.
Sadly, we're all human. (Score:5, Interesting)
O RLY? (Score:2)
Sadly, we're all human.
speak for yourself, fleshbag!
Re: (Score:2)
""You're the expert. What do you recommend?" It didn't matter that there were ten people in the room with PhDs and decades of experience;"
dear lord, get your stupidity out of the industry, go.... mop floor or something.
You are the expert. They are not. The primary difference seems to be they are educated enough to realize that it makes them an expert in their fields, not all fields. where as you seem to thing PhD = 'Knows everything'
" who could think quickly on his feet"
whoa whoa whoa. You didn't have the b
Re: (Score:2)
Addendum. (Score:2)
Spent fuel pool cooling... (Score:3)
Emergengy Shutoff button? (Score:2)
Without more details, I would guess that the button is actually a Big Red Button, that is, a safety feature of the pump system; in case something/someone clogs the intakes for example.
Reactor 4 has *unspent* fuel rods (Score:2)
Remember, those were removed from reactor 4 for maintenance, sometime before the tsunami. That's a full reactor worth of live & hot fuel rods, in an open pool. Pretty crazy.
Re: (Score:2)
If they weren't in an open pool there would be a nice pressure buildup.
You don't want that.
Re: (Score:2)
Not that I know anything, but there exist valves and such to relieve excess pressure from enclosed spaces. Just the fact that a reactorful of fuel is sitting almost in the open - and has been there for two years - boggles this little mind here. No wonder they're reinforcing the concrete structure -now-, but what were the original GE engineers thinking?
Re: (Score:2)
So a valve constantly releasing pressure is better than an open pool...how?
Power Plant! (Score:2)
Skewed statements (Score:2)
SImple (Score:2)
start developing nuclear power plant that i=use the spend material as fuels. AS a bonus, the the waste will be less, and return to background radiation levels in less than 500 years. As little as 200 years in some cases.
and most of the Gen 1 plants are still running (Score:2)
it took a massive fubar in designing and rebuilding transfer units at Diablo Canyon to get that plant shut down, and they're built on top of an active fault zone.
we might not get any Gen 3 plants running, frankly, the cost/benefit ratios have cancelled all but two being built now. and one of them keeps getting delayed.
Re: (Score:2)
I never suggested upgrading existing reactors... I realize that's impossible...
It's just damn annoying reading stories like this because passive cooling reactor technologies have existed for decades, and yet hardly anybody ever used them. We have an opportunity to change how we do things in the future, but given the past resistance to adopting such methods, I remain pessimistic that they'll actually start using far safer systems, in favor of what will give them the most money right away.
Re: (Score:2)
How are critical systems only protected by a single button?
Shouldn't it be a mechanically complex task, or be password/switch position controlled action?
It wasn't protected by a single button. It was also protected by a backup system of pumps (and likely more). It might have been a mechanically complex task, or controlled as well.
Lots of things can have complex steps and safety checks, but they matter for little if the person going through the checks doesn't realize he is flipping the wrong switch.
It could have been a failure way up the communication chain as well.
Mgr: Go turn off Pump Room #4
Worker: OK. *Goes off and gets the keys to the power box,
Re: (Score:2)
Um... Except perhaps when such controls need to be operated quickly in the case of an emergency, like the next earthquake.
You have 10 seconds before the end of the world if you don't enter the 24 char password with upper case, lower case, numbers and special characters...