Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fukushima Nuclear Worker Accidentally Toggles Off Cooling Pumps

samzenpus posted about 9 months ago | from the my-bad dept.

Japan 190

An anonymous reader writes "A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 — thankfully a backup kicked in before any critical consequences resulted. The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools, filled nearly to capacity as they are with over 12,000 spent fuel rods? From the article: 'The latest incident is another reminder of the precarious state of the Fukushima plant, which has suffered a series of mishaps and accidents this year. Earlier this year, Tepco lost power to cool spent uranium fuel rods at the Fukushima Daiichi plant after a rat tripped an electrical wire.'"

cancel ×

190 comments

Evidently not that vulnerable (5, Insightful)

Anonymous Coward | about 9 months ago | (#45061561)

since a backup system kicked in to prevent any critical consequences.

Re:Evidently not that vulnerable (1)

Anonymous Coward | about 9 months ago | (#45061625)

the button to shut off the backup is on a wall right at butt level

Re:Evidently not that vulnerable (1)

kelemvor4 (1980226) | about 9 months ago | (#45062613)

the button to shut off the backup is on a wall right at butt level

Come here, I want to ass you some questions about the button locations.

Re:Evidently not that vulnerable (5, Insightful)

Anonymous Coward | about 9 months ago | (#45061973)

I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.

Ideally you have no unexpected failures, and at least one redundant backup.

The sad thing about all this is that at least one of the Fukushima reactors began to fail before the tsunami even hit the buildings (due to the original quake). Would a simple quake now bring the rest of the system to failure state? Japan is an earthquake haven.

Re:Evidently not that vulnerable (1)

durrr (1316311) | about 9 months ago | (#45062701)

It's a spent fuel pool, not a reactor core, and even so the backup kicked in with short notice and even if it hadn't, other sensors would've likely flagged down the problem or tripped alarms if it had been left unattended for a very long time.

Re:Evidently not that vulnerable (4, Interesting)

ottothecow (600101) | about 9 months ago | (#45062995)

One thing worth noting though is that often these systems use ancient control schemes.

Can't speak directly about the japanese systems since they have some more modern stuff, but in the US they are *old*. We haven't started building a new plant since 1974 or a new reactor since 1977 (though they did start some new reactors at existing plants earlier this year).

The control rooms at these places are filled with tons of manual buttons and switches. Many of them look like this [cryptome.org] . I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password. Sure, switches might have those little covers you have to lift up to press a button, and the most important switches could be controlled with a key, but if somebody wants to push a button, it is getting pushed.

We hear a lot about how much reactor design has come along in the 35 years it has been since we last built one (just think about how long ago that was)...but don't forget that along with efficiency and physical safety, there have been a LOT of improvements in monitoring and control (only a fraction of which have been able to be integrated into the old plants).

Re:Evidently not that vulnerable (3, Insightful)

IndustrialComplex (975015) | about 9 months ago | (#45062781)

I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.

Ideally you have no unexpected failures, and at least one redundant backup.

I think the bigger point here is that even though someone pressed the wrong button, the system didn't go into a catastrophic failure mode. You can't expect that every failure possiblity be prevented, only that no single failure leads to a catastrophic failure.

Safe, clean, and too cheap to meter! (0, Flamebait)

Anonymous Coward | about 9 months ago | (#45062265)

Evidently not that vulnerable
since a backup system kicked in to prevent any critical consequences.

Exactly! We need to keep in mind that nothing can possibly go wrong - why, it'd probably take an earthquake to interfere with a nuke plant, and eathquakes and tsunamis are purely mythical [google.org] .

It's perfectly OK for TEPCO's operators to make mistakes - since nothing can go wrong, and backup systems always work, as proven conclusively by this incident.

Re:Evidently not that vulnerable (4, Insightful)

Anonymous Coward | about 9 months ago | (#45062349)

While I AM of the opinion that Fukushima remains a challenge and threat to entire humankind, these kinds of articles are not helpful. The backup system in this case is kind of irrelevant, but more so than that, now over 3 years since the reactor core was offloaded into the cooling pool, all calculations and evidence (from intentional, several days long cooling outages) points to that the pools could remain without cooling for weeks with no "critical consequences". Moreover, in such a case that something is amiss would be detected long before critical consequences allowing the situation to be rectified.

General consensus is that even in case of sudden loss of water in the pool, 3 years old irradiated fuel bundles could easily be cooled by air convection from their own heat alone, although for somewhat obvious reasons that hasn't been tested out. In addition radiation would then make working on the site even harder than now. The critical failure mode for this particular setup is loss of coolant with air convection blocked (such as by rubble from the initial explosion, or the temporary cover they had installed in the early months) or structural failure of the building in case of another earthquake in particular, or simply from the prior damage and ground subsidence due to groundwater changes etc. Or prompt criticality incident due to unfavorable geometry of the nuclear material from damage or attempts to remove the fuel bundles.

The occurrence of human error is, "human", but extremely worrisome in that they have zero margin of error once the removal of the fuel bundles from the pool starts in the coming months. Due to the sheer number of the bundles in the pool (1535 give or take), any chance of mistake would spell almost certain disaster. Even if they somehow press the chance of serious human error to 0,01 percent (one percent of one percent) per bundle the chance of everything running smoothly is 0,9999 to the power or 1535 or 85,8%, leaving a 14.2% chance of disaster for the whole operation. A worker allegedly failing in this basic task under less stressful circumstances isn't necessarily relevant, but it's tempting to consider it not boding well for the future prospects.

Re:Evidently not that vulnerable (-1, Redundant)

Dins (2538550) | about 9 months ago | (#45062753)

[Citation Needed]

Re:Evidently not that vulnerable (2, Informative)

Anonymous Coward | about 9 months ago | (#45062909)

[Useful comment needed]

This isn't wikipedia, where people can trot out two simple words and feel justifiably smug, you know.

Re:Evidently not that vulnerable (2)

tlhIngan (30335) | about 9 months ago | (#45062391)

since a backup system kicked in to prevent any critical consequences.

Question is, how long do you want to rely on backups to save your ass when the primary problem is accidentally hitting a button? The backup's there as a just-in-case, but it's not something you really want to rely on happening just in case it happens to fail the one time.

Remember, there were a few emergency gensets set to supply power to the reactor cooling systems as well, but it seems a tsunami wiped out them out, and the ones it didn't kill, it killed the switchboards that selected the power source.

Re:Evidently not that vulnerable (0)

i kan reed (749298) | about 9 months ago | (#45062567)

You want backups to save you when you do something really stupid you should never do, and that ought to be rare. Critical backups also have tertiaries, in case that blows at the same time. Even with nuclear reactors, there is no such thing as "completely safe" and people like you would sacrifice the safe in the name of the perfect.

Re:Evidently not that vulnerable (1)

timeOday (582209) | about 9 months ago | (#45062923)

The problem is not so much nuclear reactors in general, the problem is that post-disaster Fukushima is, by necessity, flying by the seat of their pants. At some point, duct tape and baling wire will fail to provide the level of surety we expect from highly studied and regulated normal activities.

Re:Evidently not that vulnerable (2, Insightful)

Anonymous Coward | about 9 months ago | (#45062547)

Go hit the red button in your data center to see how vulnerable it is. it has a backup system I assume so it can't be that vulnerable.

Re:Evidently not that vulnerable (1)

Anonymous Coward | about 9 months ago | (#45062891)

Do you realize that apples and oranges actually have more in common than the two things you just compared?

Re:Evidently not that vulnerable (0)

Anonymous Coward | about 9 months ago | (#45062857)

See? 2-ply is all the safety we NEED for 12,000 spent fuel rods 100 feet in the air at already melted-down facilities...

Homer! (4, Funny)

Anonymous Coward | about 9 months ago | (#45061563)

It was homer simpson who did it.

Re:Homer! (2)

Valentinial (2980593) | about 9 months ago | (#45061583)

Came here to post similar. When they derive a solution that prevents this type of mishap, I hope they call it the 'Homer Principle" or something near that.

Re:Homer! (2)

jones_supa (887896) | about 9 months ago | (#45061607)

It's funny how the power plant in The Simpsons almost starts to look more reliable, as it has become the practice of every week to hear about some little accident at Fukushima.

Re:Homer! (2, Informative)

Peter Simpson (112887) | about 9 months ago | (#45061667)

And the "rat" that tripped the braker in the previous incident is a 6 ft tall, glowing green rat with three eyes and a forked tail...

[3-eyed fish knowingly blinks its eyes (sequentially)]

Re:Homer! (0)

Anonymous Coward | about 9 months ago | (#45062283)

Yum!!!

Re:Homer! (2)

sociocapitalist (2471722) | about 9 months ago | (#45061621)

DOH!!

The Boss (1)

Joe_Dragon (2206452) | about 9 months ago | (#45061669)

Who is this Homer Simpson??

Re: The Boss (5, Funny)

jd2112 (1535857) | about 9 months ago | (#45061915)

Didn't he write The Iliad?

Re: The Boss (1)

Roman Coder (413112) | about 9 months ago | (#45062199)

/applaud

Re: The Boss (1)

K. S. Kyosuke (729550) | about 9 months ago | (#45062763)

Didn't he write The Iliad?

I thought he wrote 2001: A Space Odyssey?

Re:Homer! (0)

Anonymous Coward | about 9 months ago | (#45062223)

No, it was DeeDee

Re:Homer! (1)

SailorSpork (1080153) | about 9 months ago | (#45062325)

If this was a Kinja-powered news site, the comments section here would be full of Homer Simpson images, animated gifs, and memes generated just for this news story.

Thank goodness this isn't powered by Kinja.

Re:Homer! (1)

tokiko (560961) | about 9 months ago | (#45062409)

> Vent radioactive gas?
(typing) N-O
> Venting prevents explosion.
Okay, then, vent the stupid gas. (typing) Y-E-S
> Decalcify calcium ducts?
(typing) Y-E-S
> Vent radioactive gas?
Well, give me a Y, give me a... Hey! All I have to type is Y. I just tripled my productivity!

Wow ... (4, Insightful)

gstoddart (321705) | about 9 months ago | (#45061571)

Am I imagining things, or does it sound like a nuclear plant is being operated by a company without the barest idea of how to do that?

Accidentally flipping off the cooling pumps in a nuclear plant sounds like something which shouldn't even be physically possible.

Re:Wow ... (2, Insightful)

SirGarlon (845873) | about 9 months ago | (#45061585)

It sounds like the company has a pretty good idea of how and where to use backup systems, actually.

Re:Wow ... (3, Insightful)

NatasRevol (731260) | about 9 months ago | (#45062237)

Because they didn't know how to protect primary systems.

Re:Wow ... (3, Insightful)

TheResilientFarter (3216187) | about 9 months ago | (#45061801)

This is my thinking, but it's the employees, thus management, that are the problem, not the equipment. I worked in the Naval Nuclear Power Program, where everything was essentially manual. One single operator could cause a meltdown, yet the U.S. Navy is one of the largest and one of the oldest operators of nuclear power plants (by hours critical) and has a spotless safety record. Keep in mind that the average age of the 'employees' is around 22 or 23, with a very low percentage of them over age 26.

Re:Wow ... (5, Informative)

Somebody Is Using My (985418) | about 9 months ago | (#45062057)

the U.S. Navy is one of the largest and one of the oldest operators of nuclear power plants (by hours critical) and has a spotless safety record

If you don't count there loss of the nuclear submarines USS Thresher and the USS Scorpion, the radioactive contamination of the USS Guardfish, or both the USS Puffer and the USS Proteus discharging radioactive water into the oceans.

Not to mention I am sure there are a number of other incidents that haven't been declassified yet.

I don't know how well the US Navy ranks amongst other operators of nuclear power plants, but "spotless" is not an accurate description. They may do very well comparatively and the overall harm may be minimal, but they have made their share of mistakes.

Re:Wow ... (4, Informative)

TheResilientFarter (3216187) | about 9 months ago | (#45062719)

In training we covered the incidents of the Thresher and the Scorpion, and neither will discharge anything of genuine concern around them. Even immediately following the shutdown of the reactors and assuming reactor coolant pumps and natural circulation failures, the decay heat would easily be absorbed by the sea water that would have filled the reactor compartment, thus it can safely be assumed that the core remained intact. The other areas that contain high amounts of contamination are the primary shield water tank, the ion exchanger, and the charcoal filters. These systems are closed systems designed to operate at incredibly high pressures and are made of very corrosion resistant materials. Although eventually leaks will form from corrosion, but the leakage would be very slow as there is not significant difference in densities, temperatures, pressures, etc, to cause rapid loss, and the leaks themselves would be quite small.

The other 'incidents' are more public embarrassment than actual environmental concerns. The 'radioactive' water that is discharged comes from the water that circulates through the reactor. Technically, there are radioactive contaminants that emit a small amount of gamma radiation. These contaminants are actually particles that will typically settle in the seabed, IIRC, and are typically borderline measurable in most plants as the water is continually circulated through an ion exchanger (resin bed) and an activated charcoal filter. However, the Navy is so anal it treats anything remotely contaminated as radioactive material. The 'father of Nuclear Power', Admiral Hyman Rickover, famously drank a glass of this water at a Congressional hearing to demonstrate how benign the water really is. I think it is also important to note that the Proteus is not a nuclear powered ship, but a sub tender.

Prior to some year, I forget which (1970, maybe?), the Navy would discharge all kinds of crap at sea, which is actually quite typical of many industries and nations even today. However, the Navy stopped discharge of highly radioactive materials, such as ion exchanger resin, and has set a fleet-wide goal to only discharge so much total annually, I think it's something like 50 Ci, and while I was in would regularly come in under that number.

'Radiation' can come from many other sources than nuclear power plants. I don't know if the limits have changed, but it used to be that coal plants would discharge far more radioactive materials than nuclear power plants, but this would never get mentioned anywhere except nuclear power propaganda. When we were going through our radiological controls training, we learned that porcelain dentures are among the highest sources that people are exposed to. One of the Navy's training facilities has a containment vessel built completely around a nuclear power plant, which is unusual, as containment usually only goes around the reactor compartment. This vessel was made of a material that contained a high amount of alpha radiation, and the subsequent painting with lead-based paint made the vessel itself a far higher in-practice contamination risk than the nuclear plant it contained! Keep in mind this is a product of the private contractor that build the vessel, not the Navy, and the vessel was quite old and built in a time when most people and organizations had less concern for such things.

Re:Wow ... (5, Insightful)

bobbied (2522392) | about 9 months ago | (#45062225)

Keep in mind too, that the Navy is not interested in making a profit. It's goal is to keep it's resources available (afloat, underway and mission capable) under the most difficult circumstances. They can afford to have many times the number of people operating a power plant and they utilize their people to keep their plants operating sans automation. The Navy is not interested in being efficient either. They routinely power cycle their plants and burn though more fuel than they other wise would. They also are not risk adverse. In time of war, they would have no problem pushing their reactors beyond the design limits if the mission demanded it.

Electric power generation is about efficiency and safety. It's more efficient to automate and not pay operators, so they automate their plants, and operate within very narrow operating parameters. They are risk adverse and would rather scram a reactor and go off line than risk operating outside of their design limits.

The navy does have an enviable safety record. But what you really are saying is that the safety of nuclear power is really something to be trumpeted. Except for some research accidents, the worst US event in history was Three Mile Island and that was pretty much nothing. When you put Japan into the mix, things get more interesting, but who can really complain about that? The earthquake was well beyond design limits and even then the damage, while significant, is going to be manageable. It's just going to take a few decades for things to radioactively cool.

Re:Wow ... (0)

Anonymous Coward | about 9 months ago | (#45062519)

[...] everything was essentially manual. One single operator could cause a meltdown [...]. Keep in mind that the average age of the 'employees' is around 22 or 23, with a very low percentage of them over age 26.

The Navy—a terrorist's wet dream [wiping my mighty beard clean].

Re:Wow ... (0)

Anonymous Coward | about 9 months ago | (#45061987)

Things might have gotten slightly out of standard/improvised after the rather big explosion that tore a lot of the plant to shreds...

Still, some kind of locks/covers over important shit would be nice.

Re:Wow ... (0)

Anonymous Coward | about 9 months ago | (#45062053)

I can't help but picture Homer Simpson lounged back at his station here.

Sorry... (1)

Chemisor (97276) | about 9 months ago | (#45062461)

Sorry about that. I left the coolant report on the console while I was programming the repair bot to install the Hydroelectric Magnetosphere Regulator and Hank picked it up. Before I knew it, he's shambling into the reactore core. It took a few Rad-X, but I finally caught up with him right as he was shutting off the coolant pump. Close call, but hey, those ghouls are not the brightest tools in the shed. But don't worry, I talked to Harold and he said he'll retire Hank to guard duty instead.

Re:Wow ... (2)

lgw (121541) | about 9 months ago | (#45062969)

Accidentally flipping off the cooling pumps in a nuclear plant sounds like something which shouldn't even be physically possible.

The coolant pumps are not an internet service - they're heavy machinery operating in or near something dangerous. When heavy machinery goes wrong, it often does so energetically. That's why it's possible to shut them off.

Just another sign of TEPCO's incompetence... (4, Interesting)

Elledan (582730) | about 9 months ago | (#45061589)

This isn't another example of how precarious the situation at the Fukushima Daiichi plant is, but one of how massive the incompetence of TEPCO is that they keep having 'incident' after 'incident'. Even long before Fukushima Daiichi TEPCO's safety record was beyond frightening.

That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.

Re:Just another sign of TEPCO's incompetence... (3, Insightful)

icebike (68054) | about 9 months ago | (#45061833)

That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.

If the Japanese government is anything like our government, (or most governments), suddenly tossing them into a critical situation in a plant they are not familiar with (which is already fundamentally compromised), is just BEGGING for a far worse Chinese fire-drill than is currently going on.

If it is in fact a political problem as you suggest, then implying that the government should do anything differently is pointless, because governments are, by definition, political.

Re:Just another sign of TEPCO's incompetence... (-1)

Anonymous Coward | about 9 months ago | (#45061875)

I think they might've forgotten how it feels to be nuked

Weird (2)

asmkm22 (1902712) | about 9 months ago | (#45061599)

That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?

Re:Weird (0)

Anonymous Coward | about 9 months ago | (#45061767)

Emergency kill-switch?

Re:Weird (1)

firex726 (1188453) | about 9 months ago | (#45062971)

Depends how much of an emergency is needed.

I would think adding a couple other buttons or switches and requiring them to be toggled in sequence would add a much greater level of safety from accidental shut off while not requiring much more effort by an operate to execute when shit hits the fan.

Re:Weird (0)

Anonymous Coward | about 9 months ago | (#45061847)

How in the world did that get implemented?

A huge explosion.

Reactor 4 is immediately next to reactor 3, a reactor that blew up in a violent hydrogen explosion. All the usual, carefully engineered multi-step processes you're thinking of were inartfully eradicated by this explosion. The reactor 4 spent fuel pool, its pipes and pumps and wires et. al. were immediately adjacent to reactor 3.

This is another Fukushima non-story, like the 100 gallons of spilled low level water last week. Fuel pools heat slowly enough to be noticed when the cooling flow stops and the backup system they've put in since caught this in any case.

But hey, publishing weekly Fukushima scare story is grist for the media's mill these days.

Re:Weird (2)

AmiMoJo (196126) | about 9 months ago | (#45061909)

It's like the trigger on a gun. The idea is that it's easy to operate when you need it, and the safety aspect is covered by responsible use. The problem is that in a crisis or the aftermath of one the systems and discipline break down.

Re:Weird (1)

Anonymous Coward | about 9 months ago | (#45062157)

Yeah, but who needs the idea to switch off the friggin' cooling pumps easily in the first place? I mean, unless one lives happily in hell the main risk of "spent" fuel rods is not that they do freeze over...

Re:Weird (2)

Sarten-X (1102295) | about 9 months ago | (#45062285)

Anybody who notices that they've started leaking badly, or throwing parts around, or otherwise misbehaving.

These are big machines operating in the real world. I, for one, am glad that they can be shut off quickly, though they shouldn't need to be.

Re:Weird (1)

IndustrialComplex (975015) | about 9 months ago | (#45062913)

Yeah, but who needs the idea to switch off the friggin' cooling pumps easily in the first place? I mean, unless one lives happily in hell the main risk of "spent" fuel rods is not that they do freeze over...

Well, do you want to be able to shut them down quickly when something goes wrong and instead of refilling the coolant they are pumping the radioactive water out of the cooling towers? Think of a swimming pool and its pump. A hose on the outside breaks, and instead of recirculating out and back into the pool, you just have something pumping water OUT of the pool.

Or what happens when your sensors pick up noise in the pumps. Do you want to shut them down quickly so that damaged bearing can be replaced and get the pump back to full functionality in a day or so? Or do you want to take a few extra minutes while the pump grinds itself into a fuzed hunk of steel due to a fractured bearing? Now you have to replace the entire pump (these are not tiny sump pumps), and you will be operating on your backup pumps for a long time while the old primary pump is replaced, and a huge inspection needs to take place.

Basically, sometimes there are very good reasons for wanting a system to shut down quickly.

Re:Weird (4, Funny)

icebike (68054) | about 9 months ago | (#45062009)

That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?

I suggest one more step in the process might be effective.

They need a slight reconfiguration of the Cooling Pump Switch [environmentteam.com] . It would be relatively cheap, and pretty much idiot proof.

Re:Weird (2, Funny)

Anonymous Coward | about 9 months ago | (#45062107)

Clippy: Hello! It looks like you are trying to shutdown the cooling pumps. Would you like me to:
- Shutdown the cooling pumps
- Turn out all the lights
- Turn off everything (default)

Re:Weird (1)

omglolbah (731566) | about 9 months ago | (#45062571)

The simplicity of shutting down the pumps would have no safety-issue in a properly design system.

Many process control systems designers do levels of protection:

Level 3: Process Control
This level handles the normal operation of the plan. Regulates coolant flow to the pools and announces alarms if you get into a "high temp" state.
Most of the time Offshore in the oil business this level does not take any actions other than notifying the operator.

Level 2: Process Shutdown (PSD)
This level WILL take action on a "high high" event by starting redundant coolant pumps or other actions to cool down the material. This is automatic but usually take into account the speed of which the system could be normalized after a shutdown. This is primarily to protect equipment and not really the process.

Level 1: Emergency Shutdown (ESD)
Offshore this usually means a blow-down of pressurized systems and closing off wellheads. This is a hugely expensive thing... To be avoided!
This level ignores completely the cost of operation a trip will cause and is entirely about securing the systems and avoiding damage to people, environment and plant.

Thing is... Most people would refer to both PSD and ESD levels as 'backup systems' when in fact they are integral parts of the system design. PSD is something that happens routinely in most plants due to anything from equipment failure to network outages. It is what is supposed to happen when the normal operation is not stable. NOT NEWS....

ESD on the other hand usually makes the news over here due to the ramifications of a rig shutting down in an emergency.

So the fact that you can push a button and shut down a pump isnt really the issue. It should cause audible alarms of course, but you WANT to be able to kill off a pump rapidly if something unexpected happens.

Huh? (4, Insightful)

Antipater (2053064) | about 9 months ago | (#45061609)

'The latest incident is another reminder of the precarious state of the Fukushima plant...'

So something unexpected occurred, but automatic backups stepped in and prevented any negative consequences. While the plant may or may not be in a precarious state, this is hardly the example to be using for a FUD article. Hell, change the spin around and it could be used in a TEPCO press release showing how far they've come in stabilizing the situation.

Re:Huh? (3, Funny)

girlintraining (1395911) | about 9 months ago | (#45061773)

The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools,

Did you also notice that this is pretty much how the Linux command line and programming is? One single button push can ruin your whole week. Yet, everyone here calls that a feature and blanches at Windows when it says "Are you sure you want to do this?"

I bet the engineer who pushed the button was a slashdotter... "ARE YOU SURE YOU WANT TO CAUSE A MAJOR NUCLEAR EVENT? y/N? _" ... oh fuck you, NukeOS, I know what I'm doing!

Re:Huh? (1)

h4rr4r (612664) | about 9 months ago | (#45062373)

When someone fubars a server it tends not to release nuclear waste. On top of which they get fired, unlike TEPCO.

Re:Huh? (1)

girlintraining (1395911) | about 9 months ago | (#45062849)

When someone fubars a server it tends not to release nuclear waste. On top of which they get fired, unlike TEPCO.

No, but the underlying psychology is the same; We want computers and equipment that do what we say without questioning it. Asking for confirmation insults our intelligence, whether you're a system administrator, or a nuclear engineer. This isn't about getting people fired, or slamming your religion of choice; This is about human nature, and where we draw the line between computers doing what we say and computers doing what's safe.

Re:Huh? (4, Insightful)

AmiMoJo (196126) | about 9 months ago | (#45062211)

They failed to train the employees properly and allowed a critical function to be operated by someone who clearly didn't understand it. In this instance the backup saved them, but relying on backups is not a good policy. To put it another way, they can't ignore this incident and simply rely on the backups in future, they have to take steps to correct it.

Re:Huh? (1)

omglolbah (731566) | about 9 months ago | (#45062609)

Pretty much every control system in the world relies on 'backups' for safety.
Building a system where the regular "process control" wont fail if equipment breaks is prohibitively expensive and is rarely done.

You build a system that works unless something breaks, then you add a second "Process Shutdown" or "Emergency Shutdown" system on top of that to handle all the safety functions.

For instance, at most oil rigs you have emergency shutdown solenoids on valves to the flare boom. If an emergency shutdown is triggered these solenoids open the valves and normalize the pressurized systems. This ESD system logic is usually completely separate in function from the process control system.
In essence it is what you could call a "backup" system.

Where's the problem? (4, Insightful)

Anonymous Coward | about 9 months ago | (#45061615)

A human made a mistake which was caught and corrected by an engineered system. Seems like a non-story.

Re:Where's the problem? (1)

asmkm22 (1902712) | about 9 months ago | (#45062615)

I think it's a story in that it apparently only takes a single mistake to toggle off the cooling pumps. Even standard rack servers have bezels that keep you from accidentally powering them down unless you really mean to get to that part of the server.

Re:Where's the problem? (1)

IndustrialComplex (975015) | about 9 months ago | (#45063017)

I think it's a story in that it apparently only takes a single mistake to toggle off the cooling pumps. Even standard rack servers have bezels that keep you from accidentally powering them down unless you really mean to get to that part of the server.

It very likely did. What happened is that the worker was intentionally shutting down the power to some systems, but accidentally turned off the pumps. He could have been trying to turn off Pump Room #2 and accidentally flipped the switch for Pump Room #3. If he got the switches confused, a faceplate or bezel isn't going to stop it.

Re:Where's the problem? (0)

Anonymous Coward | about 9 months ago | (#45063039)

It would be a non-story if it was at any other nuclear power plant. Since this happened at the Fukushima site, which is being watched like a hawk, and since Tepco is universally considered incompetent and shouldn't be allowed to run a kitchen blender, this is front page news.

After actually reading the article, it sounds like unexpected systems shut off in response to normal maintenance, which goes back to personell knowing the plants engineering design, and improper maintenance procedure. For a nuclear site that had a major catastrophe happen to it, they should be batting 99.9%, and they aren't.

Buh. (1)

Anonymous Coward | about 9 months ago | (#45061629)

How are critical systems only protected by a single button?

Shouldn't it be a mechanically complex task, or be password/switch position controlled action?

Re:Buh. (0)

Anonymous Coward | about 9 months ago | (#45062751)

How are critical systems only protected by a single button?

Shouldn't it be a mechanically complex task, or be password/switch position controlled action?

The obvious answer is these systems probably have failure modes that require immediate shut down to minimize the damage done, and the error here is that the employee used that emergency shut down when it was not warranted.

Since these are cooling pumps for a nuclear reactor I'll go out on a limb and guess that it's possible for the pumps to leak contaminated water and that the ability to kill the pumps quickly addresses the "spewing pressurized radioactive waste" fault mode.

Disaster only strikes ONCE (2)

ElitistWhiner (79961) | about 9 months ago | (#45061651)

Fukusima will never end.

Like King-Size Homer? (0)

Anonymous Coward | about 9 months ago | (#45061655)

Release deadly gas (Y/N)? http://i.stack.imgur.com/M6Ua8.png

Simpsons did it. (1)

jtownatpunk.net (245670) | about 9 months ago | (#45061659)

Darn that lousy Tibor!

Working as intended (1, Insightful)

DerekLyons (302214) | about 9 months ago | (#45061711)

"A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 - thankfully a backup kicked in before any critical consequences resulted."

Um - that's what backups are for. Seriously, this is just another ignorant journalist generating controversy from thin air to get the site he works for some page views.

Re:Working as intended (2)

iggymanz (596061) | about 9 months ago | (#45061731)

normally, that would be a proper reaction. but we're talking about a place that put their "main backups", the most critical safety system outside of containment, underground. asking to be flooded. I'd be very suspect about any of their backup systems

Re:Working as intended (0)

Anonymous Coward | about 9 months ago | (#45061881)

""A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 - thankfully a backup kicked in before any critical consequences resulted."

Um - that's what backups are for."

So that careless people can work there?

Was the button labelled: "Do not press this button, ever!!!" ?
Was there a seal on it, that you have to disrupt before being able to press it?
Is there a counter to check how many times it was pressed and when?
Why isn't the button locked with a key so that it cannot be pressed 'carelessly' by somebody putting his lunch on it?

Or was it just a careless button for careless monkeys who have no idea what they are doing?

Re:Working as intended (1)

phorm (591458) | about 9 months ago | (#45062417)

No, backups are to kick in when the primaries fail, not because some idiot accidentally poked the "off" button.

Failsafes (double-person authentication, or at the very least a molly-guard a big freaking DON'T TOUCH UNLESS YOU KNOW WHAT YOU'RE DOING sign) are what is needed to prevent issues like this.

Re:Working as intended (1)

omglolbah (731566) | about 9 months ago | (#45062473)

The terminology here is confusing to say the least. I highly doubt it was a "backup system" that did this. More likely process safety functions took over for process control functions...

if it was a operating plant, there would be alarms (2)

swschrad (312009) | about 9 months ago | (#45061717)

but that didn't help the Three Mile Island operators any, now, did it?

you have to be at the top of your game to keep the dragons at bay in a nuke plant.

there is so much fouled up at Fukushima Daiichi that the training manuals and game plans are straight out the window and into the fire. this means you can't follow the manuals any more. and THAT means that a one-man job needs to be cross-checked at every step by somebody who is in position to monitor the stage being worked on.

and THAT... means the same old team can easily be outclassed by the breeding dragons in the lairs. we have already seen TEPCO stumbling around so many times like it takes two members of the shore patrol to drag them back to the ship for Captain's Mast.

TEPCO is, has not been for a long time, and will never be in a position to manage the catastrophe they set forth. this is no place for yes-men who are slaves to 40-year-old process.

Re:if it was a operating plant, there would be ala (1)

intermodal (534361) | about 9 months ago | (#45061787)

Hate to break it to you, but as incompetent as TEPCO may be, they did not cause the tsunami. They may have failed along the way, but to claim they "set forth" a catastrophe here is nonsense.

Re:if it was a operating plant, there would be ala (0)

Anonymous Coward | about 9 months ago | (#45062315)

So they didn't build it in a tsunami prone area, right?

Re:if it was a operating plant, there would be ala (2)

Jeff Flanagan (2981883) | about 9 months ago | (#45062667)

Blaming nature for the foreseeable consequences of building a nuclear reactor with inadequate safety precautions in a tsunami zone is nonsense. TEPCO is 100% responsible for the ongoing disaster, not nature.

Gen I vs. Gen III (1)

Anonymous Coward | about 9 months ago | (#45061821)

Just like ot point out, this is a Gen 1 reactor. We're currently in Gen 3-3+, and the learning from older models like Fukishima has already been incorporated into the new designs. Newer plants have fewer issues than this and have increased safety by many orders of magnitude.

and most of the Gen 1 plants are still running (1)

swschrad (312009) | about 9 months ago | (#45062489)

it took a massive fubar in designing and rebuilding transfer units at Diablo Canyon to get that plant shut down, and they're built on top of an active fault zone.

we might not get any Gen 3 plants running, frankly, the cost/benefit ratios have cancelled all but two being built now. and one of them keeps getting delayed.

Sadly, we're all human. (4, Interesting)

Dzimas (547818) | about 9 months ago | (#45061851)

We've instilled a belief in the general public that scientists and engineers can pull of miracles, and that we know more than them. Science in movies is often almost magical, and people expect our encyclopedic knowledge of esoteric technical systems to translate into quick and easy solutions to difficult problems. About a decade ago, I found myself giving a presentation to a group of nuclear scientists. It was a nerve-wracking experience for a young computer geek, and I presented the team with two alternatives for warehousing environmental data at their facility. There was a brief debate before the most senior member of the group spoke up and said, "You're the expert. What do you recommend?" It didn't matter that there were ten people in the room with PhDs and decades of experience; everyone naturally wants someone else to provide them with an easy path to the best answer. At that point, they were all primed to accept a recommendation from the young whippersnapper who could think quickly on his feet (and was armed with a laser pointer, I might add) I gave them the best recommendations I could, and many were eventually accepted. But deep down I realized that I could quite easily have led them astray at that point. I'm acutely aware that there must be dozens of people like me who have been working at Fukushima for over a year now; the so-called "experts" on the ground who are trying to make the best choices possible. Their job is unenviable because they're facing contamination on a huge scale and many decisions were made in haste in an attempt to limit the scope of the catastrophe. That will make everything harder for those involved in the containment and remediation in the coming decades.

Addendum. (1)

SeNtM (965176) | about 9 months ago | (#45061933)

Due to increased radiation levels, rats grow up to 3 feet long and have opposable thumbs.

HOT News (-1, Offtopic)

akriad (3387949) | about 9 months ago | (#45062037)

Today You Will get 100 dollar free [iportbd.com] .

wjy not use the waste heat? (0)

Anonymous Coward | about 9 months ago | (#45062073)

If they generate so much heat that cooling them is critical, why dont they keep making power with it? Like pebble bed reactors or some type of thermal electric gen..?

Re:wjy not use the waste heat? (1)

bob.lansdorp (2954263) | about 9 months ago | (#45062341)

If they generate so much heat that cooling them is critical, why dont they keep making power with it? Like pebble bed reactors or some type of thermal electric gen..?

Because it is much more difficult to extract useful work from low temperature waste heat than from high temperature waste heat. See the second law of thermodynamics for details (eg Carnot efficiency).

WOW. Sensationalism at work (1)

Anonymous Coward | about 9 months ago | (#45062203)

So someone pressed a wrong button and a pump tripped off. Here's some reality:

1. Rats are going to bite things. That's why we have safeguards and alarms in place to make sure no "dire consequences" occur.
2. Anyone know how long it takes a standard cooling pool "filled to capacity" to get hot enough to boil? Hint: more than a few hours. In some cases days. And no doubt there will be plenty of gauges, computer data points, alarms, and human log taking that will notice these kinds of things LONG before its a big deal. The pool was deliberately overdesigned so that you have that extra time in case lots of things all go wrong at the same time.
3. Human error happens. That's why we have automatic systems that start a pump and/or give an alarm so you KNOW something is wrong. You engineer the system so that human error doesn't cause unrecoverable issues. Operators here are trained that if something happens that they aren't expecting STOP, and don't touch anything. Just look and see what is going on. Automatic systems should normally take care of any emergent problem. And even if they fail, the systems are designed to provide enough time for the operator to take their own action. Some of them are engineering to allow for hours to take action. Human error is a part of life. We try to engineer out of it. Sometimes we fail(see TMI). But those operators actually started trying to control the automated systems, and thats where you should stop and start asking the big questions like "Are we really sure this is the right choice to take?" and "Let's get a 2nd/3rd/4th opinion before we do this".

But since its a nuclear power plant(and a damaged one) we clearly must panic, right?

This article makes it look like the cooling pumps for the spent fuel pools were seconds from going critical and boiling out all of the water in the pool. That's far from the truth.

Big fail article.

Yes, I work in nuclear power. Posting anonymously for a reason...

Another Big Red Button (1)

NeroTransmitter (1928480) | about 9 months ago | (#45062279)

Rightly put in the wrong place. Or is it wrongly put in the right place?, either way.

Dance Dance Radiation! (0)

Anonymous Coward | about 9 months ago | (#45062289)

Nuclear Mix!

Spent fuel pool cooling... (2)

Bugler412 (2610815) | about 9 months ago | (#45062405)

Means you have days to respond, not minutes. And a backup kicked in quickly, accompanied (I presume) with a lot of alarms and a very strong reprimand from management for "testing an interlock" Why is this news?

Can we just *PLEASE* start using passive cooling? (0)

mark-t (151149) | about 9 months ago | (#45062447)

Because then bonehead manoeuvres like this just won't be an issue.

Oh right... passive cooling reactors don't produce weapons-grade material as a waste by-product.

We wouldn't want to switch to energy systems that might actually have wholly peaceful implications, would we?

Re:Can we just *PLEASE* start using passive coolin (0)

Anonymous Coward | about 9 months ago | (#45062647)

I think I got dumber just reading your post.

There are issues with passive cooling; most of it has only been proven in mathematical models to work, and Westinghouse's AP-1000 (the most prominent passive cooling system out there) had to go through massive redesigns due to some partially valid complaints.

However, the issue is not switching between active and passive cooling. Most of the reactors in operation are older models that used active cooling. You can't upgrade them to passive because the cooling is the key design feature; you might as well just tear it down and build a new one.

So rather the issue to switching to passive cooling has absolutely nothing to do with producing weapons grade material, it has to do with the financials of building a new nuclear power plant and shutting down older models, which is not insubstantial ($5-$10B up front for 2-3 years with no revenue during construction during a global financial recession is a huge hurdle to overcome).

Re:Can we just *PLEASE* start using passive coolin (1)

mark-t (151149) | about 9 months ago | (#45062957)

I never suggested upgrading existing reactors... I realize that's impossible...

It's just damn annoying reading stories like this because passive cooling reactor technologies have existed for decades, and yet hardly anybody ever used them. We have an opportunity to change how we do things in the future, but given the past resistance to adopting such methods, I remain pessimistic that they'll actually start using far safer systems, in favor of what will give them the most money right away.

News Flash (0)

Anonymous Coward | about 9 months ago | (#45062453)

Guy makes mistake. Leads to nothing newsworthy. Press catches wind and destroys a reputation.

IT's time. (0)

Anonymous Coward | about 9 months ago | (#45062641)

The time has come for the world to take this problem on. The Japanese have failed at this so far, and it is far to important to allow foolish pride, and irresponsibility to get in the way. We need our international best and brightest on this now.

Emergengy Shutoff button? (1)

Kaenneth (82978) | about 9 months ago | (#45062653)

Without more details, I would guess that the button is actually a Big Red Button, that is, a safety feature of the pump system; in case something/someone clogs the intakes for example.

Reactor 4 has *unspent* fuel rods (1)

fche (36607) | about 9 months ago | (#45062675)

Remember, those were removed from reactor 4 for maintenance, sometime before the tsunami. That's a full reactor worth of live & hot fuel rods, in an open pool. Pretty crazy.

Power Plant! (1)

interval1066 (668936) | about 9 months ago | (#45062863)

Johnny unplugs the the main panel... "Just kidding"

Vista (0)

Anonymous Coward | about 9 months ago | (#45062999)

The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools, filled nearly to capacity as they are with over 12,000 spent fuel rods?

You are attempting to shut down a cooling pump. Cancel or allow?

Do we need a UAC for nuclear power plants as well? Do we want it to be as annoying as Vista?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...