Hacker News new | ask | show | jobs
by lkrubner 2551 days ago
Fukushima? That doesn't belong on the list. There is some limit to any engineering decision. Complaining about MCAS is totally reasonable, but it would be unreasonable to argue "The Air Max is not safe because if I hit it with enough Stingray missiles it won't fly anymore." Like, yeah? No kidding?

Fukushima was designed to survive the earthquake, and it did, it just wasn't designed to survive the earthquake and also the tsunami.
5 comments
mikekchar 2551 days ago
Fukushima survived the earthquake and even survived the tsunami. The generator got wiped out, but even that wasn't what ultimately led to the disaster. It was that the battery backup eventually ran out of power (not unexpected) and the connectors for recharging it were old and of a format that isn't used any more. There was no way of recharging the battery backup and so the pumps eventually failed.

It's one of those problems where there are literally a million things that could go wrong and since the emergency system is not used normally, it's easy to overlook a critical problem.

So I agree with you. Fukushima was not a design error -- or at least not a design error that could have been reasonably fixed at the time that the reactor was originally designed. It was an error in maintenance. Obviously better to have a design where loss of power doesn't cause a melt down, but I don't think that these were available when Fukushima was built. CANDU reactors existed at that time, but I think they were still considered experimental. Pickering came online in 1971, so basically at the same time as Fukushima. I'm not familiar with other passive designs, so possibly someone else can make an observation.

But basically, as far as I can tell, Fukushima was a reasonably normal nuclear power plant for the time it was designed. The Air Max seems to have suffered from problems because of design decisions that are not considered normal.

link
firethief 2551 days ago
> since the emergency system is not used normally, it's easy to overlook a critical problem.

This is a such an important antipattern when robustness is a goal.

link
mikekchar 2551 days ago
Totally agree. Done it myself more times than I care to admit. One small quibble, if I may. Originally "antipattern" used to mean something that looks like a good design pattern, but will actually bite you in the end if you used it as intended. This is not so much an anti-pattern as it is an unfortunate reality (you have to maintain compatibility with external interfaces for the length of the project). How much bit rot have I seen in my career?
link
firethief 2549 days ago
I was thinking of set-it-and-forget-it backup systems as the antipattern, as opposed to e.g. designs that regularly force the "backup" system into active use under controlled circumstances. The battery connector represents sort of a backup of the backup though, so it may not be a good example of what I was thinking of.
link
dreamcompiler 2551 days ago
But it could have been quite easily by simply siting the backup generators above ground. That was a stupid design error. Tsunamis are not unknown in Japan after all.
link
afthonos 2551 days ago
I refrain from using “simply” or “just” unless I am the person expected to design or fix the problem. Ahead of time. Saying after a disaster caused by the most powerful earthquake ever recorded in Japan[0] that the solution was “simply” to do some coincidentally simple-sounding thing is not credible.

[0] https://en.m.wikipedia.org/wiki/2011_Tōhoku_earthquake_and_t...

link
mikekchar 2551 days ago
Yeah, this is something that I think doesn't really resonate with people well. The reactor site is 25 meters above sea level. I'm not exactly sure how high the generators were, but they were well above the level that experts thought was safe at the time. The earthquake was a 1 in 1000 year event and so there was no data on record to help them model the resultant tsunami. In the years following the tsunami, the way people modelled waves radically changed based on the new data.

There are a couple of caveats. First, there were markers saying that an historic tsunami had come in much higher than models would have predicted. However, the are very old. It's just a rock stuck in the ground with some writing on it. Stuff like that is all over Japan (there are lots of markers around where I live -- I don't think anybody pays any attention to them at all. Probably we should, but usually they just mark boring stuff ;-) ). It's like seeing a roman road marker in Europe. Interesting, but not really note worthy. It's only after the tsunami that people saw the markers and said, "Holy cow. There's a marker here showing that a tsunami came up this far". Even then it's a far cry from seeing that to saying that we need to invalidate all our wave building models.

Secondly, I think there is some evidence that in a few years preceding the tsunami that researchers were getting worried that their wave models were not correct. I think it's even the case that nuclear plant companies were aware of this. When I first moved to Japan in 2007, there used to be a section of the Meteorological Agency of Japan that showed, among other things, a map of the farthest in a tsunami would theoretically go for all parts of Japan. It also listed maximum wave size for every single place along the coast. It noted places where sea walls were not high enough and estimated worst case damages and numbers of casualties. Around about 2009 it disappeared. I tried to find out where it went and the response I got was that it needed to be updated and that it would return at some point in the future. Of course, it never came back. At the same time, I've heard that literally a few years before the Tohoku earthquake that there was serious debate about whether or not the wave models were correct. However, I think it's pretty clear that in 1967 when they started construction at Fukushima they had absolutely no idea that they were building in a potentially unsafe area.

It really sucks and I think it's fair to say that as humans we probably have too much hubris when it comes to our science. That fact that you have no reasonable way of knowing that you are making a mistake doesn't mitigate the problems that result from that mistake.

link
afthonos 2551 days ago
Agreed. I think the background you shared shows one of the big problems in design: it's always easy to see the tsunami markers after the fact and say "the information was there all along". It's a lot harder to pick them out from a thousand information sources that are, a priori, just as compelling. Looking for those markers before design would have required looking at every bit of evidence at least as compelling as those markers, which would likely be cost-prohibitive.
link
pbhjpbhj 2551 days ago
FWIW dreamcompiler said "simply siting the generators above ground".

That doesn't mean it's easy to realise the need to do that action, it means it's not a _complex_ action in itself.

link
mikekchar 2551 days ago
It's actually kind of interesting. After the disaster, the nuclear power plant near me moved it's backup generators literally on the top of a neighbouring hill -- it's about 100 meters above the entire complex. And they made another backup one on another hill. Once you know the problem, it's not hard to fix it. I admit to being a bit worried that now the generators are too far away from the power plant so that when an earthquake happens (we're 50 years overdue for a regular terrible earthquake) it will be disconnected. The irony will be lost if it happens, I'm sure...
link
lispm 2551 days ago
> Fukushima was designed to survive the earthquake, and it did

untrue

It was designed to survive both a tsunami and an earthquake. Tsunamis often are caused by earthquakes.

That Fukushima survived the Earthquake is a myth. The plants had an emergency shutdown and there was very little time for a damage assessment, which would have taken weeks or months.

Whether the plant would ever have been restarted after the earthquake is unknown. It could have been a full loss, like several reactors in Japan, which will never be restarted.

link
VBprogrammer 2551 days ago
The plant lost electrical connection to the grid, of course it had an emergency shutdown. Otherwise they'd have had to have found some other method of dissipating megawatts of electricity.

The fact that other plants have not been restarted is at least as likely to be political as it is technical.

link
lispm 2551 days ago
> The plant lost electrical connection to the grid, of course it had an emergency shutdown. Otherwise they'd have had to have found some other method of dissipating megawatts of electricity.

A nuclear power plant always has an immediate shutdown in case of a strong earthquake:

'Japanese nuclear power plants are designed to withstand specified earthquake intensities evident in ground motion (Ss), in Gal units. The plants are fitted with seismic detectors. If these register ground motions of a set level (formerly 90% of S1, but at Fukushima only 135 Gal), systems will be activated to automatically bring the plant to an immediate safe shutdown.'

http://www.world-nuclear.org/information-library/safety-and-...

> The fact that other plants have not been restarted is at least as likely to be political as it is technical.

The words 'likely to be political' is no category in nuclear safety.

Take this example from 2008:

http://www.world-nuclear-news.org/C/Tepco_counts_earthquake_...

'Tepco's announcement yesterday included a section dedicated to the effects of the magnitude 6.8 Niigata-Chuetsu-Oki earthquake, which violently shook the Kashiwazaki Kariwa nuclear power plant on 16 July 2007. All seven of the reactors remained safe during the event, which caused huge damage to the region and several deaths. However, checks to establish the units' safety to return to service are proving very lengthy, and could continue into the latter part of 2008.

The ongoing inspections at Kashiwazaki Kariwa are to cost ¥122 billion ($1.13 billion) in FY2007. In addition, ¥25 billion ($233 million) will go on civil engineering repairs while a geological survey of the site is to cost a total of ¥2 billion ($18 million).'

Just the inspections after a safe shutdown for that nuclear power plant did cost more than 1 billion USD...

link
phs318u 2551 days ago
Though one might argue that the risk of tsunami is not independent of the risk of (certain kinds of) earthquake for pacific rim nations. Failure to take that into account might be considered a design decision.
link
the_mitsuhiko 2551 days ago
There were enough reports over the years that were buried which alerted about the earthquake and tsunami risk.
link