* RE: Nuclear Reactors & Blackout @ 2003-08-22 11:02 Lionel.DRAGHI 0 siblings, 0 replies; 20+ messages in thread From: Lionel.DRAGHI @ 2003-08-22 11:02 UTC (permalink / raw) To: comp.lang.ada | -----Message d'origine----- | De: Hyman Rosen [mailto:hyrosen@mail.com] ... | | Robert C. Leif wrote: | > Since Ada is readable, design errors become more apparent. | | As we remember from the Ariane 5 discussion, design issues are not | always apparent from reading the code. | Obviously, no programming langage can express directly all design decisions (and even less architecture decisions). But, as Robert said, since Ada is more readable (and more powerful), it capture more of those decisions than other programming langages. -- Lionel Draghi ^ permalink raw reply [flat|nested] 20+ messages in thread
* Nuclear Reactors & Blackout @ 2003-08-15 21:59 Robert C. Leif 2003-08-16 1:26 ` Alexander Kopilovitch ` (3 more replies) 0 siblings, 4 replies; 20+ messages in thread From: Robert C. Leif @ 2003-08-15 21:59 UTC (permalink / raw) To: Comp. Lang. Ada According to the US press, the reactors in New York State and other areas had to be shut down because there was a risk of an incident if the auxiliary power from the rest of the grid was lost. This approach to hazard analysis should be named Fail-For-Sure. Since France and other countries obtain much of their power from nuclear reactors, it is worthwhile to inquire what if anything they have done to eliminate Fail-For-Sure? And obviously, does the use of Ada help in eliminating Fail-For-Sure? Bob Leif Robert C. Leif, Ph.D. Email rleif@rleif.com ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-15 21:59 Robert C. Leif @ 2003-08-16 1:26 ` Alexander Kopilovitch 2003-08-16 5:35 ` John R. Strohm 2003-08-16 9:20 ` Preben Randhol ` (2 subsequent siblings) 3 siblings, 1 reply; 20+ messages in thread From: Alexander Kopilovitch @ 2003-08-16 1:26 UTC (permalink / raw) Robert C. Leif wrote: > According to the US press, the reactors in New York State and other areas > had to be shut down because there was a risk of an incident if the auxiliary > power from the rest of the grid was lost. Well, not exacly shut down, but nuclear plants should be detached from the damaged part of the power network as quickly as possible. Not because of lack of auxiliary power, but because jumps of the power are very dangerous for this type of electrical plants. So, it was proper and actually necessary action in this situation. > This approach to hazard analysis should be named Fail-For-Sure. Well, this was not "hazard analysis", it was mandatory emergency action. I think that that you statement is not just ignorant, but also arrogant. If I were a terrorist I would dream you become director of a nuclear plant. You may be good inventor and good scientist, but remember, that Chernobyl story began when scientist (physist, but without significant experience with real working nuclear plants) was assigned to a commanding position. He invented his owm method and procedure for testing. The result of that testing immediately became (in)famous worldwide. Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 1:26 ` Alexander Kopilovitch @ 2003-08-16 5:35 ` John R. Strohm 2003-08-17 1:58 ` Alexander Kopilovitch 0 siblings, 1 reply; 20+ messages in thread From: John R. Strohm @ 2003-08-16 5:35 UTC (permalink / raw) "Alexander Kopilovitch" <aek@vib.usr.pu.ru> wrote in message news:e2e5731a.0308151726.371b895f@posting.google.com... > Robert C. Leif wrote: > > > According to the US press, the reactors in New York State and other areas > > had to be shut down because there was a risk of an incident if the auxiliary > > power from the rest of the grid was lost. > > Well, not exacly shut down, but nuclear plants should be detached from the > damaged part of the power network as quickly as possible. Not because of lack > of auxiliary power, but because jumps of the power are very dangerous for this > type of electrical plants. So, it was proper and actually necessary action in > this situation. > > > This approach to hazard analysis should be named Fail-For-Sure. > > Well, this was not "hazard analysis", it was mandatory emergency action. > I think that that you statement is not just ignorant, but also arrogant. > If I were a terrorist I would dream you become director of a nuclear plant. > You may be good inventor and good scientist, but remember, that Chernobyl > story began when scientist (physist, but without significant experience > with real working nuclear plants) was assigned to a commanding position. > He invented his owm method and procedure for testing. The result of that > testing immediately became (in)famous worldwide. Alexander, with all due respect, this is an oversimplification. Part of the problem is that the people who designed the Chernobyl reactor had absolutely impeccable Party credentials, but did not know beans about reactor safety. They designed a reactor with a positive void coefficient of reactivity, which creates a built-in thermal runaway hazard, and thermal runaway is EXACTLY what happened at Chernobyl. The Chernobyl design is illegal in the United States of America, for damned good reason. Ed Teller, who wrote the law, figured that life would be simpler for everyone if reactors were simply not capable of thermal runaway at all. So all U.S. reactors are required to be designed with a negative void coefficient of reactivity. The U.S. has yet to experience anything even remotely resembling a Chernobyl accident. If you want more information, do a search on "void coefficent". Here are a couple of starters: http://www.nrc.gov/reading-rm/basic-ref/glossary/void-coefficient-of-reactiv ity.html http://www.world-nuclear.org/info/chernobyl/voidcoef.htm ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 5:35 ` John R. Strohm @ 2003-08-17 1:58 ` Alexander Kopilovitch 0 siblings, 0 replies; 20+ messages in thread From: Alexander Kopilovitch @ 2003-08-17 1:58 UTC (permalink / raw) John R. Strohm wrote: > > Chernobyl > > story began when scientist (physist, but without significant experience > > with real working nuclear plants) was assigned to a commanding position. > > He invented his owm method and procedure for testing. The result of that > > testing immediately became (in)famous worldwide. > ... this is an oversimplification. Well, I'd not call that oversimplification, because I did not say (and did not intend to say) that that single person was THE cause. As usual in catastrophes there was several significant factors, and that "testing" was detonator only. But that or likewise detonator was necessary for waiting catastrophe to happen actually. And I did not intend to describe Chernobyl here or compare against it, I simply pointed out that detailed knowledge and experience are significant for making strong technical judgement, and provided example, which shows that even scientific professionalism in one constituent domain may be not enough for making such judgements about very complex critical systems. >Part of the problem is that the people who designed the Chernobyl reactor >had absolutely impeccable Party credentials, but did not know beans about >reactor safety. They designed a reactor with a positive void coefficient of >reactivity, which creates a built-in thermal runaway hazard, and thermal >runaway is EXACTLY what happened at Chernobyl. Well, I heard about this. I did not try to learn those things myself, but I have no grounds for not believing this theory. I lost interest for the reactor side of that story when I saw the drawing - the plan of the plant's main building (where all 4 reactors were located) - so much I was impressed with that industrial architecture, it was something unbelievable for common sense. The events overall around that story showed me that there was omnipresent sense of relaxation around that doomed plant. You surely overestimate the role of vulnerable reactor's design in that actual catastrophe. Yes, probably it may be seen as the one of main factors, but no more. You probably heard about the Soviet Union's rigid administrative system, so you should wonder how it may happen that they in Chernobyl and Kiev did not report to Moscow about the catastrophe. It was another nuclear power plant (near Smolensk, several hundreds kilometers away), who discovered excess level of radiation, checked themselves thoroughly, found nothing, and then alerted Moscow. Well, there were many other things in this story, perhaps worth of telling, but then we'll go too far off-topic, so I will not continue this way. > The Chernobyl design is illegal in the United States of America, for damned > good reason. Ed Teller, who wrote the law, figured that life would be > simpler for everyone if reactors were simply not capable of thermal runaway > at all. So all U.S. reactors are required to be designed with a negative > void coefficient of reactivity. All that may be true, but I want to point on only one thing: that vulnerability of reactor was far from enough for a catastrophe, at least in the *working* general Soviet environment. It was only a potential for a catastrophe. > The U.S. has yet to experience anything even remotely resembling a Chernobyl > accident. I think that no country except former Soviet Union has that precious experience. > If you want more information, do a search on "void coefficent". Here are a > couple of starters: > http://www.nrc.gov/reading-rm/basic-ref/glossary/void-coefficient-of-reactivity.html > http://www.world-nuclear.org/info/chernobyl/voidcoef.htm Thanks, perhaps some day (or night -:) I'll look there. Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-15 21:59 Robert C. Leif 2003-08-16 1:26 ` Alexander Kopilovitch @ 2003-08-16 9:20 ` Preben Randhol 2003-08-16 16:21 ` Wes Groleau 2003-08-16 14:10 ` Dmytry Lavrov 2003-08-16 15:00 ` Robert I. Eachus 3 siblings, 1 reply; 20+ messages in thread From: Preben Randhol @ 2003-08-16 9:20 UTC (permalink / raw) Robert C. Leif wrote: > According to the US press, the reactors in New York State and other areas > had to be shut down because there was a risk of an incident if the auxiliary > power from the rest of the grid was lost. This approach to hazard analysis > should be named Fail-For-Sure. I read that it was the irregularity on the power grid which caused them to shut down to protect themselves? > Since France and other countries obtain much of their power from nuclear > reactors, it is worthwhile to inquire what if anything they have done to > eliminate Fail-For-Sure? And obviously, does the use of Ada help in > eliminating Fail-For-Sure? Sorry, don't know. But I thought this wasn't to do with software rather hardware and the elements? I think it is a general upgrade of the grid (and it's infrastructure) that is needed? In Norway we only have hydroelectricity (well except for the electricity we have to import during winter). The agecy for the electricity in Norway said a blackout with the same magnitude (relative to the size of the country and population of course) couldn't happen as the grid was more desentralised. I'm more worried about east Europe nuclear plants and their maintainance. And of course the heap of rusting Russian nuclear submarines up in north Russia close to over border. Preben -- �I think fish is nice, but then I think that rain is wet. So who am I to judge.� - The Hitch Hiker's Guide to the Galaxy (radioplay) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 9:20 ` Preben Randhol @ 2003-08-16 16:21 ` Wes Groleau 2003-08-16 17:10 ` Robert I. Eachus 0 siblings, 1 reply; 20+ messages in thread From: Wes Groleau @ 2003-08-16 16:21 UTC (permalink / raw) > I read that it was the irregularity on the power grid which caused them > to shut down to protect themselves? Each section should disconnect from the grid if the grid threatens to demand from them more power than they can provide safely. If they are a net consumer, and the grid stops providing, they must shut down if their local demand would exceed capacity dangerously. The news reports made it sound like the automation to implement the above failed. But who can believe news reports? One dingbat for the longest time kept glibly informing us of the (correct) geographic spread of the outage and that (not even close) it affected eleven million people. How can anyone educated enough to be trusted with a mike not notice that eleven million is absurd for just New York, Ottawa, Toronto, and Cleveland alone? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 16:21 ` Wes Groleau @ 2003-08-16 17:10 ` Robert I. Eachus 0 siblings, 0 replies; 20+ messages in thread From: Robert I. Eachus @ 2003-08-16 17:10 UTC (permalink / raw) Wes Groleau wrote: > > Each section should disconnect from the grid > if the grid threatens to demand from them > more power than they can provide safely. If they > are a net consumer, and the grid stops providing, > they must shut down if their local demand would > exceed capacity dangerously. No that worked, and the grid fractured into multiple parts. I was just looking at a map of the pieces. (Whoops! Actually for the 1965 blackout: http://www.cmpco.com/about/system/blackout.html) Once that happened, as you point out, areas that were net consumers of electricity--at the moment when it happened were SOL. This probably did not apply to the PJD interconnect (Pennsylvania, New Jersey, and Maryland) because they tend to keep most of Conowingo Dam on-line idling to deal with peaking problems. There are probably other regional interconnects that do the same. Conowingo only generates 512 Megawatts, but its generators are significantly overbuilt by modern standards and can handle a short overload in the multi-gigawatt range. It had to in the 1965 blackout. Before the surges in the interconnects south of New York were balanced out, Conowingo exceeded three gigawatts out AND two gigawatts in, but each of those peaks was on the order of three or four cycles (1/15th to 1/20th of a second). Here is a half decent story on what happened. http://www.washingtonpost.com/ac2/wp-dyn/A63438-2003Aug15?language=printer The current thinking is that the trigger was a plant in Michigan. But the important point is that the Lake Erie loop can act as an amplifier for transients when heavily loaded. (Power normally flows east both north and south of the lake. But transients cause phase shifts, and if the shifts north and south of the lake are out of synchronization, a lot of power flows in a circle. During the blackout, it flowed first one way, then reversed direction... -- "As far as I'm concerned, war always means failure." -- Jacques Chirac, President of France "As far as France is concerned, you're right." -- Rush Limbaugh ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-15 21:59 Robert C. Leif 2003-08-16 1:26 ` Alexander Kopilovitch 2003-08-16 9:20 ` Preben Randhol @ 2003-08-16 14:10 ` Dmytry Lavrov 2003-08-16 14:26 ` Ludovic Brenta 2003-08-16 17:57 ` Robert C. Leif 2003-08-16 15:00 ` Robert I. Eachus 3 siblings, 2 replies; 20+ messages in thread From: Dmytry Lavrov @ 2003-08-16 14:10 UTC (permalink / raw) It's possible that blackout caused by software bug?(or it's surely by poor hardware devlopment?) Strange,but in europe and russia there is no so big blackouts(my friend had 360v in wallplugs,but it was locally caused by mistake with cables ;-). About Nuclear Plant: Whats,nuclear plant aren't connected with special buffer device and there is really some tanger for plant???????? I'm more worry about another things: If medical software are as buggy as USA power network(if not more buggest)i.e. one patient die on one system per 10 years,one per 3 day if we have 1000 patients,it's really bad. Medical soft are sometimes coded in C++(there was "first man killed by hackes " story in 1999 (or 2000?). How many patients killed by programmer...or more precisely,by manager that choose C++ for it) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 14:10 ` Dmytry Lavrov @ 2003-08-16 14:26 ` Ludovic Brenta 2003-08-17 12:21 ` Dmytry Lavrov 2003-08-16 17:57 ` Robert C. Leif 1 sibling, 1 reply; 20+ messages in thread From: Ludovic Brenta @ 2003-08-16 14:26 UTC (permalink / raw) According to the press here in Europe, it is perfectly possible that a similar blackout, of similar magnitude, occur here. The cause is not related to software (i.e. a blackout could occur even with 100% perfect software). A blackout would be the result of a number of factors. 1) Electricity cannot be stored (d'oh!) and therefore, there are dispatchers that are on watch 24 hours a day to match supply and demand. These dispatchers are usually country-wide. Their job is to ensure that the production of power is exactly balanced by the consumption, and that all electricity produced is properly carried over the grid. 2) The high-voltage lines in the grid have limited capacity; they overheat if too many ampers go through them (d'oh!). There are "fuses" that protect these lines against overheating. 3) All power stations in Europe are interconnected; they are all on the same high-voltage grid. This is done so that if one power station fails for one reason or another, other power stations can supply more power to make up for it. One third of Europe's power is from nuclear plants, but that's irrelevant. Thus, if there is a big surge in demand for electricity, some lines in the grid will shut themselves off in order not to melt down (I mean the *lines*, not the *power plants*). The other lines in the grid will then have to carry the extra power. They, in turn, run an increased risk of exceeding their nominal capacity, and may also shut themselves down. It would appear that the blackouts in the US were caused by such a surge in demand (hint: air conditioning devices throughout the US account for 30% of all electric power consumption). This was combined with the fact that the demand in electric power has increased by 30% in the last 10 years. And this was further combined with the fact that very little investment has been made, over the last 10 years, to increase either the supply capacity of power plants, or the bandwidth of the grid. Basically, it's like a giant fuse went off because of too much demand on the whole system. I've heard that one power plant went off-line, and that that started the whole process of quickly overloading the lines from all other power plants. Given the situation, I don't think that this is very important. I think other blackouts could, indeed *will* happen, whether or not a power plant goes offline in the future. It may very well happen that one day there is just too much demand and too little supply. This has happened before in California, albeit to a lesser scale. -- Ludovic Brenta. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 14:26 ` Ludovic Brenta @ 2003-08-17 12:21 ` Dmytry Lavrov 2003-08-20 20:45 ` Robert I. Eachus 0 siblings, 1 reply; 20+ messages in thread From: Dmytry Lavrov @ 2003-08-17 12:21 UTC (permalink / raw) Ludovic Brenta wrote: > > According to the press here in Europe, it is perfectly possible that a > similar blackout, of similar magnitude, occur here. The cause is not > related to software (i.e. a blackout could occur even with 100% > perfect software). A blackout would be the result of a number of > factors. > > 1) Electricity cannot be stored (d'oh!) and therefore, there are > dispatchers that are on watch 24 hours a day to match supply and > demand. These dispatchers are usually country-wide. Their job is > to ensure that the production of power is exactly balanced by the > consumption, and that all electricity produced is properly carried > over the grid. > > 2) The high-voltage lines in the grid have limited capacity; they > overheat if too many ampers go through them (d'oh!). There are > "fuses" that protect these lines against overheating. > > 3) All power stations in Europe are interconnected; they are all on > the same high-voltage grid. This is done so that if one power > station fails for one reason or another, other power stations can > supply more power to make up for it. One third of Europe's power > is from nuclear plants, but that's irrelevant. > > Thus, if there is a big surge in demand for electricity, some lines in > the grid will shut themselves off in order not to melt down (I mean > the *lines*, not the *power plants*). The other lines in the grid > will then have to carry the extra power. They, in turn, run an > increased risk of exceeding their nominal capacity, and may also shut > themselves down. > > It would appear that the blackouts in the US were caused by such a > surge in demand (hint: air conditioning devices throughout the US > account for 30% of all electric power consumption). This was combined > with the fact that the demand in electric power has increased by 30% > in the last 10 years. And this was further combined with the fact > that very little investment has been made, over the last 10 years, to > increase either the supply capacity of power plants, or the bandwidth > of the grid. Basically, it's like a giant fuse went off because of > too much demand on the whole system. > > I've heard that one power plant went off-line, and that that started > the whole process of quickly overloading the lines from all other > power plants. Given the situation, I don't think that this is very > important. I think other blackouts could, indeed *will* happen, > whether or not a power plant goes offline in the future. It may very > well happen that one day there is just too much demand and too little > supply. This has happened before in California, albeit to a lesser > scale. > > -- > Ludovic Brenta. Heh,if net are overloaded,SUPPLIES are diconnected??? Why not disconnect some towns to save network (as in xUSSR "-)?? What's , USA network are so simple and based on plants connected in parallel ,works as one plant,and towns in parallel,works as one consumer? If so,it's simply idiotism. There is so simple to make non-buggy (by overloading) network: let's each supply provides energy for nearest towns(let's call it "sector"),and maximal power of towns = power of supply.When supply aren't 100% used,some energy are transmitted to other regions.If supply are overloaded by local towns,it's only consumes energy from another plants.There are buffers between sectors that newer overlod plants,only transmits as many energy as sector aren't uses. And if one sector are overloaded,when it's overloaded more than can get from another sectors,some non-critical pards of the sector are disconnected,and other sectors aren't overloaded. In Russia,there are as many short circuits a year,and we should have blackouts every week if network work same way as in USA. I don't sure that it's blackout caused only by overloading Another reason why USA shutdown may caused: Storing problems(load-not-in-phase problems): It's AC lines! And in AC line,if one connected a 1000W light bulb,power transmitted in cables are 1000VA. If one connected 1000W motor,or transformer/computer/etc,power in cables may be far highter than 1000VA. For example,if i will connect capacitor to the wall plug,power consumed=0;and power of generator/substation needed<>0,and current in cable<>0.I can blow fuses without consumtion of energy. Main problem that energy ARE stored,but for short time. Synchronisation/phase problems: And how AC lines are synchronised? If they are 100% in phase,there is no current in lines(cable have inductance!). So,to transmit energy,they should be not-in-phase. But if they are TOO not in phase,there are BIG overloading of lines. Another synchronisation problem: many PulsedPowerSupply are used(ex. in your computer).There are standard for freqency of osscilator in PPS.And,if they all will be synchorinised,it's will be VERY bad.(i don't sure if it's possible). All these problems may cause global blackout with "help" from software bugs. I have read book about it,but i fogot how to write author's name..Haily,Heily,,sorry for my poor english, accordinly to this book,it's caused by heroic idiotic managers(good guys in this book) that are overloading plants and lowering voltage in network until AUTOMATIC SAFETY system stop these idiots! Dmytry Lavrov. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-17 12:21 ` Dmytry Lavrov @ 2003-08-20 20:45 ` Robert I. Eachus 0 siblings, 0 replies; 20+ messages in thread From: Robert I. Eachus @ 2003-08-20 20:45 UTC (permalink / raw) Dmytry Lavrov wrote: > Heh,if net are overloaded,SUPPLIES are diconnected??? > Why not disconnect some towns to save network (as in xUSSR "-)?? > What's , USA network are so simple and based on plants connected in > parallel ,works as one plant,and towns in parallel,works as one > consumer? If so,it's simply idiotism. > > There is so simple to make non-buggy (by overloading) network: > let's each supply provides energy for nearest towns(let's call it > "sector"),and maximal power of towns = power of supply.When supply > aren't 100% used,some energy are transmitted to other regions.If supply > are overloaded by local towns,it's only consumes energy from another > plants.There are buffers between sectors that newer overlod plants,only > transmits as many energy as sector aren't uses. And if one sector are > overloaded,when it's overloaded more than can get from another > sectors,some non-critical pards of the sector are disconnected,and other > sectors aren't overloaded. In Russia,there are as many short circuits a > year,and we should have blackouts every week if network work same way as > in USA. I hate to say it, but simple, straightforward, and unworkable. The problem is best described as the distributed properties of the network. All of the interactions between generating stations and power consumers occur at transmission line speeds. (Which are significantly slower that the speed of light in a vacuum, but not enough to help. Call it 1/2 to 3/4 c depending on the type of line.) When you detect an overload at a generator, even if you could break a circut and shed some local load, the overload "in the pipe" of the transmission line may be enough to burn out the generator. Of course, if you have studied, or worked with, high voltage power transmission, you know that breaking the circut and making it stick is a non-trivial operation. In the 1965 blackout, NYC was drawing 3 Gigawatts from the TVA. This was being distributed over the PJM interconnect, but they needed to be able to break the circut if something like this happens. Imagine a twenty foot high circular tank about 4 feet in diameter filled with oil and with baffles and a blowout panel on top. (The baffles are designed to catch as much oil as possible while letting the gasses and plasma out.) Through this tank bottom to top pass four 1/2" by 3" copper bars arranged in a square. Fill the tank with oil, and suspend a 1/2 pound block of C4 in the center of the hollow square, about 5 feet from the bottom. That is your basic 1 Gigawatt breaker. (Actually rated at 5,000 amps load at 330 KV.) There were three of these sitting near the border between Pennsylvania and New York State. One of the power engineering magazines had a picture of one being tested, and about a year later, a picture of the actual devices firing. (No big trick, they had a TV camera showing these breakers in the PJM interconnect control room, and a movie camera triggered when the arming circut blew the breakers.) I may have told this story before, but I lost a bet with my father over the day the blackout would happen, my brother was in the pool as well, but we had all picked days that week over a month before. I won't go into all of the details, but ConEd had two big nuclear plants down for refueling, a judge had some coal fired plants owned by the Transit Authority shut down for pollution reasons, and it was the week after daylight savings ended. So think of the power from Naigra Falls flowing through transmission lines to NYC as an express train. Throwing any breaker along the way converts it into a runaway train that is going to destroy whatever it dead-ends into. You have to have something to sacrifice at the end of the line, and deadending into houses or most commercial loads is going to cause disasters. You have to have some breakers like the ones I described above that can take the load and terminate it. The arcing lasted for milliseconds, and the total energy quenched was over 100 times the explosive energy of the C4. PJM shed load at Conowingo and elsewhere until the TVA could back off what they were delivering, and so there were no major power failures south of Trenton, NJ. The instantaneous demand from New York when those breakers went was 3 million amps. (Yes, that is an instantaneous demand equivalent to several hundred nuclear power plants. The problem as I said was that the Lake Erie Loop can become an amplifier. The pulse that flowed down the line became a peak followed by a trough that reversed voltage.) As long as you refuse to run interconnects in or near amplifying states, the normal procedures are fine. But once you have an actively amplifying network you are up the creek. Right now they are looking at three transmission lines in Ohio that shut down a couple of hours before the main event as the trigger. My bet is that they will find that those failures set the stage, and the next sneeze, even bringing one of those lines back into operation, caused the actual event. The Lake Erie Loop mentioned above consists of transmission lines both above and below Lake Erie, and yes, they do form a loop. The direction of power transmission in this loop reversed just before the blackout... -- Robert I. Eachus "As far as I'm concerned, war always means failure." -- Jacques Chirac, President of France "As far as France is concerned, you're right." -- Rush Limbaugh ^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: Nuclear Reactors & Blackout 2003-08-16 14:10 ` Dmytry Lavrov 2003-08-16 14:26 ` Ludovic Brenta @ 2003-08-16 17:57 ` Robert C. Leif 2003-08-17 7:23 ` Hyman Rosen 1 sibling, 1 reply; 20+ messages in thread From: Robert C. Leif @ 2003-08-16 17:57 UTC (permalink / raw) To: 'Dmytry Lavrov', Comp. Lang. Ada I instigated one of the few medical software projects in Ada (www.newportinstruments.com Ada_Med section see the last paper, "The development of software in the Ada language for a midrange hematology analyzer"). Much to my joy, the software was completed before the hardware. Having been in this industry, I should note that the greatest virtue of the use of Ada is it results in the resignations of the C++ hackers. I am starting a new instrument in Ada. The C++ code that I have received from the vendors should NEVER be used in a medical device. The commercial software for controller board for my servomotor has the interesting feature that the board can apply the full 10 volts to the servo-amplifier at startup. This results in the rotor reaching top speed, ca. 3,000 rpm, with a 9 kilogram rotor with no simple means to slowly decelerate it. This is enough to make one a true believer in Ada! Bob Leif Robert C. Leif, Ph.D. Email rleif@rleif.com -----Original Message----- From: Dmytry Lavrov [mailto:m31415@mail.ru] Sent: Saturday, August 16, 2003 7:10 AM To: comp.lang.ada@ada.eu.org Subject: Re: Nuclear Reactors & Blackout It's possible that blackout caused by software bug?(or it's surely by poor hardware devlopment?) Strange,but in europe and russia there is no so big blackouts(my friend had 360v in wallplugs,but it was locally caused by mistake with cables ;-). About Nuclear Plant: Whats,nuclear plant aren't connected with special buffer device and there is really some tanger for plant???????? I'm more worry about another things: If medical software are as buggy as USA power network(if not more buggest)i.e. one patient die on one system per 10 years,one per 3 day if we have 1000 patients,it's really bad. Medical soft are sometimes coded in C++(there was "first man killed by hackes " story in 1999 (or 2000?). How many patients killed by programmer...or more precisely,by manager that choose C++ for it) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 17:57 ` Robert C. Leif @ 2003-08-17 7:23 ` Hyman Rosen 2003-08-17 19:04 ` Robert C. Leif 0 siblings, 1 reply; 20+ messages in thread From: Hyman Rosen @ 2003-08-17 7:23 UTC (permalink / raw) Robert C. Leif wrote: > that the board can apply the full 10 volts to the servo-amplifier at > startup. This results in the rotor reaching top speed, ca. 3,000 rpm, with a > 9 kilogram rotor with no simple means to slowly decelerate it. This is > enough to make one a true believer in Ada! So the board can do this because the software has a coding error? The program is doing something illegal that allows this to happen? ^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: Nuclear Reactors & Blackout 2003-08-17 7:23 ` Hyman Rosen @ 2003-08-17 19:04 ` Robert C. Leif 2003-08-18 14:42 ` Hyman Rosen 0 siblings, 1 reply; 20+ messages in thread From: Robert C. Leif @ 2003-08-17 19:04 UTC (permalink / raw) To: 'Hyman Rosen', comp.lang.ada I believe that this would be considered a gross design error. I suspect that it is software. Bob Leif Robert C. Leif, Ph.D. Email rleif@rleif.com -----Original Message----- From: Hyman Rosen [mailto:hyrosen@mail.com] Sent: Sunday, August 17, 2003 12:23 AM To: comp.lang.ada@ada.eu.org Subject: Re: Nuclear Reactors & Blackout Robert C. Leif wrote: > that the board can apply the full 10 volts to the servo-amplifier at > startup. This results in the rotor reaching top speed, ca. 3,000 rpm, with a > 9 kilogram rotor with no simple means to slowly decelerate it. This is > enough to make one a true believer in Ada! So the board can do this because the software has a coding error? The program is doing something illegal that allows this to happen? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-17 19:04 ` Robert C. Leif @ 2003-08-18 14:42 ` Hyman Rosen 2003-08-18 22:36 ` Robert C. Leif 0 siblings, 1 reply; 20+ messages in thread From: Hyman Rosen @ 2003-08-18 14:42 UTC (permalink / raw) Robert C. Leif wrote: > I believe that this would be considered a gross design error. > I suspect that it is software. But then why would a gross design error make you a believer in Ada? I could understand that if the C++ code was erroneous you would belive that using Ada would prevent those problems from occurring, but why would Ada prevent the board from applying 10 volts to a servo-amplifier at startup? ^ permalink raw reply [flat|nested] 20+ messages in thread
* RE: Nuclear Reactors & Blackout 2003-08-18 14:42 ` Hyman Rosen @ 2003-08-18 22:36 ` Robert C. Leif 2003-08-22 3:15 ` Hyman Rosen 0 siblings, 1 reply; 20+ messages in thread From: Robert C. Leif @ 2003-08-18 22:36 UTC (permalink / raw) To: 'Hyman Rosen', comp.lang.ada Since Ada is readable, design errors become more apparent. I should also note that, the average C lovers' mentality neither favors clarity nor the highest levels of safety. Bob Leif Robert C. Leif, Ph.D. Email rleif@rleif.com -----Original Message----- From: Hyman Rosen [mailto:hyrosen@mail.com] Sent: Monday, August 18, 2003 7:42 AM To: comp.lang.ada@ada.eu.org Subject: Re: Nuclear Reactors & Blackout Robert C. Leif wrote: > I believe that this would be considered a gross design error. > I suspect that it is software. But then why would a gross design error make you a believer in Ada? I could understand that if the C++ code was erroneous you would belive that using Ada would prevent those problems from occurring, but why would Ada prevent the board from applying 10 volts to a servo-amplifier at startup? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-18 22:36 ` Robert C. Leif @ 2003-08-22 3:15 ` Hyman Rosen 0 siblings, 0 replies; 20+ messages in thread From: Hyman Rosen @ 2003-08-22 3:15 UTC (permalink / raw) Robert C. Leif wrote: > Since Ada is readable, design errors become more apparent. As we remember from the Ariane 5 discussion, design issues are not always apparent from reading the code. > I should also note that, the average C lovers' mentality neither > favors clarity nor the highest levels of safety. *Shrug* Well, you would say that, wouldn't you? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-15 21:59 Robert C. Leif ` (2 preceding siblings ...) 2003-08-16 14:10 ` Dmytry Lavrov @ 2003-08-16 15:00 ` Robert I. Eachus 2003-08-17 2:30 ` Alexander Kopilovitch 3 siblings, 1 reply; 20+ messages in thread From: Robert I. Eachus @ 2003-08-16 15:00 UTC (permalink / raw) Robert C. Leif wrote: > According to the US press, the reactors in New York State and other areas > had to be shut down because there was a risk of an incident if the auxiliary > power from the rest of the grid was lost. This approach to hazard analysis > should be named Fail-For-Sure. Yes and no. The real problem is that the Northeast power grid is a collection of separately designed power plants, distribution lines, and substations. It is an emergent property of this system that under high load conditions, it becomes an amplifier. The next transient in the system, even if it comes from outside the grid, will get amplified to the danger point for connected power stations and even substations. These will then blow fuses to protect the equipment from meltdown. (Even though the generator casings will probably contain all that once rotating, now-molten copper, the generator will be so much scrap.) For nuclear power plants, the threatened meltdown is of the generators, not of the steam supply system. But once there is no external load, the reactor has to be shut down to reduce the amount of heat generated to something the cooling system can handle with no generator load. Couldn't the breakers just interrupt the power for a few milliseconds? No, that won't work. All the firecrackers going off create more transients to be amplified by the power grid, and everything disconnects from it. (If you have ever heard one of these breakers blow, it doesn't sound like a firecracker. More like a tank firing a supersonic main gun round.) Eventually, after a few seconds, the reactor could reconnect, but by then there is no load connected to the grid anywhere. The grid then has to be reconnected to an "island" with both one or more generating stations and a large load. Then individual substations and generating stations can be reconnected in a co-ordinated fashion keeping the load balanced with the available power. It is this balancing act that took most of the day that it took to restore power. The only way to avoid this problem is to keep sufficient "reserve" capacity on-line to avoid the instability. For decades this number has been known to be 15%. But when the Federal government got into the power "deregulation" business, they decided that that guideline was too conservative. Guess what, it isn't. It may be that, with computers in charge, 12% is manageable. In a few months we will probably know what the numbers were for New York State. The problem of course is that a 10% margin for the grid as a whole can result in some areas with negative reserve. When such an area gets large enough--read New York City and suburbs, the local amplification effects can overwhelm the balancing effect of reserve capacity elsewhere. The solution, of course, is to treat the grid as a whole as a system, and manage it to keep these areas of amplification from developing. But try and explain to the environmental extremists that those old coal burning plants in NYC have to be kept on line in these conditions. They don't actually need to be generating much, if any, power. It is the reserve capacity in terms of generators idling on-line that is needed. For example, this has never been a problem in Philadelphia, because of Conowingo Dam http://www.fieldtrip.com/md/0a457501.htm just a few miles down Route 1 from the city. The dam is used more as a peak load facility than base load. But the fact that it is so close to the city, and almost never run at full capacity, keeps the area relatively safe from the type of disruption that hit NYC. I say relatively safe, because when NYC goes, it puts a lot of stress on all the surrounding power grids. In 1965, one area in Northeast Philadelphia did lose power for about twenty minutes. It was too far from the moderating influence of Conowingo which is south of the city. Incidently, part of the moderating influence of Conowingo is that it is ancient, and the generators and turbines are overbuilt by modern standards. So there is all that rotating inertia on-line. -- Robert I. Eachus "As far as I'm concerned, war always means failure." -- Jacques Chirac, President of France "As far as France is concerned, you're right." -- Rush Limbaugh ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Nuclear Reactors & Blackout 2003-08-16 15:00 ` Robert I. Eachus @ 2003-08-17 2:30 ` Alexander Kopilovitch 0 siblings, 0 replies; 20+ messages in thread From: Alexander Kopilovitch @ 2003-08-17 2:30 UTC (permalink / raw) Robert I. Eachus wrote: > The only way to avoid this problem is to keep sufficient "reserve" > capacity on-line to avoid the instability. For decades this number has > been known to be 15%. But when the Federal government got into the > power "deregulation" business, they decided that that guideline was too > c onservative. Guess what, it isn't. This is just what I fear may happen in Russia in near future. The whole Russian electricity system is united now, and the main chief is a political heavyweight, well-known in Russia as the commander of mass privatization in 1991; and he is now fighting for somehow similar "deregulation" of the national electricity system. The effect may be true catastrophic, and then (if actually happens) may even have serious political consequences - initially internal, but then worldwide, even USA will be worried enough if things will go this way. Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2003-08-22 11:02 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2003-08-22 11:02 Nuclear Reactors & Blackout Lionel.DRAGHI -- strict thread matches above, loose matches on Subject: below -- 2003-08-15 21:59 Robert C. Leif 2003-08-16 1:26 ` Alexander Kopilovitch 2003-08-16 5:35 ` John R. Strohm 2003-08-17 1:58 ` Alexander Kopilovitch 2003-08-16 9:20 ` Preben Randhol 2003-08-16 16:21 ` Wes Groleau 2003-08-16 17:10 ` Robert I. Eachus 2003-08-16 14:10 ` Dmytry Lavrov 2003-08-16 14:26 ` Ludovic Brenta 2003-08-17 12:21 ` Dmytry Lavrov 2003-08-20 20:45 ` Robert I. Eachus 2003-08-16 17:57 ` Robert C. Leif 2003-08-17 7:23 ` Hyman Rosen 2003-08-17 19:04 ` Robert C. Leif 2003-08-18 14:42 ` Hyman Rosen 2003-08-18 22:36 ` Robert C. Leif 2003-08-22 3:15 ` Hyman Rosen 2003-08-16 15:00 ` Robert I. Eachus 2003-08-17 2:30 ` Alexander Kopilovitch
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox