The last sentence from this piece is just beautiful, it has become my personal motto:
For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.
It captures in a capsule form the reasons for a huge fraction of all the big engineering catastrophes, maybe even most of them. For everyone interested in similar case studies, and in reliability from a wide engineering perspective, I strongly recommend the book "Design Paradigms: Case Histories of Error and Judgment in Engineering" by Henry Petroski.
We've had three meltdowns in 40 years, about one per 13 years so far.
This is not a fair comparison. The shuttle was a bad design, with a high failure rate, and it doesn't make any sense to lump it in with tried-and-true rockets, which have a far lower failure rate. Similarly, it doesn't make sense to lump the dangerous RBMK reactor design used at Chernobyl with the far safer reactors designed in the West.
How many people died in flight during the Apollo missions? The answer is the same number that died as a result of the events at Three-Mile Island and Fukushima: zero. Design matters, and if you're trying to be objective on this topic, you have to distinguish between good designs and bad ones.
Also, not all meltdowns are created equal, as your post suggests. If you look at Three Mile Island on Google Maps today, you'll see all sorts of arable cropland in active use all around the site.
EDIT: Why the downvote? Is there anything I've said that isn't factual?
I really don't think you want to use Three-Mile Island as some sort of exemplar of safe technology:
The lessons of Three Mile Island have been, for the most part, forgotten. The nuclear industry changed and improved somewhat, but the deep understanding of what went wrong was lost on the public in general and the real lessons that we could have learned as a society were, too. The financial mess we are experiencing right now isn’t all that different from Three Mile Island. If we’d taken better to heart the true lessons of TMI we might not be in our present jam.
Looking back at the accident with the benefit of knowing what it took to clean it up and what the workers found when they were finally able to send robots inside the containment, the TMI accident was very bad indeed. There were pressure spikes during the accident that would have cracked an average containment vessel, releasing radioactive gases into the atmosphere. Fortunately the Unit 2 containment wasn’t average. TMI-2 was built on the final approach path to Harrisburg International Airport, a former U.S. Air Force base, and was therefore beefed-up specifically to withstand the impact of a B-52 hitting the structure at 200 knots. A normal containment would have been breached.
TMI wasn’t caused by a computer failure but the accident was made vastly worse by an error of computer design. Specifically, TMI-2 had a terrible user interface.
What happened at Unit 2 was a little more complex. A cascading series of events caused the computer to notice SEVEN HUNDRED things wrong in the first few minutes of the accident. The ONE audible alarm started ringing and stayed ringing continuously until someone turned it off as useless. The ONE visual alarm was activated and blinked for days, indicating nothing useful at all. The line printer queue quickly contained 700 error reports followed by several thousand error report updates and corrections. The printer queue was almost instantly hours behind, so the operators knew they had a problem (700 problems actually, though they couldn’t know that) but had no idea what the problem was.
I don't think you understood my point at all. I'm not saying that any nuclear incident is minor, or that there will never be one again.
A Chernobyl-style incident will never happen with a LWR reactor. That much is known, and the experts - nuclear engineers - are unanimous on this point. Feynman's point was, "when judging risk, ask the engineers that actually design and build the technology, not the management." The article I linked to (http://users.owt.com/smsrpm/Chernobyl/RBMKvsLWR.html) was written by nuclear engineers (who were students at the time, but have been in their field for many years now). The article you linked to was written by ... a journalist that writes about the computer industry? Now I'm left with the idea that you have missed Feynman's point.
You're right. I don't think I understand your point because I don't think you know what your point is.
Are you trying to advance the theory that management had no hand in the terrible decision-making around TMI, including the numerous shortcuts that Cringely noted (nb: you are hardly using an engineering approach when you resort to ad hominem criticism of Cringely as a "journalist" without responding to any of the legitimate problems he noted). Or are you trying to advance the theory that no engineering mistakes were made at TMI?
And are you trying to advance the theory here that somehow, magically, management will not continue to make NASA-like management mistakes in current and future nuclear facilities?
Because if so, that's precisely Feynman's point, which you seem to be ignoring.
And c'mon, you're merely moving goal-posts around when you focus on the severity of Chernobyl vs TMI. That isn't speaking at all to how technology was misused in both instances by people making exactly the kinds of errors Feynman emphasizes.
> A Chernobyl-style incident will never happen with a LWR reactor [emphasis added]. That much is known, and the experts - nuclear engineers - are unanimous on this point [emphasis added].
Really? Never?Unanimous? That sounds like a really interesting engineering judgment. Could you kindly link to the unanimous consensus statement from nuclear engineers that support that strong but odd statement?
Because that sounds an awful lot like NASA management who claimed that the chances of loss of a space shuttle were so remote as to be negligible.
And your statement is even more curious when we read review papers like the one[1] from nuclear engineer Bah Sehgal[2] of the National Academy of Engineering, who concludes:
"The presently-installed LWR plants in Western countries have been addressing their safety performance from the day they were installed and operating...Clearly, not all the severe accident issues have been resolved for the presently-installed plants [emphasis added].
"The presently-installed LWR plants made improvements in components, systems, operator training, man-machine interface, safety culture, etc., thereby significantly reducing the probability of a severe accident occurring. They also instituted severe accident management backfits, systems and procedures, which are providing assurance of the elimination of an uncontrolled and large release of radioactivity even in case a severe accident occurs. Still, the presently-installed plants can not provide assurance of coolability of a melt pool/debris bed, which could be formed during a bounding severe accident. In that situation, the LWR owner can not assure the public that the accident has been terminated and that there is no further danger of the release of radioactivity. [emphasis added]"
Sorry. It is you with your pronouncements of never who is absolutely not getting Feynman's point whatsoever. In particular, he decried management and others with their own wishful pronouncements of never, which stood in stark contrast with the concerns of engineers who were well aware that there were quantifiable and real risks associated with their technology.
dmfdmf wrote the following right here on hn five years ago. I'm reposting for the benefit of those that won't click on his comment:
"As a former design engineer in the nuclear business I have to make the following comments;
1) The lessons of TMI are far from forgotten. TMI is one of the most studied accidents and the lessons learned are incorporated throughout engineering and technical training.
2) Anyone who claims TMI was worse than Chernobyl is an idiot. One of the major lessons learned from TMI was that the design basis and safety strategies of western reactors work. This despite the serious operator training and control room design flaws that were exposed by the accident.
3) Anyone who mentions Chernobyl and TMI in the same breath does not know what they are talking about. A few facts about Chernobyl; these RMBK reactors were originally designed to generate plutonium for bombs and then scaled up for electric power generation which created all sorts of operational problems. When I was an undergrad my nuke prof said the design was inherently unstable and an accident was inevitable. The western countries had tried for years to get them to shut them down. On the night of the accident the engineers disabled 4 or 5 safety systems in order to run a turbine spin down test. This test was ordered by Moscow and the previous lead engineer was fired for not completing it prior to the last planned shutdown.
4) TMI experienced a partial core melt. I read an engineering report after the accident that it was technically and economically feasible to fix the damaged reactor. The PR nightmare this would create dictated that it would not be fixed. Chernobyl's core was blown sky high by a steam explosion and fuel rods littered the plant site, thus killing the responding firemen with lethal doses of radiation. There is no dispute regarding which core had more damage.
5) The claim that the containment would have cracked due to "pressure spikes" except that TMI was specially reinforced to protect against aircraft impact is engineering nonsense. First, these are different design requirements and operate on different physical principles. Second, if the accident exposed such a serious deficiency in the design of "normal" containment buildings it would have resulted in the shutdown or at least a reduced operating power at all other plants of similar design. No such regulatory action ever occurred.
6) While it is scary to write about "releasing radioactive gases into the atmosphere" the reality is that such releases are pretty harmless. These gases are typically biologically and physically inert and quickly dissipate in the wind to harmless background radiation levels. One of the major lessons learned from TMI was that the more dangerous biologically active materials like radioactive iodine or potassium do not escape and tend to stick to other material even in a core melt. That is if you have a containment building, unlike Chernobyl.
7) It is insulting to say that the operators did not know what was going on with the reactor "so they guessed" as if they started pushing buttons and pulling levers willy-nilly. The operators knew that the information they were receiving was not complete or wrong. The biggest problem was that their training was flawed and incorporated an assumption that was incorrect -- thus leading them to take actions that made the situation worse.
About the only thing that I agree with Cringely on is that we should be building nuclear reactors now."
I reckon your kind, single posting to HN from a "design engineer in the nuclear business"... who thinks the events leading to a partial nuclear meltdown at a LWR like TMI reflect a kind of engineering triumph and the kind of statistical confidence (that Feynman calls out) that would lead engineers to conclude that LWRs could never suffer a nuclear meltdown....instead of the requested posting of a link to a consensus statement about the impossibility of a major nuclear reactor accident by all nuclear engineers....is better than nothing.
Just kidding with you some. But I think we're done here. Have a nice day.
You and the parent for some reason also want to vehemently argue a really strange, irrelevant point, that Chernobyl was worse than TMI. Is that in dispute?
So what? The Apollo I fire was not as bad as the Space Shuttle disasters. Your point is....what?
Apollo I, Challenger, Columbia, Chernobyl, and TMI came about in large measure precisely as a result of the kind of silliness that Feynman decries, and that you and the parent for some reason don't want to address.
You do realise this is exactly the attitude to safety that Feynman calls out as having lead to the Challenger disaster, right? There were zero deaths from space shuttle accidents until that happened, so NASA dismissed all the close calls and unexpected issues that were warning them it wasn't as safe as their predictions claimed. To quote Feynman, "When playing Russian roulette the fact that the first shot got off safely is little comfort for the next."
Once we have inherently safe reactors powered by safer fuels, we'll be dope-slapping ourselves about those pressurized water uranium reactors while saying those same words.
Different designs matter. For example, airliners have gotten enormously safer over the years. You simply cannot conflate the safety record of 1930's airliners with modern airliners.
There were seventeen Apollo missions that flew (1 was cancelled due to a fatal ground accident so that leaves 2-17 plus the Apollo-Soyuz docking). There were no in-flight Shuttle fatalities in its first seventeen missions either.
You're worried about three meltdowns, but not the 2,000 nuclear weapons that have been detonated since the start of the atomic age? Compared to bomb tests, the fallout from nuclear power is a rounding error.
But let's review those three meltdowns. Three Mile Island didn't cause a single case of cancer. Chernobyl was a ridiculously unsafe design run with incredible incompetence. The WHO estimates it caused 40,000 cases of cancer and 4,000 deaths from those cancers. That may sound bad, but pollution from coal kills around 30,000 people each year just in the US. Finally, there's Fukushima. It's expected to cause 100-200 premature deaths from cancers. Remember, the cause of that meltdown was an earthquake-tsunami combo that killed almost 20,000 people.
If anything, shutting down nuclear power worsens public health. Demand for electricity isn't going to go down, so we end up burning coal, and coal plants are much worse than nuclear. From http://squid314.livejournal.com/292620.html:
According to the Clean Air Task Force, coal plants kill about thirty thousand people per year in the US through pollution (which causes respiratory disease). There are six hundred coal plants, so that's about 50 deaths per plant. These numbers are much higher - maybe even by an order of magnitude - in Chinese and third-world coal plants, which lack the US' stringent environmental restrictions.
Even in the worst-case scenario, nuclear power still does better than coal:
When you hit a nuclear plant with the fifth largest earthquake ever recorded, then immediately follow that with a twenty foot high tsunami, and then it explodes, it still kills fewer people than an average coal plant does every single year when everything goes perfectly.
There are lots of things that cause long-term harm to the environment: toxic chemicals, heavy metals, and yes, radioisotopes. If we want to enjoy a first-world quality of life, we have to accept some pollution. The least harmful energy source today is nuclear power.
I'd actually argue that the RMBK-1000 reactor is not horrifically unsafe, so long as it's operated within its design envelope - which is to say, for example, not overriding the automated safety systems. Had it been built with a containment vessel, I'd even argue it was within the safety margins of western reactors. Chernobyl was incompetent crew largely, taking a design well outside of its normal safety margins by shutting down nearly every safety system the reactor had - these choices compounded the design limitations of the reactor. Under no circumstances should the control rods have been removed all the way from the reactor - this single action caused the meltdown (combined with the graphite tips on the control rods).
We know the risks of nuclear power, if you do it wrong it does kill people, and salts the earth in the vicinity of the unit for generations. This is better in my opinion than killing people who live in the vicinity of a power plant as a course of normal operation.
A reactor complex like Fukushima has ~100 tons of reactor fuel per reactor, not counting spent fuel rods. Say 1000 tons total.
A bomb has a few kg of fissionable material, maybe 100,000 times less than a reactor complex. Do the math, if a reactor fails containment, the contaminants dwarf that of a bomb.
I think Fukushima contaminants have tripled the radioactive cesium in the Pacific still left over from the 2000 bombs you mention.
Nuclear is an outdated cold-war technology that won't compete with solar economically. They are slowly being phased out, down from 17% electric worldwide a few years ago to 10% now.
I don't think you addressed most of my points, but I feel I need to respond to what you've thrown out here.
Only 1-3% of a fuel rod's mass is fissile, and containment failure doesn't aerosolize a kiloton of fuel rods. Almost all the material stays at the site. While the smallest possible bomb is about 20kg of fissile material, actual bombs are an order of magnitude bigger. In addition, bombs cause neutron activation in the environment and create a mushroom cloud that lifts fallout into the stratosphere. The immediate effects are much worse and much more widespread.
You can say scary things like, "tripled the radioactive cesium in the Pacific", but Fukushima leaked around 9kg of cesium radioisotopes. Outside of the immediate area, there's no risk to marine or human life. From http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3341070/:
We address risks to public health and marine biota by showing that though Cs isotopes are elevated 10–1,000× over prior levels in waters off Japan, radiation risks due to these radionuclides are below those generally considered harmful to marine animals and human consumers, and even below those from naturally occurring radionuclides.
A useful measure of power plant capacity is the "terawatt", equal to one trillion watts. Coal kills 2500 times as many people per terawatt as nuclear. In fact, nuclear power has the lowest fatality per terawatt of any form of power in existence. Rooftop solar power has a per terawatt death rate ten times worse than nuclear power because of - I kid you not - people falling off roofs when installing the panel. Hydroelectric power has a worse fatality rate because of dams bursting and flooding people. Even wind power has a worse fatality per terawatt rate - seventy three people have died in windmill related accidents.
You responded with the economics of solar power instead of addressing my points about safety, but as far as I can tell, you're incorrect on that. By every measure I could find, solar was over twice the cost of nuclear. It would break the chart if it was shown on http://en.wikipedia.org/wiki/Template:Cost_of_energy_sources. While nuclear power has decreased recently, the reason is political ass-covering, not economics. And it's not solar that's picking up the slack. Fossil fuels are the winners: http://en.wikipedia.org/wiki/File:World_energy_consumption.s...
There are two reasons for this: 1. Fossil fuels are cheap, mostly because their cost to the environment and public health aren't priced in. 2. They are reliable base-band sources of power. Coal works no matter how cloudy it gets or how calm the wind is. Without reliable, predictable generation, wind and solar require expensive (and sometimes dangerous) energy storage systems. At best, they can only supplement base-band sources.
Well, this is certainly relevant to Feynman's essay.
You argue that nuclear power is safer than other forms because there haven't been any accidents that have killed a lot of people, yet. I would guess you would put the odds of a future accident at a probability similar to the NASA managers mentioned by Feynman. Feynman would respond that past avoidance of accidents doesn't mean you can say the probably of future accidents is negligible.
If nuclear is so "safe", why does the industry need liability limits where the taxpayers pay any damages above some minimal amount? Reactor operators should just buy insurance for the maximum possible damage an accident would cause. Of course they'd shut down if they had to do that.
You originally claimed that the fallout from bomb testing was "a rounding error" compared to the fallout from a nuclear accident. Now you accept that the radioactive cesium from Fukushima has tripled the cesium in the Pacific from all 2000 bomb tests? Not exactly a "rounding error". (although I agree, outside the immediate vicinity of the accident, the cesium isn't especially dangerous)
Regarding economics, simply look at the trends. Solar panels are getting cheaper at an insane rate. Nuclear plant construction costs have doubled over the past ten years. Even completely amortized plants are shutting down in the US because they can't compete, about five in the last year or two. Any taxpayers or ratepayers funding a new plant will never get their money back, as solar will be so cheap by the time the plant is ready to start up it will be instantly mothballed.
> By every measure I could find, solar was over twice the cost of nuclear.
So, please by patient with me, i'm not trying to make you look dumb or anything. It's just the from what I've researched, solar power pays for itself in 5-10 years depending on location. Meanwhile nuclear power has many externalities which are taxpayer-subsidized. It seems to me the reasons we haven't "gone solar" are not to do directly with cost, but of waiting until the technology is mature before investing gangbusters.
As for the dangers of storing electricity generated through solar energy, if a nuclear power plant can be run safely, couldn't an electrical storage plant also be run safely?
> Meanwhile nuclear power has many externalities which are taxpayer-subsidized.
And how many of those are taxpayer-imposed? Illogical and uninformed anti-nuclear activists prevent new reactors from being built, leaving us with increasingly dangerous old reactors or even more harmful coal plants. Political bullshit prevents breeder/burner reactors from making nuclear waste a manageable problem. Thorium gets no research money because it's useless for weapons.
That is ridiculous. Let's say DWave was even better in what it actually produced, but even worse in its PR: it creates a true quantum cumputer proof of concept.
But it is even worse at public relations and EVERYONE thinks that it is a scam with rigged demos. It has no credibility.
Now I ask you: in this thought experiment, is nature going to fund your quantum company, because you actually kicked nature's ass and proved a true quantum computer in concept?
No. You have to actually maintain real credibility, much as the space program did.
Nature can't be fooled, but Nature also doesn't fund shit. Whether the government, VC's, or the people, only people fund people.
I think you are not wrong for saying you need to convince the public for giant expenditures, but if all of those things are not doing as they pretend to be, people die and all credibility is lost anyway.
This is a sad reality, different from the "reality" in the sentence. So I have to say: this is a sad fact. But I love that sentence. The nature cannot be fooled eventually.
For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.
It captures in a capsule form the reasons for a huge fraction of all the big engineering catastrophes, maybe even most of them. For everyone interested in similar case studies, and in reliability from a wide engineering perspective, I strongly recommend the book "Design Paradigms: Case Histories of Error and Judgment in Engineering" by Henry Petroski.