World Is Ignoring Most Important Lesson From Fukushima

mdsolar writes "Kenichi Ohmae, an MIT-trained nuclear engineer also widely regarded as Japan's top management guru, is dean of Business Breakthrough University. In the CSM he writes: 'Fukushima's most important lesson is this: Probability theory (that disaster is unlikely) failed us. If you have made assumptions, you are not prepared. Nuclear power plants should have multiple, reliable ways to cool reactors. Any nuclear plant that doesn't heed this lesson is inviting disaster.'"

Correct

[geekoid]

Which is why modern reactors depends on gravity; which to the best of my knowledge has never been turned off.

Re:Correct

[sehlat]

Well, if you *could* figure out a way to turn off gravity, I'm sure the Nobel Prize committee, NASA, and a whole bunch of science fiction fans would be listening eagerly.

Re:Correct

[BagOBones]

That doesn't solve the problem of all the OLD reactors that are now past the original intended end of life for their design.

Re:Correct

[bobcat7677]

I think if gravity was turned off, we would have bigger problems then a few melting nuke reactors.

Re:Correct

[Mitchell314]

Right. Everybody's percolating coffee machines wouldn't work. Death would be a welcome reprieve should this horrible reality come into being.

Re:Correct

[ArhcAngel]

Nuke em...It's the only way to be sure.

Re:Correct

[Troggie87]

For those who don't follow reactor tech and don't know whats being talked about, liquid sodium reactors use literally a vat of salts and radioactive material in a magma-like sludge. There is a plug at the bottom of the vat with a melting point that is well above operating spec, but well within reach if the reactor lost cooling. If all other failsafes are disabled, the plug melts and all the molten sludge runs into 2-3 smaller tanks. The reaction then stops being self sustaining, and you just have to recover the containment units and repair the reactor. Its literally idiot proof barring a fault line opening a chasm beneath the plant or a direct asteroid impact.

There are also gravity-fed means of cooling conventional reactors, but I wouldn't call any of them fool proof. Liquid sodium seems like the best bet to me from a safety standpoint, at least as far as using up existing nuclear material. Thorium reactors show promise as well, but since we have a ton of reusable nuclear material liquid sodium would be my choice from a practicality standpoint.

Re:Correct

[hydrofix]

He is referring to a passive cooling systems (aka. convection cooling, gravity cooling or natural cooling). Such systems are great and essential safety feature in modern reactors, and Fukushima Daiichi actually had a passive emergency cooling system. However, with current technology such systems can only contain the decay heat for up to 72 hours. It is only a temporary system, giving technicians time to restore external power to cooling pumps. This can be problematic in a catastrophic situation (such as natural disaster).

Re:Correct

[sperxios10]

They US authorities on '60s started trying gravity on various types of reactors for many years (passive cooling) and it failed miserably all times. Download the excellent BBC's 1992 documentary on the subject A is for Atom, or watch it on YouTube.

It was after they had confirmed the problem that they started installing diesel generators to operate the cooling pumps. The problem was discovered also in USSR. Chernobyl erupted during an experiment to test the cooling apparatus while disconnecting the plant from grid.

The root cause of all this was that they designed the commercial Nuclear Plants by scaling the 60cm diameter Submarine Reactors into 3 meter or even more. That way, the multiplied the fuel mass x1000, and disregarded that fact they were no longer 100 meters deep below the ocean surface, something that would guarantee passive cooling simply by hydrostatic pressure.

Re:Correct

[Troggie87]

"Idiot proof" - right there you just lost a couple points. Build a better nuclear reactor and the world builds a better idiot. Not that I'm against nuclear reactors, I just agree with the original premise - failures *will* happen with any system. Multiple independent fail-safes and dead-man systems are necessary for a system like this.

Theres some truth to that, but i meant it in the sense that human interaction isn't needed in the slightest, nor is any real mechanical action other than liquid flowing downward. Its not like "modern" (as in what operates now) reactors, where there is a time limit on the response within which some human being has to respond. Every human being could vanish from the earth in an instant, and a liquid sodium reactor would turn itself off 100% of the time. You take the human out of the equation.

Re:Correct

[KreAture]

Actually, the plug in the bottom is not made of any other substance. It is simply reactor melt that is cooled by an external system to keep it from flowing.
You are correct however in that if, for any reason, external cooling of this "freeze plug" is stopped, the plug melts and the reactor content drains to split storage tanks stopping the reaction.
The stopping of external cooling may be due to all power generation is lost (no power to cooling), external system is destroied or ruined (natural disaster) or everybody on the plant has already left and the plant is left to fend for itself and fails (zombie invasion).

As you say however, it seems to me too, to be the best solution so far.

A benefit of Fukushima (if we look hard) is that the research on other types of reactors are now starting again, even though they can't produce nuclear weapons.

Re:Correct

[NeutronCowboy]

Molten salt reactors introduce a new problem though: the material is highly corrosive, and there are few materials that have even been tested that could provide a proper lifespan to the reactor. Furthermore, maintenance on the entire primary loop is like maintenance on the containment vessel for water cooled reactors: you just don't do it. This means that while the system is safer from a human fuck-up perspective, it presents brand-new engineering, construction and maintenance challenges.

Re:Correct

[Grishnakh]

The CSM is a very weird entity. It produces some really excellent journalism, however, the religious group behind it has some truly wacky beliefs regarding medicine resulting in denying their children access to medical care until it's too late. I don't really know what to make of it; maybe it's a good illustration that everyone is crazy in one way or another.

Re:Correct

[formfeed]

Right. Everybody's percolating coffee machines wouldn't work. Death would be a welcome reprieve should this horrible reality come into being.

Not to mention the screen tilt on your iPad!

Re:Correct

[Internetuser1248]

That's just the kind of reckless thinking that caused the failure in the first place. We must provide for EVERY contingency, no matter how unlikely! For the children!

Unfortunately unwashed masses that inhale fumes from coal plants every day go batshit insane when they hear 'nuclear' and politicians play along. I am all for closing all nukes at once. Maybe those ignorant hippies, who don't understand how the world they live in works and what greases its wheels, will learn something from blackouts, brownouts and less juice for their apple branded gizmos.

Basically a "suitable" site can't be:

* within 1 light year of anything else * actually engage in any sort of nuclear reactions * use the standing nuclear infrastructure for anything * produce any waste whatsoever. It produces clean drinking water, power, and air? BAD! BAAAAAAD! * "actually" nuclear in any way, shape or form. * use any technology that doesn't have at least 50,000 years of hardcore reliability testing * offend anyone's delicate sensibilities in any way

Basically there is no such thing as a "suitable" site for these people. Because the second someone says "nuclear" their head turns off COMPLETELY (if it wasn't already off) and the first thing out of their yap-holes is "bombs" "Hiroshima" "Nagasaki", "Three Mile Island", "Chernobyl" and now "Fukashima".

***
Is it just me, or are the nuclear power lobby on slashdot getting more and more emotional and less and less coherent?

Re:Correct

[Michael+Woodhams]

The reaction then stops being self sustaining, and you just have to recover the containment units and repair the reactor.

At Fukushima, the reaction stopped being self sustaining seconds after the quake, and minutes before the tsunami. It didn't save them. You can't just wash your hands and say 'problem solved' when the chain reaction ceases. Fission products will keep generating large amounts of heat for months afterwards. If your 2-3 smaller tanks have no way to lose this heat, they will eventually melt.

I'm not saying that these new reactor designs can't deal with this, but you need much more evidence before can claim it's "literally idiot proof".

Re:Correct

[dr2chase]

Suppose the reactor area is flooded, such that the plug is underwater (hence actively cooled by boiling water) but all other cooling systems are off-line. Reactor still safe? I think that violates one of the assumptions of the design, which is that the plug is only cooled if the cooling systems are (generally) working.

Error in translation?

[ceoyoyo]

Either there's an error in translation or the MIT trained nuclear engineer has forgotten what probability theory is.

Having multiple means of cooling a reactor sounds like a good idea, but that will only reduce the probability of disaster.

Re:Error in translation?

[laron]

Redundant systems are a good idea, but you should ask yourself if one event (or a common group of events, like an earthquake and a tsunami) can knock out all of your systems at once.

Re:Error in translation?

[sgrover]

Don't forget that Fukishima was TWO events happening at once (or close enough together to be counted as one). I think the design would have been fine if it was JUST an earthquake, or JUST a tsunami. But combined so close to each other was too much for the design.

Re:Error in translation?

[Sir_Sri]

Got it in 1.

The article even states, all of this would have been avoided if it had maintained even one connection to the grid. They had 5. Now they may have all failed at once because they were basically all the same and they weren't really redundant, but past this layer they had multiple generators at each reactor so even if the external power did fail there was something to go on.

He is sort of right, in the same way security researchers in computing systems talk about never assuming a system is secure. You need layers of defences, detection, prevention, repair, redundancy etc. But I don't think anyone disputes that, nor is there any evidence they didn't have those things. They may have implemented them badly, maliciously, but they picked a probability of failure and said 'that's good enough for the money we have'.

There are lots of theories about designing reactors that are fundamentally more safe, they won't have runaway heating for example (a by product of how uranium undergoes nuclear reactions, and how the reactors are built to deal with that). I'm not sure anyone is suggesting we should somehow not consider those designs superior in some way. But no matter what you design you can only build so much redundancy into the system. If your error tolerance is 1/10K years, then why not 1/100k years? Why not 1/1M years? With any physical thing there is a probability of something going really wrong. Suggesting otherwise is lying. You choose your risk tolerance. Ultimately the people who pay the bills have to decide what the risk is worth. If a nuclear reactor cost 100 billion dollars, and had a 1 in a billion chance of failing per year is that good enough? It could still get hit by a 1 in a billion event after all.

Re:Error in translation?

[ceoyoyo]

So the solution is a proper application of probability theory. Probability theory didn't fail. We failed to use it.

Re:Error in translation?

[NatasRevol]

If you're near any large body of water, they're very likely to happen together and should always be considered that way.

Re:Error in translation?

[Baloroth]

The risk tolerance should be for an event that causes significantly more damage in and of itself than the reactor meltdown would. Someone above mentioned an asteroid collision. An asteroid of significant size would cause far more damage than the destroyed reactor would. You can also make the engineering such that even in extreme failure conditions, the amount of radioactive spreading is minimal (although, again, an asteroid would pretty much splatter the uranium everywhere).

I would argue that the Fukushima disaster actually did meet this criterion: far more people were killed by the earthquake/tsunami than will ever be killed by the radiation (in fact, the disaster probably killed more people than all the nuclear reactor accidents ever put together) released, and the cleanup will be a fairly small fraction of the total cost of the disaster. Obviously, they could have been better designed and survived even this (a modern reactor would have), but the simple fact is a disaster bad enough to take out a well-designed nuclear reactor will dwarf the damage caused by the reactor malfunction itself.

The PR disaster is a different story.

Re:Error in translation?

[RightwingNutjob]

Too many people learn risk management like this:

The probability of a widget failing is 0.001. The cost of a widget failing for us is $1000. Therefore, we should budget $1 per widget to cover the expected failures.

Trouble is, this only makes sense if you make 10000 widgets. Then you expect 0.001 x 10000 x 1000= 1000x(10 +/- sqrt(10)) failures (assuming widget failures are independent and uncorrelated events, which means the expected number of failures follow a Poisson distribution), so if yo budget
$20000 = 1000 x (~10 + 3*sqrt(10)), you'll be covered 99% of the time.

Note that "99% of the time" means that if you make 100 production runs of 10000 widgets, and budget $20000 for covering failures on each run, you'll be good for 99 of those 100 runs, and you might be over budget on the 100th.

When you make exactly one widget, and it costs you $1000 if it fails, and you estimate that the probability of failure is 0.001, and you budget exactly $1 to cover failures, what you've done is you've wasted $1, and you're still not covered, because if your one widget fails, you don't have the budget to cover it.

There was exactly one Fukushima plant, and when you talk about risk analysis for something like that, anything that is remotely likely to cause a catastrophic failure needs to be fully accounted for, because there is no such thing as an amortized catastrophic failure. It either works or it blows up in your face, not a small percentage of your face.

Re:Error in translation?

[dr2chase]

It may be that "probability theory" tends to lead to assumptions that traditionally make the math more tractable -- independent events, not linked events, and assumptions about probability distributions (e.g., normal distributions). Those assumptions might not hold.

There was an article some years back in SIAM Review proposing that traditional structural analysis too often made the assumption of linearity -- literally, that you CAN push a rope. Suspension cables do not obey Hookes' law in compression, concrete does not in tension, and ships heaving all the way out of the water experience forces that are not linear with displacement. Modeling non-linear systems used to be impractical, so people would just assume linearity to make the math tractable.

Re:Error in translation?

[Jeremi]

You need layers of defences, detection, prevention, repair, redundancy etc.

... which is why "too cheap to meter" nuclear power is so bloody expensive. By the time you've built your defenses, detection, prevention, and redundancy (and gone through the 10-year planning process, paid off or muscled out the NIMBYs, settled the lawsuits, weathered the protests, and hired the highly trained nuclear technicians and emergency response personnel you'll need on hand at all times) you've spent so much money that it would have been cheaper to just build a different type of power plant and avoid the whole mess.

Re:Error in translation?

[Baloroth]

The amount for the cleanup I saw (glanced on Wikipedia) was around $13 billion USD (that might not include the cost of safely decommissioning the reactor, I couldn't find a good number for that, so that figure might just be radiation cleanup). The total economic cost of the earthquake was (by the World's Bank estimate) $235 billion. Obviously, until all is said and done and the reactor is completely decommissioned and the land cleared up, we won't know for certain, but chances are there is at least one order of magnitude difference in the costs. Granted, the nuclear cleanup is still an appreciable fraction of the total cost (and a lot of money no matter how you look at it... well, unless you're a US legislator), but again, the earthquake/tsunami caused far more damage and cost far more money than the nuclear meltdown.

Again, that reactor should have been replaced by something else a decade ago at least, and even then, it still shouldn't have failed if they'd done it properly, but the catastrophe that caused the failure was sufficiently powerful to dwarf the damage caused by the failure itself, which in the end is the only real standard you can establish for the safety of any power system. Contrast that with coal, which doesn't require any catastrophe to spew harmful emissions, or hydroelectric, which in one failure kill over 170,000 people (Banqiao Dam).

Reckless!

That's just the kind of reckless thinking that caused the failure in the first place. We must provide for EVERY contingency, no matter how unlikely!

For the children!

Re:Reckless!

[lgw]

From what I understand pebble-bed reactors don't even count on gravity-fed cooling. The reaction simply stops if it gets too hot, effectively setting a maximum temp that won't burn through concrete.

Of course, pebble-bed was more about demonstrating idiot-proof safety than practical power generation, but it would actually work just fine (if not as cheaply as more sophisticated designs).

Re:Reckless!

The "only" problem with pebble bed reactors is that if the pebbles are exposed to air, such as if the coolant is lost, they violently burst into flames and spew forth high radioactive and toxic smoke. Not exactly idiot proof if you ask me.

Re:Reckless!

[TheLink]

To prevent that from happening even if air leaks in, there's supposed to be a coating on ALL the pebbles that needs to be good and intact. I don't call that significant redundancy, hence I don't consider the design that safe.

Re:Reckless!

[TheTurtlesMoves]

The prototype pebble bed reactor in Germany was complete failure. Not only was there some serious leaks and breaches during operation, but it has also become a decommissioning nightmare. That was without anything going "seriously" wrong. They are not the magic nuclear energy elixir you have been lead to believe they are.

Re:Reckless!

[orzetto]

pebble-bed was more about demonstrating idiot-proof safety

Then it did not work very well, considering that one of the two pebble-bed reactor ever built and operated is classified as the highest beta-contaminated site worldwide. In the other one, the pebble design caused a number of issued with feeding, as pebbles would get lodged (maybe only 0.0001% of the time) and required, well, someone to open the tube and shovel'em. Letting out lots of radioactivity in the process.

That, and pebble-bed reactors are the only ones using compressors (as opposed to liquid pumps) in the primary circuit. Compressors are mean beasts and are not unknown to surge and explode, plus the most efficient type (the axial) has its highest efficiency at the closest point to the stall line.

Or use a different type of reactor....

[blunttrauma]

Or use a different type of reactor that doesn't rely on electricity for cooling. See any of Kirk Sorensen's liquid-fluoride thorium reactor talks on YouTube. His talk at Ted is a good 10,000 overview and only 10 minutes long: http://www.youtube.com/watch?v=N2vzotsvvkw

Which lesson?

[fahrbot-bot]

I'm guessing the first?

1. Never get involved in a land war in Asia.
2. Never go against a Sicilian when death is on the line.

That's an important lesson, but...

[Omnifarious]

But I think the most important lesson is that neither the nuclear power industry nor the regulators of that industry can be trusted to be at all truthful about the scope and scale of problems. They both have strong incentives to minimize the perception of such. This, more than anything, is the biggest and most important lesson that has broad applicability to almost any regulated industry.

Probability in reliability engineering

[Beryllium+Sphere(tm)]

A few voices in reliability engineering and safety engineering (not the same thing!) have warned that if you start producing figures that show that you can go a million years or more without an accident, that doesn't mean your product is safe, it means you've overlooked something.

Not even an anvil can live up to some of the probability estimates people have come up with for deployed systems.

That said, there's still such a thing as intellectual dishonesty. Large scale blackouts in industrialized societies are a known phenomenon (1965 eastern US, etc.) and should have been taken into account even if Japan weren't prone to natural disasters. Rumor has it that there's a plaque in the hills above Fukushima that says in effect "Water has come up this high in the past, don't build anything you care about lower than this level".

Too many protective measures

[rtaylor]

Fukushima taught me that Japanese Nuclear reactors may be too protected.

19,300 people died as a result of the tsunami. Fukushima has had minimal impact by comparison (573 related deaths thus far).

Diverting all of the safety protections away from the reactors (guaranteeing full meltdown of all 4) to add to safety protections around shoreline towns, oil refineries, chemical factories, could have saved thousands of lives reducing the 19,300 total.

Re:Too many protective measures

[Entropius]

This is an excellent post.

There was basically the biggest earthquake that the earth is capable of making, a tremendous tsunami that killed 20k people, and a 50-year-old power plant had some problems that added a couple of percent to the death toll? This is a tragedy, certainly, and we need to work on making reactors that don't do that. But it is hardly a condemnation of nuclear power.

Re:Too many protective measures

[AmiMoJo]

That's fine if you only care about deaths. If you actually lived there and found your home was no longer habitable, your job was gone and you had to live in crappy rented accommodation where your children can't play outside... Well, you might take issue with it. If you are a farmer or fisherman who can't sell their produce due to contamination it may bother you. If you are a tax payer facing a bill of trillions of yen to deal with it you could be quite upset.

Even Japanese companies and citizens that are having to deal with power shortages may be troubled by the problems with nuclear power there. One of the big attractions of wind, geothermal and solar in Japan is that even if a tsunami completely destroyed some installations it wouldn't require them all to be shut down - the danger just isn't there. Even if some are damaged by an earthquake the majority will be fine, so instead of losing 500+MW from a single reactor going offline you lose a few tens of megawatts from a couple of downed turbines.

The Black Swan

[The+Living+Fractal]

Events like that have been dubbed as Black Swans by author Nassim Taleb... The lesson is essentially as stated: probability theory only works for certain types of scenarios. He calls the realm of these scenarios 'mediocristan' and the realm of scenarios where extreme events can take place 'extremistan'. Examples: Average distribution of human height is relatively predictable, and in mediocristan. But try to predict how much wealth one person has from one to the next and you'll suddenly run into a billionaire and completely destroy your nice little data set from the last thousand people you looked at.

Re:The Black Swan

[Entropius]

That has nothing to do with probability theory. It turns out that you can predict how much wealth people have from one to the next very neatly. Failure comes in when you assume that the distribution is Gaussian. It's not; it's log-normal. The billionaire is no more an outlier in that distribution than a pauper.

Some things have to survive ANYTHING

[msobkow]

One of the big reasons mil-spec software and equipment costs so much is it has to be designed to function no matter what happens. In no other industry is there a requirement for a monitor to take a .50 caliber shell and keep running, for example, or for hard drives to survive multi-story drops while running (which is what happens when a ship crashes down a wave.)

I am absolutely stunned that reactors aren't designed to the same stringent "failure is not an option" standard, given the consequences of a failure. It can and should be done if you're going to risk meltdowns. Every possibility you can think of needs to be accounted for.

After all, we're not talking about just poisoning the people around a failed facility -- we're talking about the possibility of leaving kilometers of land completely uninhabitable for decades.

Wrongheaded....

[NoKaOi]

Modern reactors already do the things this guy is suggesting. This guy is decades late to the party. I'm sure there will be 100 comments saying this by the time I hit submit, but the real lesson should be to build new plants with modern reactors, so that once built the old ones can be decommissioned *after* the new ones are built. The kind of attitude this guy has (I'm sure his real motivation is just to get attention) obviously scares people into not wanting new nuke plants built.

On the other hand, he's not very specific in the TFA. Perhaps is real life he has suggested a specific way to retrofit existing reactors with backup generators? Or is he just regurgitating crap that we were reading the day after the tsunami?

And Business Breakthrough University? SERIOUSLY? WTF is that? It reminds me of all those high priced fat loss pills that were developed by places like the "fat loss institute." Apparently anyone can file a DBA with the word institute or university in it. Does anybody really regard this clown as Japan's top management guru? Or am I wrong and this guy is actually dean of an accredited university?

One MIT Engineer to Another

I am an MIT trained nuclear engineer than specializes in Probabilistic Risk Assessment. The first thing we should note is the PRA has had many benefits for the nuclear industry. Once you calculate the risk, and understand the contributors, you understand how to make things safer.

http://mydocs.epri.com/docs/CorporateDocuments/SectorPages/Portfolio/Nuclear/Safety_and_Operational_Benefits_1016308.pdf

The thesis of this article has a few problems, though the conclusion isn't horribly off base. The first problem is that he believe probability theory was applied to ignore the risk of the tsunami. The opposite is true. In fact, probabilistic hazard assessment of the tsunami showed the site to be horribly under prepared in 2006 (10% chance of exceeding the design basis in 50 years or about 1 in 500 per year [which is high for nuclear reactors]). There were even more studies in later years before the tsunami hit. This was just plain bad management and shows what may happen when you ignore updated risk information.

http://enformable.com/2011/10/new-exposed-scandal-shows-tepco-calculations-in-2006-showed-probability-of-worst-case-tsunami-dramatically-increased-10-over-50-years-utility-took-no-countermeasures/

The main point though, that no matter how unlikely a single event is (in this case a tsunami), you ought to have some countermeasures, is not bad. That is why PRA is used in combination with deterministic defense-in-depth measures at well designed, operated, and managed nuclear reactors. Mobile emergency diesels should be available to all reactors and are in the United States. This is a feature that Fukushima did not have. At the end of the day though, ceoyoyo is right. Even with multiple methods of cooling a reactor, you can not eliminate the possibility of core melt and release of radionuclides to the public. You can only ensure the release is acceptably infrequent. This brings us full circle to the fact that using probability theory to focus on the high risk stuff is good and that Fukushima failed to do this.

That being said, even in the case of passively cooled reactors such as fast reactors, massive earthquakes (1 in 1,000,000 per year or less), could destroy the water tank or piping required for passive cooling to take place. I would argue that while one should not ignore earthquakes and other rare external events below a certain probability. The burden would be onerous to use events below 1 in 100,000 per year as a design basis. This is in line with previous regulatory safety goal and can be seen in use in debate over the transition break size rule. A plug for my journal article is below. If you are wondering which author I am, the hint is that I am not the NRC commissioner.

http://www.sciencedirect.com/science/article/pii/S0029549311008284

Re:What the hell?

[mlts]

Where the rubber meets the road is deaths per terawatt hours. Even with the disaster, nuclear remains well lower (0.04) than any of the other mainstream energy sources (coal's world average is 161, oil is 36).

With nuclear having 900 times fewer deaths than oil, this shows that something is being done right.

The problem is that with all the fear around nuclear reactors, no new, safe ones are built, so we are left with maintaining venerable designs designed barely after WWII with far fewer safety features.

The insanity of this shows when one compares this with other industries. It would be ridiculous to claim that aircraft are fundamentally unsafe and banning any new design to be made, only allowing biplanes from WWI to keep in the skies. Or saying how pathetic an automobile is while barring anything newer than a steam engine.

Probability didn't fail, gamblers did

[TheCarp]

I ran a poker game for about 6 years. I have seen this before. Its not probability that failed, its your use of it that did. Low probability events happen with great regularity on the long run. A poker player that is willing to bet his entire stack on anything less than the nuts, even if there is only one hand out of the enitire deck that could beat him.... if he sees that situation enough times, he will still loose that hand that one time out of 250 or so.

So.... maybe you bet your whole stack in a tournament, but....you never sit down with your whole bankroll. That is just bad bankroll management....or bad risk assessment...whatever you wanna call it.

They don't call em 100 year floods because they never happen. They call em that because they seem to be of a size you only see every 100 years or so. However... you have to remember how the odds work. Just because he had pocket aces last hand, doesn't mean he doesn't this hand. What are the odds? 1 in 250 or so times 1 and 250 or so (assuming a good shuffle etc) ... pretty unlikely... but its happened to me.

Common cause failure+just 2 generators per reactor

[tp1024]

Fukushima had nothing to do with probability theory being wrong. Ask google scholar for "common cause failure nuclear" and the oldest citation on the very first page is from 1976. This is age old stuff.

Now look at the greenish boxes on this picture:
http://www.tepco.co.jp/en/news/110311/images/110519_2_2.jpg

Those are 7 of the 13 diesel generators about to be flooded. Besides those, there was just one generator in the basement of each turbine building. Only one generator survived (in reactor building #5 - providing power for decay heat removal there and for reactor #6) and this is not surprising. Put all your eggs in one basket and you're in trouble when the basket drops.

The problem was a simple matter of not having enough generators and not putting enough distance between them. Following the most stupid and simple-minded rule imaginable - that of having a distance of 50m or 100m between each emergency generator and having at least 3 generators per reactor (in Germany there are at least 4 for each reactor), you would have ended up with generators on the hills behind the reactors, because there is no room for them anywhere else.

I have no problem with having emergency generators next to the coast or in a basement. Both are potentially sheltered positions from some sort of accident - just not from a tsunami. That's why you should have a diverse set of several emergency generators, if possible based on different designs. (What if you run out of diesel or your most recent diesel delivery was spoiled?)

All the better if you have a modern reactor, like the Russian AES-92 or AES-2006 designs (from 1992 and 2006 respectively) that can remove decay heat without any active systems. (That's right, the Russians a ahead of the game, thanks to not treating research in nuclear power as a waste of money, as it is in the US and EU.)

Found a perfect place for a nuclear reactor...

[slew]

Unforutnatly, it doesn't meet all of your criteria...

* only 8 light minutes from earth (closer than 1 light year)
* actually engages in nuclear reactions (although you didn't specify fusion vs fision)
* doesn't use current nuclear infrastructure (check!)
* produces lots of waste (e.g., low energy cosmic rays)
* is actually "nuclear" in the fusion sense (but not fission sense)
* uses techology that has billions of years of hardcore reliability testing (check!)
* generally doesn't offend anyone's delicate sensibility (other than basement dwellers and vampires)

For now, I'll keep this perfect place a secret, because as soon as people find out about it, people are gonna protest and want to have it shut it down...