If there is a worst case breach, and you have 0 psi behind the capsule, and 15 psi in front, then you will get rapid deceleration of the capsule. However, the deceleration may not be as catastrophic as some commentators have suggested.
Some youtubers have even demonstrated dramatic acceleration with ping pong balls or bearing balls in a tube. This is a bad analogy, because they do not take into account the mass of the capsule (which scales by r^3) in relation to the force on it (which scales by r^2). Applying realistic mass and areas to the capsule, the acceleration in such a worst case breach comes out to something like 1.4 g - which is the deceleration I get if I mash the brake pedal in my car. If you're sitting down and strapped in, then it would be uncomfortable but relatively harmless. Even if not strapped in, just smacking into a seat or table would cause limited harm. Of course, if you're standing up and walking down the aisle, then you will be in big trouble.
Even this calculation doesn't take into account the fact that the capsule is not intended to seal like a piston against the sides of the tube, thus any such pressure difference is unlikely to be maintained. Additionally, most leaks are likely to be slow, and this type of guillotine break can be engineered out by using designs and materials which tend to undergo hairline cracking before catastrophic failure.
Traditionally, silicon ICs consist of a single layer of transistors, with several layers of metal wire interconnects placed on top. In other words, the transistors are arranged in a 2D array over the surface of the die.
The major breakthrough in flash memory a few years ago, was the development of "stacked transistors". In other words, multiple independent transistors could be stacked one on top of the other. This now typically goes by the name "3D", with current products now being 32 or 64 layers stacked. The net result is that larger lithography can be used for the individual flash memory cells (leakage due to quantum tunnelling becomes unacceptable once flash cells become too small) improving SNR/endurance, while simultaneously increasing areal density.
There are two distinct ledgers which are effectively entirely separate from the point at which they diverged. Effectively, at the time of inception of the 2nd ledger, every bitcoin in existence became a "bitcoin1" and "bitcoin2". Bitcoin1s only exist on the 1st ledger. Bitcoin2s only exist on the 2nd ledger.
If you spend a bitcoin2 (more formally called "bitcoin cash" or BCH) then you still retain the bitcoin1 (bitcoin) that it was twinned with, and vice versa. At present there is a market for BCH, such that you can trade 9 BCH for 1 bitcoin. There is considerably less faith in BCH than bitcoin at present, hence the discrepancy in values.
In a nuclear power plant, an unplanned reactor trip is undesirable; it puts considerable stress on the plant, seriously disturbs the power grid (with increased risk of loss of mains power at the plant), and in may plant designs requires activation of multiple systems to manage the temperature/pressure shifts which result.
2 out of 4 control in this case means that the "safe" action should be initiated if 2 of the control systems issue a "safe" signal or no signal (e.g. due to a complete failure of a control chain). For example, if control chain 1 and 2 generate a "run" signal, but chain 3 is off-line for maintenance, and chain 4 generates a "trip" signal, then the plant will trip. This avoids spurious activation of the safety response due to a single control system malfunction.
If you have a 3 out of 4 system, where 3 systems must agree for an action to be taken - what happens if 1 system has a failure? You now have no redundancy, and any further hardware failure means that your control system will not be quorate and can't take any useful decisions. So, you will need to shutdown immediately following a single system failure, and even so there would be a small residual risk of a further failure during the shutdown sequence.
The advantage of the 2 out of 4 system is that if you have one system producing a spurious signal, then you retain redundancy for "safe" actions. This gives time for a fault to be investigated and repaired with the plant operational, avoiding the risks of emergency plant manipulation and loss of production.
A 3 of 5 system would continue to provide protection against spurious trip signals when then system is already degraded - but the low likelihood of this event, the fact that this is not a direct safety hazard (as the system would fail to the safe state), means that the increased cost, complexity and more difficult validation of a 5 chain system is not a justifiable trade-off.
I don't see what the Fukushima robot project has to do with control systems. Digital control systems aren't located in the containment (the conditions in the containment are harsh - during accident conditions, ambient temperatures can reach 160 C, with an atmosphere of saturated steam at 6 bar and potential for high radiation levels). That's not a suitable environment for most electronics, only designs tend to be restricted to just transducers and actuators in the containment.
The control systems are located outside of containment, but in physically hardened, environmentally controlled, plant rooms.
Control technologies vary, but microprocessor control is widely used in new build and retrofits. Various systems have been developed with some systems using safety critical grade rad-hard processors, originally designed for space use (the rad hardening, is less for the risk of radioactive contamination, than for mitigation of cosmic ray events, as rad hard processors tend to be immune from rare radiation effects like latch-up, and have strategies for mitigation of single-event upsets).
These days, however, designs are moving to decentralised, highly redundant clusters of CPUs. Each CPU receives only a very small number of signals for conditioning/processing/validation. Typically, these are processed in quadruplicate. These conditioned signals then pass to CPUs which perform the main logic, again in quadruplicate. The output from these is then aggregated using a fail-safe 2 of 4 logic system for output to the control actuators. In this type of solution, the CPUs don't need to be particularly resistant to radiation, as the entire system has redundancy for any individual CPU (and indeed, if the replicated CPUs are placed in different plant rooms in different plant zones, then the redundancy includes entire plant rooms/power supplies/HVAC/etc.). AMD K6 266 MHz CPUs are used in main example of this technology.
By keeping the task for each CPU simple, it permits robust analysis of the code. In this solution, the firmware on each single-board computer is automatically generated from logic statements and consists of a formally verified microkernal, supervising automatically generated code from a validated code generator tool. The tools don't permit manual coding, so there is low risk of coding error. The simple and validated software also has a low surface area for cyber attack, even though the individual components of the cluster may be connected over networks running common technologies like profibus or ethernet.
Some countries have accepted this design for use as the reactor control and safety system on new build EPR plants (e.g. France, China). Others have requested a less complex solution. In the UK, the regulator has accepted this solution for new build, but has required a "non-computerised safety system" as an additional safeguard. The regulator was originally presented with an FPGA design, but rejected that as they considered FPGA technology to be too new and complex, and asked for a simpler system with known long-term reliability and failure modes. The result was a backup system based on TTL logic and op-amps (for signal conditioning). I'm not sure where the US lies, but I would expect that they would be more aligned to countries like UK.
However, although the US may be strict, this may not be the case universally. The control system I've described above in the reference EPR plant design originally had read-write network access to the non-nuclear-safety plant automation systems. In other words, a conventional industrial control system potentially had authority to transmit data to the safety control system. Most of the regulators reviewing the EPR design spotted this as a potential cyber security weakness, and insisted that the bridge between the safety control system and the balance of plant automation systems be read-only. What is telling, however, is that the vendor of this safety control system, claims to have retrofitted this system in nearly 70 plants. While the scope of retrofits may be smaller than in new builds, it nevertheless raises the question of whether regulators supervising retrofits might have missed potential vulnerabilities such as that described above.
My comment was directed specifically at the UK AGRs. These control output by the effect of fuel temperature on doppler broadening of the U238 resonance. To reduce power, the speed of the core coolant circulators is reduced. The resultant rise in core temperature results in a loss of core reactivity and a drop in reactor power. A control loop then controls the steam valves to the turbine to bring steam outlet temperature back to set point. After power has changed, rod control can be used to restore core outlet temperature.
The problem with the AGR design is that the RPV is inaccessible except through the rod ports and a limited number of inspection ports. This makes repair or replacement of moderator elements and structural elements impossible, and this also includes the steam generators which are integral to the RPV. For example, Heysham 1 reactor 1 suffered a fatigue weld failure on a steam generator support. Due to lack of accessibility, this failure is irreparable, and consequently, the steam generator had to be plugged, although the plant is now running on the remaining 7 steam generators. The operating regime of this plant, and 3 other plants using a similar steam generator design have also had to be tightened with stricter control of core temperatures, to prevent similar failures on the 31 remaining steam generators.
When Intel CPUs are operating in long mode (x64 code execution), they cannot be switched to 16 bit real-mode compatibility mode.
To use 16 bit real-mode compatibility mode, the CPU must be running in legacy mode (x64 support disabled).
The windows 16 bit API would occasionally require real mode coding, even though the bulk of operations were done in 16 bit protected mode. As a result, this cannot be executed natively on a x64 CPU which has been booted into long mode, and would require code emulation which was not considered a sensible design feature, especially as virtualization technology meant that on the rare occasion when 16 bit compatibility was required, you could simply run a 32 bit guest OS in legacy mode on a virtualized CPU.
Not really. It's nothing to do with keeping grid voltage constant - voltage is a local phenomenon in the grid and is a reflection of current vector flows through the complex impedance, such that you don't need power plants to raise or lower the voltage, but instead, this is done by capacitors/inductors/variable phase shift transformers and variable ratio transformers.
Negative energy prices are a symptom of having too many power plants with no incentive to reduce output in an oversupply condition.
There are many reasons why a plant may not wish to reduce power:
- a thermal plant may already be operating at close to its minimum rated power, and may require the operator to waste steam to reduce electricity output, because the plant cannot sustain a lower steam production (in such a condition, there is a loss of revenue, but no reduction in fuel costs, so is undesirable - unless prices turn negative at which point steam waste may be judged appropriate).
- Renewable and nuclear generators which have zero, or near zero, marginal operating costs are reluctant to reduce output as it reduces revenue, without a saving in fuel costs
- Subsidised power generators (which in the UK model sell the power to the govt at a fixed price, and the govt then sells it on the open market) do not have to respond to market forces, so have no incentive to reduce power output, even in the event of negative prices.
- Some plants, such as the old UK nuclear plants, are limited by fatigue life, and therefore must avoid temperature and load changes, except for plant operational reasons, and therefore are reluctant to reduce load, even in the event of negative prices.
- Renewable electricity is legally required to hold a "privileged" position in the energy market, such that it must not be curtailed if any other source can be curtailed first. In the event that for technical reasons, renewable energy must be curtailed (e.g. very high local wind conditions resulting in local grid overload), the compensation that must be paid to the wind generators is very high (up to 10x the value of the subsidies curtailed).
They should do, but it depends a lot on the precise design of the UPS, and the nature of the power transient.
While many industrial UPS systems are dual conversion systems (essentially, the critical load is powered from the battery bus/inverter, and fails over to mains in the event of an inverter/battery malfunction), they are sometimes operated in standby mode (the critical load is powered from mains, and fails over to the battery bus/inverter in the event of a mains failure) as this saves energy due to improved energy efficiency and lower cooling demand in this mode.
Even so, dual conversion UPS systems are not necessarily immune to mains voltage fluctuation (even when operated in dual conversion mode) - depending on whether they try to follow mains voltage, or whether the voltage transient exceeds design limits.
If you are interested in some of the dynamics of this, it's worth looking at the incident at the Forsmark nuclear power plant in Sweden. In this case, unexpectedly large grid voltage fluctuations resulted in the double conversion UPSs suffering an output bus overvoltage, which resulted in triggering of output overvoltage protection and disconnection of the critical loads. A less well protected device could have exposed critical loads to a prolonged overvoltage. This incident required particular design changes for nuclear grade UPS systems, such that mains voltage fluctuations, even beyond the anticipated range, should not result in a critical load disconnection.
400 Hz would almost certainly work fine on any 60 Hz adapter. Possibly a transformer one may get rather hotter, but have you ever seen a transformer based USB charger?
The first step in a mains adapter is a bridge rectifier, which will work fine. A low power charger would likely then use a reservoir capacitor, before feeding a DC-DC converter. More powerful chargers (e.g. laptop) may use a high-power factor flyback converter, with a large low-voltage capacitor. These in general work fine at 400 Hz, but the power factor is less satisfactory, due to crossover distortion in the current waveform (the PFC controller matches inductor current to rectifier voltage, but it is the mains voltage which drives the inductor current, and there may be insufficient voltage to achieve an adequate dI/dt - and as frequency rises, so the required dI/dt increases).
The EternalBlue patch was released on 14 March for supported OSs and for customers with custom support for older OSs. Shadow Brokers released EternalBlue on 14 April.
EternalBlue patches for older OSs were made generally available on 15 May, 3 days after Wannacry attacks were reported on a large scale. This is despite the fact that the exploit Wannacry used for the EternalBlue vulnerability failed to work on XP due to differences in the OS.
It was. By default, Win 10 does not configure SMB v1. It requires a manual configuration to install and enable the SMB v1 stack.
At the release of Win 10, there are no supported server configurations which only support SMB v1, hence this protocol could be omitted and still have the system fully functional when used with supported server software.
In contrast, at the time of the release of Win 8, Server 2003 (SMB v1 only) was still a supported configuration, hence Win 8 had to ship with SMB v1 installed in order to work in such an environment out of the box.
The government have denied that cost saving was the motive.
The problem was that nationwide, there had been very little progress in migrating from XP to 7 as had always been the long-term plan. Realising that the situation was critical the government digital service (GDS) negotiated custom support with MS, in order to mitigate the failed migration.
At the same time, they made it clear that running an obsolete OS on custom support was not a long-term viable strategy for numerous reasons. GDS instructed individual hospitals to accelerate their W7 deployments, so as to complete them by April 2015, or either pay for extended XP support themselves/mitigate any risks in an alternate manner.
It seems to me, that this was an example of "best being the enemy of good". GDS underestimated the difficulty of migrating large numbers of systems running poorly supported custom software, and by demanding "best practice" which turned out to be impractical, meant that opportunity for "good practice" was lost.
Looks to be a ransomware attack based on an update of the classic wcry ransomware, which makes use of the doublepulsar exploit which was patched in the March Microsoft patch deployment.
Doublepulsar allows remote code execution on windows servers. This allows the ransomware to encrypt entire servers without the need for brute forcing an admin account.
This is why in the urgent situation, normal medical practice is if a stroke is suspected, the patient is transferred immediately to a CT scanner, as soon as a paramedic or doctor suspects the diagnosis. Ideally, the scan should be performed and the radiologist's opinion obtained within 30 minutes of the diagnosis being suspected. In the immediate situation, detection of significant quantities of blood can be made with near 100% sensitivity. With urgent MRI, results are even better with near 100% sensitivity for detection of ischaemic areas (regions with inadequate blood flow).
The problem is that if the stroke is old (i.e. a week or more), it can be very difficult or impossible to tell whether the stroke was due to bleeding or clot with a conventional CT. MRI, especially with modern ultra-sensitive blood detection techniques, can detect residual blood for years with near 100% sensitivity. At the same time, either CT or MRI angiography (blood vessel examination techniques) can look for evidence of arterial disease, which can be a clue as to the risk of a clot, even if the clot itself has dissolved by that point.
The fundamental difficulty, however, with delayed investigation, is that ischaemic strokes (due to clot) result in damage to the brain tissue and the blood vessels - so bleeding following an ischaemic stroke is very common. So, even if MRI does show blood a few weeks down the line, it is not always possible to tell, especially if a stroke is small, whether the bleeding was the cause or the effect. As it is small strokes which tend not to result in a blue-light ambulance trip to the ER, but instead an appointment with a GP or neurologist for some vague symptoms, this scenario is surprisingly common.
Most cell phones have a built-in battery backup, which still works as long as the tower also has battery backup.
However, not all cell towers have battery or generator backup. If they do, it is rarely more than a few hours. For example, in the Lancaster floods in the UK in 2015, when the whole city lost power, there was an extremely limited service available for a few hours, but for the majority of the power outage, there was no cell service available within the city.
Apologies, as I had misunderstood your point of contention.
However, as far as the outsourcing goes, it goes further than I stated. It's common for the meter operator (more formally known as the meter asset manager) to outsource the actual owning of the meters; in that they will lease the meters from a "meter asset provider".
You'll be pleased to know that the financial engineering in the UK power market is almost as advanced as the electrical engineering.
Yes. The grid operator provides balancing power, and they bid for balancing services from individual generators which is done in real-time and is based on frequency response and forecasts. However, the metering is delayed and is used to determine what services were actually provided.
However, there always has to be post hoc settlement. For example, if GenCoA has forward sold 100 MWh at 10:00-10:30 on 1/1/2017 to SupplierB - but GenCoA is unable to supply due to a technical fault - then GridCo will use balancing services to ensure that the power is supplied. MeterCo will in due course collect meter readings from SupplierB's customers and model what SupplierB's demand was during 10:00-10:30 on 1/1/2017.
Each electricity connection has a "profile" which is used to do this modelling - e.g. a private residence with electric heating has a different meter profile to a commerical premises with gas heating - and these profiles convert the annual total consumption into a series of half-hourly estimates. One complication is that it may take up to 2 years to collate definitive meter readings and submit final demand results - although there are several stages of provisional estimates prior to that point.
For example, SupplierB might only have demanded 90 MWh due to unseasonably warm temperatures - GenCoA might not have sold anything for technical reasons, and therefore there must be some sort of settlement process whereby the correct generator gets paid for the 90 MWh which was supplied.
It is a ridiculously complex system, but despite its complexity, it seems to work.
You may doubt that there is an "extra metering" company, but that is exactly what happens in multiple countries with deregulated energy supply.
While I don't know in detail how the Dutch system works, the UK system seems to work in a similar way, and I describe that here:
An end user can choose their electricity supplier, who provides the retail service (i.e. billing, sourcing of bulk energy, customer service, etc.). The supplier sources the energy from generators via the wholesale market (ante hoc) and balancing market (post hoc). The electricity is delivered by a combination of the transmission operator, and the local distribution operator, who own and operate the transmission grid and distribution network respectively. Metering is provided by an independent metering operator.
The metering operator is responsible for collating meter readings and verifying the correct operation of the meters, as well as periodic recalibration. In the event that consumption data is unavailable or inaccurate, and the supplier and customer cannot agree on a reading (or if a customer is transferring to a new supplier, but the two suppliers disagree about the meter reading at changeover; it is, after all, common for customers to "adjust" readings when suppliers publish new tariffs or a customer changes to a cheaper supplier), the meter operator provides independent arbitration.
The independence of the meter operator is important, because the same meter readings that are used by the supplier to compute bills for customers, are the same readings that are used by the balancing market operators to reconcile bulk electricity accounts (including the post hoc accounting between generators and suppliers). Part of the job of the meter operator is to provide independent mathematical modelling of consumption patterns, to correct for incorrect or missing data, and which are legally binding on balancing market paticipants.
Another poster has mentioned an issue of energy theft elsewhere in the discussion, and the above system has an impact on the detection and prevention of energy theft. Because the same meter reading which the supplier uses to bill a customer, also determines the energy purchased by the supplier from the wholesale/balancing markets, there is little incentive for suppliers to investigate energy theft. If a meter reading is lower than it should be, then the supplier pays less to the generator. The discrepancy appears in the energy accounting of the distribution network operator, who must absorb the cost. However, if the energy theft is discovered, then the independent meter operator will compute a consumption measure which is legally binding on the supplier and customer. The supplier therefore has to pay for the stolen energy in the wholesale market. The customer, who is likely a deadbeat if they've been tampering with the meter, has no money with which to pay, and either disappears or goes bankrupt. Thus, having discovered an energy theft, the likely outcome for the supplier is that they take a loss equal to the value of the stolen energy.
Quite a lot less. 1 banana contains typically around 3-4 kBq of activity.
The activity detected in this study is 300 mBq/m3; so in terms of activity per unit mass, bananas are contain approximately 8 orders of magnitude more naturally occuring radioactivity than the pollution detected in the sea water.
While both K40 in bananas and Cs134 from nuclear fission are beta emitters, the energy per decay is lower in Cs134, so effective dose per decay is also lower.
Hmm. I fail at numbers. Number of severly affected people is far less than 1 million, but even if you consider it 100k - you can still see how a figure of $200 billion is not implausible.
The simple answer is that there are a huge number of people who have been affected. Lots of land has been labelled "contaminated". A huge amount of industrial productivity has been lost. Housing and infrastructure has been abandoned and fallen into disrepair. People have lost jobs, all that will end up being compensated. Consider that close to 1 million people may have lost close to their entire net worth, and their health.
The most tragic part of that, is that the overwhelming majority of the evacuation and exclusion zone was inappropriate. Evacuation is known to be traumatic in terms of mental and physical health. In the case of the Fukushima accident, the evacuation was the direct cause of 60 deaths, and up to 5000 serious physical or mental injuries, even though contamination levels even in the most heavily contaminated regions would not have been expected to cause any acute radiation injuries or illness, and around 200 total excess cancer deaths over the next 60 years (had the region not been evacuated). http://users.physics.harvard.e...
It was sent to a distribution list, which to any reasonable person would be expected to have a very small distribution. The list was called "CroydonPractices", so presumably intended for the primary care practice managers in the Croydon region of London.
It is not at all clear who set up the distribution list, or whether it was the same person who sent the test e-mail. The issue was that this particular distribution list for some reason included all users.
I don't know what precautions the admin tools have to prevent mass replies. I think that some of the later versions of outlook will warn users sending e-mail to distribution lists if the number of recipients is greater than a certain number. However, according to wikipedia the backend for NHSmail is a customised version of outlook 2007, so it may be lacking some of the more modern features.
Slashdot Mirror
If there is a worst case breach, and you have 0 psi behind the capsule, and 15 psi in front, then you will get rapid deceleration of the capsule. However, the deceleration may not be as catastrophic as some commentators have suggested.
Some youtubers have even demonstrated dramatic acceleration with ping pong balls or bearing balls in a tube. This is a bad analogy, because they do not take into account the mass of the capsule (which scales by r^3) in relation to the force on it (which scales by r^2). Applying realistic mass and areas to the capsule, the acceleration in such a worst case breach comes out to something like 1.4 g - which is the deceleration I get if I mash the brake pedal in my car. If you're sitting down and strapped in, then it would be uncomfortable but relatively harmless. Even if not strapped in, just smacking into a seat or table would cause limited harm. Of course, if you're standing up and walking down the aisle, then you will be in big trouble.
Even this calculation doesn't take into account the fact that the capsule is not intended to seal like a piston against the sides of the tube, thus any such pressure difference is unlikely to be maintained. Additionally, most leaks are likely to be slow, and this type of guillotine break can be engineered out by using designs and materials which tend to undergo hairline cracking before catastrophic failure.
It means layers of transistors on each chip.
Traditionally, silicon ICs consist of a single layer of transistors, with several layers of metal wire interconnects placed on top. In other words, the transistors are arranged in a 2D array over the surface of the die.
The major breakthrough in flash memory a few years ago, was the development of "stacked transistors". In other words, multiple independent transistors could be stacked one on top of the other. This now typically goes by the name "3D", with current products now being 32 or 64 layers stacked. The net result is that larger lithography can be used for the individual flash memory cells (leakage due to quantum tunnelling becomes unacceptable once flash cells become too small) improving SNR/endurance, while simultaneously increasing areal density.
There are two distinct ledgers which are effectively entirely separate from the point at which they diverged. Effectively, at the time of inception of the 2nd ledger, every bitcoin in existence became a "bitcoin1" and "bitcoin2". Bitcoin1s only exist on the 1st ledger. Bitcoin2s only exist on the 2nd ledger.
If you spend a bitcoin2 (more formally called "bitcoin cash" or BCH) then you still retain the bitcoin1 (bitcoin) that it was twinned with, and vice versa. At present there is a market for BCH, such that you can trade 9 BCH for 1 bitcoin. There is considerably less faith in BCH than bitcoin at present, hence the discrepancy in values.
In a nuclear power plant, an unplanned reactor trip is undesirable; it puts considerable stress on the plant, seriously disturbs the power grid (with increased risk of loss of mains power at the plant), and in may plant designs requires activation of multiple systems to manage the temperature/pressure shifts which result.
2 out of 4 control in this case means that the "safe" action should be initiated if 2 of the control systems issue a "safe" signal or no signal (e.g. due to a complete failure of a control chain). For example, if control chain 1 and 2 generate a "run" signal, but chain 3 is off-line for maintenance, and chain 4 generates a "trip" signal, then the plant will trip. This avoids spurious activation of the safety response due to a single control system malfunction.
If you have a 3 out of 4 system, where 3 systems must agree for an action to be taken - what happens if 1 system has a failure? You now have no redundancy, and any further hardware failure means that your control system will not be quorate and can't take any useful decisions. So, you will need to shutdown immediately following a single system failure, and even so there would be a small residual risk of a further failure during the shutdown sequence.
The advantage of the 2 out of 4 system is that if you have one system producing a spurious signal, then you retain redundancy for "safe" actions. This gives time for a fault to be investigated and repaired with the plant operational, avoiding the risks of emergency plant manipulation and loss of production.
A 3 of 5 system would continue to provide protection against spurious trip signals when then system is already degraded - but the low likelihood of this event, the fact that this is not a direct safety hazard (as the system would fail to the safe state), means that the increased cost, complexity and more difficult validation of a 5 chain system is not a justifiable trade-off.
I don't see what the Fukushima robot project has to do with control systems. Digital control systems aren't located in the containment (the conditions in the containment are harsh - during accident conditions, ambient temperatures can reach 160 C, with an atmosphere of saturated steam at 6 bar and potential for high radiation levels). That's not a suitable environment for most electronics, only designs tend to be restricted to just transducers and actuators in the containment.
The control systems are located outside of containment, but in physically hardened, environmentally controlled, plant rooms.
Control technologies vary, but microprocessor control is widely used in new build and retrofits. Various systems have been developed with some systems using safety critical grade rad-hard processors, originally designed for space use (the rad hardening, is less for the risk of radioactive contamination, than for mitigation of cosmic ray events, as rad hard processors tend to be immune from rare radiation effects like latch-up, and have strategies for mitigation of single-event upsets).
These days, however, designs are moving to decentralised, highly redundant clusters of CPUs. Each CPU receives only a very small number of signals for conditioning/processing/validation. Typically, these are processed in quadruplicate. These conditioned signals then pass to CPUs which perform the main logic, again in quadruplicate. The output from these is then aggregated using a fail-safe 2 of 4 logic system for output to the control actuators. In this type of solution, the CPUs don't need to be particularly resistant to radiation, as the entire system has redundancy for any individual CPU (and indeed, if the replicated CPUs are placed in different plant rooms in different plant zones, then the redundancy includes entire plant rooms/power supplies/HVAC/etc.). AMD K6 266 MHz CPUs are used in main example of this technology.
By keeping the task for each CPU simple, it permits robust analysis of the code. In this solution, the firmware on each single-board computer is automatically generated from logic statements and consists of a formally verified microkernal, supervising automatically generated code from a validated code generator tool. The tools don't permit manual coding, so there is low risk of coding error. The simple and validated software also has a low surface area for cyber attack, even though the individual components of the cluster may be connected over networks running common technologies like profibus or ethernet.
Some countries have accepted this design for use as the reactor control and safety system on new build EPR plants (e.g. France, China). Others have requested a less complex solution. In the UK, the regulator has accepted this solution for new build, but has required a "non-computerised safety system" as an additional safeguard. The regulator was originally presented with an FPGA design, but rejected that as they considered FPGA technology to be too new and complex, and asked for a simpler system with known long-term reliability and failure modes. The result was a backup system based on TTL logic and op-amps (for signal conditioning). I'm not sure where the US lies, but I would expect that they would be more aligned to countries like UK.
However, although the US may be strict, this may not be the case universally. The control system I've described above in the reference EPR plant design originally had read-write network access to the non-nuclear-safety plant automation systems. In other words, a conventional industrial control system potentially had authority to transmit data to the safety control system. Most of the regulators reviewing the EPR design spotted this as a potential cyber security weakness, and insisted that the bridge between the safety control system and the balance of plant automation systems be read-only. What is telling, however, is that the vendor of this safety control system, claims to have retrofitted this system in nearly 70 plants. While the scope of retrofits may be smaller than in new builds, it nevertheless raises the question of whether regulators supervising retrofits might have missed potential vulnerabilities such as that described above.
Yes, indeed. You make a number of valid points.
My comment was directed specifically at the UK AGRs. These control output by the effect of fuel temperature on doppler broadening of the U238 resonance. To reduce power, the speed of the core coolant circulators is reduced. The resultant rise in core temperature results in a loss of core reactivity and a drop in reactor power. A control loop then controls the steam valves to the turbine to bring steam outlet temperature back to set point. After power has changed, rod control can be used to restore core outlet temperature.
The problem with the AGR design is that the RPV is inaccessible except through the rod ports and a limited number of inspection ports. This makes repair or replacement of moderator elements and structural elements impossible, and this also includes the steam generators which are integral to the RPV. For example, Heysham 1 reactor 1 suffered a fatigue weld failure on a steam generator support. Due to lack of accessibility, this failure is irreparable, and consequently, the steam generator had to be plugged, although the plant is now running on the remaining 7 steam generators. The operating regime of this plant, and 3 other plants using a similar steam generator design have also had to be tightened with stricter control of core temperatures, to prevent similar failures on the 31 remaining steam generators.
When Intel CPUs are operating in long mode (x64 code execution), they cannot be switched to 16 bit real-mode compatibility mode.
To use 16 bit real-mode compatibility mode, the CPU must be running in legacy mode (x64 support disabled).
The windows 16 bit API would occasionally require real mode coding, even though the bulk of operations were done in 16 bit protected mode. As a result, this cannot be executed natively on a x64 CPU which has been booted into long mode, and would require code emulation which was not considered a sensible design feature, especially as virtualization technology meant that on the rare occasion when 16 bit compatibility was required, you could simply run a 32 bit guest OS in legacy mode on a virtualized CPU.
Not really. It's nothing to do with keeping grid voltage constant - voltage is a local phenomenon in the grid and is a reflection of current vector flows through the complex impedance, such that you don't need power plants to raise or lower the voltage, but instead, this is done by capacitors/inductors/variable phase shift transformers and variable ratio transformers.
Negative energy prices are a symptom of having too many power plants with no incentive to reduce output in an oversupply condition.
There are many reasons why a plant may not wish to reduce power:
- a thermal plant may already be operating at close to its minimum rated power, and may require the operator to waste steam to reduce electricity output, because the plant cannot sustain a lower steam production (in such a condition, there is a loss of revenue, but no reduction in fuel costs, so is undesirable - unless prices turn negative at which point steam waste may be judged appropriate).
- Renewable and nuclear generators which have zero, or near zero, marginal operating costs are reluctant to reduce output as it reduces revenue, without a saving in fuel costs
- Subsidised power generators (which in the UK model sell the power to the govt at a fixed price, and the govt then sells it on the open market) do not have to respond to market forces, so have no incentive to reduce power output, even in the event of negative prices.
- Some plants, such as the old UK nuclear plants, are limited by fatigue life, and therefore must avoid temperature and load changes, except for plant operational reasons, and therefore are reluctant to reduce load, even in the event of negative prices.
- Renewable electricity is legally required to hold a "privileged" position in the energy market, such that it must not be curtailed if any other source can be curtailed first. In the event that for technical reasons, renewable energy must be curtailed (e.g. very high local wind conditions resulting in local grid overload), the compensation that must be paid to the wind generators is very high (up to 10x the value of the subsidies curtailed).
They should do, but it depends a lot on the precise design of the UPS, and the nature of the power transient.
While many industrial UPS systems are dual conversion systems (essentially, the critical load is powered from the battery bus/inverter, and fails over to mains in the event of an inverter/battery malfunction), they are sometimes operated in standby mode (the critical load is powered from mains, and fails over to the battery bus/inverter in the event of a mains failure) as this saves energy due to improved energy efficiency and lower cooling demand in this mode.
Even so, dual conversion UPS systems are not necessarily immune to mains voltage fluctuation (even when operated in dual conversion mode) - depending on whether they try to follow mains voltage, or whether the voltage transient exceeds design limits.
If you are interested in some of the dynamics of this, it's worth looking at the incident at the Forsmark nuclear power plant in Sweden. In this case, unexpectedly large grid voltage fluctuations resulted in the double conversion UPSs suffering an output bus overvoltage, which resulted in triggering of output overvoltage protection and disconnection of the critical loads. A less well protected device could have exposed critical loads to a prolonged overvoltage. This incident required particular design changes for nuclear grade UPS systems, such that mains voltage fluctuations, even beyond the anticipated range, should not result in a critical load disconnection.
400 Hz would almost certainly work fine on any 60 Hz adapter. Possibly a transformer one may get rather hotter, but have you ever seen a transformer based USB charger?
The first step in a mains adapter is a bridge rectifier, which will work fine. A low power charger would likely then use a reservoir capacitor, before feeding a DC-DC converter. More powerful chargers (e.g. laptop) may use a high-power factor flyback converter, with a large low-voltage capacitor. These in general work fine at 400 Hz, but the power factor is less satisfactory, due to crossover distortion in the current waveform (the PFC controller matches inductor current to rectifier voltage, but it is the mains voltage which drives the inductor current, and there may be insufficient voltage to achieve an adequate dI/dt - and as frequency rises, so the required dI/dt increases).
The EternalBlue patch was released on 14 March for supported OSs and for customers with custom support for older OSs. Shadow Brokers released EternalBlue on 14 April.
EternalBlue patches for older OSs were made generally available on 15 May, 3 days after Wannacry attacks were reported on a large scale. This is despite the fact that the exploit Wannacry used for the EternalBlue vulnerability failed to work on XP due to differences in the OS.
It was. By default, Win 10 does not configure SMB v1. It requires a manual configuration to install and enable the SMB v1 stack.
At the release of Win 10, there are no supported server configurations which only support SMB v1, hence this protocol could be omitted and still have the system fully functional when used with supported server software.
In contrast, at the time of the release of Win 8, Server 2003 (SMB v1 only) was still a supported configuration, hence Win 8 had to ship with SMB v1 installed in order to work in such an environment out of the box.
The government have denied that cost saving was the motive.
The problem was that nationwide, there had been very little progress in migrating from XP to 7 as had always been the long-term plan. Realising that the situation was critical the government digital service (GDS) negotiated custom support with MS, in order to mitigate the failed migration.
At the same time, they made it clear that running an obsolete OS on custom support was not a long-term viable strategy for numerous reasons. GDS instructed individual hospitals to accelerate their W7 deployments, so as to complete them by April 2015, or either pay for extended XP support themselves/mitigate any risks in an alternate manner.
It seems to me, that this was an example of "best being the enemy of good". GDS underestimated the difficulty of migrating large numbers of systems running poorly supported custom software, and by demanding "best practice" which turned out to be impractical, meant that opportunity for "good practice" was lost.
Looks to be a ransomware attack based on an update of the classic wcry ransomware, which makes use of the doublepulsar exploit which was patched in the March Microsoft patch deployment.
Doublepulsar allows remote code execution on windows servers. This allows the ransomware to encrypt entire servers without the need for brute forcing an admin account.
This is why in the urgent situation, normal medical practice is if a stroke is suspected, the patient is transferred immediately to a CT scanner, as soon as a paramedic or doctor suspects the diagnosis. Ideally, the scan should be performed and the radiologist's opinion obtained within 30 minutes of the diagnosis being suspected. In the immediate situation, detection of significant quantities of blood can be made with near 100% sensitivity. With urgent MRI, results are even better with near 100% sensitivity for detection of ischaemic areas (regions with inadequate blood flow).
The problem is that if the stroke is old (i.e. a week or more), it can be very difficult or impossible to tell whether the stroke was due to bleeding or clot with a conventional CT. MRI, especially with modern ultra-sensitive blood detection techniques, can detect residual blood for years with near 100% sensitivity. At the same time, either CT or MRI angiography (blood vessel examination techniques) can look for evidence of arterial disease, which can be a clue as to the risk of a clot, even if the clot itself has dissolved by that point.
The fundamental difficulty, however, with delayed investigation, is that ischaemic strokes (due to clot) result in damage to the brain tissue and the blood vessels - so bleeding following an ischaemic stroke is very common. So, even if MRI does show blood a few weeks down the line, it is not always possible to tell, especially if a stroke is small, whether the bleeding was the cause or the effect. As it is small strokes which tend not to result in a blue-light ambulance trip to the ER, but instead an appointment with a GP or neurologist for some vague symptoms, this scenario is surprisingly common.
However, not all cell towers have battery or generator backup. If they do, it is rarely more than a few hours. For example, in the Lancaster floods in the UK in 2015, when the whole city lost power, there was an extremely limited service available for a few hours, but for the majority of the power outage, there was no cell service available within the city.
Apologies, as I had misunderstood your point of contention.
However, as far as the outsourcing goes, it goes further than I stated. It's common for the meter operator (more formally known as the meter asset manager) to outsource the actual owning of the meters; in that they will lease the meters from a "meter asset provider". You'll be pleased to know that the financial engineering in the UK power market is almost as advanced as the electrical engineering.
Yes. The grid operator provides balancing power, and they bid for balancing services from individual generators which is done in real-time and is based on frequency response and forecasts. However, the metering is delayed and is used to determine what services were actually provided.
However, there always has to be post hoc settlement. For example, if GenCoA has forward sold 100 MWh at 10:00-10:30 on 1/1/2017 to SupplierB - but GenCoA is unable to supply due to a technical fault - then GridCo will use balancing services to ensure that the power is supplied. MeterCo will in due course collect meter readings from SupplierB's customers and model what SupplierB's demand was during 10:00-10:30 on 1/1/2017.
Each electricity connection has a "profile" which is used to do this modelling - e.g. a private residence with electric heating has a different meter profile to a commerical premises with gas heating - and these profiles convert the annual total consumption into a series of half-hourly estimates. One complication is that it may take up to 2 years to collate definitive meter readings and submit final demand results - although there are several stages of provisional estimates prior to that point.
For example, SupplierB might only have demanded 90 MWh due to unseasonably warm temperatures - GenCoA might not have sold anything for technical reasons, and therefore there must be some sort of settlement process whereby the correct generator gets paid for the 90 MWh which was supplied.
It is a ridiculously complex system, but despite its complexity, it seems to work.
You may doubt that there is an "extra metering" company, but that is exactly what happens in multiple countries with deregulated energy supply.
While I don't know in detail how the Dutch system works, the UK system seems to work in a similar way, and I describe that here:
An end user can choose their electricity supplier, who provides the retail service (i.e. billing, sourcing of bulk energy, customer service, etc.). The supplier sources the energy from generators via the wholesale market (ante hoc) and balancing market (post hoc). The electricity is delivered by a combination of the transmission operator, and the local distribution operator, who own and operate the transmission grid and distribution network respectively. Metering is provided by an independent metering operator.
The metering operator is responsible for collating meter readings and verifying the correct operation of the meters, as well as periodic recalibration. In the event that consumption data is unavailable or inaccurate, and the supplier and customer cannot agree on a reading (or if a customer is transferring to a new supplier, but the two suppliers disagree about the meter reading at changeover; it is, after all, common for customers to "adjust" readings when suppliers publish new tariffs or a customer changes to a cheaper supplier), the meter operator provides independent arbitration.
The independence of the meter operator is important, because the same meter readings that are used by the supplier to compute bills for customers, are the same readings that are used by the balancing market operators to reconcile bulk electricity accounts (including the post hoc accounting between generators and suppliers). Part of the job of the meter operator is to provide independent mathematical modelling of consumption patterns, to correct for incorrect or missing data, and which are legally binding on balancing market paticipants.
Another poster has mentioned an issue of energy theft elsewhere in the discussion, and the above system has an impact on the detection and prevention of energy theft. Because the same meter reading which the supplier uses to bill a customer, also determines the energy purchased by the supplier from the wholesale/balancing markets, there is little incentive for suppliers to investigate energy theft. If a meter reading is lower than it should be, then the supplier pays less to the generator. The discrepancy appears in the energy accounting of the distribution network operator, who must absorb the cost. However, if the energy theft is discovered, then the independent meter operator will compute a consumption measure which is legally binding on the supplier and customer. The supplier therefore has to pay for the stolen energy in the wholesale market. The customer, who is likely a deadbeat if they've been tampering with the meter, has no money with which to pay, and either disappears or goes bankrupt. Thus, having discovered an energy theft, the likely outcome for the supplier is that they take a loss equal to the value of the stolen energy.
Doh. Off by 2 orders of magnitude.
30 Bq per banana and 6 orders of magnitude for the ratio.
Quite a lot less. 1 banana contains typically around 3-4 kBq of activity.
The activity detected in this study is 300 mBq/m3; so in terms of activity per unit mass, bananas are contain approximately 8 orders of magnitude more naturally occuring radioactivity than the pollution detected in the sea water.
While both K40 in bananas and Cs134 from nuclear fission are beta emitters, the energy per decay is lower in Cs134, so effective dose per decay is also lower.
Hmm. I fail at numbers. Number of severly affected people is far less than 1 million, but even if you consider it 100k - you can still see how a figure of $200 billion is not implausible.
The simple answer is that there are a huge number of people who have been affected. Lots of land has been labelled "contaminated". A huge amount of industrial productivity has been lost. Housing and infrastructure has been abandoned and fallen into disrepair. People have lost jobs, all that will end up being compensated. Consider that close to 1 million people may have lost close to their entire net worth, and their health.
The most tragic part of that, is that the overwhelming majority of the evacuation and exclusion zone was inappropriate. Evacuation is known to be traumatic in terms of mental and physical health. In the case of the Fukushima accident, the evacuation was the direct cause of 60 deaths, and up to 5000 serious physical or mental injuries, even though contamination levels even in the most heavily contaminated regions would not have been expected to cause any acute radiation injuries or illness, and around 200 total excess cancer deaths over the next 60 years (had the region not been evacuated). http://users.physics.harvard.e...
Silicon based molecules often aren't stable. The unfilled d orbitals allow for very easy hydrolysis (by water or alkali) and nucleophilic attack.
It was sent to a distribution list, which to any reasonable person would be expected to have a very small distribution. The list was called "CroydonPractices", so presumably intended for the primary care practice managers in the Croydon region of London.
It is not at all clear who set up the distribution list, or whether it was the same person who sent the test e-mail. The issue was that this particular distribution list for some reason included all users.
I don't know what precautions the admin tools have to prevent mass replies. I think that some of the later versions of outlook will warn users sending e-mail to distribution lists if the number of recipients is greater than a certain number. However, according to wikipedia the backend for NHSmail is a customised version of outlook 2007, so it may be lacking some of the more modern features.