If there is a worst case breach, and you have 0 psi behind the capsule, and 15 psi in front, then you will get rapid deceleration of the capsule. However, the deceleration may not be as catastrophic as some commentators have suggested.

Some youtubers have even demonstrated dramatic acceleration with ping pong balls or bearing balls in a tube. This is a bad analogy, because they do not take into account the mass of the capsule (which scales by r^3) in relation to the force on it (which scales by r^2). Applying realistic mass and areas to the capsule, the acceleration in such a worst case breach comes out to something like 1.4 g - which is the deceleration I get if I mash the brake pedal in my car. If you're sitting down and strapped in, then it would be uncomfortable but relatively harmless. Even if not strapped in, just smacking into a seat or table would cause limited harm. Of course, if you're standing up and walking down the aisle, then you will be in big trouble.

Even this calculation doesn't take into account the fact that the capsule is not intended to seal like a piston against the sides of the tube, thus any such pressure difference is unlikely to be maintained. Additionally, most leaks are likely to be slow, and this type of guillotine break can be engineered out by using designs and materials which tend to undergo hairline cracking before catastrophic failure.

It means layers of transistors on each chip.

Traditionally, silicon ICs consist of a single layer of transistors, with several layers of metal wire interconnects placed on top. In other words, the transistors are arranged in a 2D array over the surface of the die.

The major breakthrough in flash memory a few years ago, was the development of "stacked transistors". In other words, multiple independent transistors could be stacked one on top of the other. This now typically goes by the name "3D", with current products now being 32 or 64 layers stacked. The net result is that larger lithography can be used for the individual flash memory cells (leakage due to quantum tunnelling becomes unacceptable once flash cells become too small) improving SNR/endurance, while simultaneously increasing areal density.

There are two distinct ledgers which are effectively entirely separate from the point at which they diverged. Effectively, at the time of inception of the 2nd ledger, every bitcoin in existence became a "bitcoin1" and "bitcoin2". Bitcoin1s only exist on the 1st ledger. Bitcoin2s only exist on the 2nd ledger.

If you spend a bitcoin2 (more formally called "bitcoin cash" or BCH) then you still retain the bitcoin1 (bitcoin) that it was twinned with, and vice versa. At present there is a market for BCH, such that you can trade 9 BCH for 1 bitcoin. There is considerably less faith in BCH than bitcoin at present, hence the discrepancy in values.

In a nuclear power plant, an unplanned reactor trip is undesirable; it puts considerable stress on the plant, seriously disturbs the power grid (with increased risk of loss of mains power at the plant), and in may plant designs requires activation of multiple systems to manage the temperature/pressure shifts which result.

2 out of 4 control in this case means that the "safe" action should be initiated if 2 of the control systems issue a "safe" signal or no signal (e.g. due to a complete failure of a control chain). For example, if control chain 1 and 2 generate a "run" signal, but chain 3 is off-line for maintenance, and chain 4 generates a "trip" signal, then the plant will trip. This avoids spurious activation of the safety response due to a single control system malfunction.

If you have a 3 out of 4 system, where 3 systems must agree for an action to be taken - what happens if 1 system has a failure? You now have no redundancy, and any further hardware failure means that your control system will not be quorate and can't take any useful decisions. So, you will need to shutdown immediately following a single system failure, and even so there would be a small residual risk of a further failure during the shutdown sequence.

The advantage of the 2 out of 4 system is that if you have one system producing a spurious signal, then you retain redundancy for "safe" actions. This gives time for a fault to be investigated and repaired with the plant operational, avoiding the risks of emergency plant manipulation and loss of production.

A 3 of 5 system would continue to provide protection against spurious trip signals when then system is already degraded - but the low likelihood of this event, the fact that this is not a direct safety hazard (as the system would fail to the safe state), means that the increased cost, complexity and more difficult validation of a 5 chain system is not a justifiable trade-off.

I don't see what the Fukushima robot project has to do with control systems. Digital control systems aren't located in the containment (the conditions in the containment are harsh - during accident conditions, ambient temperatures can reach 160 C, with an atmosphere of saturated steam at 6 bar and potential for high radiation levels). That's not a suitable environment for most electronics, only designs tend to be restricted to just transducers and actuators in the containment.

The control systems are located outside of containment, but in physically hardened, environmentally controlled, plant rooms.

Control technologies vary, but microprocessor control is widely used in new build and retrofits. Various systems have been developed with some systems using safety critical grade rad-hard processors, originally designed for space use (the rad hardening, is less for the risk of radioactive contamination, than for mitigation of cosmic ray events, as rad hard processors tend to be immune from rare radiation effects like latch-up, and have strategies for mitigation of single-event upsets).

These days, however, designs are moving to decentralised, highly redundant clusters of CPUs. Each CPU receives only a very small number of signals for conditioning/processing/validation. Typically, these are processed in quadruplicate. These conditioned signals then pass to CPUs which perform the main logic, again in quadruplicate. The output from these is then aggregated using a fail-safe 2 of 4 logic system for output to the control actuators. In this type of solution, the CPUs don't need to be particularly resistant to radiation, as the entire system has redundancy for any individual CPU (and indeed, if the replicated CPUs are placed in different plant rooms in different plant zones, then the redundancy includes entire plant rooms/power supplies/HVAC/etc.). AMD K6 266 MHz CPUs are used in main example of this technology.

By keeping the task for each CPU simple, it permits robust analysis of the code. In this solution, the firmware on each single-board computer is automatically generated from logic statements and consists of a formally verified microkernal, supervising automatically generated code from a validated code generator tool. The tools don't permit manual coding, so there is low risk of coding error. The simple and validated software also has a low surface area for cyber attack, even though the individual components of the cluster may be connected over networks running common technologies like profibus or ethernet.

Some countries have accepted this design for use as the reactor control and safety system on new build EPR plants (e.g. France, China). Others have requested a less complex solution. In the UK, the regulator has accepted this solution for new build, but has required a "non-computerised safety system" as an additional safeguard. The regulator was originally presented with an FPGA design, but rejected that as they considered FPGA technology to be too new and complex, and asked for a simpler system with known long-term reliability and failure modes. The result was a backup system based on TTL logic and op-amps (for signal conditioning). I'm not sure where the US lies, but I would expect that they would be more aligned to countries like UK.

However, although the US may be strict, this may not be the case universally. The control system I've described above in the reference EPR plant design originally had read-write network access to the non-nuclear-safety plant automation systems. In other words, a conventional industrial control system potentially had authority to transmit data to the safety control system. Most of the regulators reviewing the EPR design spotted this as a potential cyber security weakness, and insisted that the bridge between the safety control system and the balance of plant automation systems be read-only. What is telling, however, is that the vendor of this safety control system, claims to have retrofitted this system in nearly 70 plants. While the scope of retrofits may be smaller than in new builds, it nevertheless raises the question of whether regulators supervising retrofits might have missed potential vulnerabilities such as that described above.

Yes, indeed. You make a number of valid points.

My comment was directed specifically at the UK AGRs. These control output by the effect of fuel temperature on doppler broadening of the U238 resonance. To reduce power, the speed of the core coolant circulators is reduced. The resultant rise in core temperature results in a loss of core reactivity and a drop in reactor power. A control loop then controls the steam valves to the turbine to bring steam outlet temperature back to set point. After power has changed, rod control can be used to restore core outlet temperature.

The problem with the AGR design is that the RPV is inaccessible except through the rod ports and a limited number of inspection ports. This makes repair or replacement of moderator elements and structural elements impossible, and this also includes the steam generators which are integral to the RPV. For example, Heysham 1 reactor 1 suffered a fatigue weld failure on a steam generator support. Due to lack of accessibility, this failure is irreparable, and consequently, the steam generator had to be plugged, although the plant is now running on the remaining 7 steam generators. The operating regime of this plant, and 3 other plants using a similar steam generator design have also had to be tightened with stricter control of core temperatures, to prevent similar failures on the 31 remaining steam generators.

When Intel CPUs are operating in long mode (x64 code execution), they cannot be switched to 16 bit real-mode compatibility mode.

To use 16 bit real-mode compatibility mode, the CPU must be running in legacy mode (x64 support disabled).

The windows 16 bit API would occasionally require real mode coding, even though the bulk of operations were done in 16 bit protected mode. As a result, this cannot be executed natively on a x64 CPU which has been booted into long mode, and would require code emulation which was not considered a sensible design feature, especially as virtualization technology meant that on the rare occasion when 16 bit compatibility was required, you could simply run a 32 bit guest OS in legacy mode on a virtualized CPU.

Not really. It's nothing to do with keeping grid voltage constant - voltage is a local phenomenon in the grid and is a reflection of current vector flows through the complex impedance, such that you don't need power plants to raise or lower the voltage, but instead, this is done by capacitors/inductors/variable phase shift transformers and variable ratio transformers.

Negative energy prices are a symptom of having too many power plants with no incentive to reduce output in an oversupply condition.

There are many reasons why a plant may not wish to reduce power:
- a thermal plant may already be operating at close to its minimum rated power, and may require the operator to waste steam to reduce electricity output, because the plant cannot sustain a lower steam production (in such a condition, there is a loss of revenue, but no reduction in fuel costs, so is undesirable - unless prices turn negative at which point steam waste may be judged appropriate).
- Renewable and nuclear generators which have zero, or near zero, marginal operating costs are reluctant to reduce output as it reduces revenue, without a saving in fuel costs
- Subsidised power generators (which in the UK model sell the power to the govt at a fixed price, and the govt then sells it on the open market) do not have to respond to market forces, so have no incentive to reduce power output, even in the event of negative prices.
- Some plants, such as the old UK nuclear plants, are limited by fatigue life, and therefore must avoid temperature and load changes, except for plant operational reasons, and therefore are reluctant to reduce load, even in the event of negative prices.
- Renewable electricity is legally required to hold a "privileged" position in the energy market, such that it must not be curtailed if any other source can be curtailed first. In the event that for technical reasons, renewable energy must be curtailed (e.g. very high local wind conditions resulting in local grid overload), the compensation that must be paid to the wind generators is very high (up to 10x the value of the subsidies curtailed).

They should do, but it depends a lot on the precise design of the UPS, and the nature of the power transient.

While many industrial UPS systems are dual conversion systems (essentially, the critical load is powered from the battery bus/inverter, and fails over to mains in the event of an inverter/battery malfunction), they are sometimes operated in standby mode (the critical load is powered from mains, and fails over to the battery bus/inverter in the event of a mains failure) as this saves energy due to improved energy efficiency and lower cooling demand in this mode.

Even so, dual conversion UPS systems are not necessarily immune to mains voltage fluctuation (even when operated in dual conversion mode) - depending on whether they try to follow mains voltage, or whether the voltage transient exceeds design limits.

If you are interested in some of the dynamics of this, it's worth looking at the incident at the Forsmark nuclear power plant in Sweden. In this case, unexpectedly large grid voltage fluctuations resulted in the double conversion UPSs suffering an output bus overvoltage, which resulted in triggering of output overvoltage protection and disconnection of the critical loads. A less well protected device could have exposed critical loads to a prolonged overvoltage. This incident required particular design changes for nuclear grade UPS systems, such that mains voltage fluctuations, even beyond the anticipated range, should not result in a critical load disconnection.

400 Hz would almost certainly work fine on any 60 Hz adapter. Possibly a transformer one may get rather hotter, but have you ever seen a transformer based USB charger?

The first step in a mains adapter is a bridge rectifier, which will work fine. A low power charger would likely then use a reservoir capacitor, before feeding a DC-DC converter. More powerful chargers (e.g. laptop) may use a high-power factor flyback converter, with a large low-voltage capacitor. These in general work fine at 400 Hz, but the power factor is less satisfactory, due to crossover distortion in the current waveform (the PFC controller matches inductor current to rectifier voltage, but it is the mains voltage which drives the inductor current, and there may be insufficient voltage to achieve an adequate dI/dt - and as frequency rises, so the required dI/dt increases).

The EternalBlue patch was released on 14 March for supported OSs and for customers with custom support for older OSs. Shadow Brokers released EternalBlue on 14 April.

EternalBlue patches for older OSs were made generally available on 15 May, 3 days after Wannacry attacks were reported on a large scale. This is despite the fact that the exploit Wannacry used for the EternalBlue vulnerability failed to work on XP due to differences in the OS.

It was. By default, Win 10 does not configure SMB v1. It requires a manual configuration to install and enable the SMB v1 stack.

At the release of Win 10, there are no supported server configurations which only support SMB v1, hence this protocol could be omitted and still have the system fully functional when used with supported server software.

In contrast, at the time of the release of Win 8, Server 2003 (SMB v1 only) was still a supported configuration, hence Win 8 had to ship with SMB v1 installed in order to work in such an environment out of the box.

The government have denied that cost saving was the motive.

The problem was that nationwide, there had been very little progress in migrating from XP to 7 as had always been the long-term plan. Realising that the situation was critical the government digital service (GDS) negotiated custom support with MS, in order to mitigate the failed migration.

At the same time, they made it clear that running an obsolete OS on custom support was not a long-term viable strategy for numerous reasons. GDS instructed individual hospitals to accelerate their W7 deployments, so as to complete them by April 2015, or either pay for extended XP support themselves/mitigate any risks in an alternate manner.

It seems to me, that this was an example of "best being the enemy of good". GDS underestimated the difficulty of migrating large numbers of systems running poorly supported custom software, and by demanding "best practice" which turned out to be impractical, meant that opportunity for "good practice" was lost.

Looks to be a ransomware attack based on an update of the classic wcry ransomware, which makes use of the doublepulsar exploit which was patched in the March Microsoft patch deployment.

Doublepulsar allows remote code execution on windows servers. This allows the ransomware to encrypt entire servers without the need for brute forcing an admin account.

This is why in the urgent situation, normal medical practice is if a stroke is suspected, the patient is transferred immediately to a CT scanner, as soon as a paramedic or doctor suspects the diagnosis. Ideally, the scan should be performed and the radiologist's opinion obtained within 30 minutes of the diagnosis being suspected. In the immediate situation, detection of significant quantities of blood can be made with near 100% sensitivity. With urgent MRI, results are even better with near 100% sensitivity for detection of ischaemic areas (regions with inadequate blood flow).

The problem is that if the stroke is old (i.e. a week or more), it can be very difficult or impossible to tell whether the stroke was due to bleeding or clot with a conventional CT. MRI, especially with modern ultra-sensitive blood detection techniques, can detect residual blood for years with near 100% sensitivity. At the same time, either CT or MRI angiography (blood vessel examination techniques) can look for evidence of arterial disease, which can be a clue as to the risk of a clot, even if the clot itself has dissolved by that point.

The fundamental difficulty, however, with delayed investigation, is that ischaemic strokes (due to clot) result in damage to the brain tissue and the blood vessels - so bleeding following an ischaemic stroke is very common. So, even if MRI does show blood a few weeks down the line, it is not always possible to tell, especially if a stroke is small, whether the bleeding was the cause or the effect. As it is small strokes which tend not to result in a blue-light ambulance trip to the ER, but instead an appointment with a GP or neurologist for some vague symptoms, this scenario is surprisingly common.