From the story:
> ... and an object moving that fast doesn't fare well with sudden changes of direction.

This seems strange to me...

I would expect that the control system has various rate limiters and such. So even with a sudden change in estimated direction of velocity of the vehicle, I'd expect the control system to rate limit e.g. the reference state (or trajectory), and/or limit control signals to control surfaces. Further, if there's an abrupt change in estimated direction, I'd expect the control system to mark that signal as invalid and try to go with inertial navigation for awhile.

Fun fact: When I worked with rockets, we checked and planned for layers in the atmosphere with different wind directions -- wind shear. Otherwise, to the rocket, it'll appear as a sudden increase in the angle of attack and in some cases the vehicle might break apart. Back then we released balloons with transponders to check for wind shear layers. I don't know if they still do that.

I'm not sure what counts as consuming social media... I don't use e.g. Facebook, TikTo or Instagram.
But am I doing it while:

1) reading the article (on FT) referenced by the story on /?
2) reading the comments here on /.?
3) posting this comment?
4) watching a video on youtube?
5) reading comments to a video on youtube?

I didn't pay enough attention to the title, I should've used a different word - not sure which though.
I checked my SE books to see if I could find a definition of e.g. 'abnormal event' but no luck in my books. However, I e.g. don't have books on 'Process systems engineering' which might be using that term.

PS.
I did however stumble upon a quote in the INCOSE SE handbook (4th edition, 2015) under a brief section related to resilience engineering:

Maybe I should've used "unplanned" costs rather than unforeseen. It's not as if Fukushima was the first incident, so we do know that nuclear mishaps occur. And I'd expect it should be possible to at least roughly estimate known costs associated with previous incidents. That'd at least provide historical examples.

Thinking about it, I guess I'd like these aspects to be taken into account when deciding about planning power production systems.

My interest is partly because do systems engineering and work with functional safety, but in unrelated fields. So, I've no experience on how to develop such systems, or systems that can withstand war. I'm now thinking of the Zaporizhzhia Nuclear Power Station that lost power for the sixth time recently [1]. How the heck are you supposed to design a system and assess the risks of nuclear incidents due to war, where a party might even intentionally try to cause an incident at some point.

[1] https://www.iaea.org/newscente...

When planning for a nuclear power plant, how are the _potential_ extra costs for decommissioning computed to account for rare events such as Fukushima?

Perhaps someone knows how this was done specifically for Fukushima, and how that analysis compares to current predictions of expected decommissioning costs?

I don't know any of the above, but I'm curious as it seems like a difficult analysis. By design such events are expected to be rare, but might be very expensive. So in my opinion it ought to somehow be factored in when assessing the actual cost of energy production. At least from the point of view of society.

From the point of view of investors in the company building the power plant, I suppose they can just gamble... This is guess work my from my side!
I.e., in their prognosis they assume the likelihood to be zero and disregard it. If it then happens, the company goes bankrupt and the investment was lost. But assuming the event occurs after a few years of power production, that'll have produced some income for the investors. The remaining investment cost multiplied by the actual (low) probability will then be a kind of risk premium that the investors have to add the cost of the project. However, they don't have to care about attempting to assess the cost of cleanup, as the tax payers will be left to pick up the tab.
Perhaps someone with actual knowledge could explain how this is actually handled?

Could please site the section in the 2018 report to which you referred for the 9% number? I'm not sure you understand what it means (based on you referring to it as "adequacy rating").

*sigh* No, wind power is not useless. Using hydro to store energy has been in use for a long time, it's not in the future. There's no need to assume sweden would _only_ use wind to produce electricity.

What are you talking about? Predicted availability for hydro is 75% for the peak load during summer. See table 11 in the 2022 report. The availability for winter was 82%, which is not much of a difference.

How about you cite numbers with references.

Thanks for referring to an interesting report. I don't know why you referred to a report from 2018, when there's a report from 2022 available:
https://www.svk.se/siteassets/...

However, I couldn't find the numbers you're citing in the (2018) report, could cite the section please? Or better, the section in the 2022 report?

According to the 2022 report, (appendix 2), the predicted availability for winter 2022/2023 during the peak load hour is:
- Hydro: only 82% of nameplate rating, due to e.g. water magazine levels and restrictions related to ice
- Nuclear: 90%
- Wind: 9%.

So the planning can only assume to use wind for 9% of the peak load, and e.g. hydro and nuclear would have to cover the bulk. But I don't agree with your conclusion (wind is useless for _reliable_ generation). The assumption here is 9% reliable power, which is not nothing.

You need to combine wind with other types of power production, but that's also true for hydro. Further, remember the 82% availability of hydro? When wind does produce more than 9%, it means hydro can reduce its production and thus use less of the stored water. Or use excess electricity to increase the amount of stored water.

Finally, I think it's incorrect to say that 'Svenska Kraftnät' is "Sweden", but rather a (government owned?) swedish actor on the electricity market. They are however producing a report that they _send_ to the swedish government. My point is that I'm not sure I trust a report from 'Svenska Kraftnät' to be unbiased with regards to the interest of 'Svenska Kraftnät'.

For automotive there's a standard, ISO-26262:2018, for series produced vehicles that deals with functional safety. I'll try to illustrate how that attempts to deal with risk, or rather, ensuring safety (=> absence of risk in the case of e.g. a failure in electric/electronic element). Part 5 of this standard deals with software development.

In short, you define 'safety goals' (SG, a top level safety-related requirement) for a system of the vehicle, at the vehicle level. For this system you perform a hazard and risk analysis (HARA) and its report will contain/output the SGs.

Each specific SG (usually) have an associated 'automotive safety integrity level' (ASIL A, B, C or D) that depends on how bad it might be if the safety goal was violated. The ASIL level then results in different sets of requirements being placed on the development of the system, including requirements on the development of software. An ASIL D means the toughest quality standard, and ASIL A is the least tough ASIL quality standard. Then there is 'QM', which isn't ASIL, and means the ISO standard doesn't require anything in particular, sow we're left with the company's normal quality management.
Basically the intention is to ensure spending enough effort on the more important safety-related parts, including making sure they're sufficiently verified and validated.

For example, the SG might be something like 'The vehicle shall prevent inadvertently starting to move more than 0.3 metres when at standstill (ASIL C)'. The reason for the SG, found in the HARA report, might e.g. that buses often park close to each other while pedestrians walking between them. And if a bus would start to move on its own due to a fault, that could be bad for someone standing in front the bus - they or the driver might e.g. not notice it in time.

From this SG, the engineers derive functional safety requirements, and then technical safety requirements. It's an iterative process depending on the number of levels of systems, but eventually we'll reach a system with an ECU, for which we derive requirements on its software.

Through this process, the ASIL is passed on with the requirements. So you might have a software requirement that ultimately traces back to the SG above that says 'The software system shall command the brakes to be applied while the vehicle is at standstill and the accelerator pedal is unpressed (ASIL C)'.

Note: I'm simplifying quite a bit here, e.g. skipping safety mechanisms, ASIL decomposition and freedom of interference. There's also a lot about doing fault tree analysis, FMEAs, diagnostic test coverage. For software development it also results in requiring a lot of verification (e.g testing) at various levels.

I hope this helps

Would you happen to have a link or title for that study? I'm interested in reading it.

Thanks for the link, I hope others can mod parent up.

How would you tally deaths related to a catastrophe at a nuclear plant that's triggered by a "special military operation"?
Would you consider them casualties of war, or deaths related to a nuclear incident?

Or should we perhaps argue that no military would be dumb enough to use artillery etc on targets anywhere near a nuclear plant, so it can't happen... [1].

I work with functional safety (not nuclear plants), so I have some understanding of the design processes in general. But I don't see how you'd design a plant to be able to safely operate when a military might decide to strike the plant with weapons that were designed decades after the plant was designed.

Does anyone know why those plants haven't been shut down BTW?

[1] https://www.bbc.com/news/world... (UN alarm as Ukraine nuclear power plant shelled again)

Why I use LinkedIn: I don't use Facebook at all, but I do update my profile at LinkedIn infrequently. I'm basically using LinkedIn as an address book to various former colleagues who over 20+ years multiple times have switched jobs and e-mail addresses (including their private addresses). I'm hoping that they'll keep their contact information up to date, such that once I'm "connected" with them, I get to see their new address later on if I need to. However, it's rare these days that I use it, so perhaps the usefulness is quite low.

Having said that, I'd certainly prefer to use something other than LinkedIn, but I don't know what it'd be. :-(

So I'm curious. An AC posts a generic statement without any supporting links or details. Further, the statement in itself is most likely not true as it's written ("The only way..."). To me it looks at least like a troll, but possibly also something from e.g. a disinformation/influence campaign sponsored by a state actor.

So I'm genuinely curious: Do you remember what you where thinking when you in practice echoed the message?

The Gripen is fly-by-wire, so it's impossible to fly without the computer in the loop. So difficult to say if it'd be flyable without assistance.

As linked to the youtube clips by dromgodis above, there's two crashes related to this. But they aren't definitive proof that the aircraft would be unflyable without computer assistance.

I commented to dromgodis that: