PLC's and Y2k... Does this apply in electric power applications, Rick? Anyone?greenspun.com : LUSENET : Electric Utilities and Y2K : One Thread |
Rick and all,Just ran across this piece. Does this illustration have any cross-over into the realm of electric power companies and their use of PLC's?
Looking for comment from those wiser than I. Thanks in advance.
Bob Allen ================================================================
http://www.y2kculture.com/reality/19990520.problemscontinue.html
Bugged Out Bozos By Joab Jackson May 20, 1999
Y2K is still with us.
Sure, the hype has subsided since we first heard all those predictions of what would happen once computers ticked over to the new year: Electricity shutting off, banking systems imploding, production lines seizing, the ensuing collapse of polite society.
Ironically, it may have been these nightmare scenarios that finally impelled governments and businesses to fix their systems. And if we're to believe their reports anyway, they are, or will shortly be, ready for the new millennium.
Still, this bug haunts us. The truth is that, even today, after all the hype, someone can purchase a digital device that is fully Y2K compliant and unwittingly program into it a Y2K glitch.
This I discovered at a adult-ed class I've been taking. Its on programmable logic controllers -- PLCs for short. PLCs are used for controlling and coordinating assembly lines, or anything else that can be automated. (Our instructor, for instance, employs them at the steel plant where he works.) In use for about 30 years, PLCs are the missing link between today's digital computers and yesterday's bulky electro-mechanical relays.
Newer PLCs are basically black boxes, each slightly smaller than a loaf of bread, with some inputs for wires and some like-sized outputs. What we learn each Tuesday night is how to "program" that box so that certain combinations of digital signals sent to the inputs cause certain combinations of signals to come out the other end.
One potential real-life application: An assembly shop painting widgets in one of four possible colors. The paint must be applied in precise four-second bursts, followed by a one-second cleaner spray.
We hook up the PLCs -- DirectLogic205 models made by Automationdirect.com -- to old 486s and use PC-based software to write these programs. Once finished, we download the programs to the tiny memories inside these boxes.
Pretty simple, right? You'd figure that something this elementary would be free from millennial concern. But here's exactly where Y2K gets interesting, right where youd least expect trouble. During a break in class, I decided to ferret out any potential Y2K glitches on my PLC. I rifled through its collection of preprogrammed instructions -- clocks and timers and accumulators and such. There I found the option to set the date.
Sure enough, just like all those newspaper stories claimed, only two numbers could designate the year. I could type in "99" but not "1999." The documentation noted that only one 16-bit memory location (Y7774, if you must know) was allotted to hold the year. Hence, only 100 numbers could be recognized, 0 through 99.
That in itself is not a bug per se, depending on how the PLC was built. And the engineers at Automationdirect.com were thinking ahead. I set mine for 1159 p.m., Dec 31, 1999. A minute later it flipped to "00." No problem there. I set it ahead another three months to see if it recognized the leap year. It displayed that day correctly. Color me impressed.
But there was a potential pitfall -- one so small I almost missed it entirely. Later that evening, the instructor mentioned a feature called Data View, which showed the binary contents of individual memory locations. Hmmm. I opened Data View to spy on Y7774, entered "99," and noted the row of 16 0's and 1's it spewed back. Then I changed the date to "00." And there it was: the tiny glitch that's costing so many millions in repairs and causing so much apocalyptic fever.
The Data View showed nothing but a line of 0's. As far as this PLC was concerned, "00" equals zero. In its logical world, "00" would always be 99 increments less than "99," not one increment greater. It wouldn't take a great leap of imagination to envision some chucklehead somewhere, still blissfully unaware of Y2K, programming a PLC to compare a date periodically stored in a memory register, with the current one.
Maybe that program, devised to insure regular maintenance, would shut down an assembly line if those two binary numbers were more than two increments apart. Maybe it would reject cases of food more than 30 days old. It would work fine until Dec. 31, 1999. After that -- well, you know the punch line.
Sure, it's not very likely, what with all the Y2K hoopla informing every keyboard-pounding bozo of such dangers. But it's there, squarely within the realm of possibility. The thing is, you can still order one of these DL205s. In fact, this product is, by legal definition, fully Y2K compliant (see the companys Y2K Readiness Disclosure).
What that means, company spokesperson Joan Welty explains, is that no internal calculations of the PLC itself are dependent on that two-digit date. That's not to say, however, that any programs written for these PLCs are free from Y2K glitches. Nor are there any safeguards to prevent what old electricians call "a short between the ears" -- in this case, some PLC programmer haplessly coding in a date-dependent error. And Automationdirect.com has no plans to offer a version with a four-digit date function.
And that's my take on Y2K. The well-surveyed banks and power companies I don't sweat. It's the thousands of back-alley shops using equipment and software even older than what can be found at your local vo-tech school. It's the PLCs and embedded processors that shortsighted managers have signed off as ready for the new millennium.
How many of these devices are out there? Who knows? And would their programmers still be around then to correct the mistakes? These errors may not shut the lights off. They may not have any immediate affect on our daily lives. But come the new year, they'll be running on faulty data, and corrupting things in subtle ways that even our best consultants can't divine.
[This article first appeared in the Baltimore City Paper.]
Copyright 1999 y2kculture.com. All rights reserved.
-- Anonymous, May 21, 1999
See, this is exactly what I was talking about in my previous thread. It's not that the device will fail. The device is Y2K compliant or ready or whatever the vendor chooses to call it.The software that runs on the box is the problem.
We know that RTC chips don't crash when they roll over from 99 to 00. They don't care. The software that is using the RTC probably won't crash either.
But it *can* produce a bad result, which, in the world of embedded devices, means that whatever it is controlling may cause problems by being in the wrong state.
That is what I am concerned with.
Jon
-- Anonymous, May 21, 1999
This is exactly what I have been trying to communicate for the last year or so too.Yes it is directly applicable to the Electric Utilities Industry.
However, what they seem to be telling us is that they either don't program their PLC's to use date and time, or if they do, they've done it correctly.
I for one, don't buy it.
In the Wired magazine article about the Texaco refinery a couple of months back it talked explicitly about this problem. They would have had shutdowns if they hadn't fixed their PLCs.
-- Anonymous, May 21, 1999
Bob, thanks so much for posting this article! I had a general conception of the problem, but it's much clearer to me now after being "walked through" the basics. I, for one, am a non-technical civilian who is grateful for the information.After reading this, I remembered some snippets of info on the NRC Nuclear Materials Y2K site. After some site visits and telephone interviews, an ongoing NRC Y2K investigation came up with "To date, only treatment planning systems, dose calibrators, and a tote position display for an irradiator have been found to have a Y2K problem."
"The tote position display is not a safety system. Further, this system is a one-of-a-kind modification made by the licensee. The licensee was authorized by NRC to make the modifications and is updating the display system."
John, A.J., is this "one-of-a-kind modification", as it's termed by the NRC, an example of the kind of programming you're talking about? Where you not only have to know what the system does but how it might have been adapted to invidual specifications? Or is my understanding in error?
-- Anonymous, May 21, 1999
In the utility industry I know of zero examples of a PLC date being used for a control function or anything other tnan date stamping. This is no new item, a few PLCs with RTCs have minor date problems. And a number of PLCs have NEVER been able to handle a leap year, with absolutely no detriment to society:) PLCs often don't even have an RTC, and when they do, it very often isn't even used. When used, date usage is minor in all cases I have seen or read about in the utility industry.Sorry guys, this is nothing new, no suprise, and no smoking y2k gun.
Regards,
-- Anonymous, May 21, 1999
Hey Factfinder, Who do you work for? NSA, CIA or just Wen Ho Billy Bob and the boys?The "smoking gun" as you put it occurred back in November at Peach Bottom Nuclear. 8 hours without plant monitoring and extremely little reporting in mainstream press. Give me a break. You guys are going to start having some problems after 60 Minutes runs their report this Sunday.
Bubba awakens to the reality that he is an idiot and has signifigantly underestimated Y2K.
-- Anonymous, May 21, 1999
Jim, Peach Bottom was human error during y2k testing, not a y2k failure. As far as being "without plant monitoring", that is an incorrect statement. They lost the plant monitoring computer - a non-safety related system. There are hundreds of alternate indicators and recorders that are still available. Not a good situation, but nukes lose their monitoring computers on occassion. No one in the media cared before, because the Y2k hype wasn't around...Regards (and Bubba says "hi, but try buying a few facts before spouting off next time, 'cause its obvious you don't study"),
-- Anonymous, May 22, 1999
Please explain to me how the plant monitoring computer is not important to plant safety. I do my homework.While you're at it explain to me why the two systems, both the "fixed Y2K compliant system" and the backup both crashed during "testing". WHY DID THEY CRASH?
This is a good one. Perhaps we can get everyone to calm down about Y2K if we define it as a testing problem.
While you're at it explain to me how data logging is not safety related. I'd really like to hear that one. I lived in PA during TMI and I can tell you that it is SAFETY RELATED. Improper interpretation of date and time stamped events almost (if you don't count all my fellow Pennsylvanians who've already died of leukemia and bizzare forms of cancer) killed a lot of people. Do your own homework spinmeister.
-- Anonymous, May 22, 1999
Thanks for posting this, Bob.However, I have a question.
Sure enough, just like all those newspaper stories claimed, only two numbers could designate the year.... I set mine for 1159 p.m., Dec 31, 1999. A minute later it flipped to "00." No problem there....
"No problem there"? It flipped from "99" to "00". Of course: what else would anyone expect it to do?
But, isn't that very situation the cause of any other problems that might arise during computation?
-- Anonymous, May 22, 1999
Factfinder said:Jim, Peach Bottom was human error during y2k testing, not a y2k failure.
is it me? i feel as though there is some kind of 'cosmic disconnect' happening here.
read the sentence above, remove the word testing and read again.
if a nuclear plant melts down because of an operator error the was precipitated by an attempt to address a y2k systems failure...does anyone on this forum believe that 'splitting hairs' about who did what is going to matter?
human response in a highly stressed, rapidly changing dynamic environment is a real possiblity and the chance of error is equally possible...it has happened before.
"every time history repeats itself the price goes up." anonymous
-- Anonymous, May 22, 1999
Cosmic disconnect Part IIFactfinder said: As far as being "without plant monitoring", that is an incorrect statement. They lost the plant monitoring computer - a non-safety related system. There are hundreds of alternate indicators and recorders that are still available. Not a good situation, but nukes lose their monitoring computers on occassion.
So let me translate for Factfinder: The plant lost the central computer responsible for monitoring a multitude of systems which give indication as to the status of different plant operations. They would have still been able to access the hundreds of indicators and recorders which this computer usually collates with it's computer processing and software, and the humans (who are by Factfinder's split hair theory, responsible for the crash in the first place) would now be able to process all of this information in a few nanoseconds and determine plant status safely and efficiently.
According to Factfinder: It's not a good situation, but hey sh$%# happens. Nukes lose their monitoring systems sometimes, big deal.
If these interruptions in plant monitoring computers are so unimportant, why does the NRC require them to be reported at all?
And as far as the media is concerned, you're on a limited leash with them. Up 'til now the media has been to dumb to put all this together, but it doesn't mean everyone is buying this load of manure. And the media is starting to smell a rotten egg called disinformation. Ya gotta love that First Amendment. Tune in to 60 Minutes tonight for some of that "hype" that you so love.
-- Anonymous, May 23, 1999
Ok Jim, Marienne, Your views and insights into the workings and regulatory requirements of nuclear plants is simply amazing...and the best evidence I have seen yet of "a little knowledge is dangerous." Puleeez, quit browsing the NRC sites, you are getting way too confused....
-- Anonymous, May 23, 1999
factfinder,address the issues and stow the sarcasm. although i will admit it does seem consistent with the type of behavior cl manifests on occasion.
perhaps you would deem it worthy of your highness to respond to the article by dr. shirley ann jackson...
you do know who she is don't you?
http://www.enviroweb.org/tmia/2steps.htm
also, would you care to enlighten us regarding the status of TMI as outlined in the link below?
http://www.enviroweb.org/tmia/PressP2.html#secure
you are more than glib when talking geekspeak and lauding the accomplishments of those blessed to walk through the hallowed halls of the electrical facilities but methinks you are the one that is deluded.
there is more than one thread that addresses the foibles and ineptitude of some that work in our electrical facilities.
hate to burst your little pastel, peter max type, bubble.
deal with the real issues. we are in trouble. do you expect anyone to believe that the incredibly sophisticated
-- Anonymous, May 23, 1999
Marianne,No, I definitely DO NOT expect some here to believe any positive news based on real issues and real test results, and real data. They are too invested in their pre-conceived point of view.
Also, some apparently enjoy ad hominem attacks on those who present facts that disprove their preconceived notions. And he ought to take his personal attacks to the Yourdon board where it is welcomed and embraced by many.
-- Anonymous, May 24, 1999
>address the issues and stow the sarcasm. although i will admit it does seem consistent with the type of behavior cl manifests on occasion.marianne,
does this mean I'm not your favorite anymore?? (grin) You're just gonna make me try harder. (grin)
-- Anonymous, May 24, 1999
gosh cl,i thought you agreed with most of the theories and statements put forth by factfinder. i assume that is who you were referring to when you mentioned the ad hominem attacks.
example of factfinders ad hominem attack:
Ok Jim, Marienne, Your views and insights into the workings and regulatory requirements of nuclear plants is simply amazing...and the best evidence I have seen yet of "a little knowledge is dangerous." Puleeez, quit browsing the NRC sites, you are getting way too confused....
another pearl from factfinder:
Factfinder said:
Jim, Peach Bottom was human error during y2k testing, not a y2k failure.
my response:
is it me? i feel as though there is some kind of 'cosmic disconnect' happening here.
read the sentence above, remove the word testing and read again.
if a nuclear plant melts down because of an operator error that was precipitated by an attempt to address a y2k systems failure...does anyone on this forum believe that 'splitting hairs' about who did what is going to matter?
now, perhaps factfinder assumed that this was a rhetorical question...it wasn't...and i am still awaiting an answer.
-- Anonymous, May 24, 1999
no marianne,I'm not in this business to agree with theories, that won't pay the bills. I don't agree with FF's theories, I duplicated his test results in independant tests. Sorry, don't mean to cloud the issue with facts. (as if facts have any relevance).
Seriously tho, I nearly moved to Capital Campus in the wake of TMI, with the promise of a job at the plant when finished (we coulda been neighbors). You obviously were hurt by TMI in a way that never quite healed entirely. Sorry. Why don't you just move from the banks of the Susquehanna and head up to Potter County? Beautiful country, no nukes. It might be very theraputic to lose the memories of the past and immerse yourself in the beauty of "God's country." Is the anxiety you live with worth it??
-- Anonymous, May 24, 1999
nice try cl.i assume that your major was in engineering, was your minor in logic?
this was very good, very subtle. i almost missed it.
below you will find listed some, not all, of the strategies used by cl in his last post to me.
red herring-this fallacy is committed when someone introduces irrelevant material to the issue being discussed, so that everyone's attention is diverted away from the points made, toward a different conclusion.
example:
You obviously were hurt by TMI in a way that never quite healed entirely. Sorry. Why don't you just move from the banks of the Susquehanna and head up to Potter County? Beautiful country, no nukes. It might be very theraputic to lose the memories of the past and immerse yourself in the beauty of "God's country." Is the anxiety you live with worth it??
reification-occurs when an abstract concept is treated as a concrete thing.
example:
You obviously were hurt by TMI in a way that never quite healed entirely.
straw man-when you misrepresent someone else's position so that it can be more easily attacked...
example:
You obviously were hurt by TMI in a way that never quite healed entirely.
then knock down that misrepresented position
example:
Is the anxiety you live with worth it??
and safely conclude that the original position has been demolished.
example:
by implication, [and this is the clever part, i think, perhaps, i underestimated cl]...this poor emotional *woman* who can't deal with the *facts* of the issue.
this is a fallacy because it fails to deal with the actual arguments that have been made.
now we move on to the master's level!
ad hominem/appeal to emotions all rolled nicely into a personal attack[also known as ad hominem abusive] cleverly couched in compassionate phraseology.
example:
all of the above but specifically,
"obviously hurt" - inability to think rationally "never *healed*" - we are taking 'damaged goods' here "sorry" - needs to be pitied "move to potter" - can't take the heat "therapeutic" - needs help...NOW!! "no nukes" - poor fragile thing "anxiety worth it" -inability to function due to duress obviously doesn't know what she is talking about, must discount all she says.
fallacy occurs when one attempts to invoke the derision of the group towards the individual in order that they reject her claim. part two would require rejection based on a perceived defect in her character, i.e. a large pulsating bundle of nerves posing as a homo sapien erectus.
now that that is over cl, would you care to address the questions i posed to factfinder? or perhaps you would care to enlighten us as to why the weiss rating should not be given any creedence.
-- Anonymous, May 25, 1999
I said all that??? Cool...and here I thought I was simply trying to be nice and make peace. Cosmic disconnect!
-- Anonymous, May 25, 1999
Rick,You're not gonna let the barbarians sack civility in the great EUY2K kingdom, are you? Make 'em go run over each other on Yourdon's street. We have met the bovine-purveyors, and they are (becoming) us! Ewwwwww.
Knute
-- Anonymous, May 25, 1999
Ok, In the spirit of Ricks timely post, I would like to issue one of my numerous apologies at this time, to Marienne, Jim, whoever. I do tend to get called a lot of names and slammed a bit, so it's just a bit hard to not fight back sometimes....was Jim's fault really, he called me Bubba first, he did, he did...lolSeriously, I would like to propose a toast to world peace (even in the Balkans)....and to a bright, sunny, happy, relatively troublefree new year...
Regards,
-- Anonymous, May 26, 1999
gee, it sure is quiet around here.hey, facfinder...cl...
let's kiss and hug and make nice-nice.
after all we all have the same concerns, just different viewpoints...and we are adults after all.
so now that we made up...are you going to answer all of my questions?---JUST KIDDING!!
marianne
-- Anonymous, May 26, 1999