Wednesday, June 27, 2007

Off Scale High

I've finished the overwhelming stack of magazines I was behind on, and now I'm into the overwhelming pile of books I am behind on reading. Right now, its Inviting Disaster. I love disaster books. Especially when they get into engineering or design failures. Why Buildings Fall Down is a must read if this appeals to you also.

Anyway, its covering the usual. Challenger O-rings, the Ocean Ranger capsize, etc. Well, I just finished the TMI2 part. There are plenty of lessons about procedure, training, usability, human behavior, control room design, etc. (the best of course being a light to indicate you asked a valve to close, not whether its actually closed!) But there was one I didn't recall before.

When the morning shift arrived, someone noticed the overflow cooling tank temperature was high. They see something like this:

Which means its 280°, which is not too bad. Too hot, so they start figuring out its a loss-of-coolant accident, instead of a danger of going-solid accident, but no one noticed before because its not all /that/ hot.

Well, that's because the water is not really 280°. Seems some programmer decided that all values over 280 should be discarded, so the top of the scale is...280. No standard way to know that on a digital readout, though. And certainly it was not indicated on the meter, or in any obvious place in the

Consider if that gauge was displayed like this:

Not necessarily bad that someone makes the decision no reading over 280 is important, but the classic dial gives us other information. Lots of it, really. But here, you can detect the top end, and understand that the reading is not a specific value, but an unknown above a certain value, off scale high.

This is something I particularly hate about digital display of anything. My GPS (actually, all of them) is similar. It will happily give your position down to at least 1 meter. But if you look somewhere else, it will also inform you that it only knows its position within a certain accuracy, usually between 11 and 70 feet. There's even a handy circle around your location marker if you look at the map; somewhere in this circle is where you actually are.

I have warned about this but I still think there is a fundamental design flaw in most of these sorts of display mechanisms. Excessive implied precision, and implied accuracy. Everyone I work with seems to understand its true, yet hardly anything seems to actually happen about it.

In the disaster book, Chiles talks about how the control room is oddly isolated from the boiler functions, much more so than any boiler operator from a century before would let himself be. Not just in proximity, so he can observe it, but in the type and value of his instruments. Those instruments were developed carefully, over time, to meet specific needs and avoid dangers. Since digital display is not going anywhere, I wonder when will universal digital standards start to emerge to prevent these sorts of issues?

