Hacker News new | past | comments | ask | show | jobs | submit login
The ¬NED pin goes low on detection of a nuclear detonation [pdf] (maxwell.com)
146 points by robinhouston on Oct 31, 2011 | hide | past | web | favorite | 77 comments

So, my mom is a former Maxwell employee who now does her own defense contracting, and makes this same type of part.

As I understand it, when there is a nuclear event, it generates x-rays followed by the EMP. The goal is to have warheads in flight to be able to continue to their target, so the strategy is to employ an NED. When an event is detected, the warhead shuts down its electronics for the duration of the EMP, and then powers back up.

With her NED, she uses an ASIC for detection. I might get some details wrong, but the ASIC has a physical array in it, and the x-rays flip bits in the array. When enough bits get flipped, one can infer a nuclear event. Because it is an ASIC it is really small, which has important advantages for space-born avionics.

Do you have mixed feelings about this? Your mom's part in WMD technology, I mean. And how does she feel about it? This is a serious question.

I genuinely wonder if people who work on this kind of stuff feel conflicted about it regularly, or don't think about it, or feel strongly that they are doing good.

my sister and mother where in WMD, my father was in Oil industry. My only sane options where either compete with them by going to High Speed Trading in African originated goods markets or give up and become a Hippie, I mostly took the later option and live 400km from them.

Sorry for the late response to this. I have had mixed feelings for a while - it gives a good living to the family, but on the other had we all want to work towards the betterment of the world.

For my mom, at first she was very gung ho about it - arsenal of democracy and the importance of having a strong nation. Now she is having second thoughts, and is looking to follow her passion which is something in the education space.

I thought EMP affected electronics regardless of whether they are powered at the time of the burst or not?

You can harden your circuits against EMP, it's just expensive and almost universally unnecessary. Almost.

Perhaps the idea is to disengage delicate circuitry from long potentially antenna like circuits.

EMP generally refers to the radio-frequency flash. This device is for the ionizing radiation flash -- gamma rays, x-rays, and neutrons -- that can be extremely damaging to devices that are powered on. For example, the ionizing radiation can cause power transistors to turn on unconditionally, which can fire rockets, burn out power converters, and so forth.

That ASIC idea is pretty neat - it kind of sounds like taking the problem of single event upset and turning it into a solution, pretty clever.

I've worked for a French military chopper (Tiger, NH-90) company, and they do the same, they short-circuit everything (even the batteries) so that the induced current doesn't grill semiconductors but flows freely through copper. They do that for a very short time, so the cinetic energy in the moving rotor keeps the helicopter airborne.

I wonder what a test cycle for this system is like.

When an event is detected, the warhead shuts down its electronics for the duration of the EMP, and then powers back up.

I doubt this, since the EMP is moving at the speed of light, whereas the delay times inherent in most circuitry and the time required to power down most circuitry would be at least an order of magnitude (most likely more) larger.

Why does the rate of propagation matter? I presume that during the course of the explosion there are several sequential phases. If phase x emits some non-EMP but detectable signal, say an X-Ray burst and phase y emits the EMP, both of which propagate at the same rate, then you have time(y) - time(x) to respond to detecting x before the EMP from y reaches you.

Explosions, like all other macro scale phenomena are not instantaneous, they just appear so until an appropriately small time step is applied.

"If phase x emits some non-EMP but detectable signal, say an X-Ray burst and phase y emits the EMP"

No, "X-Rays" travel at the same speed as the "EMP" - both travel at the speed of light. They're both part of the electromagnetic spectrum.

I've wondered about the following:

The firmware controlling a nuke has to have, at some point, a bit or control register it sets that causes the explosion to go off:

    *pKaboom = true;
or something like that. My question is: What is the line of code after that?

    *pKaboom = true;
I suspect it's more complicated than that (there's an infinite loop of some kind that keeps retrying the command sequence). I also suspect I will never know, short of some very hush-hush software being open-sourced someday. :)

GCC has a noreturn pragma for this sort of thing. It lets you mark functions as never returning, which can in turn help the optimizer generate code leading up to that function's call sites.

  exit(EXIT_SUCCESS); // or maybe failure, if we reach this point? :)

I doubt the warhead has code to control its activation--more likely it's something like an altitude sensor that controls detonation.

Think cruise missile. Some code looks at a map, looks at GPS, looks at altitude and velocity, and decides "Yup, this is the spot."

It's probably a lot more prosaic than I imagine.

I'm fairly certain that ICBM's use inertial guidance with predefined/computed coordinates (http://en.wikipedia.org/wiki/Inertial_guidance). There's no software involved, its all physical. Detonation is (probably) trigged by a combination of altimeter, accelerometer and other telemetry systems.

Yeah, GPS doesn't work so well through the plasma sheath around a reentry vehicle. And you don't have a whole lot of time to acquire GPS lock, or steer, when you're still traveling at hypersonic speeds and it takes maybe half a minute to hit the ground after first encountering the upper atmosphere.

oelewapperke: I hope you're reading this, because your reply to this comment is not visible. You've been hellbanned.


It happened 175 days ago, when you made an unwise comment about killing children. All your comments since then have not been visible, or upvotable. This is why you're supposed to put contact information in your profile.

I hesitated before posting this, since from your older comments you appear to be a bit of a reddit user, and the comment itself contains several significant technical errors regarding the design of nuclear weapons, (American nuclear weapons haven't been of the "gun" type for 60 years now) which casts a poor light on the comment as a whole; but I don't think you're completely beyond hope.

Make a new account. Try not to be an asshole with it.

Cruise missiles, on the other hand... Well, let's just say there are eye-witness accounts of one flying down the street and turning the corner at an intersection before detonating in a tiny radius. All the was left of the target was a single shoe, IIRC.

Oelewapperke posted a long and detailed reply to this post, and yet it will go ignored because all his posts are automatically killed without him being aware of it. His posts may not be perfect, but I still find this kind of false positives terrible.

It's not a false positive. He's hellbanned. Hellbanned users don't know they're hellbanned - their posts appear to them "not dead." If you look at his posting history, all of his posts starting 160 days ago are dead, and it seems to have started at a post from 175 days ago.

I know about hellbanning -- I've actually complained about this before:


But the post was killed...

Perhaps not for an ICBM, but GPS is definitely a possibility on a missile. You could even build a DIY one with this http://arduiniana.org/projects/the-reverse-geo-cache-puzzle/

ICBM's use inertial and (in the case of Trident) star mappers.

The reason they don't use GPS is that you would (hopefully) only start throwing ICBMs around if you are in "nucular combat toe to toe with the Rooskies" - and the way you know you are in a proper war is that all your GPS satellites have just been destroyed by the other side.

Some missiles run a proprietary operating system for which one has to buy a license per missile. I always found it funny that those instances of the OS were going to destroy themselves.

I guess there might be some code for mis-firing. Detonating this kind of stuff is tricky.

They also sell something called the SCS750 which is apparently like a BeagleBoard IN SPAAAACE...


Datasheet: http://www.maxwell.com/products/microelectronics/docs/SCS750...

Its CPU is in fact triply-redundant, like pjscott was saying. They run in lockstep, and they do some fancy stuff that involves dumping the CPU registers to memory, "scrubbing" the registers and then restoring them. I recommend having a look.

Space is cool. Even when it does have nuclear weapons in it.

Guaranteed to operate in ionizing radiation of 10^12 rad/s. Yikes, that's like 10 billion sieverts/s. Since a dose of something like 10+ sieverts is fatal I'm guessing a human would be turned to a puddle of goo around that much radiation.

1e12 rad/s is 10e9 Gray/s. Sieverts measure something else, dose equivalence.

Interestingly, in this radiation field, every kilogram of mammalian tissue absorbs 10 GW. If this blasts lasts for more than a few nanoseconds, your puddle of goo would be a good guess.

A nuclear bomb emits a fast flash of radiation over about 50 nanoseconds. Even if the total dose is small, it arrives fast enough to spuriously turn on transistors.

Here's a link to the product page, http://www.maxwell.com/products/microelectronics/product.asp....

Maxwell makes an entire array of microelectronics components. These are generally meant for use in devices that are deployed into space environments.

There's some interesting material on the Honeywell HX5000 process (Silicon on Insulator - usually synthetic sapphire) for radiation hardening.

There's an interesting (if somewhat technical) document here: http://www51.honeywell.com/aero/common/documents/myaerospace...


Holy shit.

So this is to protect your orbital weapons platform from EMP blasts?

Or anything you feel like putting in space, that you worry might be near a nuclear explosion or other source of intense ionizing radiation at some point. Be prepared, as the boy scouts say. I assume that maxim goes double in space, considering how expensive it is to put things up there in the first place.

No kidding. I believe NASA had something like 3 dual-redundant flight computers on the Voyager probes.

Just think how much redundancy you could get, cheaply, with the advances that have been made with Moore's Law over the years. Computers for space probes don't need to be that fancy. It's totally feasible to build processors that use error-correcting codes in their entire datapaths, have tri-modular redundancy for all their functional units, and then are arranged alongside several other identical processors for ridiculous amounts of redundancy.

This sounds silly, but the vast majority of the cost is non-recurring engineering cost. Manufacturing it would be a relatively cheap matter of sending the design to a fab like TSMC along with a bundle of money. Transistors are dirt cheap.

Aren't the mechanisms of Moore's Law (ie. smaller transistors that run at lower voltages) exactly the same things that make chips more susceptible to radiation? Once you compensate for that by including more redundancy, you may not have a cheaper chip.

Yes. More dense, lower power chips are more susceptible to radiation.

And anyway, what exactly does "redundancy" mean? If a rocket engine controller is triple redundant, how does that work? Are there three propellant valves in parallel, so each computer controls one-third of the thrust? Are they in series, so that failure of one computer disables the propulsion function? Is there a majority vote system, and is it electronic, electromechanical, or fluidic? Redundancy is not pixie dust that magically makes your system design better.

A sample Google interview question is to design the protocols to run a cluster of unreliable computers. Should there be a MIL-SPEC master computer? Should the cluster elect a master? Or several oligarch servers? Where does an outside agent submit a request, and what does it do if the request is not answered. Designing reliable systems is hard.

Depends on the desired outcome.

For self destruct systems you probably want all three to agree before going bang - while for an emergency escape system you probably want any one of three to be sufficent to deplay.

Doesn't the difficulty/expense of keeping all those processors running in absolute cycle-for-cycle lockstep increase dramatically with the amount of redundancy?

I vaguely remember being taught that this is the big problem developing real-time safety critical systems.

If you make a bunch of (highly redundant) small processors, then I don't see why it would be much harder than the clock distribution issues in large processors, which also need to keep all their parts in sync.

Alternately, it's possible to use asynchronous processor design and not worry about clock distribution. The tools aren't really there, but there have been async processors made before, and they work. They handle synchronization with local handshaking, instead of distributing a clock signal everywhere.

Another option is to abandon the cycle-for-cycle lockstep requirements, and just ensure that the synchronization time is bounded, and reasonably low. I know there have been some papers published about using this kind of globally-asynchronous-locally-synchronous architecture for realtime apps.

The problem is when there is an error, and there will be, you need to correct the processor, unit or other part of the circuit which is now in the wrong state.

It could be that I just don't know enough about redundant system design, but I'm pretty sure the way Voyager worked was each computer ran independently and identically, and the result of computations was simply compared to the result on the other computers. In other words, you run it like Folding@Home or SETI@Home which send each job to multiple clients. That doesn't seem like a difficult problem to tackle.

Redundancy in hardware is one problem. But then all those CPUs still run the same software.

After Ariane 5 crashed spectacularly due to a software error that affected the two on board computers and the ground control unit likewise (http://en.wikipedia.org/wiki/Ariane_5_Flight_501), there had been talk about having the same software be developed by multiple, independent teams, and then use the different versions for error correction. Sounds like a crazy idea and probably won't work, but I don't really know of a better solution either.

http://en.wikipedia.org/wiki/N-version_programming It's used in Airbus planes, for instance.

Of course, it's useless if the specification is wrong, and the assumption that the differing versions will fail in different ways seems to not hold water.

IIRC, that's more or less how the DNS root servers are managed--they're not just in different locations, they're running different server software on different OS's, to minimize the chance that any one problem could take all of them out.

Wouldn't that just make it worse? "Oh it failed, let's see if the other team had a better idea... [5 minutes later] Nope, they used the same algorithm but it can't talk to this algorithm"

What is the probability, over the next 10 years. It might be worth it for server farms, even if the probability of a nuclear EMP is only 1%.

ICMBs go through space you know.

How much does this stuff cost?

I don't think they do regular consumer stuff, it looks like everything is special order. According to this page [1], you have to contact one of their business partners in order to arrange any purchases.

[1] http://www.maxwell.com/products/microelectronics/where_to_bu...

Presumably someone in the US government will then hear about the interesting fellow trying to buy nuclear-hardened equipment.

I'm _almost_ tempted to mail them for a sample batch - and make an art project...

(But I don't think I need the cavity search every time I enter the US that might come along with that...)

Seems to be available for $150/ea @ http://rcfreelance.com

"not authorized for use as critical components in life support devices"

Now try to imagine something using this part in such a way.

/* NED low. Turn off life support. Insurance companies now vapor."

You, sir, have just voided the warranty.

I just love this bullet point: * Maxwell Technologies Specified, Controlled, Tested and Guaranteed

So, I suppose if you experience a nuclear detonation and the chip doesn't go off, you get your money back?!

I think you can physically model the ionizing radiation of a nuclear event, without actually detonating a weapon, just condoms are tested for elasticity by filling them with pressured air and water.

The detector may have been tested before the discontinuation of underground testing in the US in '92

the unit test for this thing must be awesome

Hopefully the Built-In Test pin doesn't trigger a nuclear event.

"Tested and Guaranteed"

Really? I would like to have seen that.

Well, this is certainly cooler than anything I work on, nuclear destruction or not.

  while(ned_pin) {};

Remember to declare ned_pin volatile. (Sorry to be pedantic, but I was getting physically uncomfortable about the possibility that it might not have been declared volatile.)

You're physically uncomfortable about indefinite 1999-esque partying? Do you have something better to do when !ned_pin?

Of course! When the !NED pin goes low, duck and cover like it's 1959.

(Fun fact: in a fairly large portion of the blast radius of a nuclear bomb, the main danger for people indoors is falling debris and broken glass from the pressure waves. Duck and cover actually works.)

The TED talk on surviving a nuclear blast: http://www.ted.com/talks/irwin_redlener_warns_of_nuclear_ter...

Instructions start at around minute 18.

So hiding in a fridge might actually save you?

Given how close to ground zero in Hiroshima and Nagasaki people actually survived just by virtue of being slightly more shielded than people around them: Yes, it'd probably at least increase your odds.

And it's not like the Indy movies aren't full of situations where his odds of survival would've been ludicrously low.

Hiding in a fridge protects from debris and direct radiative heat from the blast, both major killers. So yes, the Indiana Jones approach could help. A more practical variant, of course, is the time-honored "hide in the basement" approach, which doesn't require you to compete for space with hastily-evicted perishable food and plastic racks.

Money back if not entirely satisfied!

Wow. Great article. This is big.

I like how the logo on the package is the M from *Monsters, Inc."

Something else they make there, I suppose?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact