This paper discuses differences between Perrow’s "Normal Accidents and what they call a ‘Epistemic Accident’ using the 1988 fuselage failure of Aloha Airlines Flight 243 as an example.
Don’t know how useful the concept of a epistemic accident is but the paper has a fairly good explanation of that and Perrow’s normal accidents. I did have to look up the terms “ontological” and “epistemology” more then once while reading.
The “Politics of Blame” section was interesting.
From Marginal Revolution
Love this part…
As one engineer puts it: ‘Until cracking begins, it is for
all practical purposes impossible to tell whether it will begin in 20 years, or tomorrow’ (Garrison
2005)
Fortunately, at least for those sailing in iron ships, he’s talking about aluminum, not steel 
OK, so “Fail safe systems fail by failing to fail safe.” (John Gall) Check.
What you don’t know can hurt you. Check.
What you know that is wrong can hurt you also. Check.
The Aloha casualty was unpredictable. Uh, not so sure. Based on the description given in the paper, I would chalk it up to a shortcoming in analysis and test coverage. I know that’s shoulda/woulda/coulda thinking, and I’m the first to admit I am capable of making the same mistake, but still …
Failure Effects Analysis is a known technique. Its foundation is in dependency analysis, and intelligent test plans, especially in real time control software, take such a form of analysis into account.
So in the Aloha case we have a situation in which (IMHO) there was one semi-surprise (the zipper effect of the crack propagation) and one nonsurprise (the crap glue job). And as far as I can tell from the article, after you strip out the fancy academic terminology, what is left is “Nobody asked what would would happen if the known dicey glue yielded a crap bond.” Now there are sociological lessons to ask about that, such as the failure of shop floor knowledge to make it into the engineering department, but I personally don’t think they rise to the level of defining a whole new category of accidents.
Cheers,
Earl
same for any metal
An old high use aircraft in saltwater…like DOH
Were Boeing doing stress cycle testing in a lab?
Actually, no - the article makes it clear that ferrous metals have a very different behavior wrt fatigue from aluminum. This was the basis for the remark that you quoted.
Probably. But that’s OK, as long as your test coverage includes adverse events like bad glue joints.
The interesting thing would be what tests were mandated after the incident and how many aircraft flunked.
Cheers,
Earl
yes but NDT of steel says no crack today and tomorrow you have a crack, how is that different?
Aluminum is not steel but you have the same inspection issues.
Saying that aluminum always fatigues and steel below yield might not ever fatigue regardless of cycles.
Feel safer on your steel ship now?
PS are there more old aircraft flying doing the job they were designed for than old steel ships?
ChatGPT would say aluminum a better product long term…lol
Knowing the aircraft industry and Boeing re the cargo door that blew off, they said paying for a few dead cheaper than fixing all the aircraft. FAA also supported that decison.
Flying much more dangerous since smoking banned as no more brown stains showing where the cracks are.
From the article:
To test the 737’s fatigue life, therefore, the designers pressurized and depressurized (cycled) a half-section of a 737 fuselage 150,000 times (representing twice the design-life goal)
in a test facility. This produced no major cracks (NTSB 1989: §1.17.2).28
Again, however, the NTSB suggest that this test was unrepresentative because its theoretical
foundations were flawed. By isolating ‘cycles’ as the limiting factor in fatigue, the test excluded
a range of variables that were significant to the Aloha incident. Flight 243 was, to be sure, a
highly cycled aircraft (because of its short routes), but there were other factors that contributed to
its decay. One was its age: manufactured in 1969, it was one of the longest serving 737s in
operation. Another was its operating setting: the warm, saltwater environment of Hawaii, a
misery for metal. A third was its flawed construction: as outlined above, imperfect bonding in
the airplane’s fuselage allowed saltwater to creep between its alloy sheets. These three factors –
age, environment, and manufacture – set Aloha 243 apart from Boeing’s test fuselage. The
disbonding created gaps that allowed saltwater to creep in, and, over time, this corroded the
metal in a way that stressed the aircraft’s rivets and nurtured cracks in its fuselage.
Unsurprisingly, therefore, it fatigued differently from the new, properly-bonded fuselage that
engineers repeatedly pressurized in a dry laboratory.29
factory test not representative of the real world…where was all that data collected from aircraft in ww2 in harsh environments…
Saying that the industry used ww2 data for fuel heating and ww2 flight durations ( not pby’s) British airways and RR proved it was wrong gliding in a 777 with frozen fuel.
More than one old school guy in the engine business expected that to happen one day.
RR unlucky they pumped the fuel then heated it, GE heated then pumped.
RR had to change to the GE design.
Like flying over the poles in twin engine aircraft…even if it lands they are all dead ( frozen)…not tested that have they…
I know when aircraft shopping one can expect a LOT more candidates to fail inspection due to corrosion if the airplane has spend its life in Florida, Hawaii, or the Caribbean vs. say New Mexico.
Oddly enough, it is likely DC-3s will be flying in some fashion long after the last 737 is scrapped, being unpressurized is good for long life.
The 737 is FAR from the first airplane that has an inspection and/or service life restriction placed on it due to a structural failure and I am sure it won’t be the last. DC-3s and Beach 18s both require X-Ray inspection of certain parts every so often, issue came up that were not thought of when they were new. Most Piper Cherokees have a wing spar inspection needed because of a “worst case” pipeline inspection plane that spend a very long life banging around in the low altitude turbulence and lost a wing.
Previously the 737 had a rudder hydraulics failure that would slam in full rudder at perhaps inopportune moments, an Airbus had a fatal flaw in the rudder boost system that allowed the pilots to rip the rudder off with full deflections at a much lower speed than they thought, which was in direct contravention of their upset training in aerobatic trainers that emphasized a boot full of rudder. In most light airplanes with direct human-powered controls, that is nothing to worry about and Boeing did not use high rudder boost at lower speeds either like Airbus did/does.
Back to boats, I have audiogauged a steel boat and found very thin plate that looked perfect, the plate was under where the shower was and a leaky shower stall had the boat rusting from the inside out. “Hey, my boat is sinking because of the shower” is not something I normally think about.
re that rip the rudder off an airbus…
The US pilots that did that were trained to do it. Airbus had no idea, end result was the US had to change how they trained pilots
Shifting gears on this just a bit.
I have semi secretly held the very controversial position that some
times bad stuff happens at sea.
While certainly technological in many respects, much of what we do
At sea is a decidedly human endeavor – and to some degree will always
Be susceptible to human error.
Much has been done in the last 20 years or so to try to eliminate these errors,
And IMO rightfully so. But the philosophy of zero is the only acceptable answer
may be flawed.
Much of the lower hanging fruit to improve the equipment and processes to eliminate
accidents has been done. And the seagoing industry has certainly moved the probability
Of accidents a few sigma out from the mean. And that is my point.
Are we at or near a point of diminishing returns. Where so much time, effort and money is
Being spent for very very small incremental changes in pushing out the accident probability
Only marginally out on the far end of the tail on the distribution curve. And no one can
Say “ is it worth it” without being banished to “unsafe” island.
I think I mentioned that. “Step On Sky” is standard upset recovery for a light airplane, which is what you do upset training in. Boeings would tolerate it too, Airbus not so much.
Also note - the more you idiot-proof something, the more creative the idiots get. Think about radar, GPS, and AIS. No one would ever want to go back to RDFs and foghorns to get around not hit each other, but skills are lost when it is all on the video screen and vessels with all that gear can still run into each other.
Famously the Andrea Doria and Stockholm saw each other just fine on radar and still ran right into each other 
Airbus programmed in so many safeguards to keep pilots away from trouble that when Air France ran into what is normally an annoying malfunction at worst, puzzled pilots rode their plane right into the ocean.
Now DP comes on everything down to a Boston Whaler, will we have a new generation of “sailors” who hit the dock whenever the thing blows a fuse?
Heck a tanker ran into Ambose Tower !! S&(**t happens
Not a good place to set a waypoint.
Probably the lowest hanging fruit at this point is manning levels. When I was chief mate we once hit four ports in one 24-hr period, and that was just the start of a coast-wise.
Beyond that there are systemic issues. I don’t think Perrow’s observation that the marine transportation system is error-inducing has gone out of date.