Hacker News new | past | comments | ask | show | jobs | submit login
Root cause analysis on the Notre Dame fire (sologic.com)
63 points by causelink 19 days ago | hide | past | web | favorite | 31 comments

Everything you need to know-

> This fire alert system worked exactly like it was supposed to work. A fire alarm was activated and a guard was sent to check it out. However, he was sent to the wrong location. This was because the alarm message was not correctly interpreted by the employee monitoring the system. He was very new to the job – it was his third day. Also, he had already worked an eight-hour shift but was staying on for an additional shift after his relief did not show up for work. And the system itself was difficult to interpret. The messaging provided was not intuitive. This resulted in a delay of nearly 30 minutes. In that time, the fire rapidly spread uncontrollably through the attic.

And in this case we can identity the multiples causes adding up to the catastrophe such as the complexity of the system, the lack of training of the operator, and their lack of sleep due to a long shift.

It's interesting because it fits perfectly well with the _How Complex Systems Fail_[1] article, often shared on HN. A timeless valuable lesson for engineering, and any human activity really.

[1] https://web.mit.edu/2.75/resources/random/How%20Complex%20Sy...

For this complex system, I guess the best way to minimize catastrophe is to have several guards independently checking the alert (away from each other) and sending a unique person to investigate.

Best case, a bunch of people end up at the right place. Worst case, no one ends up at the right place. Most likely case, at least one person ends up at the right place.

This increases costs, but for situations where mistakes can be catastrophic, it's probably wise to bear the cost.

Adding more people to a bad system rarely corrects the issues. It’s akin to increasing inventory to cover for the fact that a manufacturing process produces a high level of defects. E.g., If we need 900 widgets an hour and we have a capacity of 1000 widgets but 20% defect rate, just spend money to increase the capacity. You’re generally better off reducing waste rather than increasing capacity.

In this case, if there’s a lot of human factor issues, it would be better to identify them directly and creates a process/system that mitigates each.[1] Yes, excess people can be a mitigation but, as you say, it’s an expensive one and a type that tends to be on the chopping block as soon as we get complacent.

[1] https://www.public.navy.mil/NAVSAFECEN/Documents/WESS/DOD%20...

Imo, this is wrong, and would lead to ignored alarms.

(Who's old enough to) Remember waiting for someone else to answer the landline? Versus it ringing when you're home alone and know no one else is going to get it?

Multiple alarm monitors might result in a lack of urgency (ie, someone else is closer, so no rush) or even shrugging off the responsibility all together (ie, someone else will get it, I don't need to go).

I don't understand why the response to the alarm was to send a guard to check it first, instead of sending the local fire department to check it. Supposing there was a fire and the guard discovered it, he'd have to call the fire department anyway. Wouldn't it be better to call the fire department automatically for every alarm so they can save a few minutes getting there?

I know false alarms are a thing, but I've been in buildings with false fire alarms before and the firefighters still showed up to check it out.

This is another cause to the issue, I think. Even if the guard was efficient into going to the correct location, the guard placed themselves and others in danger: they headed towards an enclosed spaces where a fire alarm indicated evidence of a fire (smoke(CO2 etc), heat).

The guard could 1) mis-assess the situation (that is false-negative or incorrectly 'extinguished it' without realizing the extend and real source of the fire) 2) endangered themselves (enclosed space with improper oxygen concentration plus various toxic gases (numerous accidents of people trying to enter tanks are known (septic/containers) and passing out in seconds and dying) 3) become trapped -- this is a game changer for firefighters that now have to risk their lives and prioritize into saving the guard.

I am not sure how many false alarms Notre Dame had, this however seems a flawed protocol to me -- not an expert however, thus there might have been some reasoning??

This is pretty normal, if you know there are instructed people like this guard on site. For example in our company, if there are people on shift, if the fire detector detects a fire, you have (I think) 2 minutes to reset the alarm or it goes out to the fire departement. If there is no shift, or always a hand alarm push button is pressed, the alarm goes out directly. The only thing I do not understand is, at least in our factory, you can't just reset if there is still smoke, the alarm goes of again and again and again. We would have to disable, not just reset the detector.


> There were no fire suppression systems, such as sprinklers or fire walls. A conscious decision was made that these systems would diminish the aesthetics of the historical timber structure.

Were visitors even allowed in the attic?

Probably not. Far too often "preserve the original" is code for "do nothing", the far cheaper path than installing a complex new system. I'm all for preserving old buildings, they don't all need safety rails everywhere, but a giant wooden building with no fire supression? It was inevitable.

Sounds like a high turnover job, probably not paying a living wage ... A priceless cultural object mismanaged by stripping down costs as though they were under Walmart Inc management practices

What an awful third day!

This New York Times article covers the same information and much more, including nifty animations and a detailed timeline of the events: https://www.nytimes.com/interactive/2019/07/16/world/europe/...

I would highly recommend it to anyone interested in learning about this disaster, it's a much better article than the Sologic analysis linked here, which sounds kind of like a sales pitch (in my opinion).

> Have you ever tried to burn a chunk of concrete (good luck)?

Try chlorine trifluoride :)

Ignition!: An Informal History of Liquid Rocket Propellants by John D. Clark (1972)


Yes concrete is "flammable" in the context of fluorine (most things are though). Chlorine trifuoride is extremely notorious for that. Silicon dioxide can be oxidized by fluorine (which is a stronger oxidizing agent than oxygen, so...)

P.S. This is a fun video to watch https://www.youtube.com/watch?v=ckSoDW2-wrc for "exciting" chemicals.

Well, the article mistakenly (to pedants like us) states:

> All fires have three primary contributing causes – heat, fuel, and oxygen.

When what they really mean is that fires have three requirements: initial energy input, fuel, and oxidizer. The input energy doesn't have to be heat (though it almost always is outside lab settings), and the oxidizer doesn't have to be oxygen (though it usually is outside lab and industrial settings).

Some of the article is sales-pitchy, but this part of it is spot on: "Complexity on its own makes a system less reliable" They were writing about the fire alert system, but it is relevant to pretty much any software/hardware system you care to think about.

I do not think that the bundle of technologies we call the "internet", has gotten less complex or easier to interpret, in the last decade. On the other hand, there are a lot more critical systems that depend on it. Sort of like the presence of fuel and oxygen; a spark is guaranteed eventually.

Thank you for all the thoughtful comments. The intention of these examples is to show how root cause analysis breaks problems down in a way that’s easier to understand than a standard narrative. This is typically done with a cause and effect chart. Yes, the analysis is gated, but I’ve listed the links here:

Cause & Effect Chart: https://www.sologic.com/getmedia/fa530279-f746-4032-a803-26f...

Incident Timeline: https://www.sologic.com/getmedia/87441f21-d2ad-421c-b1f1-2d1...

Full Report: https://www.sologic.com/getmedia/b533da72-7e33-45ae-a672-4d4...

There might be something interesting here, but I’ll never know.

The real content is gated, and the blog/abstract rolls up to a sales pitch.

It’s... barely gated. They don’t do anything to verify the info you submit.

this "root" cause analyze everything but how the fire started. was it not there an investigation to find out the ignition source? even if the source wasn't found, why isn't there an investigation report about that?

root cause cannot be "a confusing panel light" simply because without ignition that alone would not have caused the incident to happen, so I'm not sure if this is trying to take us reader as stupid or it's conflating root and aggravating on purpose.

It spends paragraphs saying why the "root cause analysis" is not including ignition.

Disappointing indeed.

> even if the source wasn't found, why isn't there an investigation report about that?

Because they're afraid of what is believed to be a likely source of ignition. Coincidentally, there happen to be numerous church arsons in and around France lately.

> I'm not sure if this is trying to take us reader as stupid

They know you have to play dumb, even if anyone with an IQ above 95 is going to notice what's missing here.

During the Enlightenment, all criticism of the church was censored. So Diderot created the Encyclopedia, and claimed that all true knowledge had been addressed in it. By listing absolutely everything except for religion, he said everything he wanted to say without the possibility of censorship. We live in a similar time today.

Are you saying the investigators think it was arson? Wikipedia says the "Paris prosecutor" has said they don't believe it was a deliberate act, but I'm curious what you're referring to.

The prosecutor job is to look at anything but the most likely cause, in this case arson. And even if the government/justice admit it, then they would try to hide the community of the offender(s). Like microcolonel wrote it, there has been quite a few other cases in other churches (including some in Paris) a few months and weeks before. In fact the Vatican counted attacks against churches in 2018 (iirc): one every two days! That fact alone is also not talked about in news outlets (which is very different from the media treatment of other religions building attack).

We will probably never learn the truth because its implication is too big for the national security.

You can agree or disagree that it’s almost certain that there is evidence that has not been made public, that a statement from a prosecutor might look the same if they knew it was arson or really didn’t think it was, you can fully argue the difference in reasons for why that might be the case.

But... do you really not know or are you being obtuse to pretend you don’t know what he is saying? If you are pretending, don’t.

He’s already being downvoted for implying it (this site and it’s bubble mechanics; chilling effect, better not say anything that the hive will disagree with) so i wouldn’t expect him to explicitly say what we all know he said - again - agree or disagree if he’s right or not.

I really don't know. What are you two talking about?

I think they're hinting it's arson by people who hate Christianity (i.e. Islamic extremists), but authorities are covering it up because publishing that "truth" would cause a religious civil war (national security danger), and they also can't write that "truth" here because they'll be downvoted (oh the horrors, downvotes!!).

It's fucking disgusting how cowardly these couple of commenters are, but also how many seems to have showed up on this thread.

Not saying I can't say that here. Just keeping with the style of the report here. I mean, I don't think I'm obscuring anything, literally mentioning arson in the next breath.

I just had the one comment, I don't spend my lonely hours refreshing the threads page on HN, waiting for people to complain about the way something is said rather than addressing it.

Who cares who is "cowardly" for not writing everything purely literally? Given that the incentives are there, and the most important part of a root cause analysis, the root cause, is missing, what makes you think it isn't the one thing they have an interest in obscuring?

I mean, I basically yelled arson, how much am I obscuring?

> (i.e. Islamic extremists)

The French media I've seen have also relayed concern about radical feminisim, generic black bloc communism, or other ideologies with extreme elements.

I dislike this style of writing. There is too much unnecessary build up by a company which boasts about root cause analysis.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact