[FridayoLeary]

I'm surprised that a catastrophic runaway oxygen leak is possible on an aircraft in todays day and age. Aircraft design is dominated by strict safety regimes that take into account even far fetched scenarios. Putting one valve in the rubber hose sounds sub optimal. Gas station pumps, for example have a valve that closes if the hose gets torn away. (which does happen when people forget about the pump and drive off). From the article it sounds like a button closes the oxygen tank but a pilot sitting next to a flamethrower might not remember to press it. One obvious solution is that the oxygen tank should be activated only in an emergency instead of being on by default during the flight but i assume the current procedure exists for a reason.

[wat10000]

The article says that a risk analysis was done for the system and the risk was found to be “extremely improbable,” meaning between 1 in 100 million to 1 in a billion flight hours.

This flight may have been extremely unlucky, or the risk analysis may have been wrong. This is why the behavior of the Egyptian authorities is so frustrating; the purpose of the accident investigation is to see if there are problems that should be addressed.

[CamperBob2]

Also, even if the risk analysis was right, it didn't justify an "extremely improbable" conclusion. If the global airline industry operates a total of about 50 million flights per year, and the average duration is about 2 hours, then we stand a good chance of seeing an accident like this every few years.

[wat10000]

Reading up a little on the regulations, the FAA defines “extremely improbable” as less than one in a billion per hour, with the goal that a given type of airplane should be unlikely to ever experience a catastrophic failure during its service life.

Of course, there’s more than one type of airplane in the world, so you do have to wonder if that standard is adequate. I didn’t see how they quantify “unlikely,” but if it’s, say, 1 in 10 then the wide range of aircraft types means many of them will experience a catastrophic failure.

I’d expect this stuff to be gradually tightened. The current standard would have been ridiculous and unobtainable some decades ago. As technology and experience advances, there should be room to improve it further.

[masklinn]

The rarity of such events (as outlined by TFA) is probably a major reason, even more so as they seem to generally be caused more by maintenance and from places with less than stellar incident reporting.

While there is some amount of proactivity in aircraft safety I'm not sure there are people with enough free time that they can make up failure modes or trawl through every minor incident report until (again as in the case of TFA) prompted by an actual failure, unless one of the minor incidents is itself proactively raised as a major risk avoided by blind luck.

[userbinator]

instead of being on by default during the flight but i assume the current procedure exists for a reason.

Suppose it fails the other way --- pilot needs oxygen but the valve refuses to open. I think they definitely did a risk analysis and came up with the current design, reasoning that the increased risk of an oxygen fire would be less than the risk of a pilot suffocating if the system failed the other way.