Books in the Ricoleta Library image via Shutterstock
Upkeep is not sexy. It’s always cooler to be making something new than maintaining legacy code. But it’s a thankless and necessary task. A recent paper from Northeastern suggests that a lack of maintenance might be more of a security flaw than you’d think.
Everyone has had that one unforgivable system crash. The one that absolutely destroys everything so completely, like your work had never existed at all. It’s such a universal experience it’s practically a cliché. As much as we’re aware of our own vulnerabilities, there’s still this idea that the internet itself will always be there. (Recent outages might be putting that idea to rest, though.)
The web is unthinkable in its complexity, but it’s a heck of a lot less stable than we like to admit. It’s a constant wash of novelty and it’s all built on sand. The internet is not a library. The internet is not a repository. And to quote Jason Scott, an archivist and historian for the Internet Archive, “when it goes, it really goes.”
The Great Library of Alexandra was a marvel of the ancient world and a center for philosophers and ancient scientists to share information and research. Galen wrote that all ships docking at the port were obliged to hand over their books to the scribes for copying; the originals scrolls stayed in the library and the copies were given out to the original owners. It housed the world’s largest collection of scrolls on philosophy, literature, technology, math, and medicine. And when it burned, it was gone. Scraps remain today, in fragmented manuscripts here and there.
If the internet goes, we won’t even have fragments to contend with.
Websites are like Frankenstein’s monster, built from composite parts such as database backends, content generation engines, multiple scripting languages and client-side code. They’re a nightmare to secure and maintain, if only because there’s so much space to cover.
Old libraries, old code
There is some good news; popular websites have the least amount of vulnerabilities. But one out of five are still vulnerable, suggesting that this problem is widespread.