How a software's life ends
Permalink:
Why?
One would assume that only hardware breaks since software is just bits an bytes which can easily be copied, backed up and restored. Counterintuitively this is wrong for several reasons. Open source software is less prone to this problem, as long as there's any interest in using it and willingness to maintain it. Abandoned closed source software on the other end will die quicker, even if there's still interest in using the software; only the owning company is able to maintain the software.1. Changing software environment
Software requires regular maintenance to remain usable on a computer which is connected to the Internet. Permanent threats from the outside—mails, attachments, new apps, PDFs, web pages, infected USB sticks, etc.—force us to install a lot of security patches and updates for all the operating systems and for many applications. Please note that this is not a decision by IT but a consequence of digital cooperation and global network communication. Eventually, unmaintained software will become incompatible with the evolving software ecosystem, as its foundational libraries undergo changes or other network software (such as web servers) ceases to support the protocols of the outdated software.2. Security problems
As an institute handling personal data of test subjects and patients, we're a prime target for digital extortion attempts. We therefore have to make sure, all software is free of critical security problems. If a piece of software is no longer maintained and a critical security problem is found, the software cannot longer be used in the institute network.3. Changing hardware environment
32-bit software is still being used in the institute. However, at some point it might no longer be possible to use it on 64-bit hardware.FAQ
Expand all Collapse allA software just displays graphics, brain scans or office files without connecting to the Internet. Where's the problem?
A lot of attacks today exploit
- ...weaknesses in programs that parse files which are sent to you. Bugs triggered during parsing have the potential to let an attacker gain control over the running program. The affected program does not need direct network connectivity for such an attack.
- ...the possibility to embed program code into files in which you wouldn't expect this ability (e.g. .doc or .xls). Countermeasures are in place on the mail server to mitigate this threat: BlockedAttachments .
Back to FAQ start
What can I do to ensure not running into problems?
IT maintains a list of our Linux software packages where you can find hints about the maintenance status: SoftwareLinux Software which IT knows to be at risk of "dying" is marked "This software is considered deprecated...". Please have a look at this list from time to time—especially when you start a new project relying on a software package.
Back to FAQ start
Do you have some prominent examples?
Certain software updates can disrupt data exchange with older versions. Prime examples:
- TLS: Software usually has a maximum supported TLS version and a minimum "version tolerance". Since new TLS releases are created from time to time, software using TLS which is no longer maintained might have 10 years to live—usually less.
- X.509: The requirements around X.509 are a real mess. Most of the strict rules around it are dictated by the Browser vendors with Google (Chrome) and Apple (Safari) having the most power.
- SSH: SSH is part of the OpenBSD ecosystem and these guys are very security savvy. Algorithms that are no longer considered safe won't make it into the next release)
- X86_32: 32-bit programs in Linux will at some point no longer find the relevant libraries to function on a 64-bit system. Same goes for PowerPC or X64_64 software on MacOSX or 16/32bit Software on Windows.
Back to FAQ start
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback