Mediceo-Laurenziana digital manuscripts site offline for fear of cyber-attack

Via the Macrotypography blog I learn of some very bad news indeed:

Java Disaster in Florence

The digital library of 3,000-plus manuscripts at the Medicea Laurenziana Library in Florence was introduced on this blog as outstanding news three years ago. This year, disaster struck as hackers round the world exploited security vulnerabilities in Java software. Java’s security had to be tightened to such a degree that the current plug-ins for browsers can no longer access the digital library in Florence.
This mess has been evident for several weeks. The library has just issued a notice about the problem which offers little solace other than a promise to act in “a short space of time” to achieve a permanent solution. The notice (digitally dated December 6) blames “security controls in the latest version of the Java interpreter that no longer allow the execution of our viewer.”The interim solution proposed is not satisfactory: uninstalling your current Java version and downgrading to the old low-security version, SE 6, which is “still compatible with our application”.Oracle warns that this version is “not recommended for use” and is reserved for developers and administrators doing debugging. Running an unsafe Java version would, in my view, only be feasible if you were to reserve a dedicated computer to visit the Laurentian site alone. Otherwise the risk would be too great of catching a virus while the PC was used to visit other parts of the internet. And who has computers to spare?

Curse these criminals.  The powerful of our day are rushing to ensure that we don’t say anything online that might offend the wealthy and well-connected, but indifferent to the threat from cyber-criminals.

Of course the other moral to learn is … would libraries please stop messing about with producing custom “viewers” and just make PDF’s available?  or else place the files at, as the Cairo Patriarchate did recently?


One thought on “Mediceo-Laurenziana digital manuscripts site offline for fear of cyber-attack

  1. Nobody should be using client-side Java browser plugins, period. Java should only be for server-side. Fact is, its the same for .NET. If feel it necessary to use anything other than HTML and Javascript on the User-Interface of a website, you are simply doing it wrong.

Leave a Reply