Slashdot Mirror
Why Internet Explorer Still Dominates South Korea.
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."
AtivceX? Go, Timmay! You're a kickass editor!
From TFA:
Holy crap!
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Banks here make you login to your online account by using a card reader with your ATM card. And of course, that requires an ActiveX control. The Cathay Bank site itself looks like it hasn't changed design since 1996.
Why hasn't the SEED cipher (RFC 4269) been reimplemented in Flash, Java, JavaScript, native code using an NPAPI plug-in (Netscape's counterpart to ActiveX, now used by Firefox), or native code using a PPAPI plug-in (Chrome's counterpart to ActiveX)? Without any chance of support for ActiveX on mobile phones or ARM-powered tablets, I'd guess it'd have to be.
I know too much about this. I'm a Korea-phile, so last year I applied to a graduate school in South Korea and they required me to download like 2 or so add-ons to IE to even complete the online application.
So IE 11 isn't a "modern browser"?
This is hot on the heels of the news that In Korea, Email Is Only For Old People.
Slashdot: News For Nerds, South Korea Meme Generator.
This ActiveX was developed by a North Korean company.
I've seen similar issues all over the place, someone designs some proprietary-yet-essential service to use a proprietary plugin or other technology that's very platform and version specific. One just ends up using two web browsers, the old one that's required in order to make the stupid proprietary thing work, and the new one for one's normal browsing. It SUCKS from a support perspective as both browsers fight to be default, and users can't keep track of what pages load with what browser, etc, and that's not even beginning to address the security problems.
Do not look into laser with remaining eye.
Even Microsoft is looking at SK and saying: "WTF? We don't even use ActiveX anymore."
The country is addicted to red tape. If you want to do online banking here, you need to get three different plugins working along with digital certificates and keyfobs and a bunch of nonsense -- many points of security, perhaps, but also many points of potential user failure, with webpages and applications that won't properly render Korean writing, changes in interface, etc.
It's endemic to the culture. Want to be a teacher here? The hoops you have to jump through are ridiculous. Up-to-date Criminal Records checks are fine and to be expected, but transcripts in duplicate or triplicate? A new notarized copy of your degree? EACH TIME you need to get a new visa? Is the stuff they take and put on file somehow burned after two weeks and they can't reference it?
I don't know if it's incompetence or corruption or a healthy dose of both, but at times it's a colossal pain in the ass just to get something done.
No proofreading ever on posts.
AtivceX
The TSA need to learn to write plugins for other browswers
Derp
My company's Online Computer Security Training site uses a self-signed SSL key. The instructions actually say to click "Accept" on the security warning.
Facepalm.
Nobody else even cares.
My work's HR system requires an ActiveX control with our smart card system. To make things worse, this system barely supports IE7 (apparently IE8 in compatibility mode works, as well, but IE9+ absolutely does not) and they only upgraded it to support 7 because Microsoft stopped supporting IE6. I actually created a VM explicitly so I can log into the HR system (because I HAVE to have IE9 or higher for my other work, since I work in html 5 and need to test on most major browsers). My ops group thought it was odd that I requested key card software installed on a VM, but when I explained my situation they did it (in fact, they set up a lab machine specifically for others with similar circumstances).
Incidentally, nobody really uses IE except for the HR system, and everybody has an old version also because of the HR system. I believe the HR issue is money related and more related to SAP upgrade costs than key card (and I believe we paid SAP to integrate our key card access).
There's something having to do with the Internet and mobile computing where we're not dead last among upper tier economies!
One of the linked articles says BootCamp costs $70. That's wrong. BootCamp in Mac OS X is free.
Maybe the author was thinking of the discounted cost of "The Healthy Nut Bootcamp" fitness club sessions.
The writeup assumes that no version of Internet Explorer can be thought of as a modern browser. This is not true for IE 10 and 11.
That said, a countrywide de-facto standard forcing vendor lock-in is bad.
My exception safety is -fno-exceptions.
what is it, LOT-13?
I want to delete my account but Slashdot doesn't allow it.
It's like a microcosm of what might have happened worldwide had ActiveX been as popular as they'd wanted to be.
In Switzerland - IE dominates, reasons unknown 2 me...
The best is their official government forms that can only be downloaded in the proprietary Hancom Word format ^^
Yay me! ^^
I bet North Korea doesn't use IE.
Use IETab for purchase websites:
https://addons.mozilla.org/en-US/firefox/addon/ie-tab-2-ff-36/
That's what I would do.
I remember my netbanking _required_ a hidden java plugin until around 5 or so years ago, probably for the same reason.
than the green dam project... ;) and far cheaper too.
You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead...
Disingenuous. Just because you don't like it, doesn't mean you can seriously consider IE not to be a modern browser.
systemd is Roko's Basilisk.
What the fucking fuck? You can run 3D game engines completely in JavaScript, yet those bozos couldn't be bothered just to emscripten their fucking encryption code to let it run in the browser without using MS-specific technology? Sigh.
A successful API design takes a mixture of software design and pedagogy.
As someone who did IT work in South Korea this year for couple of weeks, I never felt so defeated trying to upgrade 15 computers from XP to Windows 7. We basically had to give everyone admin rights just for them to do their job. Bank sites that had 11 (!) ActiveX plugins with 3-factor security (password, token, plus USB key with a cert) just for them to log in - and they routinely "update" their controls, which of course, require Admin rights.
The branch manager didn't understand at first why we were having so much difficulty. I had to explain to him that if we adhered by our security standards, we'd have to close the branch because there wasn't a single operation they did which would otherwise be allowed.
I'd read about this before ... last year, I think. It's not exactly news.
Having had to do some normal things in IE8 this week, I'm reminded that if I were forced to use that browser I'd probably spend a lot less time on the Internet (maybe that would be a good way to kick the addiction?) I find IE to be a stunningly unusable piece of software, that perfect nexus of slow, not helpful, and capable of choking on a website like a box of dicks.
If this were Usenet, I'd killfile the lot of you.
M$ has made most of its profits from gov't contracts and users who don't know to expect better from a computing experience.
I taught ESL in South Korea in 2001/2002...it was right after 9/11 and during the World Cup. The country was burgeoning as a bankable international business player...competiting with **Japan** with companies like Samsung...no coincidence that they co-hosted with Japan that year ;)
Korea was **all about it**...they wanted the best of what was available...to them, the USA was the best at computer tech...so obviously they went with the most *popular* Operating System, and they **made sure** to buy **ALL** the expansion packs and do exactly as M$ suggested...
Which means they've been on a never-ending nightmare Mobeius strip of a ride to user hell.....that, b/c of their trusting nature has painted them into an IT Engineering corner...which was M$ plan all along!
Thank you Dave Raggett
??
You're wrong about Korean culture...
Well, partially wrong. They built their IT infrastructure based on the *best* available at the time: Microsoft
Blame Microsoft for making shitty products that lock-in users (and whole countries) to an inefficient half-assed software system.
caveat emptor? sure...but at some point you have to acknowledge that they culpability can't rest only on the consumer....M$ parasitic system design was/is truly evil
If you want to fault Korean culture, fault them for being too trusting of the USA in general....poor people actually take what we say at face value.
I lived there for 1 year...I know the ass-backwards way they sometimes adapt new technology...but this isn't that...the aren't inherently inefficient as a culture...they showed us what happens when a country actually does what M$ suggests...
Sort of like a 'Super Size Me' kind of project only with IT infrastructure for a whole country not fast food
Thank you Dave Raggett
The summary is slightly miss-leading. There isn't 1 standard for ActiveX control, every single goddamn site uses their one ActiveX or Java applet, and you have to install it. I have never seen a more backwards methodology than what Korea has for online purchasing.
The strange thing is, if you use a phone, things are much simpler (generally there is an app). In addition, because of Naver's dominance in the country, almost all sites are integrated with it, and at least offer ways of finding information through it (but not purchasing).
i haven't heard about ActiveX since the days when Windows 98 was popular. I did not know that online stores in South Korea used ActiveX controls. I learned something new.
users are in the habit of approving all AtivceX control prompts
Sure! What could possibly go wrong!?
Now, where did I put the remote for my genuine Sorny television again...ah, here we go, right beside the Magnetbox stereo!
"I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
Korea is a tiny country
...on whose soil is headquartered the company that makes smartphones whose popularity challenges Apple's. Besides, the Republic of Korea has about as many people as the entire West Coast of the USA (California, Oregon, Washington, Alaska, and Hawaii) combined.
there is no demand (and thus, no financial incentive) for anyone except the Korean government to implement SEED.
Or for anyone who wants to interoperate with Korea, such as users of web browsers that might get deployed on Korean devices. If Chromium supports SEED, for example, then Samsung phones, tablets, and phablets shipping with Chrome for Android will support SEED by default. Likewise with Firefox for Android.
Or at least what I had experienced for the Bank of China. When I created an account there initially, there were no ActiveX requirement. Ever since they added that stupid ActiveX authentication, I have never been able to get back into my account.
Luckily, my business with them was only for a very short period of time.
The writeup assumes that no version of Internet Explorer can be thought of as a modern browser. This is not true for IE 10 and 11.
For someone who bought a PC before the release of Windows 7, IE 10 and 11 cost money.
So how would you recommend that one run modern IE on a PC purchased the day before Windows 7 became available?
Kekekekekekekekekek!
Using SSL beyond 64 bits was down right illegal!
What else can you do besides use IE 6?
They are hard core XP users too as modern IE is too standards compliant to work right
http://saveie6.com/
JavaScript can make only GET, POST, and WebSocket requests, over HTTP or HTTPS using the ciphers that the browser itself knows about, to either the same protocol, host, and port that served the web page or a protocol, host, and port that support Cross-Origin Resource Sharing. A particular encryption solution used by an ActiveX plug-in may require a particular arbitrary TCP-level protocol to a particular host. So switching to a completely standards-based stack may require back-end changes that payment processors aren't yet willing to make.
tl;dr I would have said 'java' but for them at that time, I think we can say fairly certainly that they at least saw ActiveX's problems and knew an alternative existed
Trying to put myself in the situation at the time, with the information available to them, using ActiveX in the late 90s would have been frustrating enough to make them at least consider Java...but I can't say they **should** have used either...if anything I understand completely why they might have just used ActiveX without a thought.
It's hard to imagine now (and I lived my formative adult years during it!), but back in 2001/2002 even when I was there you wouldn't expect a Korean IT guy to be aware serious criticism of Microsoft even existed. Remember the language barrier...of course they ran Linux, but on their home boxes they used as media servers (way before it became common in the USA, btw)...when it comes to "business" Koreans wouldn't mess around. They would go for what they know to be the best.
I was a /. reader back then, didn't post w/ my username IIRC, but I was aware of Linux & the 'M$' meme only b/c of /. I never met any Koreans who had heard of it back then and I didn't expect to.
They **do** see the same flaws in the system design as we do...however sometimes they interpret that as "something beyond my understanding" and just sort of power through it by following the rules. haha Can you imagine what they thought about the **HELP** menu??? It's mostly language barrier...and the rest is the flaws inherent in any coding context we all deal with.
What I'm saying is, b/c they assumed that the M$ ActiveX way was the right way b/c in the USA it was reported as the *best* or most 'popular'...well sometimes they then let the official M$ suggestion **be the standard** for good design across the system.
"If it fits into M$ system well then it's a good design..." was how they probably viewed it.
**that** mistake on their part might explain your Samsung experience
Thank you Dave Raggett
There is at least one of the banks in Korea which users are not required to install ActiveX to log in to their website. So many of Linux and Mac users changed to use the bank AFAIK. That was the result of that the user base for non-Windows platforms is grown a lot. Mostly due to the popularity of iPod and iPhone which led users to buy Mac instead (mostly cool-factor and so many of people installed Windows and use Windows only *ouch*)
Several economically powerful organizations insist on using Microsoft's browser on a downlevel operating system, but Microsoft declines to provide a modern browser for downlevel operating systems. Therefore, web developers must continue to code for both the feature set of modern IE and that of far less modern downlevel IE. True, modern IE is modern, but there's so much un-modern IE still in use that IE in general is not modern.
If we all waited for the few left behind we would still be working on an alternative to horses for travel.
The pace is nowhere near a direct comparison. Windows 7 is just barely four years old. Did the transition from horse-drawn carriages to horseless ones complete in four years?
In the mean while there are other options for those left behind.
Not if you want to buy or sell in the Republic of Korea.
And yet they somehow manage to make it all work - while others struggle with a certain ActiveX-free healthcare plan enrollment platform...!
Example of one (first time I've come accross a site I couldn't access on GNU/Linux easily in a long time- other than Netflix and some super bowl site using silverlight):
http://courts.delaware.gov/docket.stm
You can run 3D game engines in JavaScript without WebGL. It might be slow, but that doesn't JavaScript isn't Turing complete.
A graphics renderer for a "game engine" has a soft real-time constraint of responding promptly to user input that Turing completeness does not encompass.
There's always been a kind of "change is bad/one system forever!" monoculture in the IT sectors in Korea (and, in lots of other area in Korea too, but let's keep to the topic.)
Other pet peeves:
1. Making whole pages textual information just (titled up) jpeg images of... text, because they're too set in the ways (read: "lazy") to learn how to use HTML to position text and make it do what they want. (That, and having a fast local network, too; some older pages still have a 10MB flash based "welcome" graphic.... just because.) I've actually sat in on a class at a Korean computer institute and they were just concentrating on 1.) designing in Photoshop, 2.) exporting the whole canvas as a "page", and 3) doing very basic editing in the HTML editor to define some click hotspots. That's it.
2. Just trying to buy a pre-built computer system off the shelf that isn't Windows/Intel CPU/nVidia GPU. You'll have a hard time finding them in (South) Korea. You see, the hardware cartel of Intel/nVidia were established early in the PCbangs (LAN cafes)â"where most people encountered their first PC, so that's what everybody now looks for when they go shopping for a home PC. AMD parts can now be found on Gmaket or down in Yongsan, but they're not often bufled together.
One site I worked at in South Korea, I needed to install an ubuntu package on my workstation. So I plugged into the office LAN, checked connectivity with a ping and ran apt-get. This failed for some reason so I asked around. Apparently you can only query http with IE because the external proxy installs a component in IE which checks for USB keys connected to the computer. To copy my package to a USB key we had to download it to a local file system, then copy to the removable device.
This is called security, apparently.
http://michaelsmith.id.au
So it has a population equal to a slice of one other country? Is that supposed to impress me?
By your logic, the People's Republic of China is the only market that should matter because the United States is about as tiny compared to China as South Korea is to the United States.
I worked in Seoul for six months a couple of years ago. I found Koreans to be nice and diligent. Microsoft rules and the I.T. culture is anti-FOSS. Drupal was not welcome, and they preferred local proprietary Korean solutions which each firm seemed to have. Part of their motivation seemed to be making it easier for Korean firms to keep the work as opposed to foreigners. I tried to sell the idea that embracing Drupal would empower Koreans, with little success. Of course, my experience was limited and I don't claim to understand everything there. Re the Microsoft dominance, there is some merit to the comment above that, "If you want to fault Korean culture, fault them for being too trusting of the USA in general....poor people actually take what we say at face value."
We all hate the stupid "security apps" that pop up all over. But one thing that brought the situation to this, and won't end it in no time, is that the f'ing "internet security companies" have been lobbying the F out of government and major organizations / banks and etc to have them adopt their "security systems". Some banks only recently started to support non-IE browsers but still there are M F'ing plugins from those companies.
Would that explain why, in my several months assignment to Korea, I never met one (not ONE) flash memory device which wasn't full to the brim of auto-run viruses and other shit.
I was glad I had my Linux laptop with me, to sheep dip the flash drives rather than letting ANY drive that had touched a Korean machine touch my work's machine.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
As someone who has been in the SK for years. I would say things are slowly improving here. The big break through was smart phones. Since everyone has a smart phone you are suddenly able to bank online without using IE. However to clear things up, the smart phones DO NOT work with the web browser. Each bank has its own banking app, which allows you to bank online. In fact its so much better than using the web browser most people just do online banking through phone apps these days. That being said, if you decide to purchase something on a website, or bank through a website you are in for a world of pain. Usually it will take a native korean 1 hour + to purchase anything online. The process also usually involves updating or installing various new active X plugins. (I keep a separate pc just for shopping, its got dozens of plugins installed/sprayed all over the filesystem). Each bank usually requires at least 2-3 plugins made by various 3rd party security companies, they all only work with Active X. These plugins are some of the buggiest software I have ever seen. Rather then making things secure I always feel like I just installed a bunch of malware. They also sometimes conflict with each other. When you shop online each credit/debit card is tied to a specific bank, so you need to install plugins, use a certificate file and enter various passwords to purchase anything. Even sometimes non shopping/banking sites will require plugins to fill out forms or login to things. For years this was the only way. Apparently recently the law has changed, and new non SEED methods are supposedly allowed. However the gov approval board has not approved anything else yet. There is a conspiracy that the certificate companies are lobbying/bribing the approval board to keep the current system in place, to keep them generating revenue.