Slashdot Mirror
Why Internet Explorer Still Dominates South Korea.
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."
AtivceX? Go, Timmay! You're a kickass editor!
From TFA:
Holy crap!
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Banks here make you login to your online account by using a card reader with your ATM card. And of course, that requires an ActiveX control. The Cathay Bank site itself looks like it hasn't changed design since 1996.
Why hasn't the SEED cipher (RFC 4269) been reimplemented in Flash, Java, JavaScript, native code using an NPAPI plug-in (Netscape's counterpart to ActiveX, now used by Firefox), or native code using a PPAPI plug-in (Chrome's counterpart to ActiveX)? Without any chance of support for ActiveX on mobile phones or ARM-powered tablets, I'd guess it'd have to be.
I know too much about this. I'm a Korea-phile, so last year I applied to a graduate school in South Korea and they required me to download like 2 or so add-ons to IE to even complete the online application.
So IE 11 isn't a "modern browser"?
This ActiveX was developed by a North Korean company.
I've seen similar issues all over the place, someone designs some proprietary-yet-essential service to use a proprietary plugin or other technology that's very platform and version specific. One just ends up using two web browsers, the old one that's required in order to make the stupid proprietary thing work, and the new one for one's normal browsing. It SUCKS from a support perspective as both browsers fight to be default, and users can't keep track of what pages load with what browser, etc, and that's not even beginning to address the security problems.
Do not look into laser with remaining eye.
Even Microsoft is looking at SK and saying: "WTF? We don't even use ActiveX anymore."
The TSA need to learn to write plugins for other browswers
Derp
My work's HR system requires an ActiveX control with our smart card system. To make things worse, this system barely supports IE7 (apparently IE8 in compatibility mode works, as well, but IE9+ absolutely does not) and they only upgraded it to support 7 because Microsoft stopped supporting IE6. I actually created a VM explicitly so I can log into the HR system (because I HAVE to have IE9 or higher for my other work, since I work in html 5 and need to test on most major browsers). My ops group thought it was odd that I requested key card software installed on a VM, but when I explained my situation they did it (in fact, they set up a lab machine specifically for others with similar circumstances).
Incidentally, nobody really uses IE except for the HR system, and everybody has an old version also because of the HR system. I believe the HR issue is money related and more related to SAP upgrade costs than key card (and I believe we paid SAP to integrate our key card access).
The writeup assumes that no version of Internet Explorer can be thought of as a modern browser. This is not true for IE 10 and 11.
That said, a countrywide de-facto standard forcing vendor lock-in is bad.
My exception safety is -fno-exceptions.
It's like a microcosm of what might have happened worldwide had ActiveX been as popular as they'd wanted to be.
Why does your company not import their CA cert into your machines?
That way no one gets the error and they can self sign all they like.
In Switzerland - IE dominates, reasons unknown 2 me...
The best is their official government forms that can only be downloaded in the proprietary Hancom Word format ^^
Yay me! ^^
I remember my netbanking _required_ a hidden java plugin until around 5 or so years ago, probably for the same reason.
than the green dam project... ;) and far cheaper too.
You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead...
Disingenuous. Just because you don't like it, doesn't mean you can seriously consider IE not to be a modern browser.
systemd is Roko's Basilisk.
What the fucking fuck? You can run 3D game engines completely in JavaScript, yet those bozos couldn't be bothered just to emscripten their fucking encryption code to let it run in the browser without using MS-specific technology? Sigh.
A successful API design takes a mixture of software design and pedagogy.
As someone who did IT work in South Korea this year for couple of weeks, I never felt so defeated trying to upgrade 15 computers from XP to Windows 7. We basically had to give everyone admin rights just for them to do their job. Bank sites that had 11 (!) ActiveX plugins with 3-factor security (password, token, plus USB key with a cert) just for them to log in - and they routinely "update" their controls, which of course, require Admin rights.
The branch manager didn't understand at first why we were having so much difficulty. I had to explain to him that if we adhered by our security standards, we'd have to close the branch because there wasn't a single operation they did which would otherwise be allowed.
You do realize that(while it has its uses, for convenience sake) IETab is just a convenient wrapper for IE components from the underlying Windows system, not some kind of re-implementation of IE for Firefox. It's just more convenient than clicking on the E yourself. Doesn't do a thing on any platform where IE isn't.
I'd read about this before ... last year, I think. It's not exactly news.
Having had to do some normal things in IE8 this week, I'm reminded that if I were forced to use that browser I'd probably spend a lot less time on the Internet (maybe that would be a good way to kick the addiction?) I find IE to be a stunningly unusable piece of software, that perfect nexus of slow, not helpful, and capable of choking on a website like a box of dicks.
If this were Usenet, I'd killfile the lot of you.
M$ has made most of its profits from gov't contracts and users who don't know to expect better from a computing experience.
I taught ESL in South Korea in 2001/2002...it was right after 9/11 and during the World Cup. The country was burgeoning as a bankable international business player...competiting with **Japan** with companies like Samsung...no coincidence that they co-hosted with Japan that year ;)
Korea was **all about it**...they wanted the best of what was available...to them, the USA was the best at computer tech...so obviously they went with the most *popular* Operating System, and they **made sure** to buy **ALL** the expansion packs and do exactly as M$ suggested...
Which means they've been on a never-ending nightmare Mobeius strip of a ride to user hell.....that, b/c of their trusting nature has painted them into an IT Engineering corner...which was M$ plan all along!
Thank you Dave Raggett
You're wrong about Korean culture...
Well, partially wrong. They built their IT infrastructure based on the *best* available at the time: Microsoft
Blame Microsoft for making shitty products that lock-in users (and whole countries) to an inefficient half-assed software system.
caveat emptor? sure...but at some point you have to acknowledge that they culpability can't rest only on the consumer....M$ parasitic system design was/is truly evil
If you want to fault Korean culture, fault them for being too trusting of the USA in general....poor people actually take what we say at face value.
I lived there for 1 year...I know the ass-backwards way they sometimes adapt new technology...but this isn't that...the aren't inherently inefficient as a culture...they showed us what happens when a country actually does what M$ suggests...
Sort of like a 'Super Size Me' kind of project only with IT infrastructure for a whole country not fast food
Thank you Dave Raggett
The summary is slightly miss-leading. There isn't 1 standard for ActiveX control, every single goddamn site uses their one ActiveX or Java applet, and you have to install it. I have never seen a more backwards methodology than what Korea has for online purchasing.
The strange thing is, if you use a phone, things are much simpler (generally there is an app). In addition, because of Naver's dominance in the country, almost all sites are integrated with it, and at least offer ways of finding information through it (but not purchasing).
BootCamp in Mac OS X is free.
Except installing Wndows on a Mac costs you a piece of your soul...
#DeleteChrome
users are in the habit of approving all AtivceX control prompts
Sure! What could possibly go wrong!?
Now, where did I put the remote for my genuine Sorny television again...ah, here we go, right beside the Magnetbox stereo!
"I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
I'd just push the cert out from AD as a trusted root and be done with it... or at least have an internal CA.
Not the way I do it - I'll grab discarded XP boxen, or buy cheap at a pawn shop and re-use those license keys.
Skipped Vista, and the Win7 boxes aren't cheap enough, yet, but they will be soon.
The boxes then become linux things (or landfill).
You're looking for quotes? See my journal.
Korea is a tiny country
...on whose soil is headquartered the company that makes smartphones whose popularity challenges Apple's. Besides, the Republic of Korea has about as many people as the entire West Coast of the USA (California, Oregon, Washington, Alaska, and Hawaii) combined.
there is no demand (and thus, no financial incentive) for anyone except the Korean government to implement SEED.
Or for anyone who wants to interoperate with Korea, such as users of web browsers that might get deployed on Korean devices. If Chromium supports SEED, for example, then Samsung phones, tablets, and phablets shipping with Chrome for Android will support SEED by default. Likewise with Firefox for Android.
The writeup assumes that no version of Internet Explorer can be thought of as a modern browser. This is not true for IE 10 and 11.
For someone who bought a PC before the release of Windows 7, IE 10 and 11 cost money.
ROR!
So how would you recommend that one run modern IE on a PC purchased the day before Windows 7 became available?
Little over nine years between those posts. Those heels don't look so hot to me.
Using SSL beyond 64 bits was down right illegal!
What else can you do besides use IE 6?
They are hard core XP users too as modern IE is too standards compliant to work right
http://saveie6.com/
JavaScript can make only GET, POST, and WebSocket requests, over HTTP or HTTPS using the ciphers that the browser itself knows about, to either the same protocol, host, and port that served the web page or a protocol, host, and port that support Cross-Origin Resource Sharing. A particular encryption solution used by an ActiveX plug-in may require a particular arbitrary TCP-level protocol to a particular host. So switching to a completely standards-based stack may require back-end changes that payment processors aren't yet willing to make.
Bootcamp is free, Windows is not, but it is still possible the person was actually thinking about Parallels.
Don't know something? Look it up. Still don't know? Then ask.
tl;dr I would have said 'java' but for them at that time, I think we can say fairly certainly that they at least saw ActiveX's problems and knew an alternative existed
Trying to put myself in the situation at the time, with the information available to them, using ActiveX in the late 90s would have been frustrating enough to make them at least consider Java...but I can't say they **should** have used either...if anything I understand completely why they might have just used ActiveX without a thought.
It's hard to imagine now (and I lived my formative adult years during it!), but back in 2001/2002 even when I was there you wouldn't expect a Korean IT guy to be aware serious criticism of Microsoft even existed. Remember the language barrier...of course they ran Linux, but on their home boxes they used as media servers (way before it became common in the USA, btw)...when it comes to "business" Koreans wouldn't mess around. They would go for what they know to be the best.
I was a /. reader back then, didn't post w/ my username IIRC, but I was aware of Linux & the 'M$' meme only b/c of /. I never met any Koreans who had heard of it back then and I didn't expect to.
They **do** see the same flaws in the system design as we do...however sometimes they interpret that as "something beyond my understanding" and just sort of power through it by following the rules. haha Can you imagine what they thought about the **HELP** menu??? It's mostly language barrier...and the rest is the flaws inherent in any coding context we all deal with.
What I'm saying is, b/c they assumed that the M$ ActiveX way was the right way b/c in the USA it was reported as the *best* or most 'popular'...well sometimes they then let the official M$ suggestion **be the standard** for good design across the system.
"If it fits into M$ system well then it's a good design..." was how they probably viewed it.
**that** mistake on their part might explain your Samsung experience
Thank you Dave Raggett
Several economically powerful organizations insist on using Microsoft's browser on a downlevel operating system, but Microsoft declines to provide a modern browser for downlevel operating systems. Therefore, web developers must continue to code for both the feature set of modern IE and that of far less modern downlevel IE. True, modern IE is modern, but there's so much un-modern IE still in use that IE in general is not modern.
If we all waited for the few left behind we would still be working on an alternative to horses for travel.
The pace is nowhere near a direct comparison. Windows 7 is just barely four years old. Did the transition from horse-drawn carriages to horseless ones complete in four years?
In the mean while there are other options for those left behind.
Not if you want to buy or sell in the Republic of Korea.
You can run 3D game engines in JavaScript without WebGL. It might be slow, but that doesn't JavaScript isn't Turing complete.
A graphics renderer for a "game engine" has a soft real-time constraint of responding promptly to user input that Turing completeness does not encompass.
There's always been a kind of "change is bad/one system forever!" monoculture in the IT sectors in Korea (and, in lots of other area in Korea too, but let's keep to the topic.)
Other pet peeves:
1. Making whole pages textual information just (titled up) jpeg images of... text, because they're too set in the ways (read: "lazy") to learn how to use HTML to position text and make it do what they want. (That, and having a fast local network, too; some older pages still have a 10MB flash based "welcome" graphic.... just because.) I've actually sat in on a class at a Korean computer institute and they were just concentrating on 1.) designing in Photoshop, 2.) exporting the whole canvas as a "page", and 3) doing very basic editing in the HTML editor to define some click hotspots. That's it.
2. Just trying to buy a pre-built computer system off the shelf that isn't Windows/Intel CPU/nVidia GPU. You'll have a hard time finding them in (South) Korea. You see, the hardware cartel of Intel/nVidia were established early in the PCbangs (LAN cafes)â"where most people encountered their first PC, so that's what everybody now looks for when they go shopping for a home PC. AMD parts can now be found on Gmaket or down in Yongsan, but they're not often bufled together.
One site I worked at in South Korea, I needed to install an ubuntu package on my workstation. So I plugged into the office LAN, checked connectivity with a ping and ran apt-get. This failed for some reason so I asked around. Apparently you can only query http with IE because the external proxy installs a component in IE which checks for USB keys connected to the computer. To copy my package to a USB key we had to download it to a local file system, then copy to the removable device.
This is called security, apparently.
http://michaelsmith.id.au
So it has a population equal to a slice of one other country? Is that supposed to impress me?
By your logic, the People's Republic of China is the only market that should matter because the United States is about as tiny compared to China as South Korea is to the United States.
We all hate the stupid "security apps" that pop up all over. But one thing that brought the situation to this, and won't end it in no time, is that the f'ing "internet security companies" have been lobbying the F out of government and major organizations / banks and etc to have them adopt their "security systems". Some banks only recently started to support non-IE browsers but still there are M F'ing plugins from those companies.
Would that explain why, in my several months assignment to Korea, I never met one (not ONE) flash memory device which wasn't full to the brim of auto-run viruses and other shit.
I was glad I had my Linux laptop with me, to sheep dip the flash drives rather than letting ANY drive that had touched a Korean machine touch my work's machine.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"