Slashdot Mirror

← Back to Stories (view on slashdot.org)

Japanese Government Requires Java and Internet Explorer 11 X86

Posted by msmash on from the how-about-that dept.

Long time reader AmiMoJo writes: Japan has introduced "My Number", a social security number assigned to citizens and used to access government services. Unfortunately, the My Number management web portal requires the Java plug-in. Because this plug-in is deprecated in many browsers, only Internet Explorer 11 (32 bit) and Safari on Mac are supported. The explanation (translated) given for this is that in order to access My Number contactless card readers Java is the only option. Some browsers support IC card access but it seems that it is not mature enough to be viable.

48 of 81 comments (clear)

  1. The Number One signature of incompetence: "My" by Anonymous Coward · · Score: 1

    There is nothing more indicative of mediocrity than the presence of the Microsoft-popularized* qualifier "My"

    ----------

    * ... or was it popularized by Perl????

    1. Re:The Number One signature of incompetence: "My" by avandesande · · Score: 1

      dont forget 'cloud'

      --
      love is just extroverted narcissism
    2. Re:The Number One signature of incompetence: "My" by Joce640k · · Score: 3, Interesting

      That's exactly what you're supposed to think. It's having the intended effect.

      (ie. Making you want to purchase the "professional" version - at twice the price for two extra features that you'll probably never use)

      --
      No sig today...
    3. Re:The Number One signature of incompetence: "My" by houstonbofh · · Score: 1

      Number one, my ass!

    4. Re:The Number One signature of incompetence: "My" by nitehawk214 · · Score: 1

      Number One, I order you to take a Number Two.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    5. Re: The Number One signature of incompetence: "My" by Ark42 · · Score: 2

      I have a My Number card. It's spelled in Katakana. Literally "Mai Nambaa". There is no translation to English. They literally wanted to use the English phrase "My Number" as the name of the system.

      --
      Morphing Software
    6. Re: The Number One signature of incompetence: "My" by AmiMoJo · · Score: 1

      It seems to be a trope in the Japanese language. People sometimes think that English words used by the Japanese have the same meaning as in English, but it's often not the case. For example "water" generally refers to a flavoured energy drink.

      Anyway, "my" in Japanese is used to signify something personal or personalized. Railway modellers talk about "my train", meaning their favourite model that they have improved from stock. In this case, the government also wanted to avoid reminding people of a more authoritarian past so used "my number" to imply that they were importing the idea from other countries and it was entirely normal and progressive (which to be fair it is, most countries have some kind of personal number, like the National Insurance Number in the UK or Social Security Number in the US). It also helps avoid overloading existing words and names.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:The Number One signature of incompetence: "My" by houstonbofh · · Score: 1

      Who does number two work for?

  2. Broken link by theNetImp · · Score: 1

    The link is broken it leads to google translate, but it's just an empty translate page.

    1. Re:Broken link by Anonymous Coward · · Score: 1

      I don't get the point of linking translations. Post the damn source, people can run it through a translator if they want.

  3. Japan is a very bureaucratic nation by Master5000 · · Score: 5, Insightful

    They have a lot of paper and are pretty useless with computers. Usually the opposite from what you see in the news about Japan. They aren't that of an advanced nation if you look at the common man. So this shouldn't be a surprise. It's good that they're trying to automate some stuff but it will take some time and they will make some mistakes. Even dumb mistakes like this one.

    1. Re: Japan is a very bureaucratic nation by The-Ixian · · Score: 1

      You kids with your hula-hoops and fax machines.... And who decided on beige for all these new-fangled gadgets? Damn kids...

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:Japan is a very bureaucratic nation by gtall · · Score: 1

      Example: Sony. Please, someone put this company out of our misery.

    3. Re:Japan is a very bureaucratic nation by AmiMoJo · · Score: 3, Interesting

      Funny, I visit regularly and find that the general level of technology, the pervasiveness of it, is much higher than the UK. Maybe we are even more backwards.

      They certainly seem pretty good with computers, anyway. And smart phones.

      This is just an issue with incompetent developers and bureaucracy picking the wrong technology a few years ago. Japanese people over on Srad (the new name for Slashdot Japan) seem to agree. Yes, I pilfered the story from there.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Yawn by Anonymous Coward · · Score: 2, Interesting

    Yawn, IE11 defaults to 32 bit anyway. You get both 32bit and 64bit installs on windows. And many times 64 bit version has many issues especially with compatibility. In fact, many enterprises disable the 64 bit IE entirely.
    Kinda like how MS themselves recommend NOT using 64 bit office, but only 32 bit office installs, because it's full of issues that MS doesn't bother to fix.

    The x86 IE 11 requirement is a non story.

    The java requirement on the other hand...

    1. Re:Yawn by The-Ixian · · Score: 2

      I am not so sure that it is flaws in the 64 bit version of the software, I feel that it is actually the same problem that plagues Windows in general: Backward compatibility.

      There is an ocean of Office and IE plugins that are 32 bit only. While it is a problem that Microsoft created, it's not exactly their problem to update the vast amount of 3rd party programs which only work with 32 bit versions.

      The thing is, 64 bit is all well and good, but even today, there isn't a compelling reason to have 64-bit address space for most applications. Kind of the same thing with multi-threading and multiple cores. Most apps just don't need or can't use that extra capacity.

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:Yawn by gtall · · Score: 1

      It isn't that MS doesn't bother to fix the issues, it is that they cannot fix the issues because no one understands how it is built any longer. It is like a Agile Wet Dream: roll that snowball down the slope of customer features long enough and don't ever redesign its innards and you get Office.

    3. Re:Yawn by marcansoft · · Score: 1

      Smart card access has been broken in Linux Chrome for seven odd years, and that's *with* native PKCS plugins. Browser support for smartcards is still horrible. No wonder they had to go for java.

  5. waterfox 64 bit works with java! by Joe_Dragon · · Score: 1

    waterfox 64 bit works with java!

    Now supermicro can we get a non java ipmi?

    1. Re:waterfox 64 bit works with java! by sjames · · Score: 1

      That is somewhat more useful, but I really wish they would just go with plain old vnc. They're not as bad as the ones that open a random port and signal back to the app. Some of us have to hop through ssh tunnels.

      That's why in 2017, I'm still glad linux can be installed using a combination of serial and (sometimes) vnc. At least I can now use the web browser to mount virtual media.

  6. Re:I guess 2017 won't be the year of Linux by Joce640k · · Score: 1

    This is quote normal here in Spain, too. Everybody who needs access to government web sites is forced to use Java for their card reader so they can digitally sign stuff.

    (all accountants, etc., are required to do this)

    --
    No sig today...
  7. Re: I guess 2017 won't be the year of Linux by houstonbofh · · Score: 3, Informative

    The point may have been but the execution was anything but! Every version on evey platform have changes... Some of these were deal breakers. Most enterprises have different virtual desktops for management of Network devices, storage devices and virtual servers because they all require specific and different (and mutually exclusive) versions of java!

  8. Re:Dumb... by Lirodon · · Score: 1

    NPAPI is the other option, but that puts you in the exact same boat as Java (though IMHO is still better).

    Actually, NPAPI is the common point of failure, because Java in the browser _is_ NPAPI, and the deprecation of it is the reason why the Java plug-in is being discontinued, period.

  9. Why was the contract given to this company? by execthis · · Score: 1

    Whoever gave the contract to the maker of the contactless card reader which only has a Java driver is an idiot and should be fired.

  10. Same mistake as Korea by plsuh · · Score: 5, Insightful

    South Korea mandated the use of an ActiveX control for online payments in the 1990s, which has locked companies and banks there into a deprecated and dangerous technology. Only in the last couple of years has the government there started the process of getting rid of the damn POS system.

    Someone please tell the Japanese government that what they are doing is a REALLY bad idea.

    1. Re:Same mistake as Korea by thegarbz · · Score: 1

      which has locked companies and banks there into a deprecated and dangerous technology

      The extent of the dangers and the upcoming depreciation of ActiveX were not known at the time of this implementation. There's another way to see this, in the same light as that crappy broadcast standard called NTSC. The first mover always has the disadvantage of uncertainty and at the time the Koreans made the move they were among the most technologically advanced online banking systems in the world.

      The Japanese look like they may have already made this mistake in the past and are already tied into legacy systems which depend on Java.

    2. Re:Same mistake as Korea by Anonymous Coward · · Score: 1

      as a side note: MSN Messenger is still alive and kicking (or was just a few years ago) in S. Korea for a very similar reason, It was required for some kind of government interaction... and so S.K. paid MSFT to keep it up and running

      Which is sad that the best chat client is a 10 year old version of MSN messenger... (still)

      It gained favor in Asian countries over AIM, etc. because it has unicode support earlier than any of the others

    3. Re:Same mistake as Korea by plsuh · · Score: 1

      The extent of the dangers ... of ActiveX were not known at the time of this implementation

      ActiveX in the browser has always been an absolutely horrendous idea from a security perspective. Everyone I know of who works in the computer security field thought that ActiveX in the browser was a security hole waiting to be exploited from the start. Choosing ActiveX as a basis for electronic payments was a Really Bad Idea. This was obvious even in 1996.

    4. Re:Same mistake as Korea by thegarbz · · Score: 1

      works in the computer security field

      Check your timeframe. This field was mostly non-existent at the times Korean banks were going online. In some ways ActiveX may have created the field.

    5. Re:Same mistake as Korea by antdude · · Score: 1

      I am surprised these high tech countries still use stuff like that. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  11. Asia and internet tech by phorm · · Score: 1

    A lot of places in Asia seem to be in the prehistoric age when it comes to Internet tech.

    Korea has similar issues with a bunch of banking and government sites. I think just in the last year many have fixed it, but my wife has had a f*** of a time because many of those sites required IE6 and ActiveX (for their "security" plugins, ironically). If you're in Korea it's a bit less of an issue because you can just drop by the bank or gov't agency, but it's especially a pain for anyone overseas.

  12. Re:unclear on the concept by hey! · · Score: 4, Interesting

    I worked for years as a contractor developing software for government agencies, and in my experience they're often running software that is years out-of-date. This is a result of government budgets operating in a cash rather than accrual mentality -- i.e. that a penny saved is a penny earned. Taken to the extreme "a penny saved is a penny earned" is false.

    Can you make do with a version of software that's EOL? Sure, but it'll cause problems. How can we solve those problems? Well, throw staff time at them. Would that be new hires? No, they're people whose salaries we're already paying. So the view you can minimize the immediate cash outlay by running obsolete software. This would not be reckoned by a private enterprise as a legitimate cost savings, but that's why the IT guys in government have to contend with.

    So you have to look at government platform decisions like they were being made 10 years ago. Then allow for the development time for the project and this is how the calculation goes: 2017,minus three years for project development time, minus ten years for government lag time, and this is like a corporate in-house developer choosing applets as a platform in 2004.

    Government IT guys run the gamut from incompetent to high competent, just like their private sector counterparts. But if you were to give them a letter grade (ABCDF) you have to deduct one letter grade from their ability to perform to account for the irrational financial incentives they have to deal with.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  13. use java web start instead by Anonymous Coward · · Score: 1

    browser plugin deprecation is a non-issue.

    just use java web start instead: https://en.wikipedia.org/wiki/Java_Web_Start

    all you have to do is write a tiny .jnlp file and link to.

    done.

  14. Windows XP by jfdavis668 · · Score: 1

    But, how do I run Internet Explorer on my Windows XP machine?

    1. Re:Windows XP by SeaFox · · Score: 1

      But, how do I run Internet Explorer on my Windows XP machine?

      Joke fail.
      Internet Explorer comes with XP. You didn't specify IE11.

  15. Re:I guess 2017 won't be the year of Linux by K.+S.+Kyosuke · · Score: 1

    It will come only two years after the year of BTRON on the desktop, I'm sure.

    --
    Ezekiel 23:20
  16. Re:unclear on the concept by stinerman · · Score: 1

    Can you make do with a version of software that's EOL? Sure, but it'll cause problems. How can we solve those problems? Well, throw staff time at them. Would that be new hires? No, they're people whose salaries we're already paying. So the view you can minimize the immediate cash outlay by running obsolete software. This would not be reckoned by a private enterprise as a legitimate cost savings, but that's why the IT guys in government have to contend with.

    Oh, you'd be surprised. I've worked many places that consider employee time to be "free". We can buy a library that will solve problem X or just build it ourselves. The library costs money, but building it ourselves is free! After all, we're paying our programmers anyway!

  17. Re:I guess 2017 won't be the year of Linux by jgfenix · · Score: 1

    You tell me. The problems I had to make the electronic DNI work (and I didn't use it too much). Well now at least the driver is included in Windows (only for IE/Edge and Chrome though).

  18. Re:unclear on the concept by hey! · · Score: 3, Insightful

    Oh, you'd be surprised. I've worked many places that consider employee time to be "free". We can buy a library that will solve problem X or just build it ourselves. The library costs money, but building it ourselves is free! After all, we're paying our programmers anyway!

    That's a more complicated question, because it's not just about staff time spending vs. license fees. When you build dependencies on a closed source library into your work that's an act of faith in the vendor's future support policies. Once I had a vendor who raised the distribution fees on downstream licensees from $5/seat to $1000/seat. Oh, and don't forget the vendors who simply abandon products that aren't making money and leave their customers dangling.

    Even if you don't buy into the ideology of Free/Libre software, the risk of being tied to a vendor's future goodwill is a sufficient reason never to buy proprietary libraries. If you do buy a proprietary library you need to protect yourself both contractually (if possible) and architecturally.

    Now as for using "free" staff time, at the risk of sounding like I'm contradicting myself, intelligent and creative use of slack developer time is one of the most important things you can do for your long-term success. Far from treating slack time as "free", however, I see it as treating slack time as too valuable to squander. You should set aside time to do things purely for extending the capabilities of the team. That might involve reinventing the wheel, if you have good reason to believe you can make a better one.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  19. Korea's "mistake" by Anonymous Coward · · Score: 1

    South Korea mandated the use of an ActiveX control for online payments in the 1990s, [...]

    No, they mandated a certain level of crypto, which (in 1999) was only possible via a browser plug-in:

    In fact, there were two versions of SSL: U.S. edition and international edition. The U.S. edition supported 128-bit secret key whereas the international edition supported 40-bit secret key. The problem is that 40-bit secret key is too weak to use for message encryption.

    South Korea needed a better encryption than what the international edition supported, so Korea Internet & Security Agency (KISA) developed 128-bit block cipher called SEED in 1999. The development was necessary since there was a proliferation of personal computers and the internet network during that time all over South Korea. KISA chose ActiveX control to use their secure cipher on Internet Explorer, which was used by the most of internet users in Korea.

    * https://medium.com/@yunkee_lee/why-has-south-korea-been-stuck-with-activex-44c773dbf54
    * https://en.wikipedia.org/wiki/SEED

    It reached a critical mass and so people were stuck with it. Though the regulations weren't officially lifted until a few years ago (once software crypto ITAR was relaxed).

  20. Re: I guess 2017 won't be the year of Linux by sjames · · Score: 3, Insightful

    Mostly because there have been so many security holes found in java plugins that no other browsers even support it any more. Even Oracle doesn't think it's a good idea these days. Fee free to contemplate the irony of using the java plugin for a security application.

  21. Palemoon by dafradu · · Score: 1

    If the problem are the modern browsers that disabled NPAPI plugins then you can use Palemoon, even the x64 build still runs Java.

  22. Re:I guess 2017 won't be the year of Linux by Provocateur · · Score: 1

    So are card readers (that I have seen on old clunky keyboards) sold as part of PC OEM configuration e.g. CPU-Screen-mouse-keyboard in Spain? Or you just add this to your PC like an after market accessory? Please pardon my ignorance

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  23. Re: The JAPS by Type44Q · · Score: 1
    "So tellibry lacist to point out the stickiness of lice, des yo!!"

    Or not, as the case may be....

  24. The point of Oracle by Shane_Optima · · Score: 1

    The point of Java is to be cross platform, so I don't understand why it would be limited to IE11 or any browser.

    Java was developed by Sun, which was later bought out by Oracle. It turns out Oracle has their own special set of priorities and Java plugin bug fixes was not one of them.

    Also, the "point of Java is to be cross platform" thing was just an early PR thing. The point of Java (in practice) was to take C++, remove the "C" and cover any remaining sharp corners with padding.

  25. Re:I guess 2017 won't be the year of Linux by jgfenix · · Score: 1

    The normal is to buy the card reader apart (the computer I use at work has a card reader Incorporated in the keyboard though but I don't see them in other places.)

  26. Re:I guess 2017 won't be the year of Linux by Provocateur · · Score: 1

    Thank you for the response. =)

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  27. Re: I guess 2017 won't be the year of Linux by sjames · · Score: 1

    When your expected deployment is measurable in millions, vendors become keenly interested in meeting YOUR requirements.