Slashdot Mirror
Citifi.com Denies Alternate Browser Access
Mr. Magoo writes "Citifi.com, CitiBank's new financial services portal, is the latest big web site non-Windows users can't access." When I view the site with Netscape under Windows, I get a marketing blurb that says 'Become a Citi f/i customer and enjoy the convenience of being able to bank, invest, and pay bills 24 hours a day, 7 days a week, from any PC that's connected to the Internet.' Tried it with Netscape 4.05 and M12 under Linux, and I get no dice. Lynx 2.82rel.1+ssl under Linux seems okay, though. It seems we've got another poor-web-design victim.
The solution has to be better than that. How do you get a manager to compromise on features because some browsers support them and some don't - especially when most managers don't relise that there's actually more than one brower, 'cause, hey, there's one Word 97.
So, the question is; How do we inform computer illiterate managers that the Web is a collaberative community of standards, rather than a dictatorship governed by high school bully tactics?
My indirect reply:
I have the doubtful good fortune of being one of the people whose job it is to translate between the wishes of managers and the work of development staff. I'm the one who either has to persuade the managers that what they said is a really bad idea and shouldn't be passed on, or I have to take that message and go to the developers and try to negotiate a solution that is both possible and accomplishes what they want.
I run into the situation that you're describing a lot-- particularly with cross-browser and standards issues-- and I've won a lot of those battles on the behalf of open (at least relatively open) standards-- but I think we need to look at how you're framing your question here.
Managers are illiterate about computers. Often about Internet. Very true. They do, however, understand their own business. You need to ask them to care about things like usability across multiple platforms and open standards because, and only because, it impacts their business. If you talk to them about community standards and collaboration and Internet history their eyes are going to glaze over and roll back in their heads. And why shouldn't they? Do you care about every issue in every field of every portion of life that impacts your core business? Would you stand around wanting to debate the relative merits of--oh, I don't know-- plastic formation methods just because your keyboard is made of plastic? No. (Unless you're hopelessly eclectic) You'd want to know what difference it makes to you and whether you should care about it in buying keyboards.
Managers are precisely the same. If you tell them that they should make their website accessible to all browsers because it isn't fair or violates good design standards or whatever, that's going to mean nothing to them. If you take the same situation and use arguments relating the issue to their website, however, that will (generally) sink in. For instance, I frequently discuss how unstable the browser market in general is and how features can differ from even one version of a browser to the next-- so some cool proprietary gimmick they want to use may not be implemented in the next. That leads to the inevitable question. "Surely there are safe features?" I then talk about standards and their purpose.
Generally there's a problem because they've got some home-grown genious working for them who learned how to build web pages with Front Page and couldn't write good code if his life depended on it and is in love with some plug-in dependent navigation element. He or the boss will object that it's 'too difficult' to write code that will work everywhere. I then will sit down with the manager and do the cost figures with them about what it would cost in time and manpower to do it properly now versus what it would cost them to redo completely should their mistakes this time make it necessary. That comparison generally hits home rather close to where it really hurts.
Above all, if you want to communicate good practice to management and non-IT people in general, be patient, try to understand their point of view of the matter, and don't assume they're stupid people just because they're stupid about computers.
Gee, this was really long...
Because the snark was a...
I think people who decide to switch to linux should just take what they get and not complain. They Chose to change OS's and if someone has a service for windows, then too bad. Don't complain! Accept it. Don't make everyone cater to your needs. babies.
Why should we allow them to pervert our ideas? We made those protocols, formats ansd servers, so it's our right to annoy the hell out of marketdroid slime that abuses it until they will comply. Who the hell are you and why you think that we should not do that?
Contrary to the popular belief, there indeed is no God.
============================
We have been informed by Netscape and VeriSign? that the Digital Certificates** contained in Netscape Navigator? and Netscape? Communicator browsers with version numbers of 4.08 or below are about to expire. In order to maintain the highest level of security, many secure sites, require a current certificate when establishing a connection.
A browser upgrade to Netscape Navigator or Netscape Communicator 4.5 or higher, or conversion to Microsoft? Internet Explorer 4.01 or higher (Apple Macintosh? users must use version 4.5 or higher) will automatically update this certificate. If you do not upgrade to Netscape Navigator or Netscape Communicator 4.5 or higher, or convert to Microsoft Internet Explorer by December 31, 1999, you may no longer be able to connect to any secure site on the Internet, including Suretrade. We will not support earlier versions of these browsers after this date.
PLEASE NOTE THAT THIS IS NOT A YEAR 2000 ISSUE.
To ensure uninterrupted service to Suretrade and other secure web sites please follow the directions below.
========================
(instructions for upgrading followed....)
Netscape 4.05 is not compliant, and it's my understanding that Mozilla M12 doesn't yet have a valid digital security certificate authentication in place yet. I could be wrong.
I think this particular problem is someone getting all freaked out over nothing. Note that the Lynx connection with SSL works fine.
IS THIS REALLY POOR WEB DESIGN?
They should be refusing accounts from these soon-to-be-useless-to-connect-to-secure-sites browsers unless they want a whole bunch of tech support calls on or soon after Jan 1, 2000!
...given how poorly Netscape has implemented CSS so far -- remember CSS? It was supposed to take the style out of HTML and make it possible to write a single webpage that'd satisfy all browsers, from Lynx on upward? -- I would never and could never blame anyone for giving up and banning it from their site.
It's a real shame that the W3C standards haven't been followed, along with ECMAScript. If the damned browsers would only render absolutely to-spec, then it'd make all webauthor's jobs easier, make all webpages far more cross-platform compatible, support speech- and whatever-based browsers, and so on.
And they'd *STILL* be able to have fancy, stylistic sites. HTML for the content and high-level structure; CSS for the styles. Gahd, that'd be nice.
But, no, Netscape went and balled it up on CSS; Netscape and MSIE both balled it up on HTML; Opera has balled it up on the ECMAScript. Gah.
--
Don't like it? Respond with words, not karma.
Here's a correlation-buster for ya: Wall Street. Investment banks, hedge funds, brokerage houses. Trading desks. Running on Solaris systems. Browser: Netscape.
I worked there. I talked to people. Yes there are some NT shops, but even the travelling techs from Bloomberg/Bridge will tell you that the serious shops aren't on Windows.
Moral: big money uses Netscape.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
What you forget is that on the web, the image IS everything. If you are a company on the web, no one knows anything about you except for your web page. You can be the little guy, but if you have the biggest and best page around, people will assume you are the top dog of the industry. Yes, in theory every web page should work in every browser, on every OS, but in reality, it just doesn't work that way. Most company web sites are nothing but a big ad, and in that case, image IS everything. Most people care less about the information than they do about about the "image" it portrays.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
The number listed "if you have any questions" is 1-800-2-CITIFI (1-800-224-8434). Call up and ask if they realize they're cutting out a sizable (and affluent) demographic with their browser-restricted design.
Hey guys, it looks like this problem is everywhere. My grandmother just put up a site to show her recipes for cookies that she gives to orphans. Not only that, the damn site doesn't support Netscape 2.x OR Quicken for Windows 3.11!
Dudes its time for some serious hacking. Get her.
I've also got some rumours of a Lisa Loeb fan page that won't let any small mouth bass view the site. That's only a rumour right now though, let's not get all worked up over nothing.
Hotnutz.com
Yes, good point. Maybe talking to the webmaster doesn't do much good in many cases. But please, do note that, as has been pointed out already, this site works fine with at least one Linux browser, lynx with ssl patch, so it doesn't seem as though it's a windows-only site, just that they are banning what they believe to be insecure browsers.
I know, I know, dual boot, etc - but then there's the problem when I show that what I've designed only works on 1 in 6 and the manager has a friend at some other company who he's convinced have a wonderful web page that works perfectly. What's wrong with me? The fact that the other page is probably a disaster area (or a mock up) is completely beyond them. Or maybe we payed $20,000 for our product and we have a team of me, where the other company spent $2,000,000 and have a team larger than my entire company.
I know I'm whinging, but I could really do with some ideas on how to educate the luddite decisions makers on the rules and netticate of the Web.
Turn on cookies and go to www.citifi.com and you'll get the lame "We dont support anything but windows or macos, go away" message. Then click on "About Citifi" at the bottom, suddenly you get access to the navigation bar at the left, and the one at the top right, which offers you to check out their entire website, INCLUDING:
A Home link which takes you to their main page
A Products and Services page
A Signup to be come a new member page
And to even "sign in" to your account
(Direct Links not included because their site runs on https with cookies and it seems without seeing the "disclamer" that your OS isn't supported, it does not work.)
And more, it looks like you can navagate the ENTIRE page REGARDLESS that it says you're unsupported.
So the 64 thousand dollar question is.....
Why have the disclamer that non-Windows and non-MacOS users are unsupported if they can, even with the disclamer page, navigate the entire site?
-- iCEBaLM
My bank (in Canada - mbanx and Bank of Montreal) offers online banking trading etc that requires SSL and I've used netscape on linux and freebsd with their site since version 3.0 (they now require version 4+ due to javascript and toerh java crap).
It is an issue for the banks going forward which they are silly to ignore. If they support standards it's EASIER for them to adapt to changing consumers.
There will likely be a lot more people banking from phone screens and handhelds (like an SSL lynx on your cell connected PalmOS) and completely non-GUI VUI's (voice user interface) devices (to say nothing of blind user interfaces etc etc) in the future why not be ready for them. These firms are saying loud and clear:
"Hi we DO NOT want you business - ever. Go away now. There are only 10, 15 , 20 million Mac,BeOS,Unix users out there and we willing give you up to our competitors. The expense of changing our web site (50$ an hour) is simply too high compared with the measly amount revenue in the form of mortgages, insurance purchases, online stock trading any of you will ever do".
They also want me to believe they are high tech, high security, on line financial powerhouses but they don't know how to design a website ... hmm.
Deliberately denying users of alternative, non-windoze operating systems access to a web page is both an economic and political attack on the free software community. If we cannot do our on-line banking online, what is next? On-line purchasing via SSL. Online viewing of streaming video? Online viewing of XML (the purported replacement for HTML)? This is an economic and political battle which, if unfought, will result in all of us being coerced by simple necessity into using a platform we despise.
It is not only appropriate, it is essential that we respond in kind. Boycotting is just one means of doing this (close your citibank accounts, and make sure they know why you have done so). Educating your friends as to why this is matters is equally important -- and if you can talk them into voicing similar concerns to organizations which behave like this, so much the better.
Checkfree, for example, works flawlessly with 128 bit encryption under Linux and is "bank independent" though it does cost $10/month for the service. Still, it is one of many alternatives which are friendly (or at least not aggressively hostile) toward alternative platforms (Northern Trust of Chicago has free online banking which also works fine under Linux, and I suspect if you look around one or more of your local banks will be similar). I would suggest anyone interested in having Linux, *BSD, or any other non-Microsoft platform usable on the web of the future put their money where their mouths are and support companies which allow us to conduct our business on the platforms of our choice, using open standards with the tools of our choice. Any other approach means sacrificing your options for someone elses bottom line (guess who's in this case).
This doesn't make us "html" or "web" police, it makes us concerned consumers who won't allow our vendors to use coercive tactics in order to force us into using their strategic partners' inferior products in order to gain the "privelege" of using their services. Without us (the customers) they do not make money, and we should not be at all shy in using that leverage to our advantage.
The Future of Human Evolution: Autonomy
Well, if the sites works for lynx, what's the problem?! It probably looks fine under Netscape and Mozilla too, if you can hack them so that they id themselves as lynx (HTTP_USER_AGENT or whatever). I hope we are not going to see a spate of stories like this: "www.so-and-so.com doesn't work on my browser". I mean, get used to it, people. This happens all the time. If we had a story about it on slashdot every time, there wouldn't be room for anything else. If you want to do something a bit more constructive than whining on slashdot, check out the Campaign for a Non-Browser Specific WWW. Then, write to the webmaster of offending sites, let them know they're fucking up, and point them at that page.
"Imagine a financial center with no walls..."
Bahhhahaha! ..it really is kinda funny when the opening page is a wall!
blah blah blah yea yea yea blah yea blah
_________________________
We'll forget that you were high and mighty about using Microsoft garbageware, and welcome you into the fold as a user of OSS software. Of course, you're free to stick with IE if you'd like, but it won't be our fault when you begin getting locked out of sites. Choice is important. I respect that.
The point (other than that this story is crap and shouldn't be on /. anyway) is that an incredibly high percentage of sights are viewable on all browsers -- it is the rare sight which is actually not usable due to browser or platform. To exclude a priori a large set of browsers is stupid (and reeks of gross mismanagement or being in bed with the monopolists). Eventually the shoe will be on another foot and the MS/IE arguments won't hold water for anyone else either.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
Hey, thanks Microsoft! (never thought I'd say that!)
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
[root@angel:/root]$ queso www.lite.citifi.com
192.193.201.10:80 * Reliant Unix from Siemens-Nixdorf
The Maginot-skirting is classic FUBAR though.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
And it looks like their server isnt supported by them..
www.citifi.com is running Netscape-Enterprise/3.6 SP2 on Solaris
Interesting...
-- iCEBaLM
The disclaimer may have been required ... ... by their supplier. The producer or WinNT ....
They're running Netscape Enterprise Server on Solaris, I just checked Netcraft...
-- iCEBaLM
But the best part was on their page entitled "About Encryption":
For a 40-bit key there are 240 possible different combinations. For a 128-bit key (the level of encryption that Citibank requires) there are 2128 possible different combinations.
"Ooooh .... 2128 possible combinations - the power of large numbers will keep me safe ..... no one will guess my key" .... after the fit of sarchasm subsided I realised that some bonehead web designer who knows nothing about encryption had dropped a "^" or two
You missed the point entirely, sorry.
The problem is not that the site "doesn't work" with Linux browsers -- that would be a browser problem -- it's that it checks what OS you're running and denies you access under anything but Windows/Mac.
There is no reason to check what OS the client is using and deny them access based on it.
- Michael T. Babcock (Yes, I blog)
Maybe introduce it like handicapped access -- "you have to compromise on form to let certain people access it. You wouldn't want the blind sueing us, eh?"
I'm sure you can put some positive "help me, and I help you" spin on making a compatible page, with an "enchanced" version for the market droids to peer at.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Well, so? There are tons of pages that are written badly. w3history.org doesn't allow "alternate browsers" either (Opera won't work under Linux or Windows...it requires IE or Netscape), but Slashdot had no problem linking to it (without any browser comment) anyway. Why suddenly the comment here? Do we only care if Netscape/Mozilla under Linux can access a site?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
After a small bit of work, I was able to access their site.. but I don't see why they REQUIRE certain browsers ..
I use wwwoffle for a web proxy .. I edited my /etc/wwwoffle/wwwoffle.conf to report my User-Agent as "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)" when i connect to a site. I was then able to enter citibank's site because it thought i was using msie for windows
After some exploration, I have come to the conclusion that citibank's new site is JUST EYECANDY with ICKY javascript. It works fine with Netscape for Linux .. we deffinately must give citibank the same talk we gave fox.com!
i used this same method to access fox.com when it still didn't allow netscape for linux
Important Browser Upgrade Information!
If you are using a Netscape browser older than version 4.06, or Internet Explorer version 4.01 browser for the Macintosh, Citi f/i recommends that you download a newer version of these browsers before December 31, 1999. This is because the Certificate Authority certificate that allows you to use this service and other services from other companies securely (that is, with your communication encrypted) will expire at the end of 1999. Once the Certificate expires, you will receive a message online warning you that the certificate has expired.
In other words, instead of making a nice message on non-https part of the site and leaving it to users to take actions, smartasses decided to make wild assumptions, how User-Agent field must look in the "right" browser, and redirect everything that does not look like Windows or MacOS to a page with rude message and no mentioning of certificates, just because they don't know, which version of Netscape for other systems (hint to citifi -- the same as for Windows) they should recommend.
Very lame.
Contrary to the popular belief, there indeed is no God.
Sheesh, it drives me up the wall.
"Make sure our site ranks high on search engines. Make sure you repeat keywords in the meta tags." (Like they know what a META tag does) . . . How do you explain to somebody that it ain't that easy, and that repeating keywords kills your ranking?
"I don't like where that line breaks!" Like I can really have a lot of control over that. Say some user who has increased his font size comes along. The text breaks in some odd place for him.
"Make sure you test those CGI scripts on Windows and Macintosh!" Like the browser really affects the way the CGI script operates.
And, of course, as the guy mentioned, there is always the "You need to move faster!" When I'm trying to kick the bugs outta a script. Then, if I get rushed into putting the script into action without adequate debugging, it's my fault because it wasn't right before it went live.
Where does this all end? I don't know. I think that some of the stuff you can create with Shockwave/Director/Whatever is cool. Quicktime movies and RealAudio are neat. We can do neat stuff with the web that wasn't possible four years ago. But, we're losing sight of the original purpose of the internet -- to allow information to be accesible to lotsa folks in a platform-independent way. It's easy to ignore part of the population (those who use Lynx, those who use Linux, or even those who don't want to install Shockwave on their computer) since they may not make up a large percentage of the population, but that doesn't make it right. I know we'll never go back to that completely, but I just wish people would TRY to understand that before they go deciding what, why, when, and how they want their website to look and act.
Sorry, I know a lot of that was off-topic, but I've been steaming over some of it for a while, and this thread provided an opportunity to vent a bit.
Folks,
I hate to sound like this, but consider this: Windows makes up something like 85% of the desktop user base in the world right now.
Because of that, it's obvious that Citibank is going to go after that market first. Given that Internet Explorer 4.0x and later and Netscape Communicator 4.06 and later for Windows 95/98/NT4 should work with Citibank's new site, that will cover the vast majority of potential customers for this service.
Anyway, once Netscape Communicator 5.0 ships some time in 2000, this will no longer be an issue, since Communicator 5.0--based on Mozilla technology--should in theory work with Citibank's new site with no problems.
Raymond in Mountain View, CA
Point out to their webmaster that their site is probably not useable by people with alternative browsers, particularly blind people, and then point them to the AOL lawsuit that is currently in the works.
Don't necessarily bring up Linux, or the requirements for Javascript or the fact that a certain required plugin only works on platform X. But tell them that their page is not going to be usable by handicapped people, and they should make the small but necessarily fixes to remove excessive obstiticals to make their page usable by all.
I'd also like to see someone start a page on various .com sites that were redesigned after the browser handicap was pointed out, sort of a victory list. Get something like that going, with a good number of large .com sites, and you might actually have more sites that look good. (and get these types of stories off Slashdot, as it's beginning to look like SW:TPM stories, with a new story for every little bit of trivia)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
People like you and I probably don't give a crap how it looks, as long as it works and the information is there, but computer illiterate managers only have the surface looks to judge by. Heck, when I was developing the code in the background I was accused of moving too slowly, but once I was working on the cute interface I was suddenly moving at a blistering pace - fact is I was working at the same quick speed the whole time.
Managers of companies appear to believe the world revolves around them. When I told one that a feature he wanted was not supported by the HTML standards he actually asked me to get them changed.
So, the question is; How do we inform computer illiterate managers that the Web is a collaberative community of standards, rather than a dictatorship governed by high school bully tactics?
I don't think I'm ever likely to need to use citifi.com. I don't think I would ever have gone there at all if not for the Slashdot pointer to their article.
I know it's nice for sites to offer access to all operating systems, but I find it hard to get worked up over something like this. If you don't like it, there are thousands of other banks in the U.S. alone. (I bank locally anyway.)
Now, something that does annoy me is that I can't seem to get access to my Commerce Bank account's automatic check-dispatchment system (click on the "sign in" link) with Netscape/Linux even when I accept all cookies and connect directly to the Internet. sigh.
Editor Emeritus and Senior Writer, TeleRead.org
Citi f/i currently supports Windows 95, Windows 98, and Windows NT 4.0 running Netscape Navigator and Internet Explorer. It also supports Macintosh running Netscape Navigator only. If you need further assistance, please call 1-800-2-citifi.
It rendered differently using Netscape (I used both Netscape and Opera behind a junkbuster proxy that disables cookies and masquared my user agent to be Netscape 4.7 on 2.2.13). It looks like it used Javascript to block arbitray browsers.
As it's their website, it's their choice wether or not they allow people using things other than a certain browser and/or OS. I, however, don't see why they'd not allow any forms/SSL 128 capable browser to become a potential paying customer.
I do have one question, though. Are we, the Slashdot readers and contributors, going to become the "website design police" -- cracking down on any site that just plain doesn't have high standards and proper design? Let these companies go and block people out -- then politely email them to ask them why they don't want your money. This should raise eyebrows, and eductate over at the company's office. "You, IT guy, why are we blocking out paying customers? I know you can fix this, so please do." Why not setup a public forum, or a site of some kind to audit websites for people, free of charge? This would certainly kill a few bugs with one squish.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I think it's ethically wrong for them to deny access based on OS, unless there's some kind of sound technical reason for them to do so (which there isn't in my mind) It's against the spirit of the internet. Cross platform information sharing was one of the reason why the web took off in the first place and they're violating that ideal. However, decisions like platform support aren't made haphazardly and I'm sure that they sat down looked at the cost analysis comparing the price of making sure the site worked with all platforms vs the expected revenue from users accessing the site via unix hosts. I know that if you stick to good clean code browser and os differences shouldn't give you any problems, but a lot of people aren't writing good clean code.
I've been using their online banking system from my linux box for the past year, I know that I show up in their web logs. I'm sure a lot of other unix users show up there as well, but I'm also sure that they don't have enough non-windows, non-mac clients to warrant extra effort in platform support
Citibank is a buisness, they look at the bottom line and do what's most profittable. In this case it was denying access to non windows/mac users. Do I wish that they would support all of the OS's or at least unix? Yes... Do I blame them for not supporting them? No.
I keep getting inconsistant results. Queso from behind a firewalled machine said it was a Siemans host. Queso from my home box (behind Netcom/Mindspring) always shows "Dead Host, Firewalled Port" on anything. Checking Netcraft this morning I find:
www.lite.citifi.com is running Simple, Secure Web Server 1.1 on Solaris
You can check it yourself.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
Not that this is the case here, but perhaps a company wants to design a site using a specific valid HTML 4.0 layout which Netscape is unable to display correctly. Then, looking at the demographics, they see that Netscape now has less than 20% of the browser market, and that only half of those users are the type of clients that they're trying to attract. They might just decide that keeping their current layout and losing some users is a better deal than redesigning the site in an inferior way.
It's completely fair on their part. You are the one who chose an operating system for which IE is unavailable, and you need to be prepared for the negative aspects of that decision. If I pulled my C-64 out of storage and decided to make that my main OS, it'd be ludicrous of me to complain to Id that it's not fair of them to deny me the fun of playing Q3-Arena just because I'm using a C-64.
Cheers,
ZicoKnows@hotmail.com