Why South Korea Is Shackled To Windows

baron writes with a blog post explaining in detail why 99.9% of S. Korea uses Windows. This amazing tale began in 1998 when Korea decided it couldn't wait for SSL to be standardized (which it was in 1999) and commissioned an ActiveX control for secure Web transactions. At first there was a secure Netscape plugin too, but we know how that story ended. Quoting: "This nation is a place where Apple Macintosh users cannot bank online, make any purchases online, or interact with any of the nation's e-government sites online. In fact, Linux users, Mozilla Firefox users, and Opera users are also banned from any of these types of transactions..." Now that Microsoft has made ActiveX more secure in Vista, every Web site in S. Korea is scrambling to get things working again and the government is advising citizens not to install Vista. At the end of all this work, they will still be a monoculture in thrall to Microsoft, with millions of users sitting behind some of the fattest pipes in the world.

How easy to give up Freedom

[what about]

and how difficult to get it back

This is not just for Computing but the concept is more important than ever now, in Computing

The Anti-Massachusetts

[hey]

Kinda makes you think that Massachusetts with their push for open formats, etc might
be on to something. (If you we're already thinking that.)

Like Geek heven..

[WarlockD]

Just Satan calls the shots.

Kind of bashing Windows I guess, but it makes me wonder if it's even possible to convert to more open standards at a reasonable price? Even with the "more secure" ActiveX controls, its still easier to modify those existing controls in VS than it is to rebuild the site under OSS.

Sigh. Owning a Monopoly must be nice.

That's what you get

[mobby_6kl]

when the government jumps the gun and does what it thinks is best for everyone.

This is MS's fault how?

[Bacon Bits]

Yeah, I'm not getting how this is anybody's fault except S. Korea's. SEED is an open specification. There is no reason the Korean community can't develop a plug-in for other systems. All that is required is for the S. Korean CA to allow it. Again, that's S. Korea's fault.

The only fault of Microsoft's lies in an area that the author is grossly misinformed. He says "In IE 7 and in Vista, Microsoft has re-architected Active X controls in such a way to make them 'more safe' by requiring a user action for the control to run", and then links to a page about the Eolas patent resolution. Many places have had to recode websites and controls after this change. While it is Microsoft's fault for the implementation, the impact on S. Korea is entirely up to them.

Sorry, you made your bed.

Not WIndows Fault

[Creepy Crawler]

The problem is that Vista doesn't play well with a software program called Active-X that is widely used in Korean Internet sites.

No, the problem is that incompetently created websites use delicate nonportable nonstandard proprietary software that is only interoperative with one single obsolete platform.

Don't blame Vista; blame people who aren't responsible, experienced, or forward-looking enough to see why complying with standards is so necessary.

Now let's see how people will fix their glaring mistake. Will they "fix" it by repeating it (i.e. rewriting ActiveX controls to be compatible with Vista, so that they can get paid to screw their customers again in 5 years when the next version of Windows comes out) or will they fix it by removing the irresponsible dependencies?

Re:wait?

[inviolet]

Has anyone ever investigate which backroom dealings resulted in this decision? Decisions like this, with a multi-billion profit guarantee to a specific vendor, aren't made for technical merit. If you really believe that neither MS nor someone else with stakes in it (maybe some reseller?) was involved, I have a few bridges for sale...

Well said.

This tale still might have a silver lining, though. A single security vulnerability, properly exploited, could turn the entire economy of South Korea into a cautionary tale. For a decade afterward, at board meetings where purchasing or standardization decisions are being debated, people will randomly interject "But we could end up like South Korea!".

This is slashdot. Do we believe what we say about the perils of vendor lockin and closed-source? If so, then we should also believe that South Korea's predicament will eventually become a clear and obvious error.

Proprietary software

[feranick]

This is exactly why the generalized use of proprietary and not standard software is a bad idea. Being the most common platform, doesn't make it a standard either since the all country relies on something you have totally no control about.

Re:Like Geek heven..

[nine-times]

The first thing I wondered when I read this was, "Did they learn their lesson?" They standardized their entire country on a closed system, and when the vendor of that closed system initiates an arbitrary change, they're pretty much screwed and forced to rebuild things. In my mind, the smart thing would be to bite the bullet, drop Active X, and switch to Firefox and have a true multi-platform solution. Hell, if they can't do everything they require in an extension, they can go as far as making their own fork, and they'll retain that option in the future.

Really, this should be a lesson for everyone.

It's that last part that freaks me out...

[Karl Cocknozzle]

At the end of all this work, they will still be a monoculture in thrall to Microsoft, with millions of users sitting behind some of the fattest pipes in the world.

I think its funny the poster left the part about millions of users behind the fattest pipes around--that seems like the worst part of the story. A monstrous delivery system for Microsoft zero-day worms/exploits, etc... A virtual-WMD if you will.

Just thinking about it makes me want to tell my firewall to shun all traffic from large swaths of the world...

Another question: Couldn't this be forced through liability? I.e. These companies need to switch to using the now much-more secure SSL to handle transactions, or find themselves liable when their customers identities are stolen through their weak quasi-encryption scheme. That's why US companies did it--they didn't want to get sued because a weak protocol was cracked.

other parallels

[nostriluu]

The Government of Canada uses a public key infrastructure system, that only works in some browsers. Famously for the past census, only some people could access it.

Some important sites, such as banks and airlines, don't support other browsers or require plugins as well. It is getting better with the important cross platform critical mass of Firefox, but far from perfect.

Is it a public highway, or something designed only for Ford Explorers(tm)?

Re:How easy to give up Freedom

[GreyPoopon]

and how difficult to get it back

What's stopping someone (in the government) from writing a new SEED-compatible applet that works on Firefox and/or Opera and on other operating systems? After all, there USED to be a plugin for Netscape.

Re:Korean computers SUCKKKKK!!!

[init100]

I didn't link them so you can understand Korean, but to see how bandwidth-intensive Korean websites are over American websites.

They didn't seem bandwith-intensive to me, but of course Adblock+ and NoScript helps a lot. :P

Re:Starcraft in South Korea

[LHX]

You forgot that people will watch a staring contest if there is $10K to be won.

Re:& I thought N Korea was a barbaric dictator

[kinabrew]

How is "digital restrictions management" less proper or less accurate than "digital rights management"?

Its purpose is to manage restrictions on what users can or cannot do with the content. In what way does it manage rights?

Re:TCO Study?

[nizo]

In S. Korea....all that bandwidth, and nothing useful to use it with....

I am guessing there are people who control hordes of zombie machines that would disagree.

Re:ActiveX

[Shaper_pmp]

Personnely I doubt that Vista will break these Korean ActiveX modules indefinetely, as MS can release a patch after the OS is releashed and selling, at their leisure. MS would never create a situation where an entire country is put off their flagship product, especially a country with 99.9% MS Windows usage, as stated in the article.

I think you'll find the problem is that it's the very fundamental design decisions in ActiveX that are the problem.

ActiveX was originally designed with almost no thought to security - it relied on having pretty much unrestricted root access to your machine, and running arbitrary code directly on your operating system.

No sandboxing, no privilege-escalation warnings, nothing. And root access.

Now with Vista Microsoft have finally sorted out some of their most egregious security mistakes. Unfortunately, "unrestricted access for random binaries on any web page in the world" and "secure systems that a concussed ten-year-old couldn't crack" are pretty much mutually exclusive.

Short answer: It's pretty much impossible to "patch" ActiveX, because ActiveX was the problem.

To be fair, ActiveX has got better since it was introduced, but it's still fundamentally flawed, and with some extremely dangerous and/or stupid design assumptions.

Re:Starcraft in South Korea

[Apocalypse111]

While it is true that there are only a few prominent strategies used in high-level Starcraft games in the beginning, this is only because they were found to have the right combination of versatility and effectiveness. Once the initial rush phase is over, if the various sides have survived then it becomes a whole different game, and much more individualized and reactive. Terrans and Protoss start setting up defensive structures, and can go in several different directions from there (for example, the Terrans could continue with marine-medic rushes to keep the enemy on their toes while building up to, say, battleships, nukes, goliath-siege tank groups, or others). That many games end in the first few minutes following the initial rushes is a testament to the players that pursue those strategies, being able to pull them off as well as they do. Add additional players and things get more interesting, as you have to not only beat your first target as fast as possible (or at least slow them down), but also defend your own base from the other players. Its strategy on a more micro-management level than TA, and one of the reasons I enjoyed TA was that it didn't require that level of nit-picking.

You are correct, TA had no melee units. One of the 3rd party units I remember was based off a Protoss Zealot (called the Zlot in-game), but it simulated melee attacks by having a projectile range of only the length of its arms.

TA did have some differentiation in sides, if only in that they favored different strategies with their units. Overall, the Arm units were faster, while the Core units were more heavily armed and armored. Still, as you say, some of this was lost with the units introduced later, the various sides becoming a more homogeneous.

On the subject of all things TA, you might check out the following...
TA Spring [clan-sy.com] is an open source RTS project that largely recreated TA in a better engine, along with deformable terrain and other goodies.
Supreme Commander [supremecommander.com] is Chris Taylor's new baby, a spiritual successor to TA with all kinds of new goodies, 3 different factions, to-scale nukes, and multi-monitor support!

Re:Who are you laughing at, Popeye?

[Korin43]

In World of Warcraft, the Alliance and Horde characters don't speak the same language, so when one side says either "hahahah" or "lololol" (can't remember which), it shows up as "kekekeke" to the other side.