South Korea Begins To Deprecate ActiveX 95
jones_supa writes The reliance on proprietary technologies to deliver web services varies from country to country. South Korea's ActiveX problem has been in the news before. Yonhap brings us a short report that the government plans to finally start cleaning up this troublesome technology from public websites later this month, as Korea gears up to create a more friendly Internet environment. The country's online financial websites and shopping malls often use ActiveX to have their payments and identification programs securely downloaded to users' personal computers.
Re: (Score:3, Informative)
You;re thinking of North Korea.
Re: Didn't knew they even had computers (Score:5, Interesting)
In the 80's, before China opened up, everything was 'made in korea'. Korea's huge industrial success was what lead, in part, to China's economical thaw.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
A decade ago South Korea had had a well-publicized StarCraft obsession for years. The fact that they are stuck on ActiveX is due to them being early adopters of internet banking and government activities. IIRC, a decade ago there were already articles and discussions about being South Korea being stuck on ActiveX...
Re: (Score:2)
Re:Didn't knew they even had computers (Score:4, Informative)
Two decades ago would be about when Hyundai cars were introduced to Europe. That is pretty significant, we don't hear of cars from Vietnam or even China (I believe China has a huge car industry, but it's not sold globally and we can't even cite one constructor from China whereas I know S.K. has Samsung, Kia, Hundyai and SsangYong. I forgot Daewoo cars)
A decade ago : South Korea known for being where most RAM is made, and then a ton of flash memory as well. We can't have our PC compatibles and shit without South Korea, in the same way we can't do without Taiwan for the motherboards or Thailand for the hard drives.
Re: (Score:2)
The sell a shit tonne of cars here in Australia. Main brand is called "Great Wall"
Re: (Score:2)
Daewoo cars are now mostly branded as Chevrolet (maybe still Opel or Vauxhill in Europe), even in Korea. They are responsible for most of the smaller car designs from GM (from the Cruze down).
Chery is the only Chinese manufacturer I've seen locally, though another poster commented that Great Wall is available in Australia, so different manufacturers may be targeting different markets.
Re: (Score:2)
In South American countries we have recently (last 5 years or so) started receiving cars made in china, and there are A LOT of brands.
Many of their models are cheap knock-offs of known models by other manufacturers (see Chery QQ vs Chevrolet Spark, or BYD F3 vs Toyota Corolla), and all of them sell a lot cheaper than the other brands. Usually lacking in the safety side, but sadly on par with the cars made in Brazil or Argentina for our local markets. And in a country (Uruguay) where, due to taxes, a Honda C
Re: (Score:2)
Two decades? Try four.
Back in the early 80s various friends at high school had various iterations of the Hyundai Pony and most were decade old beaters at that point.
You're not the only one who forgot Daewoo cars. They went bankrupt and are part of GM now - and that had a lot to do with the product failing crash tests worldwide.
China has such a big internal market that they're not exporting much. The market is big enough that VW, Fiat, Toyota, Nissan and Ford are all running major assembly lines in china put
Re:Didn't knew they even had computers (Score:5, Informative)
South Korea is a very advanced and prosperous country, with income levels broadly similar to the European average. They most certainly have computers.
Re: (Score:2)
Then where do Samsung phones come from?
Re: Didn't knew they even had computers (Score:5, Funny)
China
Re:How are HTML5, CSS and JS not proprietary? (Score:5, Informative)
The main difference that makes HTML5/JS/CSS "open" in this case is that any person or company can use the technology free of charge in any capacity without fear of a copyright claim or demands for payment. With ActiveX, only the end users who write scripts may use it free of charge. If you want to implement it in a browser or some other capacity, you have to sign a licence agreement with Microsoft or get sued. That's what "open" means in this case though I fully understand and agree with the FOSS community that this is not what "open" should mean but, I'll take it over the alternatives we have at the moment.
Re: (Score:2, Informative)
If you want to implement it in a browser or some other capacity, you have to sign a licence agreement with Microsoft or get sued.
That's an outright lie.
Re: (Score:1)
I guess that is pretty insightful, as far as total bullshit goes.
Re: (Score:1)
Re: (Score:3, Informative)
I've written many ActiveX controls, some for use in a browser, some not.
At no point was I required to sign or agree to a license to do so.
You can make ActiveX controls with any compiler that supports WIndows and will create DLLs with C++ calling conventions that match the MS style ... So pretty much all Of them.
ActiveX is no different than XPCOM ... Which is at the very core of Firefox, it's just a convention for generic, self describing plugins and is fully publicly documented.
The only insightful thing a
Re: (Score:3, Informative)
I've written many ActiveX controls, some for use in a browser, some not.
At no point was I required to sign or agree to a license to do so.
With requiring a license he was talking about creating the ActiveX runtime environment for a web browser.
Re: (Score:3)
I've written many ActiveX controls, some for use in a browser, some not.
At no point was I required to sign or agree to a license to do so.
With requiring a license he was talking about creating the ActiveX runtime environment for a web browser.
No license is required for that either. All ActiveX is, at heart, is a hierarchy of C++ style interfaces (classes with nothing but pure virtual functions) rooted in a single interface (IUnknown), together with a handful of global C functions (e.g. CoCreateInstance). It can be supported on any platform as long as the C++ compiler implements virtual functions with a pointer to a vtable at the beginning of any object with virtual functions. That's every major compiler on every major platform. Actually you can
Re: (Score:2)
"The problem is that virtually all ActiveX components are written for Windows and make Win32 calls."
Inna nutshell - yup.
This is why I've sucessfully argued with UK govt regulators that web pages which rely on ActiveX are proprietary and discriminatory - as such they are prohibited under open government rules and it's relatively easy to order govt authorities (local/national/regional) to cease using them immediately (the threat of having their funding cut off for non-compliance is the kind of thing which get
Re: (Score:2)
"You can make ActiveX controls with any compiler that supports WIndows and will create DLLs with C++ calling conventions that match the MS style ... So pretty much all Of them."
All of them that run windows, maybe.
I've yet to see DLLs in OSX or Linux.
Re:How are HTML5, CSS and JS not proprietary? (Score:5, Informative)
Re: (Score:2)
With HTML, CSS and JS, you have a choice between well working open source implementations, that you can improve, and publish browser forks on your own. I mean, it was open source which eased google to make chrome the first place.
Re: (Score:3)
That's only true if you want to run controls that were written for windows. If COM and OLE were supported on other platforms, then presumably people would write COM/OLE components for those platforms, and those would run fine on their platforms.
Back in the 90s, there were some other systems that supported COM/OLE (IBM and Sun Microsystems for example.)
CORBA [wikipedia.org] is practically the same thing, and is available everywhere. The problem with CORBA is that is a typical design-by-committee mess. It ended up way too co
Re: (Score:3)
Anyone can read the HTML5, CSS and Javascript specs, and implement them. Only Microsoft can read the ActiveX spec and implement it.
Re: (Score:1)
Only Microsoft can read the ActiveX spec and implement it.
That's utterly false, as has been pointed out numerous times in the comments. All of the documentation is available and always was. It was never encumbered by patents or licensing issues. It can be (and has been) implemented on other platforms. It was just never very popular outside of Windows.
Re: (Score:2)
But then these same people say that HTML5 and JS and CSS are better because they're "open".
I hate using non-open technologies like TCP/IP. They never once consulted me and now I have to go by their "standards" instead of what I want to do this week.
Re: (Score:3)
I don't see how that's the case.
Maybe you are trying to start some kind of pedantic discussion, but I don't really understand your argument. The reality is:
ActiveX: Works on MS Windows running IE.
HTML5/JS/CSS: Works on Android, IOS, MacOS, Linux, Solaris, the BSDs, Chrome, Windows, Windows Phone, etc.
You can play with definitions all you like, but you are not locking yourself into a single vendor like you do with ActiveX.
Re: (Score:2)
Back to software: you're locking yourself into something whenever you deploy anything. ActiveX makes you stuck on Microsoft. Java, though claimed to be multiplatform with com
Re: (Score:3)
There is a huge difference between being locked into a single vendor and being "locked in" to every major platform of the day.
Re: (Score:2)
The GP was right; for a right-wing nutjob he makes a lot of sense. I've been saying the same thing for years, nobody listens.
You're never really "locked in". All that is really meant by that is that there is a cost to moving away from some external dependency, and there is always a cost. Every external dependency a project takes on is "lock in." That includes the operating system, programming language, third party libraries, and everything else that isn't part of the project itself. You can try to minimize
Re: (Score:2)
You are right that you are "locking in" a certain development environment. But that is only part of your application... you will have end-users actually putting your application to use. It is one thing to lock in your single development machine or handful of machines to a single vendor - quite another to lock in all of your users as well. It was all well and good to blow off the 5% of people back when smart phones and Macs were marginal 10 years ago. It is quite another to blow off 50% of people on alternat
If you go back 18 years (Score:1)
I'm pretty sure nearly every story posted on Slashdot about ActiveX had at least 50 responses that included the words "M$".
Re: (Score:2)
Heh! We can always go and see: Google Search: site:slashdot.org activex [google.com]
Here's an ActiveX discussion in Slashdot from 10 years ago: Brian Hook on the ActiveX Experience [slashdot.org]
Re: (Score:2)
10 years ago isn't long enough. Go back 15 and everyone that wasn't drinking the kool-aid already knew it was complete garbage, and yet Microsoft kept trying to force it down people's throats.
10 LET M$ = "Microsoft" (Score:2)
responses that included the words "M$"
"M$" looks like a string variable in old-skool line-numbered BASIC, and Microsoft started out publishing BASIC interpreters. Could "M$" mean "The company should have stuck to BASIC and not branched into microcomputer operating systems"?
Re: (Score:1)
Trick the user into elevating to install something (Score:3)
If they had stuck with Xenix we may not have ended bottom lip deep in a malware swamp
Could you explain how that might not have happened? Xenix (which became SCO OpenServer) was just Microsoft's port of AT&T UNIX to PCs. UNIX is just as vulnerable to malware as Windows: if you trick the user into elevating to install something, something will be installed.
Yes it's the elevating bit that would help (Score:1)
Most of the shit is a legacy of having a single user non-networked environment for so long.
Currently it's a single click on an email to infect all the available network shares with cryptolocker - nothing about elevating to install something at all.
Re: (Score:2)
Even in a networked environment, if you can convince the owner of a home PC to download a binary package and elevate to install it, you 0wn his PC. Trusting your operating system's default repository doesn't help if a trojan poses as a type of desirable software that's often excluded from repos on licensing grounds [pineight.com], such as games or media players.
Modded down due to malware mention? (Score:2)
Back to the above poster, yes it may still happen in environments where security was considered from day one but I'm convinced the years of no privelage separation at all has resulted in the scale of the current problem.
The Cost of Monoculture (Score:2)
Holy shit snacks, does that mean that one day I might be able to use Korean government or online banking website with Firefox???
Probably not, the country's extremely monocultural when it comes to computing tech. ("Not Invented Here" [wikipedia.org] was one of the problems in the first place. [kanai.net]) For example, nearly all the PCs there are Windows/Intel/nVidia combos... you really need to jump though hoops and/or be really specific when ordering computers to get anything else. And, only people at Daum [daum.net] and KAIST [kaist.ac.kr] seem to even hav
Re: (Score:2)
Yes. We do some warranty stuff for LG. Their website is IE6-only (older versions on compatibility mode). It uses a SHITLOAD of ActiveX components for really, really dumb things. Like: Grid Views, Drop Down Views, etc. It's the typical "I'm used to a desktop app so I expect a web app to behave exactly like a desktop app, with pop-up windows and all other controls". This is endemic with MS developers.
Re: (Score:2)
Extremely monocultural? As opposed to the US, where... what, if I recall correctly, Linux has a 1.5% desktop market share and Macs are around 5% or so? South Korea is certainly worse off, but honestly, it's a little hard to argue about a "monoculture" in South Korea when in reality it's only a few percentage points away from the rest of the world in terms of PC OSes.
Besides, more and more people are moving away from PCs to phones and phablets for day to day computing needs, and Samsung phones (and Android
Re: (Score:2)
From a simpler era (Score:4, Insightful)
Re: (Score:2)
True, ActiveX was just one of several bad ideas that became "standards" during the web's explosive growth period. Others that came to mind were the blink tag, Flash (as you mentioned), Java (for the web, a terrible idea), and the abortion of a scripting language known as JavaScript. JavaScript is just the lesser of the evils of the technologies and no one has been able to push forward a replacement, though several have tried.
Re: (Score:2)
Re: (Score:2)
Javascript itself is a plugin. Any concept of distinction is flawed. Lets say in the panaea of worlds, Oracle gave Java tech and all its reference impl's away for free BSD styled. What if anything would be the harm of writing browser scripts in Java vs. Javascript vs. go vs. .net-whatever, etc.. if every single browser developer had access to native embeddable runtimes embedded into the tool?
Java already has a great sandboxing system that was unfortunately broken badly by their native/nsapi plugin layer, bu
Re: (Score:2)
The primary issue with java applets at the same (if you assumed a world where it was preinstalled and where version management didn't matter, bringing it in line with JavaScript), was complexity and startup time.
Doing something simple took too much code, and it took forever for a page with it to start. It would have to go in a very different direction than where it was going to have been different.
Re: (Score:2)
Javascript itself is a plugin. Any concept of distinction is flawed. Lets say in the panaea of worlds, Oracle gave Java tech and all its reference impl's away for free BSD styled. What if anything would be the harm of writing browser scripts in Java vs. Javascript vs. go vs. .net-whatever, etc.. if every single browser developer had access to native embeddable runtimes embedded into the tool?
If it was built into every single browser then things would be different. But that doesn't matter right now because it's not. It doesn't matter how great of a technology it is if you can't run it on an iPhone.
Re: (Score:2)
Java became de-facto monoculture, there is only one widely used implementation.
You're talking about Android, right?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Almost as awesome as the blink tag :p
Re: (Score:3)
Re: (Score:2)
At least since the Java 1.4-ish era of security, depending on the security manager in place, you could retain complete sandbox mode while allowing for specific access to sensitive information (like fs access) on demand. it certainly is laborious having to continually prompt users to let them do things. I would've leaned more toward android like security bundling where you'd have to specifically 'install' the applet, but then it has some level of systems integration with a bundle of security permissions gran
Re: (Score:2)
Re: (Score:2)
It was a much simpler era, where there was little need to worry about platforms other than Windows+IE
You were part of the problem.
ActiveX (Score:5, Informative)
In case anyone is wondering what ActiveX is, it's essentially a Windows program you download that runs natively on your computer. It gets to draw to the specified element in the browser, which makes it look like it's part of a webpage. There isn't (or wasn't) any kind of sandboxing or security once the ActiveX component was installed - it could do anything it wanted on your computer like any other Windows program, because that's essentially what it was. The only security was whether or not you installed the ActiveX component in the first place. If I remember correctly they are really just DLLs, and used Component Object Model for the standard in which the DLL exposes methods, etc.
Re: (Score:3)
Re: (Score:2)
And ActiveX got a severe makeover in IE7. So much so that practically everything broke. Which is why IE6 hung around so long.
Of course, you have admit that South Korea is FINALLY getting around to fixing it given IE7+ has been around for years now. I'm guessing Windows 7 and XP Mode support is getting harder to come by?
it's not ActiveX problem really (Score:1)
In Korea it is required to use a government sponsored certificate for all online transactions, and the certificate is available only if you have an ActiveX supported computer. This sounds very stupid but it is true.
Now that Microsoft has abandoned ActiveX, the Korean government has to give up ActiveX. The plan is to rewrite the ActiveX code and future online customers need to download and install an .exe file for handling the certificate. The real problem is not ActiveX. The real problem is the Korean gover
Re: (Score:2)
So you can't do online banking on an iPad, or a Samsung Galaxy Tab?
Re: (Score:2)
Yes.
Supplemental Expert Report of Andrew Schulman (Score:1)
"Securely" (Score:1)
Koreans have weird ideas about security (Score:2)
Working in Korea once I needed to install a package with apt-get but the file came down empty. I asked around and it turns out that to download anything on the corporate network you had to install this active-x component which looks to see if a storage device is connected to USB. If a device is connected the download still won't work, but you can still make a local copy of the file, plug in the USB key, and copy the file that way, which is what we did on a windows box.
Half measures all over the place.