Weekly Edition
Return to the Press page
| |||||||||||||
|
| |||||||||||||
The cost of monoculture (Gen Kanai)
Gen Kanai looks at technology decisions by South Korea's government which have led to an absolute Microsoft dominance there. "This nation is a place where Apple Macintosh users cannot bank online, make any purchases online, or interact with any of the nation's e-government sites online. In fact, Linux users, Mozilla Firefox users and Opera users are also banned from any of these types of transactions because all encrypted communications online in this nation must be done with Active X controls." (via BoingBoing).
(Log in to post comments)
they use a non-standard encryption algorithm, so what? Posted Jan 26, 2007 18:20 UTC (Fri) by stevenj (guest, #421) [Link] I have to say that I don't understand this situation. So they use a non-standard encryption algorithm for online transactions (SEED). Sure, that's annoying, but... The specification is open; why not just implement support in Firefox for SEED and go from there? (In fact, a patch is available for OpenSSL already.)
they use a non-standard encryption algorithm, so what? Posted Jan 26, 2007 19:27 UTC (Fri) by khim (subscriber, #9252) [Link] It does not matter if specification is open or closed. What does matter is that it's not embedded in MS IE - and MS IE is market leader. Thus banks are using Active X. If they are using Active X is does not matter anymore what this Active X does: it's only compatible with MS IE so all other browsers (including Firefox with SEED patch) are cut off.
they use a non-standard encryption algorithm, so what? Posted Jan 26, 2007 20:31 UTC (Fri) by stevenj (guest, #421) [Link] But if you know the encryption protocol, how hard could it be to spoof the Active X control? Not trivial, certainly, but I would have thought that this would have been priority numero uno for every hacker in South Korea for nearly a decade now.
they use a non-standard encryption algorithm, so what? Posted Jan 26, 2007 21:30 UTC (Fri) by Los__D (subscriber, #15263) [Link] It's bank software, it's probably both near-impossible and highly illegal to "spoof"...
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 1:21 UTC (Sat) by stevenj (guest, #421) [Link] Why? I'm not suggesting hacking into the bank, or running anything on the bank's computers. Everything is on the client side; it's just a matter of talking to the bank computers using the correct protocol.
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 1:30 UTC (Sat) by Los__D (subscriber, #15263) [Link] AFAIK (I'm no expert though), ActiveX objects are signed, so that you can't spoof them (to the client). Banks would probably use the same technique the other way around, so that they know the object is really theirs. Breaking that would probably be very hard, and legally amount to hacking. In the US at least it would be a DMCA violation, here in Denmark, and most of EU, we have something similar,
I have no idea what the rules are in South Korea, but I have this feeling, you know ;)
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 3:31 UTC (Sat) by stevenj (guest, #421) [Link] Signing an ActiveX object can only authenticate it to the client, not to the server, since it is not running on the server. The only way the server could use digital signatures to force a specific client binary, as opposed to specific client algorithms, would maybe be to use some sort of "trusted computing" where the client doesn't control their own hardware, and even that is dicey. Think about it.
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 10:10 UTC (Sat) by Los__D (subscriber, #15263) [Link] Hmmmm, maybe you are right, unless there's a way to hide a key inside the ActiveX object, to encrypt the messages to the bank (on top of the SEED).
And they probably doesn't care THAT much, as long as the server can authenticate the user, then I guess it's all good.
they use a non-standard encryption algorithm, so what? Posted Jan 28, 2007 9:15 UTC (Sun) by tialaramex (subscriber, #21167) [Link] Sure, doing what you propose is...
* Possible, but...
they use a non-standard encryption algorithm, so what? Posted Jan 26, 2007 21:47 UTC (Fri) by ajross (subscriber, #4563) [Link] Yes, but none of that would make the web page work in a user's non-standard browser, which is the issue at hand here. Your point is analagous to arguing that IE-only websites aren't a problem because HTTP is an open standard.
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 1:37 UTC (Sat) by stevenj (guest, #421) [Link] I think people need to keep better hold of their jerking knees... I didn't say it wasn't a problem; it is a tremendous annoyance, and egregiously stupid. What it should not be, however, is the situation described in the article—something that absolutely prevents online transactions by non-IE users. As I said, I don't understand why this wasn't hacked around years ago (perfectly legally), even if it would obviously be better for Korea to switch to a standard protocol. What am I missing? Think about people using Microsoft file-sharing protocols or Microsoft document formats. Are these tremendous annoyances? Yes. Is it crazy for goverments to standardize on these things? No question. Does it absolutely prevent GNU/Linux users from communicating with Windows users? Hardly, thanks to Samba and OpenOffice.org...and they had the much harder task of reverse-engineering a proprietary, vendor-specific protocol that is constantly changing, whereas here we have an open, fixed, government-provided specification (just different from the rest of the world).
they use a non-standard encryption algorithm, so what? Posted Jan 27, 2007 4:29 UTC (Sat) by k8to (subscriber, #15413) [Link] Maybe it doesn't end up being a single hack, but an ongoing maintenance nightmare to make the thing work across the various implementations and quirks of all the different agencies. Maybe to make things work properly you need to implement IE bevaior quirks, spoof multiple revisions of the ActiveX plugin behavior, and write an ActionScript layer or whatever the microsoft ECMA thingy is called.
At least, that's what I would expect the situation to look like, given so wide use of such tools.
If true, it's not just a simple matter of code, it's coding and testing with a very long list of things to verify. Still doable, but perhaps daunting enough to get traction from starting. And if the society is sort of "use windows or go away", there may not be a necessary seed group of people motivated to defeat the system.
s/ActiveX/SMB/ Posted Jan 29, 2007 23:25 UTC (Mon) by GreyWizard (subscriber, #1026) [Link] Which of these statements would NOT apply to the situation with SMB and Samba?
they use a non-standard encryption algorithm, so what? Posted Jan 28, 2007 14:53 UTC (Sun) by gnb (subscriber, #5132) [Link] The "perfectly legally" bit of your comment is the problem. It _might_ belegal to reverse engineer the protocol (or not, I know nothing about Korean law) but if the bank tells customers to access the web site using the ActiveX control supplied then it's almost certainly a breach of their terms and conditions to use something else. Which is inviting far more grief than most people will want. The fact that it's technically possible isn't really much help.
The cost of monoculture (Gen Kanai) Posted Jan 26, 2007 22:47 UTC (Fri) by horen (subscriber, #2514) [Link] South Korea is by no means the only country in which this despicable phenomenon continues to thrive and continually be renewed through both ignorant and calculated decision-making.
Browser-specific website design remains endemic throughout the world, and citizens suffer the indignities of well-meaning but unusable government websites at every level, as well as those of public and private colleges-and-universities, banks, businesses, and corporations of all shapes and sizes.
I cannot access my bank account in Israel, online, because their website is designed to solely support Microsoft's Internet Explorer. So, too, with a number of public-service websites owned-and-operated by the State of Florida (read: our tax dollars at work).
Primary- and secondary-educational institutions within the US are no exceptions to this rule, regardless of whether they are publicly- or privately-funded.
Contrast this skewed decision-making, with the wealth of information and framework-creating-software made freely available by projects such as DebianEdu and Skolinux.
"They" never seem to learn any further than the lining of their pockets and/or bank accounts.
The cost of monoculture (Gen Kanai) Posted Jan 26, 2007 23:43 UTC (Fri) by drag (subscriber, #31333) [Link] Well governments do suck.
Realy.. Think about it. How responsable would a decision maker be when they:
This, and other things, is why I cringe when I see articles about this or that article about this or that government institution embracing Linux. Sure it's nice to see more widespread adoption, but they are the ones most likely to complete botch it. Governments, on average, display massive amounts of IT ignorance, waste excessive amount of resources, and still get it wrong.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 6:17 UTC (Sat) by branden (guest, #7029) [Link] drag, Yeah, that's governments for ya... Just this week, Ford announced a staggering $12.7 billion loss the highest in company history. This came after a year in which the company announced that it was cutting more than 40,000 jobs (30,000 of them union jobs). So what to do in a company that's failed to delivered innovative products to the market, completely misjudged consumer trends, and managed itself into a fiscal bind that will see if fall from the "big three" of automakers? Why first you blame much of your problems on the health care cost of the line workers. Then you award bonuses to the top management. (source) Let's see, Ford Motor Company is a publicly-traded company, so it does its business with other people's money -- that of the shareholders. And the more money they spend -- lose, rather, the more money the executives (supposedly accountable to the shareholders) get. Good thing we have this shining example -- those dang ol' governments could learn a thing or two.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 9:52 UTC (Sat) by drag (subscriber, #31333) [Link] Companies come and go that is the nature of the business. Other companies come in and take over leading to higher efficiency, better products, and more profitability.
When ford screws up all the people that pay are the employees and the shareholders. If I don't like how Ford is run or I don't like their cars I can choose not to give them money. They die, another company comes in and take over.
When governments are put in charge of people's lives and they mess up people starve, people get their property seized, and nations go to war. If the government is being run badly and demands more money and I don't want to pay they send armed men to my house to put me in a concrete cage.
No corporation has ever killed off millions of it's own employees because they didn't like their race. No corporation has ever sent millions of people to die in work camps in Siberia. No corporation has purposely controlled or accidently mismanaged the food supplies that caused millions of people to starve. No corporation had killing feilds were they shot the men, clubbed the women, and smashed the children against trees in massive numbers for no good reason.
That's MILLIONS of people. Through the direct and purposefull actions of governments set on killing their own population simply to have them dead you have a total of about 170 million people killed during the 20th century. The majority of this was done by socialist governments places like Germany, Russia, China, Cambodia, and other assorted countries through out the world. The majority of it was done after WW2 (except in Germany, obviously)
Since WW2 you had about 76million people killed by their own governments. 66 million of them killed by people calling themselves 'communist'.
And that is a somewhat lowball figure. Other estimates put killing by governments of over 260 million people.
but I suppose that is possibly governments just being very very efficient? I suppose, like in China, the best was to solve hunger during the 50's and such is simply to eliminate the hungry people!
As a counter example to your Ford in economics:
Take the shining beacon that is Venezuala.
After Hugo Chavez's reelection he blithly announces that he is going to seize control of the country's infrastructure from foreign companies and return it to government control.
Oops. There goes a fifth of the country's value within a week of the announcement as foreign investors pull out.
As a result of Hugo's mismanagment and him and his buddies seizing control of all the economic assests in the country under the big lie of 'populism' almost all foriegn investment in his country has pulled out. This has resulte in massive amounts of inflation (as in devaluation of the currency) and the country is spiraling to poverty.
Last I heard the county has about 50% the worth it had just a couple years ago. The only thing that is saving their ass is the fact that they are major oil exporter.
Lets see how well government control works for it's people with things like 29% inflation.
But maybe the government can get that ecological destroying sewage situation under control, eh? (I expect not...)
Personally I can ignore Ford and go on with their day. The investors learn to invest more wisely and nobody with any brains invests all their money in one place, investment 101 says that you have to diversify your risk. The employees get different jobs at different companies.
On the other hand it's going to realy realy suck for me if I was stuck anywere in Venezuela in next 5-10 years. Everybody in that country is going to be heavily screwed over.. especially when Hugo seizes enough control he is not going to be dependant on the 'populist' vote to remain in power.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 16:45 UTC (Sat) by nim-nim (subscriber, #34454) [Link] > No corporation has purposely controlled or accidently mismanaged the food> supplies that caused millions of people to starve.
ROTFL, any student of European history (won't write about parts of the world I know little of, though I suspect it's pretty much the same thing) knows pretty much every single of its big famines was aggravated if not orchestrated by private interests hoarding food dumps to speculate on price (with the governments usually ending up confiscating them to avoid starvation riots)
> No corporation has ever sent millions of people to die in work camps in
Also, I suggest you read one or two books of russian history (the official pre-1917 tsarist ones that were massively re-published in the 1990's).
They'll explain you how economic powers (aristocrats then industrialists) lobbied for centuries for serfdom and maintaining people in abject conditions in poor fields then factories to make more money (with many laments on the hard russian climate and the "economic necessity" of serfdom)
Then they'll tell you how the state expanded its borders by turning a blind eyes to people fleeing in Ukraine & Siberia the economic powers of the day (yes, it was that bad people were happy to flee to Siberia).
I don't like governments much but I have no illusion about what would happen if economic powers (named corporation nowadays) were freed from them. It's easy to point the finger to 20th century communist states but the great atrocities of previous centuries (new world conquest, colonization) have more often than not been perpetrated in areas where historic states were weak and power surrendered to private interests.
The cost of monoculture (Gen Kanai) Posted Jan 28, 2007 12:43 UTC (Sun) by drag (subscriber, #31333) [Link] ""Also, I suggest you read one or two books of russian history (the official pre-1917 tsarist ones that were massively re-published in the 1990's).""
Good stuff. I bet russian history is a good one.
They'll be easy to find hopefully, or do they have a name so I know which ones your talking about?
""I don't like governments much but I have no illusion about what would happen if economic powers (named corporation nowadays) were freed from them. It's easy to point the finger to 20th century communist states but the great atrocities of previous centuries (new world conquest, colonization) have more often than not been perpetrated in areas where historic states were weak and power surrendered to private interests.""
I don't trust big corporations anymore then big governments. It's just currently their power is much more limited.
There are people like from the "Mises institute" http://www.mises.org/ that advocate just that (no government and only business). That a capitalist society, if properly setup, is essentially self-governing and that there is no need for structured government.
I don't agree with that at all.
What is most horrible is when they combine forces.. When the government takes a active role in supporting economic success of big business over it's own subjects. You end up with a very strong form of fascism.
Personally I like a balance of power approach. Government and large corporations should be opposed to one another to a certain extent (but probably not in a combative manner). I beleive that individuals have the best ability to govern themselves. After all we are all humans and generally have barely enough good sense to rule ourselves... What makes us think that puting a couple thousand people in charge of a several hundred million will have good results?
In a perfect world morality would govern every individual and we each would try to make decisions that would end up in the greater good of all people... but there are many selfish and violent people out, along with enough gullible follows to give them power (it's quite shocking to meet somebody who is, in most respects, pretty evil and fairly smart. It gives you a lot to think about), there so the need for elected governmental structure to counter that is a absolute need.
It's just that big business and government both are nessicary evils, both are nessicary and both suck, and like all nessicary evils they should be kept at a minimum.
:-)
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 21:20 UTC (Sat) by nix (subscriber, #2304) [Link] I started reading this but I stopped as soon as you described Nazi Germanyas `socialist', because you'd just demonstrated your utter ignorance of history for all to see.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 23:25 UTC (Sat) by Arker (guest, #14205) [Link] Wow, talk about projection.
The cost of monoculture (Gen Kanai) Posted Jan 28, 2007 12:23 UTC (Sun) by drag (subscriber, #31333) [Link] Haha.
Seriously. This is WW2 history 101 stuff.
http://en.wikipedia.org/wiki/National_Socialist_German_Wo...
""The Nazi Party, officially known as the National Socialist German Workers' Party (German: Nationalsozialistische Deutsche Arbeiterpartei (helpĀ·info), or NSDAP), was a political party in Germany between 1920 and 1945.""
They called themselves socialist. What more do you want?
They were elected into power also. Democraticly elected, no less.
Go brown shirts! :-p
The cost of monoculture (Gen Kanai) Posted Jan 28, 2007 21:15 UTC (Sun) by Arker (guest, #14205) [Link] Hitler infiltrated the red Socialists for the German secret police. He was fanatically opposed to them. At the same time, he adopted many key policies and tactics from them. His goal was a "National Socialism" to oppose the ostensibly "International Socialism" of the reds.
The cost of monoculture (Gen Kanai) Posted Jan 29, 2007 17:00 UTC (Mon) by nix (subscriber, #2304) [Link] And the DDR called itself 'democratic'. The name an organization gives itself does *not* necessarily indicate whether it actually conforms to those ideals (indeed in politics it is frequently an indication that it does not).
The cost of monoculture (Gen Kanai) Posted Jan 29, 2007 21:29 UTC (Mon) by drag (subscriber, #31333) [Link] They were definately not marxist, they definately aren't the same as modern European style socialism, but they did have the idea of a strong central government regulating the economy and providing a welfare state, government ran education, and government ran healthcare system.
So the Nazi party was definately a socialist party. But it's a strong 'Right Wing' one with paranonia towards non-germans and things like a strong pro-death penatly stance.
Modern European socialism is usually typified by a 'soft left' approach, which is certainly very different from what the nazis were.
The cost of monoculture (Gen Kanai) Posted Feb 5, 2007 1:56 UTC (Mon) by liljencrantz (subscriber, #28458) [Link] In what way is "paranonia towards non-germans and things like a strong pro-death penatly stance" right wing?
Both of these leanings can be found among some conservatives, sure, but they are very typical of communist states as well.
The cost of monoculture (Gen Kanai) Posted Jan 30, 2007 10:13 UTC (Tue) by ekj (subscriber, #1524) [Link] There's a rule. Goes like this. When a country explicitly names itself something, it never actually isDeutsche Demokratische Republik may have been "Deutsch", but it was not really what we think of a a Republic, and certainly not democratic. The Peoples republic of China is also not really controlled by "the people" in any reasonable interpretation. Great Socialist People's Libyan Arab Jamahiriya isn't really any of those things, except possibly libyan. For that matter, even the kingdom of Norway isn't actually in any reasonable sense a kingdom. I mean, *technically* there is a king, but he doesn't actually rule the country. Infact he has very very close to no power whatsoever, certainly MUCH less than most presidents. My point ? The fact that some entity chooses to name itself something is no indication whatsoever. Infact it's frequently the oposite. Countries without "democratic" in their name are, on the average, a whole lot more democratic than those *with* that in their name.
The cost of monoculture (Gen Kanai) Posted Feb 5, 2007 2:02 UTC (Mon) by liljencrantz (subscriber, #28458) [Link] The nazis are an exception to this rule. If you mix socialism with xenophobia, you pretty much get nazism.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 16:52 UTC (Sat) by tjc (guest, #137) [Link] Well governments do suck.But they're better than anarchy. Even in the worst possible case they at least give one a good idea of who to be shooting at.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 19:13 UTC (Sat) by bk (guest, #25617) [Link] That depends upon your definition of anarchy.It can be argued that it's preferable for individuals to make their own decisions instead of deferring to artificial, impersonal legal entities, be they corporations or governments.
The cost of monoculture (Gen Kanai) Posted Jan 27, 2007 19:45 UTC (Sat) by tzafrir (subscriber, #11501) [Link] Actually in Israel the pressure from customers is finally bearing fruits.
Originally only 1 of the major five banks had a good support for non-IE browsers, and another one had a resonably-working one (but a partially broken web site).
Of the remaining three, only one uses an ActiveX control, IIRC.
Anyway, all of those remaining three, one already supports non-IE browsers and 2 are in the process.
I guess later is better than never.
govt vs corporate corruption Posted Jan 27, 2007 18:36 UTC (Sat) by ccyoung (guest, #16340) [Link] in the US it's much easier for a corporation to corrupt a government official than a corporate official. When a state signs a no-bid state wide email with Microsoft - follow the campaign contribution money (usually from middle-ware vendors). In a corporation an IT director can be protected; in the public sector she's exposed and vulnerable (see MA).
No US politician who wants to be re-elected will take on Bill Gates and Microsoft. It's an oxymoron.
And, except for Jim Webb (see his rebuttal speech) and Denis Kucinich, I personally have not seen any politician at the federal level who was not a corporate whore.
govt vs corporate corruption Posted Mar 13, 2007 5:33 UTC (Tue) by hozelda (guest, #19341) [Link] Nonsense, it all depends on the particulars. Our corporate world today exists within the context of a body of legislation that was built over the years because of massive amounts of corporate fraud and greed to the extent they destroyed the economy and the lives of many. Anyone that wants to keep hands off corporations, besides living in a fairyland where balance of power is never a threat to that person dreaming, in all likelihood likes to take advantage of anything and everything regardless of the impact it has on others.
A balance of public and private control keeps people quasi honest. Not sure what the right mix is but neither extreme will work in a world of less than perfect humans. Power must be checked. The public and private sectors each offer a way for different constituencies to maintain some sort of check.
The cost of monoculture (Gen Kanai) Posted Jan 28, 2007 18:56 UTC (Sun) by beejaybee (guest, #1581) [Link] Ah well, the population could always move en masse to the more liberal regime in North Korea.
Alternatively, get the EU to absorb S Korea and extend the Microsoft anti-trust action.
before we're too tough on South Korea... Posted Jan 29, 2007 0:59 UTC (Mon) by JoeBuck (subscriber, #2330) [Link] It's my understanding that they were forced to do their own implementation because, at the time they started doing on-line transactions in a big way, the US was forbidding the export of 128-bit SSL; you could only export 40-bit, which can be brute-force attacked and was unacceptable to the banks.
|
|
||||||||||||