Japanese Government Requires Java and Internet Explorer 11 X86 81
Long time reader AmiMoJo writes: Japan has introduced "My Number", a social security number assigned to citizens and used to access government services. Unfortunately, the My Number management web portal requires the Java plug-in. Because this plug-in is deprecated in many browsers, only Internet Explorer 11 (32 bit) and Safari on Mac are supported. The explanation (translated) given for this is that in order to access My Number contactless card readers Java is the only option. Some browsers support IC card access but it seems that it is not mature enough to be viable.
Re: (Score:2)
This is quote normal here in Spain, too. Everybody who needs access to government web sites is forced to use Java for their card reader so they can digitally sign stuff.
(all accountants, etc., are required to do this)
Re: I guess 2017 won't be the year of Linux (Score:4, Informative)
Re: I guess 2017 won't be the year of Linux (Score:4, Insightful)
Mostly because there have been so many security holes found in java plugins that no other browsers even support it any more. Even Oracle doesn't think it's a good idea these days. Fee free to contemplate the irony of using the java plugin for a security application.
Re: (Score:2)
When your expected deployment is measurable in millions, vendors become keenly interested in meeting YOUR requirements.
The point of Oracle (Score:2)
The point of Java is to be cross platform, so I don't understand why it would be limited to IE11 or any browser.
Java was developed by Sun, which was later bought out by Oracle. It turns out Oracle has their own special set of priorities and Java plugin bug fixes was not one of them.
Also, the "point of Java is to be cross platform" thing was just an early PR thing. The point of Java (in practice) was to take C++, remove the "C" and cover any remaining sharp corners with padding.
Why was the contract given to this company? (Score:2)
Whoever gave the contract to the maker of the contactless card reader which only has a Java driver is an idiot and should be fired.
Re: (Score:2)
Re: (Score:2)
So are card readers (that I have seen on old clunky keyboards) sold as part of PC OEM configuration e.g. CPU-Screen-mouse-keyboard in Spain? Or you just add this to your PC like an after market accessory? Please pardon my ignorance
Re: (Score:2)
Re: (Score:2)
Thank you for the response. =)
Re: (Score:2)
Re: (Score:2)
NPAPI is the other option, but that puts you in the exact same boat as Java (though IMHO is still better).
Actually, NPAPI is the common point of failure, because Java in the browser _is_ NPAPI, and the deprecation of it is the reason why the Java plug-in is being discontinued, period.
The Number One signature of incompetence: "My" (Score:1)
There is nothing more indicative of mediocrity than the presence of the Microsoft-popularized* qualifier "My"
----------
* ... or was it popularized by Perl????
Re: (Score:3)
I have a My Number card. It's spelled in Katakana. Literally "Mai Nambaa". There is no translation to English. They literally wanted to use the English phrase "My Number" as the name of the system.
Re: (Score:2)
It seems to be a trope in the Japanese language. People sometimes think that English words used by the Japanese have the same meaning as in English, but it's often not the case. For example "water" generally refers to a flavoured energy drink.
Anyway, "my" in Japanese is used to signify something personal or personalized. Railway modellers talk about "my train", meaning their favourite model that they have improved from stock. In this case, the government also wanted to avoid reminding people of a more autho
Re: (Score:2)
Re:The Number One signature of incompetence: "My" (Score:4, Interesting)
That's exactly what you're supposed to think. It's having the intended effect.
(ie. Making you want to purchase the "professional" version - at twice the price for two extra features that you'll probably never use)
Re: (Score:2)
Re: (Score:2)
Number One, I order you to take a Number Two.
Re: (Score:2)
Re: The JAPS (Score:1)
Re: (Score:2)
Or not, as the case may be....
Broken link (Score:2)
The link is broken it leads to google translate, but it's just an empty translate page.
Re: (Score:1)
I don't get the point of linking translations. Post the damn source, people can run it through a translator if they want.
Japan is a very bureaucratic nation (Score:5, Insightful)
Re: (Score:2)
You kids with your hula-hoops and fax machines.... And who decided on beige for all these new-fangled gadgets? Damn kids...
Re: (Score:2)
Example: Sony. Please, someone put this company out of our misery.
Re:Japan is a very bureaucratic nation (Score:4, Interesting)
Funny, I visit regularly and find that the general level of technology, the pervasiveness of it, is much higher than the UK. Maybe we are even more backwards.
They certainly seem pretty good with computers, anyway. And smart phones.
This is just an issue with incompetent developers and bureaucracy picking the wrong technology a few years ago. Japanese people over on Srad (the new name for Slashdot Japan) seem to agree. Yes, I pilfered the story from there.
Yawn (Score:2, Interesting)
Yawn, IE11 defaults to 32 bit anyway. You get both 32bit and 64bit installs on windows. And many times 64 bit version has many issues especially with compatibility. In fact, many enterprises disable the 64 bit IE entirely.
Kinda like how MS themselves recommend NOT using 64 bit office, but only 32 bit office installs, because it's full of issues that MS doesn't bother to fix.
The x86 IE 11 requirement is a non story.
The java requirement on the other hand...
Re: (Score:3)
I am not so sure that it is flaws in the 64 bit version of the software, I feel that it is actually the same problem that plagues Windows in general: Backward compatibility.
There is an ocean of Office and IE plugins that are 32 bit only. While it is a problem that Microsoft created, it's not exactly their problem to update the vast amount of 3rd party programs which only work with 32 bit versions.
The thing is, 64 bit is all well and good, but even today, there isn't a compelling reason to have 64-bit addres
Re: (Score:2)
It isn't that MS doesn't bother to fix the issues, it is that they cannot fix the issues because no one understands how it is built any longer. It is like a Agile Wet Dream: roll that snowball down the slope of customer features long enough and don't ever redesign its innards and you get Office.
Re: (Score:2)
Smart card access has been broken [chromium.org] in Linux Chrome for seven odd years, and that's *with* native PKCS plugins. Browser support for smartcards is still horrible. No wonder they had to go for java.
waterfox 64 bit works with java! (Score:2)
waterfox 64 bit works with java!
Now supermicro can we get a non java ipmi?
Re: (Score:2)
That is somewhat more useful, but I really wish they would just go with plain old vnc. They're not as bad as the ones that open a random port and signal back to the app. Some of us have to hop through ssh tunnels.
That's why in 2017, I'm still glad linux can be installed using a combination of serial and (sometimes) vnc. At least I can now use the web browser to mount virtual media.
Re:unclear on the concept (Score:5, Interesting)
I worked for years as a contractor developing software for government agencies, and in my experience they're often running software that is years out-of-date. This is a result of government budgets operating in a cash rather than accrual mentality -- i.e. that a penny saved is a penny earned. Taken to the extreme "a penny saved is a penny earned" is false.
Can you make do with a version of software that's EOL? Sure, but it'll cause problems. How can we solve those problems? Well, throw staff time at them. Would that be new hires? No, they're people whose salaries we're already paying. So the view you can minimize the immediate cash outlay by running obsolete software. This would not be reckoned by a private enterprise as a legitimate cost savings, but that's why the IT guys in government have to contend with.
So you have to look at government platform decisions like they were being made 10 years ago. Then allow for the development time for the project and this is how the calculation goes: 2017,minus three years for project development time, minus ten years for government lag time, and this is like a corporate in-house developer choosing applets as a platform in 2004.
Government IT guys run the gamut from incompetent to high competent, just like their private sector counterparts. But if you were to give them a letter grade (ABCDF) you have to deduct one letter grade from their ability to perform to account for the irrational financial incentives they have to deal with.
Re: (Score:2)
Oh, you'd be surprised. I've worked many places th
Re:unclear on the concept (Score:4, Insightful)
Oh, you'd be surprised. I've worked many places that consider employee time to be "free". We can buy a library that will solve problem X or just build it ourselves. The library costs money, but building it ourselves is free! After all, we're paying our programmers anyway!
That's a more complicated question, because it's not just about staff time spending vs. license fees. When you build dependencies on a closed source library into your work that's an act of faith in the vendor's future support policies. Once I had a vendor who raised the distribution fees on downstream licensees from $5/seat to $1000/seat. Oh, and don't forget the vendors who simply abandon products that aren't making money and leave their customers dangling.
Even if you don't buy into the ideology of Free/Libre software, the risk of being tied to a vendor's future goodwill is a sufficient reason never to buy proprietary libraries. If you do buy a proprietary library you need to protect yourself both contractually (if possible) and architecturally.
Now as for using "free" staff time, at the risk of sounding like I'm contradicting myself, intelligent and creative use of slack developer time is one of the most important things you can do for your long-term success. Far from treating slack time as "free", however, I see it as treating slack time as too valuable to squander. You should set aside time to do things purely for extending the capabilities of the team. That might involve reinventing the wheel, if you have good reason to believe you can make a better one.
Same mistake as Korea (Score:5, Insightful)
South Korea mandated the use of an ActiveX control for online payments in the 1990s, which has locked companies and banks there into a deprecated and dangerous technology. Only in the last couple of years has the government there started the process of getting rid of the damn POS system.
Someone please tell the Japanese government that what they are doing is a REALLY bad idea.
Re: (Score:2)
which has locked companies and banks there into a deprecated and dangerous technology
The extent of the dangers and the upcoming depreciation of ActiveX were not known at the time of this implementation. There's another way to see this, in the same light as that crappy broadcast standard called NTSC. The first mover always has the disadvantage of uncertainty and at the time the Koreans made the move they were among the most technologically advanced online banking systems in the world.
The Japanese look like they may have already made this mistake in the past and are already tied into legacy
Re: (Score:2)
ActiveX in the browser has always been an absolutely horrendous idea from a security perspective. Everyone I know of who works in the computer security field thought that ActiveX in the browser was a security hole waiting to be exploited from the start. Choosing ActiveX as a basis for electronic payments was a Really Bad Idea. This was obvious even in 1996.
Re: (Score:2)
works in the computer security field
Check your timeframe. This field was mostly non-existent at the times Korean banks were going online. In some ways ActiveX may have created the field.
Re: (Score:1)
as a side note: MSN Messenger is still alive and kicking (or was just a few years ago) in S. Korea for a very similar reason, It was required for some kind of government interaction... and so S.K. paid MSFT to keep it up and running
Which is sad that the best chat client is a 10 year old version of MSN messenger... (still)
It gained favor in Asian countries over AIM, etc. because it has unicode support earlier than any of the others
Korea's "mistake" (Score:1)
South Korea mandated the use of an ActiveX control for online payments in the 1990s, [...]
No, they mandated a certain level of crypto, which (in 1999) was only possible via a browser plug-in:
In fact, there were two versions of SSL: U.S. edition and international edition. The U.S. edition supported 128-bit secret key whereas the international edition supported 40-bit secret key. The problem is that 40-bit secret key is too weak to use for message encryption.
South Korea needed a better encryption than what the international edition supported, so Korea Internet & Security Agency (KISA) developed 128-bit block cipher called SEED in 1999. The development was necessary since there was a proliferation of personal computers and the internet network during that time all over South Korea. KISA chose ActiveX control to use their secure cipher on Internet Explorer, which was used by the most of internet users in Korea.
* https://medium.com/@yunkee_lee/why-has-south-korea-been-stuck-with-activex-44c773dbf54
* https://en.wikipedia.org/wiki/SEED
It reached a critical mass and so people were stuck with it. Though the regulations weren't officially lifted until a few years ago (once software crypto ITAR was relaxed).
Re: (Score:2)
I am surprised these high tech countries still use stuff like that. :(
Asia and internet tech (Score:1)
A lot of places in Asia seem to be in the prehistoric age when it comes to Internet tech.
Korea has similar issues with a bunch of banking and government sites. I think just in the last year many have fixed it, but my wife has had a f*** of a time because many of those sites required IE6 and ActiveX (for their "security" plugins, ironically). If you're in Korea it's a bit less of an issue because you can just drop by the bank or gov't agency, but it's especially a pain for anyone overseas.
use java web start instead (Score:1)
browser plugin deprecation is a non-issue.
just use java web start instead: https://en.wikipedia.org/wiki/Java_Web_Start
all you have to do is write a tiny .jnlp file and link to.
done.
Windows XP (Score:2)
Re: (Score:2)
But, how do I run Internet Explorer on my Windows XP machine?
Joke fail.
Internet Explorer comes with XP. You didn't specify IE11.
Palemoon (Score:2)
If the problem are the modern browsers that disabled NPAPI plugins then you can use Palemoon, even the x64 build still runs Java.