Comodo up to more tricks

People occasionally ask me who they should buy security certificates from. I absolutely will not recommend anyone in particular – even the most honest and honorable Certificate Authorities are inherently swindlers, because the trade itself is pretty much a legalized extortion scheme – but I am willing to say who I don’t recommend – Comodo is the worst CA, hands down. Witness their latest hijinks:

When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.
[Link to Chromodo download elided]
Chromodo is described as “highest levels of speed, security and privacy”, but actually disables all web security. Let me repeat that, they ***disable the same origin policy***…. ?!?..

This certainly isn’t the first time Comodo’s been caught doing things they shouldn’t, but somehow they still control around a third of the world’s certificate issuance. People need to stop giving business to known bad actors, even when it’s unclear whether the actions stem from malice or incompetence.

Firefox annoyance #5: redirect caching

Firefox Annoyances:

1) Sync
2) pocket
3) hello
4) everything else, other than the plug-in API itself, that isn’t a paper-thin shell around gecko
5) 301 redirect caching

To clear the 301 redirect cache for a single page, go to the “View” menu and light up the “History” sidebar (yeah, of course you forgot about that, nobody uses it), find the site you’re working on, right-click and select “forget about this site”.


One of the horrors remaining from the browser wars of the late 90s is Microsoft’s “ActiveX” technology. ActiveX, not DirectX, although maybe the latter needs to die too.

ActiveX in browsers is based on the idea that your computer should be able to download and execute completely random binary images from the Internet without your permission. What a great basic architecture, huh? It was created because Microsoft’s implementations of COM and OLE technologies were so unnecessarily complex and fundamentally user-hostile that nobody sane wanted to use them. Microsoft needed an alternative, one that could be integrated with the web, since they wanted to crush Netscape and take over the Internet. Browser technology was critically important to them and ActiveX was a way to prevent the creation of a level browser playing field based on shared standards.

To give a more generous interpretation of the same events, Microsoft was faced with a desire to provide a richer web experience to their customers and an inability to deliver their vision using existing web standards. ActiveX was an early attempt to work around the inadequacy of HTML, and while it had many issues (security being a big one, and lack of support for non-Intel platforms another) Microsoft has worked continuously and diligently to remediate those issues and support current and former users of their products.

Personally I’m completely happy with either of those interpretations of the events surrounding the birth of ActiveX. Who cares? Those bodies are all buried now… or at least they should be.. NO WAIT. ActiveX is still stinking up the room!

If you use ActiveX in your websites, or allow your browser to execute ActiveX controls, you are part of the problem. Please, I’m begging you, for the love of God, stop it! Just let this hideous thing die, will you?

There’s nothing that ActiveX provides that can’t be provided using current web standards and technologies. You don’t have to keep hurting yourself, and your readership. Just stop already.

Whenever you purchase any software with a web server in it, or sign up for any service that has a web interface, you need to routinely insist that the product you are buying must be useable with any browser, not merely Microsoft Internet Explorer with ActiveX enabled running on 32-bit Microsoft Windows on a x86 chipset. Make the seller put that in writing, so you don’t get stuck supporting ActiveX against your own will. It’s a shame you have to do this – you don’t have to specify in writing that there will be no incontinent rabid monkeys in the back seat when you purchase a car – but it’s necessary. ActiveX must be destroyed.