radiac.net

My Dell arrived with McAfee, but it turns out it's a bit of a pain to uninstall. The standard steps leave it listed under Windows Security Center, saying something along the lines of "McAfee VirusScan reports that it is running". This then causes problems when trying to install other anti-virus software.

So, this is a quick and boring entry for the benefit of Google. Here's how to get rid of McAfee:

1. Uninstall McAfee under Control Panel -> Uninstall a program and reboot
2. Go to service.mcafee.com and follow the instructions for MCRE - download, run and reboot when prompted
3. Run C:\Windows\system32\cmd.exe as administrator
4. Run the following commands:
   1. net stop winmgmt
   2. cd %windir%\system32\wbem
   3. ren repository repository.old
   4. net start winmgmt
5. Reboot

Leela and I disappeared off to Barcelona this week, and had much fun doing the usual touristy things.

We went up and down Las Ramblas several times, took the Bus Turistic (or the "Tourist Bus", for those who aren't all that with the Spanish), saw several buildings by Gaudi (like Casa Mila and Sagrada Familia), went into some modern art museums, visited the science museum, walked through the Barri Gotic, didn't get pick-pocketed or mugged once, and had particularly excellent ice creams at Port Vell. Although they forecast rain, the skies were clear and the sun was out each day - made a nice change to go somewhere and have good weather, and an even nicer change to not get sunburnt.

As ever, there are many photos, which I'll go through and put up here shortly.

So, I had a fun little problem yesterday; a Flash SWF wasn't appearing on an HTTPS page on IE. It was fine on HTTP, and fine in other browsers, but HTTPS just wasn't doing it; the flash plugin was just showing the awesomely helpful "Movie not loaded" message. Cue much confusion, investigation.

Turns out that IE takes the caching headers on HTTPS requests a little too seriously. The following headers were set on the SWF:

Pragma: no-cache
Cache-Control: no-cache

Why does this break it? Well, it's down to how IE and plugins work.

First, IE downloads your HTTPS page and finds the Flash plugin tag, and loads Flash. Flash then figures out which SWF it wants, and tells IE to download it, again, over HTTPS. IE downloads it, checks the header, thinks "Ooh, this is a secure file that shouldn't be cached - better get rid of this quickly" and promptly wipes it from its memory. It then tries to pass the file to Flash.

Spot a problem there? This doesn't just apply to Flash, but apparently any plugin that wants to get files over HTTPS, including PDFs and Office documents. Full details are on the Microsoft site, including the headers to avoid.

Say what you want about Microsoft, but that's some innovative software design right there. Nothing's breaking through that security measure.

The solution? Remove all no-cache headers. If you want to make sure it's still not stored between requests, you need to do it a different way:

Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: private,pre-check=0,post-check=0

The theory being the Expires header catches HTTP 1.0 requests, and the Cache-Control should catch HTTP 1.1, with private being nearly as good as no-cache, in theory at least. Certainly seems to work, although with cache-busting nothing seems certain. If you can suggest any improvements, please leave a comment.