Crossdomain woes

I have an http app that is making a webservice call via https
to a remote server. I have (i think) defined the appropriate
domains and ports in the crossdomain.xml place at apache's web
server root. I get an error that says "security error accessing url
destination: defaultHTTPS". Is there something i can set in the
app's crossdomain or the web server host's cross domain to make
this message go away - or can a http app not make https web service
calls? thanks - dumb down your answer please - newbie here. p.s. -
the error started with flash update 9.0.124.

Ya, but that only works if you are using
http://api.search.yahoo.com/crossdomain.xml
for searching yahoo. I am not. I am actually getting the weather,
which is a different domain (
http://xml.weather.yahoo.com/forecastrss)
so, I have to create the hack. ;)

Similar Messages

Multiple plugtmp-1 plugtmp-2 etc. in local\temp folder stay , crossdomain.xml and other files containing visited websitenames created while private browsing

OS = Windows 7
When I visit a site like youtube whith private browsing enabled and with the add-on named "shockwave flash" in firefox add-on list installed and activate the flashplayer by going to a video the following files are created in the folder C:\Users\MyUserName\AppData\Local\Temp\plugtmp-1
plugin-crossdomain.xml
plugin-strings-nl_NL-vflLqJ7vu.xlb
The contents of plugin-crossdomain contain both the "youtube.com" adress as "s.ytimg.com" and is as follows:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
-<cross-domain-policy> <allow-access-from domain="s.ytimg.com"/> <allow-access-from domain="*.youtube.com"/> </cross-domain-policy>
The contents of the other file I will spare you cause I think those are less common when I visit other sites but I certainly don't trust the file. The crossdomain.xml I see when I visit most other flashpayer sites as well.
I've also noticed multiple plugin-crossdomain-1.xml and onwards in numbers, I just clicked a youtube video to test, got 6 of them in my temp plus a file named "plugin-read2" (no more NL file cause I changed my country, don't know how youtube knows where I'm from, but that's another subject, don't like that either). I just noticed one with a different code:
<?xml version="1.0"?>
-<cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
So I guess this one comprimises my browsing history a bit less since it doesn't contain a webadress. If these files are even meant to be deposited in my local\temp folder. The bigger problem occurs when they stay there even after using private browsing, after clearing history, after clearing internet temporary files, cache, whatever you can think of. Which they do in my case, got more than 50 plugtmp-# folders in the previous mentioned local\temp folder containing all website names I visited in the last months. There are a variety of files in them, mostly ASP and XML, some just say file. I have yet to witness such a duplicate folder creation since I started checking my temp (perhaps when firefox crashes? I'd say I've had about 50 crashes in recent months).
I started checking my temp because of the following Microsoft Security Essential warnings I received on 23-4-12:
Exploit:Java/CVE-2010-0840.HE
containerfile:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp
file:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp->pong/reversi.class
and...
Exploit:Java/CVE-2008-5353.ZT
containerfile:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp
file:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp->Testability.class
Microsoft Security Essentials informed me that these files were quarantained and deleted but when going to my temp file they were still there, I deleted them manually and began the great quest of finding out what the multiple gigabytes of other files and folders were doing in that temp folder and not being deleted with the usual clearing options within firefox (and IE).
Note that I have set my adobe flasplayer settings to the most private intense I could think of while doing these tests (don't allow data storage for all websites, disable peer-to peer stuff, don't remember exactly anymore, etc.). I found it highly suspicious that i needed to change these settings online on an adobe website, is that correct? When right-clicking a video only limited privacy options are available which is why I tried the website thing.
After the inital discovery of the java exploit (which was discovered by MSE shortly after I installed and started my first scan with Malwarebytes, which in turn made me suspicious whether I had even downloaded the right malwarebytes, but no indication in the filename if I google it). Malwarebytes found nothing, MSE found nothing after it said it removed the files, yet it didn't remove them, manually scanning these jar_cache files with both malwarevytes and MSE resulted in nothing. Just to be sure, I deleted them anyways like I said earlier. No new jar_cache files have been created, no exploits detected since then. CCleaner has cleaned most of my temp folder, I did the rest, am blocking all cookies (except for now shortly), noscript add-on has been running a while on my firefox (V 3.6.26) to block most javascripts except from sites like youtube. I've had almost the same problem using similar manual solutions a couple of months ago, and a couple of months before that (clearing all the multiple tmp folders, removing or renaming jar_cache manually, running various antmalware software, full scan not finding a thing afterwards, installing extra add-ons to increase my security, this time it's BetterPrivacy which I found through a mozilla firefox https connection, I hope, which showed me nicely how adobe flash was still storing LSO's even after setting all storage settings to 0 kb and such on the adobe website, enabling private browsing in firefox crushed those little trolls, but still plugtmp trolls are being created, help me crush them please, they confuse me when I'm looking for a real threat but I still want to use flash, IE doesn't need those folders and files, or does it store them somewhere else?).
I'm sorry for the long story and many questions, hope it doesn't scare you away from helping me fight this. I suspect it's people wanting to belong to the hackergroup Anonymous who are doing this to my system and repeating their tricks (or the virus is still there, but I've done many antivirus scans with different programs so no need to suggest that option to me, they don't find it or I run into it after a while again, so far, have not seen jar_cache show up). Obviously, you may focus on the questions pertaining firefox and plugtmp folders, but if you can help me with any information regarding those exploits I would be extremely grateful, I've read alot but there isn't much specific information for checking where it comes from when all the anti-virus scanners don't detect anything anymore and don't block it incoming. I also have downloaded and installed process monitor but it crashes when I try to run it. The first time I tried to run it it lasted the longest, now it crashes after a few seconds, I just saw the number of events run up to almost a million and lots of cpu usage. When it crashed everything returned back to normal, or at least that's what I'm supposed to think I guess. I'll follow up on that one on their forum, but you can tell me if the program is ligit or not (it has a microsoft digital signature, or the name micosoft is used in that signature).

update:
I haven't upgraded my firefox yet because of a "TVU Web Player" plugin that isn't supported in the new firefox and I'm using it occasionally, couldn't find an upgrade for it. Most of my other plugins are upgraded in the green (according to mozilla websitechecker):
Java(TM) Platform SE 6 U31 (green)
Shockwave for Director (green - from Adobe I think)
Shockwave Flash (green - why do I even need 2 of these adobe add-ons? can I remove one? I removed everything else i could find except the reader i think, I found AdobeARM and Adobe Acrobat several versions, very confusing with names constantly switching around)
Java Deployment Toolkit 6.0.310.5 (green, grrr, again a second java, why do they do this stuff, to annoy people who are plagued with java and flash exploits? make it more complicating?)
Adobe Acrobat (green, great, it's still there, well I guess this is the reader then)
TVU Web Player for FireFox (grey - mentioned it already)
Silverlight Plug-In (yellow - hardly use it, I think, unless it's automatic without my knowing, perhaps I watched one stream with it once, I'd like to remove it, but just in case I need it, don't remember why I didn't update, perhaps a conflict, perhaps because I don't use it, or it didn't report a threat like java and doesn't create unwantend and history compromising temp files)
Google Update (grey - can I remove? what will i lose? don't remember installing it, and if I didn't, why didn't firefox block it?)
Veetle TV Core (grey)
Veetle TV Player (grey - using this for watching streams on veetle.com, probably needs the Core, deleted the broadcaster that was there earlier, never chose to install that, can't firefox regulate that when installing different components? or did i just miss that option and assumed I needed when I was installing veetle add-on?)
Well, that's the list i get when checking on your site, when i use my own browseroptions to check add-ons I get a slightly different and longer list including a few I have already turned off (which also doesn't seem very secure to me, what's the point in using your site then for anything other than updates?), here are the differences in MY list:
I can see 2 versions of Java(TM) Platform SE 6 U31, (thanks firefox for not being able to copy-paste this)
one "Classic Java plug-in for Netscape and Mozilla"
the other is "next generation plug-in for Mozilla browsers".
I think I'll just turn off the Netscape and Mozilla one, don't trust it, why would I need 2? There I did it, no crashes, screw java :P
There's also a Mozilla Default plugin listed there, why does firefox list it there without any further information whether I need it or not or whether it really originates from Mozilla firefox? It doesn't even show up when I use your website plugin checker, so is there no easy way by watching this list for me to determin I can skip worrying about it?
There's also some old ones that I recently deactivated still listed like windows live photo gallery, never remember adding that one either or needing it for anything and as usual, right-clicking and "visit homepage" is greyed out, just as it is for the many java crap add-ons I encountered so far.
Doing a quick check, the only homepage I can visit is the veetle one. The rest are greyed out. I also have several "Java Console" in my extentions tab, I deactivated all but the one with the highest number. Still no Java Console visible though, even after going to start/search "java", clicking java file and changing the settings there to "show" console instead of "hide" (can't remember exact details).
There's some other extentions from noscript, TVU webplayer again, ADblock Plus and now also BetterPrivacy (sidenote, a default.LSO remains after cleanup correct? How do I know that one isn't doing anything nasty if it's code has been changed or is being changed? To prevent other LSO's I need to use both private browsing and change all kinds of restrictions online for adobe flashplayer, can anyone say absurd!!! if you think you're infected and want to improve your security? Sorry that rant was against Adobe, but it's really against Anonymous, no offense).

Continual Mac woes (no question, just a rant)

It's Tuesday, and I am having terrible problems with my Mac. But then, why should Tuesday be different from any other day of the week.
Here is a typical day for me. The computer appears to be working OK. I need to watch a DVD for my work. I turn on DVD player, and put one in. The machine can't read the disc. It clicks and whirls, but the icon does not show up on the desktop. Meanwhile, so distressed is the machine that it freaks out. What was up until now was a fluidly operating machine suddenly reverts back to its old ways (i.e., its ways of two days ago). The hold ups and spinning pinwheels begin to eat of hours of my work day. (Remember the old days when computers made life easier?) The machine becomes sticky, gummy. Oh, I can move the curser and it seems to work for a second but then gets stuck in the dock, which explodes in icons and then freezes for five minutes. Yes. Five minutes.
Would love to use Force Quit, but the cursor is spinning, and nothing is responding. Funny about that old Mac. You can't force quit Force Quit. I guess I need to leave it open all the time.
Of course, FQ usually works on Safari. I have never just "quit" Safari. It always requires Force Quit, otherwise I can't turn off my computer. It stalls shut down.
Now I have a DVD trapped in there and can't get it out. [But I just got an answer from another posting.]
In the old macs, there used to be a pin hole you could stick a needle into ... can't find one on my flatpanel iMac.
I bought my Apple flat panel iMac in August of 2002. Yes, I know that that is a long time to have a computer, but I am not rich nor attached to a corporation that can splurge on computers. The first weekend I had the machine, I had three kernal panics.
Among the other problems I have documented are the following: the dock hiding itself unbidden and other features checking and unchecking themselves (Aug 2002); bus errors connected with OS 9 (Sept); some problems that inspired the tech person (Eric)) to talk me through deleting my user i.d., resulting in the loss of two months worth of e-mail (Thursday, 12 September); Preview problems (September); a bizarre box with an unmovable and undeletable red stop sign in it that no tech person or other Mac user I know had ever hear of (Monday 30 September); printing problems; computer won't shut down, numerous disconnection errors, which turned out to be caused by an OS X update (beginning December, 2002, or later); Kernel panics (Feb); computer won't shut down (March); Faxstexx problems, program won't allow me to set it up, finally just deleted the software (April); keys like "V" freeze and repeat endlessly (May 21); DVD Player freezes (May); Safari and Mail begin quitting unexpectedly (May); cursor begins to blink and fade out, plus odd sounds come out of the speakers, a constant error beeping (Sept 9); DVD Player problems (Oct 4).
I called AppleCare while I had it about once a week (the total between August 2002 and the time it ran out was about 155 calls). Naturally, some of these calls are motivated by user error. On the other hand, many of the issues I have called about were unprecedented as far as the Tech person was concerned, such as the blinking mouse, the red stop sign, and the DVD Player woes.
Things improved with Panther, but in Tiger many of the same old issues have returned.
I have been having so many problems with my Mac that I once wrote a letter to the company asking when do I qualify for a new replacement machine. I never received an answer, but I felt better for about a day. Then I turned on my Mac again.

The spinning ball of death as we used to call it is often caused by a lack of RAM, it is hard to be sure as I am not working on your machine, but sometimes things can be improved with additional RAM, it makes it seem like a whole new computer.
A lot of your problems sound like stuff that can be fixed easily enough, and although frustrating things happen here and there with updates. It sounds like you are in fairly good spirits with it all, I would suggest just researching a bit more into maintenance you can do to help maintain the computer and educate yourself a bit more (sounds like you already have learned quite a bit along the way) and you will find a lot of these issues take you a few seconds to rid yourself of. I would start by making sure you are repairing permissions regularly and running the most up to date software. If a lot of problems persist, try creating a second user that is a "test" user to see if the problem is replicated on that user (don't delete your other one, but if you do find the problem not on the other user, you might have a corrupt user, however you don't have to lose all your emails there are plenty of ways to back it up and import it in, or even just bring the entire Mail folder from your library over to the new user). Another thing you can do if you find a lot of system problems is archive and install the OS, it takes a bit of time, but doing it overnight shouldn't be an issue, and you won't lose any of your stuff.

ICal woes - any help please

Hi everyone, I am having some major iCal woes that I hope someone has the answer to.
Ok this is how I handle my workflow. I have numerous calendars such as "call", "viewing", "meeting", "work misc", "personal" etc. All colour coded and I use the month view as standard.
Under SL I would double click the day I add an event go through the boxes (name, location, time, etc) click save and job done.
Now under Lion when I double click a day I get an event box but only the header. So I have to type the header hit return then double click on the event again to get the box up so I can assign the event the right time and calendar to use. This is taking twice as long as it did before under SL and is a pain when you have a client on the phone. Am I missing something here? Why is it now so hard? - and I have tried that quick entry business but it doesn't work for me, I simply want the whole calendar entry box when I double click in month view.
Next problem is all new events go in as a all day event. Again another click I didn't need to do in SL. Then untick all day and enter a time LionCal doesn't set the end time 1 hour later anymore it sets it hours later for me, sometimes into the next day so I have to click into the date box and type the end date, again a massive slow down in my workflow.
Finally and most annoyingly in month view I cannot for the life of me get a 12 hour clock with AM/PM. I checked my international page in sys prefs and all is ok but LionCal is not playing ball.
Any help would be appreciated as I love iCal and run my life with it over MobileMe.

If you want to Commit changes at every record level in a Multi-Record Block, you may have to write the following triggers at the block level :-
1) Key-Down
2) Key-Up
3) You will also have to handle Mouse Events
i.e When-Mosue-Click etc
In each of these triggers, issue a commit statement :-
i.e.
Trigger Name :- KEY-DOWN [ Defined at Block Level ]
Trigger Code
Commit_Form;
Next_Record;
The Commit_Form statement will display a message for the user to COMMIT transaction to the DB.
Shailender

Airport express "G" - My woes and some thoughts. . .

I got the airport about this time last year. it worked great and i loved it. In December 2007 I moved to an apartment. I got the local cable co's internet, ran it to my ax and all was well. 6 weeks ago, due to our wonderful economy, i had the cable shut off as I talked to one of my neighbors who has wireless internet running unprotected (no password)..i asked him if i could leech for a bit till i got things sorted. he said cool and all was.....hmmm. SO in my airport menu i select his network and my internet works, sometimes drops then comes right back but no biggie. I reset my ax to just do airtunes and join his network, it restarted and voila, airtunes. problem is that in the last month i get a lot more drop outs and if i go more than 2 days with out streaming by ax disappears and i have to do a hard reset to get it to show up in the utility. The light is green but nothing...sometimes the amber light blinks and it never come on line at all....grrrrrr.
could all my newfound ax woes be due to the fact i am adding it to his network? i had no issues at all when i created my own one with my internet and airtunes.....
anyone?
EDIT: let me ask this then...when i am streaming music from my mbp to the ax, am i doint it dorectly or am i using his network? If I am sending music from my MBP to the ax via his network then that would basically answer all my questions, if the mbp goes direct then I have no clue....
edits as i am brainstorming

EDIT: let me ask this then...when i am streaming music from my mbp to the ax, am i doint it dorectly or am i using his network?
It goes from your MacBook Pro to his wireless base station... then from his base station to the AX. So it depends on the performance of his base station and network.

#2170 error calling a webservice from Xcelsius having crossdomain.xml

Hello together,
we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
2.) Did we miss any other stuff during our try/fail-operations?
Many thanks in advance for your hints.
Steffen

Hi Rajat,
This is how the default trace looks
FATAL: Application Servlet failed to notify devices.
Caught java.rmi.RemoteException: Service call exception; nested exception is:
     com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
     at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
     ... 2 more
java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:779)
     at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
Rgds
Shashank

Hp Warranty Woes & Hard Drive Heartache

HP – Warranties Woes & Hard Drive Headaches.
Dear Internet Community (I.C)
I need your help.
I would like to know if I’m being unreasonable in my expectations or is Hewlett Packard (HP) not living up to its both moral & legal obligations as a good corporate citizen & what it alleges to be – a Customer Focused Global Computer Services company.
Apologies if this is a little long winded but in the interests of fairness I need to put as many HP comments in as possible – to give you a clear picture.
So bear with me, you will not be disappointed & there are a couple of questions you might like to answer & feedback to the appropriate parties.
Keep in mind at all times we are talking about approximately a $200 (NZD) fix – less than the lost profit on one lost sale for an HP PC ( you might think twice about HP products after reading this).
There are two parts to this problem :
Part 1 :
I purchased an HP Touch Smart a few years ago, I registered the product & warranty with them & over the years have received have received numerous emails stating “buy this, upgrade now”.
But I don’t recall ever receiving an “WARNING – Critical Failure Issue (CFI) apply attached patch immediately” email while under warranty. Why is this relevant?
Ø Seagate makes Hard Drives – in this case a Barracuda 7200.11
Ø HP buys said HD’s from Seagate
Ø Seagate finds a problem with firmware in HD’s & advises HP & supplies a fix
Ø HP knows which Customers have these HD’s, because you know what goes into your machines – right ? - see below
Ø HP FAILS to send email to Customers with the fix (a simple email with attachment would solve problem) or issue recall.
Ø HP even offers previously to fix problem FOC & puts fix on its Website - but only if the Customer knows somehow of the problem.
Ø Should the Customer intuitively& telepathically know of problems in HP Products in advance before it fails, because of course HP is not telling their Customers.
Problem or Outcome: My HD has bricked itself & will not operate as I never received notice of the firmware fix at any time either in or out of warranty.
Paul Boshoff - G M -Personal Systems Group- HP NZ (PB- GMPSG) says
“It would be very difficult, if not impossible, for any computer vendor to proactively notify it’s customers of component-level updates”
“Failures of the kind you’ve experienced are usually related to a specific batch of serial numbers and often those component serial numbers aren’t available when the user is registering that particular computer.”
Now let me know if you think I’m wrong, but it sounds like HP does not know what goes into its machines or at the very minimum does not keep track of this.
HP, a Global Computer Services company cannot possibly be expected to track what goes into its machines. HP apparently does not record or match the serial number of the HD with the machine it goes into.
If Ford & Toyota can track & record what tyres go on which make & model of their cars which are in the millions each year & can recall cars dating back 8-10 years just case of a manufacturers component malfunction why can’t HP link & record the HD details.
I can just hear it now “I’m sorry we don’t know which engine we put in your car”.
And let’s be real clear here – we are not talking about some small screw at the back of a PC – Along with the CPU & the RAM, the Hard Drive is pretty much up there in the top 3 of important components of any computer.
I.C – Do you feel
ü That fills you with confidence in HP products & services ?
ü Should HP be required to tell its customer of CFI’s with its products – particularly while under warranty?
ü Has HP tried to limit their liability & cost by directly NOT telling Customers of CFI’s while under warranty?
Part 2 :
When your HD bricks itself – apparently all is not lost – some very clever person has found a solution so you can get the HD going long enough to apply the firmware fix & then your HD is a good as new – Here is the link that spells it out with pics http://www.overclock.net/t/457286/seagate-bricked-firmware-drive-fix-with-pics)
You’ll see the relevance of this shortly.
After much messing about I received the following email from PB- GMPSG : “I have escalated your issue and have just received the go-ahead to repair your unit at our cost. We will be utilizing our own, authorized service provider to re-install the original hard-drive and to run the software fix on that unit.” (This guy most likely earns a six figure salary & isn’t able to sign off $200 fix).
NOTE : it does not limit or restrict what type of fixes will be used & also at this time HP was aware of both the Seagate fix & above fix.
I delivered the PC & bricked HD into the HP Authorised Repair Centre (ARC) as requested –their ticket instructions read “do firmware update…HP to incur costs. NO COST to customer”.
Obviously it’s not rocket science but you need the HD going before you can apply any firmware fix including this one – HP knew that to get the HD going they would need a special fix to enable them to apply the Seagate fix.
After all this is not an isolated case & I did point out to HP that they would need the fix I supplied (or something similar HP approved or designed if that made them more comfortable) prior to their offer of fixing the HD.
HP said their ARC’s had all the right software for fixing their machines. In addition I have been told on several occasions, the ARC’s are the bee’s knees, the cat pajamas, the whiz kids of the PC service world “The first port of call for the repair centre agent is to download all the latest service advisory notices and updates. This is a very fundamental part of the repair process and one that we spend a great deal of time emphasizing with our authorised repair centres” Keep this in mind.
A week later I received a call from Peter Gasporaratos, HP CS Melbourne (poor guy – caught in the middle) & stated “there is nothing else we can do for you”. When I asked if they had applied the fix he said “its not our responsibility.. its not part of our guidelines.. the ARC does not practice unauthorised methods..& this ARC will not go down this path”
Ironically the day before, Barry from the ARC said “we can attempt it, but we will charge you too”. So HP’s own ARC will do it, but there will be a cost – but hang on a minute, didn’t PB- GMPSG say “to repair your unit at our cost. We will be utilizing our own, authorized service provider to re-install the original hard-drive and to run the software fix on that unit” & HP CS put on the instructions “HP to incur costs. NO COST to customer”.
I.C – Do you feel
ü HP have said they will fix it at NO COST to me, regardless of what the fix entails ?
ü Should HP honour this commitment ?
ü Would you do business with a company that says one thing & does another & does not honour its commitment ?
ü That given the bricking fault did not need to happen if HP had been proactive in letting their customers know of the firmware issue & this is not an isolated case– shouldn’t they then be responsible in finding or developing a fix for getting the HD going long enough to apply the firmware fix if they are not going to use other recognised fixes.
Abstract
So that’s it – what do you think I.C. ?
Would you want HP computers & servers controlling the Traffic Lights, Air Traffic Control, Patient records & Medications at Hospitals knowing that HP will not tell these organisations that there is CFI with their products & they could suddenly lose everything. All dead while they try to find a back up computer with all the data – god forbid if President Obama’s “football” is powered by an HP – Nuclear War before we know it.
But seriously – I would love your feedback – Am I being unreasonable in asking them to honour their commitment for a $200 fix ?
And of course HP being a Customer Focused Global Computer Services company, would welcome your feedback.
Here are a couple of the players contact details who would love to hear from you :
ü Keith Watson – CEO –HP NZ -I initially contacted him & he thanked me for bringing it to his attention, then nothing.
Email : [email protected]
ü Paul Boshoff - G M -Personal Systems Group- HP NZ – well of course you now know who he is now – he would love feedback.
Email : [email protected]
ü Jessica Rangi – She’s the Spokes person/PR/Marketing for HP NZ & has just help launch HP new PC range in NZ – She would love your feedback as it might impact on her marketing & she is quoted as having helped out in warranty situations before & has worked at HP head office.
Email : [email protected]
ü Meg Whitman - President and Chief Executive Officer of HP Global
Email : [email protected]
They would all like to hear from you J
I.C
J Thanks for being patience & reading through to the end – now it’s up to you
L buy HP Products & Services or not.
L Do HP deserve your hard earned money if you now believe they aren’t going tell you about problems with their Product & Services.
Be kind to one another & take care.
Regards
Smithie
P.S - I sent this blog to HP for fact & quote checking prior to uploading (I gave them over a week to reply) – the silence was deafening from HP.

When requesting assistance, please provide the complete model name and product number of the HP computer in question. HP/Compaq makes thousands of models of computers. Without this information it may be difficult or impossible to assist you in resolving your issue.
The above requested information can be found on the bottom of your computer or inside the battery compartment. Please do not include your serial number. Please enter the model/product information into HP's Online Consumer Support page and post it here for our review.
I doubt the hard drive would be covered by buying an extended warranty after the fact. There is also no reason to buy a new hard drive from HP. Almost any 2.5" hard drive on the market will work in your computer. You will need your personal HP Recovery Disc set to return the computer to a factory like state. If you didn't create these discs, you will need to order a set.
If you have any further questions, please don't hesitate to ask.
Please click the white KUDOS star to show your appreciation
Frank
{------------ Please click the "White Kudos" Thumbs Up to say THANKS for helping.
Please click the "Accept As Solution" on my post, if my assistance has solved your issue. ------------V
This is a user supported forum. I am a volunteer and I don't work for HP.
HP 15t-j100 (on loan from HP)
HP 13 Split x2 (on loan from HP)
HP Slate8 Pro (on loan from HP)
HP a1632x - Windows 7, 4GB RAM, AMD Radeon HD 6450
HP p6130y - Windows 7, 8GB RAM, AMD Radeon HD 6450
HP p6320y - Windows 7, 8GB RAM, NVIDIA GT 240
HP p7-1026 - Windows 7, 6GB RAM, AMD Radeon HD 6450
HP p6787c - Windows 7, 8GB RAM, NVIDIA GT 240

ScrollRect via crossdomain = NOGO!??

Hi i'm having problems setting scrollRect from a function in MovieA.swf to a movieclip in MovieB.swf. the SWFs are located on different domains.
Both files has the
Code:
System.security.allowDomain("*")
in top of first frame.
I've made a "sketch" of what i'm doing.
In MovieB, i have function/class:
Code:
var theApp = function(args:Object){
     import flash.geom.Rectangle;
     var oo:Object = this
     oo.applyScrollRect = function(){
          args.container.scrollRect = new Rectangle(0, 0, 200, 40)
This works within MovieB, i can do
Code:
var myAppInstance = new theApp({container:someMc})
myAppInstance.applyScrollRect()
Works fine..
Now, if i load MovieB into MovieA.swf, and then create an instance after its loaded, then it doesent work.
Code:
$scope = this
myApp = new loader_mc.theApp({container:$scope.box_mc2})
     myApp.applyScrollRect()
//I can create the instance allright, but i cannot apply scrollRect
I wan't to do it this way!!!.. but i guess it's not possible.
NOTE: if MovieB is gets loaded from SAME domain, then everything works!, so clearly, this only breaks when SWF's are in different domains. So apparently, SOME things you simply CAN NOT DO crossdomain.. no matter what security settings you apply. Is that right?..i think its crap!
EDIT: I attached a even more simplified example.. if you'd like to test, then upload theese two swfs on different domains, and make MovieA.swf load MovieB.swf..

Hi i'm having problems setting scrollRect from a function in MovieA.swf to a movieclip in MovieB.swf. the SWFs are located on different domains.
Both files has the
Code:
System.security.allowDomain("*")
in top of first frame.
I've made a "sketch" of what i'm doing.
In MovieB, i have function/class:
Code:
var theApp = function(args:Object){
     import flash.geom.Rectangle;
     var oo:Object = this
     oo.applyScrollRect = function(){
          args.container.scrollRect = new Rectangle(0, 0, 200, 40)
This works within MovieB, i can do
Code:
var myAppInstance = new theApp({container:someMc})
myAppInstance.applyScrollRect()
Works fine..
Now, if i load MovieB into MovieA.swf, and then create an instance after its loaded, then it doesent work.
Code:
$scope = this
myApp = new loader_mc.theApp({container:$scope.box_mc2})
     myApp.applyScrollRect()
//I can create the instance allright, but i cannot apply scrollRect
I wan't to do it this way!!!.. but i guess it's not possible.
NOTE: if MovieB is gets loaded from SAME domain, then everything works!, so clearly, this only breaks when SWF's are in different domains. So apparently, SOME things you simply CAN NOT DO crossdomain.. no matter what security settings you apply. Is that right?..i think its crap!
EDIT: I attached a even more simplified example.. if you'd like to test, then upload theese two swfs on different domains, and make MovieA.swf load MovieB.swf..

[CS4] Crossdomain security settings when exporting to SWF

I'm using CS4 (and CS4 server) to export single pages to SWF files, then I need to embed those SWF to a parent SWF binary (written with Flex) and publish them on a web server.
Everything works fine as long as both the parent and children SWF share the same domain and subdomain names.
But if I want different domain names for parent and children files, I have to face the standard Flash security rules ("embedded SWF files can be accessed only if they have specific security settings").
Using crossdomain XML files doesn't change anything, so what I need is to change the security settings directly inside the SWF generated by InDesign to allow him to be loaded by another SWF located on a different domain.
Is there a way (by scripting InDesign) to change my SWF security settings ?
I couldn't find nothing related to this subject in InDesign Object Model.

To be more precise : what I need is an InDesign SWF file with System.security.allowDomain set to '*'

IOError in IE but not in Firefox (possible crossdomain.xml problem)

Yesterday, I hopefully debugged a problem that is occuring for our application in IE but not in Firefox.
It has to do with accessing remote content from a separate domain.
In every aspect it APPEARS to be a crossdomain.xml issue but the fact that this issue only arrises in IE is what has prompted me to post here.
We have a solution in the works (bureaucratically speaking) but I want to double check here.
Our application is on domain "a.domain".
It access an xml file on "b.domain/xml/".
And finally (this is the tricky part) it also accesses an xml file at "b.domain/forwardingPath/" which is actually forwarded to "c.domain/xml/".
The crossdomain.xml is located at "b.domain/crossdomain.xml".
The request for "b.domain/xml/anXMLFile.xml" works without any problem.
The request for "b.domain/forwardingPath/anotherXMLFile.xml" succeeds in Firefox but not in IE (remember, the ACTUAL request is forwarded to "c.domain/xml/anotherXMLFile.xml").
In IE I get an IOError.
I believe we need an appropriate crossdomain.xml file also located at "c.domain/crossdomain.xml" and have put in that request. What I want to confirm is whether this understanding is correct. I am not a server-side person at all. It's all elves and fairies to me. And then finally, why the hell is this behavior inconsistent between IE and Firefox? Is the Firefox version of flash player violating its own security standards?!
I am cross-posting this at stack overflow. http://stackoverflow.com/questions/7395931/ioerror-in-ie-but-not-in-firefox-possible-cross domain-xml-problem

I've pinged our developers about this and here's what they have to say:
"We did some work for the plugin around redirects andhence the correct behavior on Firefox.
AFAIK, on IE we don't get notified of the redirect and can't participate in making security decisions during redirect scenarios. This behavior is out of our control.
There is a workaround documented in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html#checkPolicyFile
Here is the pertinent paragraph:
Be careful with checkPolicyFile if you are downloading anobject from a URL that may use server-side HTTP redirects. Policy files arealways retrieved from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of HTTPredirects, then the initially downloaded policy files might not be applicableto the object's final URL, which is the URL that matters in security decisions.If you find yourself in this situation, you can examine the value ofLoaderInfo.url after you have received a ProgressEvent.PROGRESS orEvent.COMPLETE event, which tells you the object's final URL. Then call theSecurity.loadPolicyFile() method with a policy file URL based on the object'sfinal URL. Then poll the value of LoaderInfo.childAllowsParent until it becomes true."
Chris

Security Error in accessing Web service from Flex.Where to put crossdomain.xml in axis container?

Hi guys.
Typically webservices are invoked across domains. Flash has defined certain policies which prevent crossdomain access. The only way to bypass this security feature is to put a crossdomain.xml file within the server root of the webservice provider i.e. in our case at http://abc.com. A sample example of crossdomain.xml is as below:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
     <site-control permitted-cross-domain-policies="all" />
     <allow-access-from domain="*" secure="false"/>
     <allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
If the crossdomain.xml is not added the developer will get “Security Error accessing URL” type of messages.
The above mentioned information should be enough for you to get your flex based WebService client up and running.
We are using axis2 to build webservices. We deployed the webservices under axis2 container under repository/srvices folder . But in Flex when we try to call the webservices we were getting the exception saying security error in accessing url. The solution is we need to put the crossdomain.xml o that it is loaded at runtime and allow us to access. In tomcat if we put the file under ROOT directory we could accss the file and we were able to access the webservices deployed under Tomcat. But I googled for Axis2 container and couldnt find any solution.
Please post the reply if anyone knows the solution to it.
Thanks
Raja

Hi. So, I did take a quick look at the Axis2 standalone server and didn't see any way to server up a file such as crossdomain.xml. It seems like it might be a useful enhancement to have the ability to serve up files even if this functionality was very simple/limited and nothing like a full blown http server.
I'd log an enhancement request against axis2 if this is something you'd like to have.
http://issues.apache.org/jira/browse/AXIS2
-Alex

Where to place crossdomain.xml in SAP ECC IDES?

Hi,
I have a flex application which uses webservices generated in SAP IDES system. This flex app is stored in portal server. Since the physical servers are involved, I get a security error message, which says, "Security error accessing url". I browsed through the net and found that, we have to place a crossdomain.xml file in the web root folder of the server from where we are fetching the data. In my case, it would be SAP IDES system.
I wanted to know where do I place this xml file in IDES? What would be it's location and how can I generate a URL to access this xml file?
Please let me know about this, if anyone has done this before.
Appreciate your help.
Thank you,
Warm regards,
Deepak

Hi Durairaj,
As mentioned in that thread, I created a BSP application in the server and loaded crossdomain.xml. It was accessible from the browser too.
This is the xml code which is there in crossdomain:
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
But this did not solve my purpose
I have my flex application in a server, servera.abc.com and I am using the webservices of another server, serverb.abc.com
I uploaded the crossdomain.xml in serverb.abc.com, in the following path through a BSP application:
http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml
But I still get the 'security accessing url' message in flex. It doesn't load the wsdl.
I'm also using this piece of code in initialize event of the application in flex:
                       private function initSecurity():void{
                    Security.allowDomain("*");
                    Security.loadPolicyFile("http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml");
                    Alert.show("crossdomain xml loaded....");
Where am I going wrong here?

AS2 Crossdomain.xml and sendAndLoad

I have a flash form with input text fields. I am sending the data to a 3rd party server. I can send the information via getURL but I want to send the data without opening a browser window so I am utilizing sendAndLoad. It works great locally but not through a browser (tested in IE and Firefox). I have verified that all the variables and urls are in the correct case, I have tried both Post and Get, I have tried network and local... Ugh! I am losing my hair on this one please help asap!!!
Here is the file - click on the second image...
http://www.axonmediagroup.com/adimag...directbuy.html
Here is the code...
on (release) {
if (first_name.text.length == 0) {
error.text = "** First Name Required **";
} else if (last_name.text.length == 0) {
error.text = "** Last Name Required **";
} else if (address1.text.length == 0) {
error.text = "** Address Required **";
} else if (city.text.length == 0) {
error.text = "** City Required **";
} else if (state1.value == "") {
error.text = "** State Required **";
} else if (postal_code.text.length == 0) {
error.text = "** Zip Required **";
} else if (phone_home.text.length == 0) {
error.text = "** Phone Required **";
} else if (email.text.length == 0) {
error.text = "** Email Required **";
} else {
System.security.loadPolicyFile('https://app.leadconduit.com/crossdomain.xml');
var myloadVars:LoadVars = new LoadVars();
myloadVars.RName = 'AxonMedia';
myloadVars.AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
myloadVars.ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
myloadVars.SUBID = 1;
myloadVars.xxNodeId = '050l0tjhd';
myloadVars.xxTest = 'true';
myloadVars.Country = 'USA';
myloadVars.first_name = first_name.text;
myloadVars.last_name = last_name.text;
myloadVars.SpouseName = SpouseName.text;
myloadVars.address1 = address1.text;
myloadVars.city = city.text;
myloadVars.state1 = state1.selectedItem.label;
myloadVars.postal_code = postal_code.text;
myloadVars.phone_home = phone_home.text;
myloadVars.email = email.text;
trace(myloadVars);
myloadVars.sendAndLoad("https://app.leadconduit.com/v2/PostLeadAction?",myloadVars,"POST");
myloadVars.onLoad = function(success:Boolean) {
if (success) {
error.text = "Thank you for contacting us!";
} else {
error.text = "Error connecting to server.";
Here is the code that works via browser...
on (release) {
if (first_name.text.length == 0) {
error.text = "** First Name Required **";
} else if (last_name.text.length == 0) {
error.text = "** Last Name Required **";
} else if (address1.text.length == 0) {
error.text = "** Address Required **";
} else if (city.text.length == 0) {
error.text = "** City Required **";
} else if (state1.value == "") {
error.text = "** State Required **";
} else if (postal_code.text.length == 0) {
error.text = "** Zip Required **";
} else if (phone_home.text.length == 0) {
error.text = "** Phone Required **";
} else if (email.text.length == 0) {
error.text = "** Email Required **";
} else {
System.security.loadPolicyFile('crossdomain.xml');
var RName = 'AxonMedia';
var AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
var ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
var TimeFrame = 0;
var SUBID = 1;
var xxNodeId = '050l0tjha';
var xxTest = 'true';
var Country = 'USA';
var first_name = first_name.text;
var last_name = last_name.text;
var SpouseName = SpouseName.text;
var address1 = address1.text;
var city = city.text;
var state1 = state1.selectedItem.label;
var postal_code = postal_code.text;
var phone_home = phone_home.text;
var email = email.text;
getURL("https://app.leadconduit.com/v2/PostLeadAction?", "_blank", "GET");
error.text = "Thank you for your response!";
}

Sounds like the update for Flash 8 may help.

Crossdomain issue in subfolders

For anyone who is having trouble trying to figure out why
their crossdomain.xml file is not working on FLV files within
subfolders, AS3 does like absolute paths for files inside your
flash player. When using a video component make sure you use
relative paths to the FLV and skins. If you do not, you will be
able to view the files from www.domain.com but not domain.com. If
any one has a better explanation of this feel free, because I am no
Flash expert, but as soon as I changed it to relative paths my
files worked.

Hi
This can be done at the reporting level. Below link will help you solve this.
http://www.wiseowl.co.uk/blog/s257/ssrs-rows-per-page-pt2.htm
When you have multiple pages, your header may disappear. So below link will help you to have the header repeating in each page.
http://social.technet.microsoft.com/wiki/contents/articles/19398.ssrs-how-to-repeat-headers-on-each-page.aspx
Let me know how it goes.
Cheers
[email protected]
Dr.Subramani Paramasivam

Apache proxypass and crossdomain.xml not working

Hi everyone,
I have the following problem. I have set up jboss on a Linux server connecting to local port 8080 (localhost:8080).
I have opened the application on port 80 with Apache ( www.myDomain.com) and set up a virtual host that proxies
this connection to localhost:8080 where jboss is listening.
<VirtualHost *:80>
    DocumentRoot /var/www/nyDomain
    ServerName myDomain.com
    Alias /crossdomain.xml /var/www/html/crossdomain.xml
    # proxy pass to the jboss server
    <IfModule mod_proxy.c>
    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Deny from all
        Allow from all
    </Proxy>
    ProxyPass /Stylect http://127.0.0.1:8081/Stylect
    ProxyPassReverse /Stylect http://127.0.0.1:8081/Stylect
    # ProxyPreserveHost on
    </IfModule>
</VirtualHost>
The crossdomain.xml file is at the root of the server and can be accessed with www.mydomain.com/crossdomain.xml
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I can see in firebug that it's being downloaded when I first request the page - this is the response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Software as a Service Development. </title>
<META name="description" content="Description here"><META name="keywords" content="Saas, fashion design, plm, production, nutrition, food, orders">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://xxx.xxx.xxx.xx/crossdomain.xml" frameborder="0" />
<frame frameborder="0" noresize />
</frameset>



</html>
Yet I still get a 2048 sandbox violation error.
The crossdomain is needed because the proxied request
appears to be coming from the public ip while jboss
is bound to the local host.
If I expose Jboss directly to the web all works well but there
are too many security issues in that setup. Apache as a front is
much better.
The question is: is this the correct response I should be getting
(or should it be directly the xml file) and why is it not working?
How can I fix this?
Any help much appreciated. I'm stuck.
Dahn

Try adding security="false" inside the next line:
<allow-access-from domain="*"/>
so it would look something like
<allow-access-from domain="*" security="false" />
It fixed the problem for me.

Crossdomain woes

Similar Messages

Maybe you are looking for