Hello,
I created a JDXI-ini to configure the BCR-2000. It contains the sysex-mapping for DigitalSynth 1 and 2 and for the AnalogSynth.
The DigitalSynth mappings are further devided in 3 parts. With this file I created 8 setups to use with my BCR-2000 and extended my JDXI to a great machine.
The Waves and the Filter-Types are mapped directly to the 16 buttons.
I took many inspiration from diverse forums and now I want to give back a little bit...
But I didn't find the Upload-Button :-(
Greetings, Foxmike
Hi Foxmike,
Hi Foxmike,
Uploading files is a potential security risk, so registering a new account doesn't automatically give the user the right to upload files: only "trusted" users can.
So whenever someone has registered, I try to ascertain (by looking at the user name, IP address etc.) whether this user is "trustworthy". When I'm satisfied, I then assign the "trusted user" role to the new user.
In other words: you were too quick for me...
But I've now given you the "trusted user" role, so you should see "File upload" and "Create a folder" at the bottom of the "user files" pages.
Apologies for the confusion. (I've now added a warning on the "user files" pages that users need to be "trusted" to be able to upload files.)
By the way: the "trusted user" role also gives the user the right to use smileys in posts, since (believe it or not) smileys are also a kind of security risk [emoticon:smiley]
Mark.
Do they give away too much of
Do they give away too much of a person's emotional state? [emoticon:cheeky]
Haha...
Haha...
No, presumably that would be some kind of security risk to the poster, which I (being the site owner) of course don't care about at all [emoticon:devil]
The actual reason is this:
A smiley in a post at this website is represented by a graphical image (stored at this website), and the underlying code of the smiley in the post refers to this image via a "src" tag.
So "src" tags must be allowed for smileys to be possible.
However, this means that an evil user could include a "src" tag that refers not to a smiley, but to malware anywhere on the web.
So that's why evil users shouldn't be allowed to use smileys, thus shouldn't get "trusted user" status.
Mark.
Aah, thanks for the
Aah, thanks for the explanation, although since the posting dialog allows access to the source code, couldn't any amount of nasty links be made - or is it just that the smileys provide a cover for it? It's really hard to identify evil users when their smileys look so friendly [emoticon:devil]
since the posting dialog
No.
Of course any user can enter any text in the source code editor.
However, when the user then switches back to the "rich text editor" or presses the "Save" button, a sequence of filters runs, (among other things) removing any disallowed HTML tags.
Which filters run depends on the type of user.
For instance, for an "authenticated user", any "src" tags (and many others) are removed.
But even source code created by a "trusted user" loses quite a few "dangerous" tags.
On the other hand, even an "authenticated user" can include standard web links (via the HTML tag "a" followed by the attribute "href").
However, this is not such a security risk, because someone reading a link-containing post in a browser still has to click that link for any "evil" things to happen.
By contrast, a browser treats a "src" tag (e.g. referring to a smiley) as part of the web page itself, so will normally open/run the resource mentioned in the "src" tag immediately, which is a security risk. Though some browsers can be configured not to open (certain) images, e.g. via an add-on like uMatrix.
Hello Mark, many thanks for
Hello Mark, many thanks for your confidence [emoticon:smiley],
foxmike
Mark, thank you for the
Mark, thank you for the explanation. It's complicated, this security stuff, especially when browsers and web standards introduce the security flaws.
Hmm...
Hmm...
I also tried to upload BCR presets for the Waldorf Blofeld ...
but it seems too strange to me ... I have to beg for to give?
So I uploaded it to other sites ... What a pity.
Maybe it's possible to do something like a carantan
then
You can check the files first before releasing them
:
-
(
You registered about a month
When you registered about a month ago, for some reason I wasn't quite convinced that you were not a bot, so I didn't give you the "Trusted User" permissions.
I have now, so you should now be able to upload your presets. (And use smileys in your posts!)
Apologies for my unwarranted distrust...[emoticon:blush]
On the user file download pages I've now added a recommendation that new users drop me a message via the contact form to convince me they're not a bot if they still can't upload files three days after registration. Hopefully this will prevent any further frustration for aspiring uploaders.