[Solved?] ...Purchase Porteus?
[Solved?] ...Purchase Porteus?
Salutations...
Stallman's version of commerce...
http://www.gnu.org/philosophy/selling.html
Because of my security concerns, I recently ordered (purchased?) Porteus XFCE from OSDisc for $8.22 (USD) S+H included.
That service does not do derivatives. How much should a "made to order" (payware?) Porteus derivative cost? And where would I buy one?
I would buy one if it had (for example) musl... PekWM... qingy... 5th browser... xfe... memcached... swapspace and ADEOS.
(Some of these are replacements of glibc... openbox... slim... firefox... pcman... and zswap.)
It should be noted... WindozzZ 95 retailed @ about $50 (USD) now WindozzZ currently retails quite a bit north of $200 (USD).
"Best Regards"...
Posted by 73.112.19.112 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Stallman's version of commerce...
http://www.gnu.org/philosophy/selling.html
Because of my security concerns, I recently ordered (purchased?) Porteus XFCE from OSDisc for $8.22 (USD) S+H included.
That service does not do derivatives. How much should a "made to order" (payware?) Porteus derivative cost? And where would I buy one?
I would buy one if it had (for example) musl... PekWM... qingy... 5th browser... xfe... memcached... swapspace and ADEOS.
(Some of these are replacements of glibc... openbox... slim... firefox... pcman... and zswap.)
It should be noted... WindozzZ 95 retailed @ about $50 (USD) now WindozzZ currently retails quite a bit north of $200 (USD).
"Best Regards"...
Posted by 73.112.19.112 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 31 Aug 2016, 06:20, edited 9 times in total.
-
- Full of knowledge
- Posts: 2564
- Joined: 25 Jun 2014, 15:21
- Distribution: 3.2.2 Cinnamon & KDE5
- Location: London
Re: Purchase Porteus?
Would not a pgp signed Porteus allay your concerns?
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
Re: Purchase Porteus?
Salutations...
Signing is highly useful and addresses authentication. However... I'm not concerned about authentication.
I'm concerned about security. Security means many things to many people depending on who you ask.
I retired from the "Loss Prevention" field that I worked in for many years in NYC protecting corporations.
I believe... real security is like an onion or castle comprised of many redundant layers... levels... tactics.
In any case... I'm addressing my concerns regarding this thread that extend beyond security and will begin with the purchase of a custom derivative.
"Best Regards"...
Signing is highly useful and addresses authentication. However... I'm not concerned about authentication.
I'm concerned about security. Security means many things to many people depending on who you ask.
I retired from the "Loss Prevention" field that I worked in for many years in NYC protecting corporations.
I believe... real security is like an onion or castle comprised of many redundant layers... levels... tactics.
In any case... I'm addressing my concerns regarding this thread that extend beyond security and will begin with the purchase of a custom derivative.
"Best Regards"...
Last edited by fullmoonremix on 20 Apr 2016, 19:58, edited 3 times in total.
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: Purchase Porteus?
Why would you not support Porteus and buy it from us?I recently purchased Porteus XFCE from OSDisc
You're concerned about security and you bought Porteus from a third party that could have done anything to the product that we produce. This third party has never asked permission to sell our product.Signing is highly useful and addresses authentication. However... I'm not concerned about authentication. I'm concerned about security.
A custom build of this kind would cost around $150US since it is a total rebuild of porteus and the kernel.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
-
- Full of knowledge
- Posts: 2564
- Joined: 25 Jun 2014, 15:21
- Distribution: 3.2.2 Cinnamon & KDE5
- Location: London
Re: Purchase Porteus?
And there I was, having a vision of Porteus disks being delivered by secure courier service.brokenman wrote:bought Porteus from a third party that could have done anything to the product that we produce. This third party has never asked permission to sell our product.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: Purchase Porteus?
I saw/read somewhere recently that this was exactly how an organization got got. They intercepted a delivery of an expected promo CD.And there I was, having a vision of Porteus disks being delivered by secure courier service.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
Re: Purchase Porteus?
Salutations...
(see... https://www.washingtonpost.com/world/na ... story.html )
The third party you describe is a reputable US company supporting many distros.
In addition... Linux it's distributions and/or binaries can't be "sold"... that would be illegal.
However... it's "distribution services" (eg. Redhat/NYSE) can be "compensated" without violating copyleft
(infringement would trigger a lawsuit). Also... in my country there are strict laws governing commerce.
It would be ETHICAL to "reach out" to Porteus if they failed to (although FOSS... FLOSS... is "free" and/or "permissive" and/or "libre")...
like any other distro and this service supports many distros including upstream Slackware.
Many moons ago I used to be a patent/copyright legal clerk for a US Fortune 500 company in NYC.
That service posted the Porteus logo so there may be a potential related copy"right" issue there. I suggest you look into that.
The bottom line for me is... without question it's been a lot of fun and highly educational "playing" with Porteus
but at some point I actually need to get "professional" work done. So I am more than willing to pay for it now.
"Best Regards"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
The possibility of theft (and fraud) exists both on and offline even for the largest corporations and countries. If a company is noteworthy (NOT notorius) then theft is... "the exception that proves the rule".I saw/read somewhere recently that this was exactly how an organization got got. They intercepted a delivery of an expected promo CD.
(see... https://www.washingtonpost.com/world/na ... story.html )
Nothing on the Porteus site or forum establishes a commercial commerce framework (except the kiosk). I use PayPal. If there is a pathway to purchase "made to order" I would pay double.Why would you not support Porteus and buy it from us?
As I stated security means many things...You're concerned about security and you bought Porteus from a third party that could have done anything to the product that we produce. This third party has never asked permission to sell our product.
The third party you describe is a reputable US company supporting many distros.
In addition... Linux it's distributions and/or binaries can't be "sold"... that would be illegal.
However... it's "distribution services" (eg. Redhat/NYSE) can be "compensated" without violating copyleft
(infringement would trigger a lawsuit). Also... in my country there are strict laws governing commerce.
It would be ETHICAL to "reach out" to Porteus if they failed to (although FOSS... FLOSS... is "free" and/or "permissive" and/or "libre")...
like any other distro and this service supports many distros including upstream Slackware.
Many moons ago I used to be a patent/copyright legal clerk for a US Fortune 500 company in NYC.
That service posted the Porteus logo so there may be a potential related copy"right" issue there. I suggest you look into that.
The bottom line for me is... without question it's been a lot of fun and highly educational "playing" with Porteus
but at some point I actually need to get "professional" work done. So I am more than willing to pay for it now.
"Best Regards"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 08:42, edited 10 times in total.
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: Purchase Porteus?
Yes this is true. You could make a donation for the service though. I am sure someone can build the custom Porteus for you and mail it. But even this person would be downloading their sources from somewhere so I don't really get how having a CD mailed to you is any more secure. I would quite easily provide a secure download link and signed ISO. With this method I am quite content. I know exactly where I download my stuff, checked its authenticity. I know that I compiled the applications and that I created and signed the final ISO. Once I pass that ISO onto a disk and give it to someone to deliver, the chain of trust is broken.Nothing on the Porteus site or forum establishes a commercial commerce framework.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
Re: Purchase Porteus?
Salutations...
Downloaded sources? Well... hopefully that person did their IT homework if they plan to remain in business.
In 18 months I have downloaded Porteus countless times. Authentication is a good thing.
Secure links are a good thing. I know... I've spent decades using them.
Sequestration is also a good thing because if there is a problem the source of it is not a mystery.
Personally for me... there is no such thing as trust (in a reliable sense) only merit.
IMHO... merit is brick and mortar. Pepsi has been around for over 100 yrs. They make a refreshing product. Why?... because it's real not virtual.
It's not an image of a beverage. And if something goes wrong there is real... not virtual accountability. Software is indemnified. Service is not.
Any case... I used the above named service to obtain a sequestered master.
What I'm interested in obtaining now is a non-sequestered derivative.
At this point...I'll take it signed or unsigned... secure or insecure link... by mail or email... donation or purchase.
The bottom line is... I need to use Porteus not "play" with it anymore.
"Best Regard"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
I could if there were a service.You could make a donation for the service though.
No one has come forward.I am sure someone can build the custom Porteus for you...
Mail is secure (NOT perfect nothing is) by design. No authentication. No secure links. None of that is required.But even this person would be downloading their sources from somewhere so I don't really get how having a CD mailed to you is any more secure.
Downloaded sources? Well... hopefully that person did their IT homework if they plan to remain in business.
In 18 months I have downloaded Porteus countless times. Authentication is a good thing.
Secure links are a good thing. I know... I've spent decades using them.
Sequestration is also a good thing because if there is a problem the source of it is not a mystery.
Personally for me... there is no such thing as trust (in a reliable sense) only merit.
IMHO... merit is brick and mortar. Pepsi has been around for over 100 yrs. They make a refreshing product. Why?... because it's real not virtual.
It's not an image of a beverage. And if something goes wrong there is real... not virtual accountability. Software is indemnified. Service is not.
Any case... I used the above named service to obtain a sequestered master.
What I'm interested in obtaining now is a non-sequestered derivative.
At this point...I'll take it signed or unsigned... secure or insecure link... by mail or email... donation or purchase.
The bottom line is... I need to use Porteus not "play" with it anymore.
"Best Regard"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 08:47, edited 5 times in total.
Re: Purchase Porteus?
This post was removed because it lost context...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 08:58, edited 5 times in total.
Re: Purchase Porteus?
Salutations...
Now I will "briefly" elaborate. There is nothing wrong with Porteus.
Let me preface that I am 16yrs lifetime CompTIA A+ certified.
Currently... I am wrestling with a nasty firmware bug from a greybox "net appliance" purchased from eBay
(used gear often contains bugs... perhaps that is why the owner wants to move on).
Because of my liberal use of USB writables (I have since switched to burnables)...
I now have (expensive) multiple systems/devices that are compromised.
I seriously would not advise repairing compromised hardware... by booting (a spoofed system)
going online (with it) and downloading software (to it) thus attempting to remedy a problem by causing one.
It is possible to clean or at least manage contamination in a static environment.
Malicious code functions poorly in stactic environments
(burnables are static... which is why live "rescue" disks use them).
However... the only "reliable" way to create that environment
(and avoid false positives/negatives... even in authentication)
is to boot from static sequestered media.
Hence, therefore... a case is made for a "mail order" solution. I have reliably repaired lots of gear this way.
As I said before... security means lots of things to lots of people in lots of scenarios.
IMHO... contingency (ie. "security") @ it's core is... tactical prevention and
pragmatic deterrence NOT "speculation" (because NOTHING is foolproof).
Because I'm http://www.dictionary.com/browse/agnostic ... our motto is "never say never (and never say that either unless it was said)".
As a rule... we leave prediction to fortune tellers and palm readers.
"Best Regards"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Now I will "briefly" elaborate. There is nothing wrong with Porteus.
Let me preface that I am 16yrs lifetime CompTIA A+ certified.
Currently... I am wrestling with a nasty firmware bug from a greybox "net appliance" purchased from eBay
(used gear often contains bugs... perhaps that is why the owner wants to move on).
Because of my liberal use of USB writables (I have since switched to burnables)...
I now have (expensive) multiple systems/devices that are compromised.
I seriously would not advise repairing compromised hardware... by booting (a spoofed system)
going online (with it) and downloading software (to it) thus attempting to remedy a problem by causing one.
It is possible to clean or at least manage contamination in a static environment.
Malicious code functions poorly in stactic environments
(burnables are static... which is why live "rescue" disks use them).
However... the only "reliable" way to create that environment
(and avoid false positives/negatives... even in authentication)
is to boot from static sequestered media.
Hence, therefore... a case is made for a "mail order" solution. I have reliably repaired lots of gear this way.
As I said before... security means lots of things to lots of people in lots of scenarios.
IMHO... contingency (ie. "security") @ it's core is... tactical prevention and
pragmatic deterrence NOT "speculation" (because NOTHING is foolproof).
Because I'm http://www.dictionary.com/browse/agnostic ... our motto is "never say never (and never say that either unless it was said)".
As a rule... we leave prediction to fortune tellers and palm readers.
"Best Regards"...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 09:06, edited 6 times in total.
Re: Purchase Porteus?
This post was removed because it lost context...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 08:57, edited 2 times in total.
Re: Purchase Porteus?
This post was removed because it lost context...
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Posted by 73.112.17.157 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 29 Jul 2016, 08:56, edited 2 times in total.