Link to .iso?

[Mark Warner]

I know it *was* there, 'cause I downloaded it, but I can't find it now
to save my neck. And no, I'm not talking about Steven Brun's link,
either. Someone else on this side of the pond put it up, and it worked a
charm the other day. I want to refer some friends to it if it's still up
and working.

And once again, I'm willing and able to burn for those that would like.
I don't care to mess with the requester sending a blank CD and SSA
mailer and all that -- just email me with your snail mail addy and I'll
send it out. My return addy will be on the package. If you wanna stuff a
buck or two in an envelope, be my guest.

mhwarner AT insightbb DOT com

 

[Trey Hunner]

Mark Warner said the following on 4/16/2004 5:12 PM:

I know it *was* there, 'cause I downloaded it, but I can't find it now
to save my neck. And no, I'm not talking about Steven Brun's link,
either. Someone else on this side of the pond put it up, and it worked a
charm the other day. I want to refer some friends to it if it's still up
and working.

I believe there are no versions of the ISO itself online anymore. The
torrent file is still up and 10 people are seeding right now. There are
28 leechers currently also. _You will need Bittorrent_ for the download.

http://www.freesoftwarereviews.com/pw2004.iso.torrent

Seeders are always welcome. See my previous posts in many other threads
for seeding information. (I've become tired of re-writing the seeding
instructions each time).

 

[Mark Warner]

I know it *was* there, 'cause I downloaded it, but I can't find it now
to save my neck. And no, I'm not talking about Steven Brun's link,
either. Someone else on this side of the pond put it up, and it
worked a charm the other day. I want to refer some friends to it if
it's still up and working.

And once again, I'm willing and able to burn for those that would
like. I don't care to mess with the requester sending a blank CD and
SSA mailer and all that -- just email me with your snail mail addy
and I'll send it out. My return addy will be on the package. If you
wanna stuff a buck or two in an envelope, be my guest.

mhwarner AT insightbb DOT com

Found it:

http://tinyurl.com/2g94a

 

[Ben Cooper]

Found it:

http://tinyurl.com/2g94a

I'm curious, why did you convert it to a tinyurl?

The actual URL isn't much longer-
http://mirrors.unoc.net/pricelessware/

 

[Susan Bugher]

I know it *was* there, 'cause I downloaded it, but I can't find it now
to save my neck. And no, I'm not talking about Steven Brun's link,
either. Someone else on this side of the pond put it up, and it worked a
charm the other day. I want to refer some friends to it if it's still up
and working.

This was posted on April 14 - it's still there as of a moment ago.

<q>
I've set up a mirror of the ISO (and my calculated md5sum of the ISO) at
http://mirrors.unoc.net/pricelessware/ which is hosted in California.
</q>

An ISO of the original PL2004 CD won't necessarily be a perfect match.
The dvdsig.md5 files may not match even though nothing was changed -
*BUT* - a perfect match can be created and that "guarantees" that you
have the original PL2004 CD.

I'm a bit uncomfortable with the statement about "my calculated md5sum".
Have you checked the downloaded file against the dvdsig.md5 files on the
CD and/or the Pricelessware site?

A perfect match is ACF's safeguard against someone adding malware. That
safeguard needs to be preserved.

Susan

 

[Mark Warner]

I'm curious, why did you convert it to a tinyurl?

The actual URL isn't much longer-
http://mirrors.unoc.net/pricelessware/

Wanted to preserve the the original post, rather than just copy/paste
the link. Preserve all the headers and whatnot. (And give proper credit
where it's due, as well.) Probably silly of me, but there's some concern
about the integrity of the file once it gets "out there." (See Susan's
response.)

 

[Ben Cooper]

Wanted to preserve the the original post, rather than just copy/paste
the link. Preserve all the headers and whatnot. (And give proper
credit where it's due, as well.) Probably silly of me, but there's
some concern about the integrity of the file once it gets "out
there." (See Susan's response.)

I grok.

 

[Bjorn Simonsen]

<q>
I've set up a mirror of the ISO (and my calculated md5sum of the ISO) at
http://mirrors.unoc.net/pricelessware/ which is hosted in California.
</q> [...]
I'm a bit uncomfortable with the statement about "my calculated md5sum".
Have you checked the downloaded file against the dvdsig.md5 files on the
CD and/or the Pricelessware site?

I can not answer for him, but AFAIK the md5sum he offers is for the
iso file *he* offers as such, in other words helpful for downloaders
to see if they got the whole iso (*as he uploaded it*) without
errors/corruption in the download. They them self can and *should*
then go on and check the content of that ISO, after burning it or
extracting it, by downloading the md5sum file you offer at
Pricelessware <http://www.pricelessware.org/2004/dvdsig.md5> and
follow the instructions you posted there under "Verifying the CD"
<http://www.pricelessware.org/2004/CD2004PL.htm>.

But of course, some reader might only have noticed there was some talk
about md5sum here, and if not knowing much about it - how it works and
why it is used, belive that checking the iso against md5sum he offers
is all that is required. Not much you can do to guard against that I
guess, other than spread the word - including maybe ask anyone who
uploads the CD to offer a direct link the CD page at Pricelessware
instead of just a link to the main site. Add to this, at the CD page,
you could make an internal link to the "Verify CD" part, so uploaders
can offer a direct link to that section, such as
<http://www.pricelessware.org/2004/CD2004PL.htm#verify>

All thee best,
Bjorn Simonsen

 

[Susan Bugher]

<q>
I've set up a mirror of the ISO (and my calculated md5sum of the ISO) at
http://mirrors.unoc.net/pricelessware/ which is hosted in California.
</q>
[...]

I'm a bit uncomfortable with the statement about "my calculated md5sum".
Have you checked the downloaded file against the dvdsig.md5 files on the
CD and/or the Pricelessware site?

I can not answer for him, but AFAIK the md5sum he offers is for the
iso file *he* offers as such, in other words helpful for downloaders
to see if they got the whole iso (*as he uploaded it*) without
errors/corruption in the download. They them self can and *should*
then go on and check the content of that ISO, after burning it or
extracting it, by downloading the md5sum file you offer at
Pricelessware <http://www.pricelessware.org/2004/dvdsig.md5> and
follow the instructions you posted there under "Verifying the CD"
<http://www.pricelessware.org/2004/CD2004PL.htm>.

Could be. AFAIK nobody has checked the download against the dvdsig.md5
files - till somebody does it's a guessing game. . .

But of course, some reader might only have noticed there was some talk
about md5sum here, and if not knowing much about it - how it works and
why it is used, belive that checking the iso against md5sum he offers
is all that is required. Not much you can do to guard against that I
guess, other than spread the word - including maybe ask anyone who
uploads the CD to offer a direct link the CD page at Pricelessware
instead of just a link to the main site. Add to this, at the CD page,
you could make an internal link to the "Verify CD" part, so uploaders
can offer a direct link to that section, such as
<http://www.pricelessware.org/2004/CD2004PL.htm#verify>

The normal procedure in ACF is to discuss ACF-related actions first and
proceed *after* there is a group consensus.

ISTM that someone who acts *without* prior group discussion and approval
isn't likely to listen to advice.

I refer you to Admin@Pricelessware and the ACF web-ring as recent cases
in point. . .

Susan

 

[Bjorn Simonsen]

Could be. AFAIK nobody has checked the download against the dvdsig.md5
files - till somebody does it's a guessing game. . .

I have now downloaded and checked out the iso from
<http://mirrors.unoc.net/pricelessware/>. The md5sum on site is for
the iso file as such, as I suggested. I extracted the content of the
ISO and checked it against your dvdsig.md5, checked out OK.

Only problem is, I'm not sure I understand what the problem is? So at
the risk of misunderstanding here: While the ISO checked out fine for
me now, it might not for the next guy downloading it later - someone
may have changed it meanwhile. In other words, each and every person
who download the CD, not matter from where, should verify it them
self. Same thing for people who receive the CD via snail mail, they
don't know if the CD checks out OK until they verify the copy they
receive against your dvdsig.md5 them self. In other words, I see no
difference in downloading a online copy of the ISO to make my own CD,
or receive a CD via mail from someone.

Personally I would consider it a good thing if the CD is available
online from as many sources as possible, which also probably means
more people will burn copies for friends and family that do not have
download options them selves. Many people have slow connections
(modem) at home, but have access to faster connections at work,
school, public library, familie and friends etc. Nice if they can get
the CD online then, at no cost and with little effort. Of course this
will be outside of your control, but when you think about it - it
already is - and was the moment you sent the first CD copy out the
door. I assumed this is why the dvdsig/md5sum is used, so people can
verify they got a copy of the original CD, the real thing, no?

The normal procedure in ACF is to discuss ACF-related actions first and
proceed *after* there is a group consensus.

ISTM that someone who acts *without* prior group discussion and approval
isn't likely to listen to advice.

Do people need approval to upload the ISO? That sounds pretty
backwards to me if the goal is to distribute it to as many corners of
the world as possible (spread the word...etc).

Btw: If you get many questions about where to get ISO copies on the PL
link (as you indicated in another message), and if no permanent and
reliable link for the CD ISO file is possible at the moment, you could
add a note/disclaimer about it on the CD page, something like (merely
a suggestion - you are better with words than I am, at least
English

Pricelessware do not distribute online ISO copies of
the CD. We are aware that some ISO copies are being distributed
by others online, but we do not currently provide links for it
as links keep changing and we have no control(!) over the source.
If you are looking for online copies, ask in
alt.comp.freeware, and carefully read the section here about
verifying the CD.

And maybe add something like:
If you download the ISO from somewhere - use at your own risk.
??

All the best,
Bjorn Simonsen

 

[Ben Cooper]

I have now downloaded and checked out the iso from
<http://mirrors.unoc.net/pricelessware/>. The md5sum on site is for
the iso file as such, as I suggested. I extracted the content of the
ISO and checked it against your dvdsig.md5, checked out OK.

Only problem is, I'm not sure I understand what the problem is? So at
the risk of misunderstanding here: While the ISO checked out fine for
me now, it might not for the next guy downloading it later - someone
may have changed it meanwhile. In other words, each and every person
who download the CD, not matter from where, should verify it them
self. Same thing for people who receive the CD via snail mail, they
don't know if the CD checks out OK until they verify the copy they
receive against your dvdsig.md5 them self. In other words, I see no
difference in downloading a online copy of the ISO to make my own CD,
or receive a CD via mail from someone.

[snip]

Let's try to keep this simple...

The CD is based on the Pricelessware vote results.
Volunteers burn CDs full of programs based on the vote, which allow for
redistribution.

If you want an 'OFFICIAL' copy of the CD, you must request one from a
volunteer burner. Official burners are listed on the Pricelessware site.
You can then check the md5 from the md5 on the Pricelessware site.

ISOs, TORRENTs and other such downloads are not related to the
Pricelessware CD burning project.

 

[Susan Bugher]

I have now downloaded and checked out the iso from
<http://mirrors.unoc.net/pricelessware/>. The md5sum on site is for
the iso file as such, as I suggested. I extracted the content of the
ISO and checked it against your dvdsig.md5, checked out OK.

Only problem is, I'm not sure I understand what the problem is? So at
the risk of misunderstanding here: While the ISO checked out fine for
me now, it might not for the next guy downloading it later - someone
may have changed it meanwhile.

That is all too true.

In other words, each and every person
who download the CD, not matter from where, should verify it them
self. Same thing for people who receive the CD via snail mail, they
don't know if the CD checks out OK until they verify the copy they
receive against your dvdsig.md5 them self. In other words, I see no
difference in downloading a online copy of the ISO to make my own CD,
or receive a CD via mail from someone.

I disagree with that conclusion. Many people will *not* make the
dvdsig.md5 checks - AFAIK you are the *first* to check this site's ISO.

An official download is safer. The probability of malware on the
Pricelessware site's ISO is vanishingly small. IMO the chance of
problems with an "official" CD is only slightly higher. We know the
people involved - names and addresses - they are active participants in
the alt.comp.freeware newsgroup. That is not an *absolute* guarantee -
but it's a hell of an improvement over *anonymous*.

The risk factor for the http://mirrors.unoc.net/pricelessware/ download
is higher. The site claims it is a Pricelessware mirror - that false
statement is enough to alarm me.

Someone using the name Amir Malik <[email protected]> has posted twice
in ACF, once on April 13, 2004 and again the next day. Those are the
only posts that have *EVER* been made to ACF by Amir Malik. They
announced the existence of a URL hosting a copy of ACF's PL2004 CD:

http://mirrors.unoc.net/pricelessware/

The web page says: <q>Please see Pricelessware.org for more information,
as this is merely a mirror site.</q>

That site has *no* connection to the alt.comp.freeware newsgroup *or*
the Pricelessware List *or* the Pricelessware site.

The intent may be benign - the actions are way out of line.

Personally I would consider it a good thing if the CD is available
online from as many sources as possible, which also probably means
more people will burn copies for friends and family that do not have
download options them selves.

I think the greatest *danger* we face is unofficial ISOs - obtained
anonymously and transmitted anonymously to others.

IMO maximising the number of people who obtain a CD *this* year is not
our highest priority.

I'd like to see a PL2005 CD. That won't happen if we have significant
malware problems with the PL2004 CD.

Susan

 

[Roger Johansson]

Someone using the name Amir Malik <[email protected]> has posted twice
in ACF, once on April 13, 2004 and again the next day. Those are the
only posts that have *EVER* been made to ACF by Amir Malik. They
announced the existence of a URL hosting a copy of ACF's PL2004 CD:

http://mirrors.unoc.net/pricelessware/

The web page says: <q>Please see Pricelessware.org for more information,
as this is merely a mirror site.</q>

That site has *no* connection to the alt.comp.freeware newsgroup *or*
the Pricelessware List *or* the Pricelessware site.

The intent may be benign - the actions are way out of line.

What actions? He has just put up the iso and the md5 file for download.

Where do you get that he claims to mirror the PL site?
He is only mirroring the iso file.

Another person made it available via Bittorrent.

Isn't it good that it is made available?

Anybody can check the iso, just download it and test it.

If there is something wrong with the copy Malik is offering for download
there is reason for complaints, but I have not heard about any problems
with the iso file.

 

[javalab]

"Roger Johansson"

Another person made it available via Bittorrent.
Isn't it good that it is made available?
Anybody can check the iso, just download it and test it.
If there is something wrong with the copy Malik is offering for download
there is reason for complaints, but I have not heard about any problems
with the iso file.

after getting lindows via bittorrent in 4-5 hours, last night i got pw from
the link above in some 3.5 hours.
just burned it, and it seems ok.
btw, a friend installed lindows in an xp virtual pc and it also works.
ciao, j.

 

[dszady]

Someone using the name Amir Malik <[email protected]> has posted twice
in ACF, once on April 13, 2004 and again the next day.

[...]

Another person made it available via Bittorrent.

He asked about it without any objections from the group.
Malik didn't ask or wait for an response. Hence, the getting out of hand
part.
A person or group (.org) must be careful when dealing with someone elses
intellectual property. Some of the software writers might get a little
peeved if they perceive this as getting out of control particularly if
their program(s) become contaminated either on purpose or by accident.
The people of a.c.f are supposed to be the experts more or less about
freeware. Should we sully that integrity, real or imagined, by someone
posing as a mirror for the group? If people want to "burn one up" for
their friends it is *not* an official ISO whether it checks or not. It
would not be a copy made by an authorized volunteer. Like I said, he
didn't ask and BTW is also using "pricelessware" in the url to distribute
said product(intellectual property).
Perhaps saying that the list of burners on the PL site are the only
genuine suppliers of the CD is in order if it isn't already.
[...]

 

[Anonymous]

|
|On Sun, 18 Apr 2004 08:38:43 +0200, Roger Johansson wrote:
|
|> Susan Bugher wrote:
|>
|>> Someone using the name Amir Malik <[email protected]> has posted twice
|>> in ACF, once on April 13, 2004 and again the next day.
|[...]
|>
|> Another person made it available via Bittorrent.
|
|He asked about it without any objections from the group.
|Malik didn't ask or wait for an response. Hence, the getting out of hand
|part.
|A person or group (.org) must be careful when dealing with someone elses
|intellectual property. Some of the software writers might get a little
|peeved if they perceive this as getting out of control particularly if
|their program(s) become contaminated either on purpose or by accident.
|The people of a.c.f are supposed to be the experts more or less about
|freeware. Should we sully that integrity, real or imagined, by someone
|posing as a mirror for the group? If people want to "burn one up" for
|their friends it is *not* an official ISO whether it checks or not. It
|would not be a copy made by an authorized volunteer. Like I said, he
|didn't ask and BTW is also using "pricelessware" in the url to distribute
|said product(intellectual property).
|Perhaps saying that the list of burners on the PL site are the only
|genuine suppliers of the CD is in order if it isn't already.

It seems that people want it both ways. They want people to make
copies yet don't want those copies associated with
Pricelessware. Susan says right here

Message-ID: <[email protected]>
"I *hope* that people will make copies. I don't think it should
be a
requirement. The readme says recipients *may* make copies - next
year
perhaps we can *urge* them to make copies and pass them on.
Perhaps add
a list of places that might appreciate receiving a copy."

If Pricelessware is unable or unwilling to host the ISO then
it's left up to others to do it. People are trying to help but
instead of people being grateful they cast suspicion on thier
motives and actions.

It's not right to try and force people to give up thier personal
information by requesting a CD when an ISO can and is made
available. I have downloaded the ISO and made copies for friends
that 1. Don't have a CD burner 2. Don't have broadband
connection. I would never have requested a CD because I don't
wish to give up personal information.

I find it strange that you said

|He asked about it without any objections from the group.
|Malik didn't ask or wait for an response. Hence, the getting out of hand
|part.

I don't recall anyone asking in the ACF about double checking
the CD for duplicate files, making sure the html pages worked,
if there should be a menu created, if the CD should be scanned
for virused and that information included on the CD. People just
put the CD together and made it available with out input from
the rest of ACF.

-=-

 

[Roger Johansson]

He asked about it without any objections from the group.
Malik didn't ask or wait for an response. Hence, the getting out of hand
part.

There was no talk about restricting the distribution at that time,
everybody were anxious to get it distributed, and to relieve the burden
of those who had already made it available.

Malik did exectly what was needed.

And, by the way, take a look at the other stuff Malik has on his site,
this is a serious person who is just trying to help.

A person or group (.org) must be careful when dealing with someone elses
intellectual property. Some of the software writers might get a little
peeved if they perceive this as getting out of control particularly if
their program(s) become contaminated either on purpose or by accident.
The people of a.c.f are supposed to be the experts more or less about
freeware. Should we sully that integrity, real or imagined, by someone
posing as a mirror for the group? If people want to "burn one up" for
their friends it is *not* an official ISO whether it checks or not. It
would not be a copy made by an authorized volunteer. Like I said, he
didn't ask and BTW is also using "pricelessware" in the url to distribute
said product(intellectual property).
Perhaps saying that the list of burners on the PL site are the only
genuine suppliers of the CD is in order if it isn't already.

If there was to be restrictions on copying the PLW CD we should have
told people about that from the beginning.

There was no restrictions on distribution, and there shouldn't be any.

That is why there is an md5 checksum, so people can check their copy.

 

[Mark Warner]

There was no talk about restricting the distribution at that time,
everybody were anxious to get it distributed, and to relieve the
burden of those who had already made it available.

Malik did exectly what was needed.

And, by the way, take a look at the other stuff Malik has on his site,
this is a serious person who is just trying to help.

No kidding. Sheesh. The guy is now being chastised for not seeking the
proper permissions from the proper people, not posting enough, and using
the words "Pricelessware" and "mirror" on his page and in his url. His
crime seems to be one of not being "approved" *himself*. The .iso on his
site is fine, regardless of all this Chicken Little nonsense. He should
be commended.

My dad was right, indeed. No good deed goes unpunished.

 

[Susan Bugher]

No kidding. Sheesh. The guy is now being chastised for not seeking the
proper permissions from the proper people, not posting enough, and using
the words "Pricelessware" and "mirror" on his page and in his url. His
crime seems to be one of not being "approved" *himself*. The .iso on his
site is fine, regardless of all this Chicken Little nonsense. He should
be commended.

Hello Mark,

Ripping off the Pricelessware name is not a *good* deed.

IMO concern about unauthorised use of the Pricelessware name is not
paranoia. If someone receives a "PW CD" or "PW ISO" loaded with malware
I want it to be quite clear that it did *not* come from the
Pricelessware site.

re: not posting enough . . .

The Pricelessware ISO went on-line April 10.

Malik's posting "history" -> 2 posts to ACF (April 13 & 14, 2004)

Post 1. announced the existence of his
http://mirrors.unoc.net/pricelessware/ web page.

Post 2. announced the existence of his
http://mirrors.unoc.net/pricelessware/ web page.

Susan

 

[Roger Johansson]

Ripping off the Pricelessware name is not a *good* deed.

If a swedish university mirrors a site like tucows, simtel, all sorts of
linux versions.
What do you expect they call the folder where Gentoo Linux is placed?
I bet they use the word gentoo.

Do you think the Gentoo community is complaining because the university
has used their brand name, gentoo, in the name of the folder the
university has placed the gentoo version of linux?

If you call that "ripping off" you must be thinking in some strange
paths.

If some university or somebody else mirror a file or a linux distro it
is quite natural to use the name of the software in the folder name, it
makes it easier to find.