PlingStore Purchase Portability

I have not had any time this year to use RISC-OS, but if i make a purchase through the PlingStore on an RPCEmu environment, will the purchased software be usable on a RPi/Titanium machine of mine? After downloading on the emulator can i grab the installers and store database config files and portably save it to my QNAP NAS?

Thank you

A slightly easier way to do it is to log in to PlingStore from the Titanium: you can then download your purchases afresh.

Yep, you can. Anyway, don’t forget that your data is linked to your account, and stored on the PlingStore servers.

I think this question is more for Andrew Rawnsley.

In technical terms you can yes, both copying the zip file the app comes in to the other RISC OS computer OR by installing PlingStore on the other computer and downloading again the application.

On the PlingStore there are no notes/info about the restrictions of use of an App on multiple systems, so I believe (please note: believe) that it’s ok to run the apps on multiple RISC OS systems. However the store does presents the “Buy additional License” button on each commercial application in the Info for the download area of the purchased apps.

On the PlingStore there are no notes/info about the restrictions of use of an App on multiple systems, so I believe (please note: believe) that it’s ok to run the apps on multiple RISC OS systems.

A free download is free, unless specifically stated there is no restriction on you putting on any number of your own systems.
Putting it on another person’s equipment would be distribution, which many authors specifically prohibit in the terms of use in a readme or similar.

However, the store does present the “Buy additional License” button on each commercial application in the Info for the download area of the purchased apps.

An implied requirement to buy a licence per install, which would need to be matched by a statement of that requirement in a “terms of use” accompanying the package or it essentially falls on its legal face. The user doesn’t need to read the terms, it just has to exist and be a reasonable requirement.¹

¹ The latter being the reason MS got kicked hard and regularly about people reading the full terms before opening the package the terms were unreadably inside. Since you couldn’t comply the terms written were irrelevant.

Anyway, don’t forget that your data is linked to your account, and stored on the PlingStore servers.

I do hope the account information isn’t anything you wouldn’t want made available to hackers/miscreants.
I highlighted the fact that the host boxes for those virtual servers have firmware that is years old and clearly unpatched some time back.

https://www.plingstore.org.uk/
This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed.

and:
https://www.plingstore.org.uk uses an invalid security certificate.
The certificate is not trusted because it is self-signed.

this arises because:
the (self-signed)¹ certificate is actually for the Parallels host and the www.plingstore.org.uk is plain HTTP communication…

There’s a half (and feeble) excuse for lack of HTTPS when people host their systems on RO, but when it’s on a paid for provider you expect the provider to:

1. Patch their host systems at intervals
2. Assist the customer in producing a secured link (should be TLS 1.2 minimum, but even TLS 1.0 would better than nothing)

¹ Someone set that host up and knew it must have a certificate to complete the install. Then they left it with an incorrect certificate for years, thereby demonstrating their failure to patch the firmware and complete the install.

I do hope the account information isn’t anything you wouldn’t want made available to hackers/miscreants.

I understood the only information actually stored was a record of the software you had purchased or downloaded with a keycode. This is supposed to be encrypted, plus I assume your name. so they can check its valid. NO Card info is stored on the server and never has been.

Further you are not downloading from the website as such. The website is intended to download !Store itself or for developers to logon to their an account for things to be added to !Store.

Have you actually raised the issue with the appropriate developer/company direct rather then keep pushing these comment. That would be more benefical

NO Card info is stored on the server and never has been

That statement applies to an incredible number of sites on the net, but they start you from an HTTPS instance so you can be as sure as it’s possible to be that the site they pass you to, that does take your money, is the correct one.

Have you actually raised the issue with the appropriate developer/company direct rather then keep pushing these comment.

So Andrew isn’t aware that the site he’s recommending for software update or purchase has these problems?

That would be more benefical

Beneficial is pointing out the kind of things people are doing wrong and how they can check their own setups.

Perhaps I should, again, point people to the useful site SSLLabs which will test and report failures in any HTTPS site.
“Teach a man to fish” and all that.

In this instance the first thing flagged is the certificate mismatch

Click through that and it does the analysis

The mark it awards is “F” and there are 13 lines of reasons for capping the result at “B” or lower.
The first line points to pages of Documentation and Known Issues

Each of the 13 lines has links off to more documentation.

After those 13 lines is a description of the certificate sent by the server:-

Valid until Tue, 23 Apr 2013 11:16:30 UTC (expired 7 years and 6 months ago) EXPIRED

Parallels Panel Self-signed

Signature algorithm SHA1withRSA INSECURE

Protocols
TLS 1.3 No
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 INSECURE Yes

By comparison the WROCC site gives an assessment mark of “A” and, sensibly, does not support TLS 1.0 or TLS 1.1. TLS 1.2 and TLS 1.3 configuration on the site only supports the stronger encryption ciphers.
Well done WROCC maintainer.

Don’t feel that I’m picking on RO users here, if people read and take notice they will benefit and so will the general users.
Believe me, I’m harsher about failings on systems at work.

To answer the original question – !Store was designed to make it easy to download your software onto new hardware, especially since new hardware probably won’t have traditional CD or floppy physical media. Some software is licenced for one user at once, or for one computer – you’d best check with the supplier for the specifics – but the actual download is not restricted, and I have personally always shunned protection measures as they invariably harm paying customers – the very people who deserve the best.

There is the option to buy more licences – most R-Comp apps are available at half-price for extra licences – if you plan to use it on multiple systems. I simply ask people to use conscience and fair play. Treat us as you would wish to treat yourself – ie. if you’re going to use it in several places and several situations, consider buying the discounted extra licence. We won’t come round and check up on you, but equally, RISC OS software sales are minimal, so any income is always greatly appreciated.

Regarding Steve, I’m not going to get into an argument with you. We all loathe the VPS supplier – they are a hot mess and have been zero help. However, finding an alternative has been a pretty fruitless quest. Note that by design, the website is not used for sales, merely the download of !Store application. That said, I agree it should now be over SSL/TLS regardless. If you’d like to introduce us to a sensible VPS provider, feel free.

Regarding Steve, I’m not going to get into an argument with you. We all loathe the VPS supplier – they are a hot mess and have been zero help.

It’s odd, because if they’re the company that Steve named when he pointed this out last time, I’ve just checked the site that I host with them and it’s come back with an “A” rating on both IPv4 and IPv6.

Then again, all hosting companies are only as good as their next failure.

Steve, it is more that they have been about as much help with any issues as a chocolate teapot, even when the VPS becomes inaccessible or their admin panels stop working. With VPS, there’s always the issue of how much support should a supplier give, vs letting the customer just get on with things, but suffice to say, we don’t have many good words to say about this supplier. The quest for a new one has been on-going for well over a year.

If you’d like to introduce us to a sensible VPS provider, feel free.

If you have problems, like you apparently have, I’m surprised you haven’t been talking to one of the helpful people at Orpheus for advice.
They’re used to all the foibles of RO use.

it is more that they have been about as much help with any issues as a chocolate teapot, even when the VPS becomes inaccessible or their admin panels stop working.

Our users think we’re awkward when we’re slow to respond on 25 or 26 December…¹

The quest for a new one has been on-going for well over a year.

My sympathies and apologies.

¹ I recall spending most of a Boxing Day diagnosing and fixing a fault, then looking up from the laptop satisfied but surprised that the visiting family members had their coats on. Mum was staying with us, so I didn’t miss everyone.
Back at work – “what took so long?”

@ Andrew

However, finding an alternative has been a pretty fruitless quest. Note that by design, the website is not used for sales, merely the download of !Store application. That said, I agree it should now be over SSL/TLS regardless. If you’d like to introduce us to a sensible VPS provider, feel free.

How much space and bandwidth do you guys need?

@Paolo – not a massive amount of bandwidth – !Store is rarely inundated – but a reasonable amount of storage. I’d need to check with Alan on the amounts, but I’d guess at around 20 GB, since !Store hosts all its own software to avoid dead links. We’re probably not using 20GB now (5GB sounds more realistic), but that seems like enough headroom.

We have discussed things with RISC OS providers, but VPS is quite a specialised area, so it tends to not be something they can easily offer.

the very people who deserve the best

Thanks :)

Note that by design, the website is not used for sales, merely the download of !Store application. That said, I agree it should now be over SSL/TLS regardless. If you’d like to introduce us to a sensible VPS provider, feel free

OVH?

@ Andrew

not a massive amount of bandwidth – !Store is rarely inundated – but a reasonable amount of storage.

Ok, so if you like there are offers on ionos for 2GBP/month (later 5GBP/Month) for a:

VPS with 2 vCPUs, 80GB SSD, 2GB RAM

I have used them and still have a partner/reseller contract with them if you want (or you can reach them directly), not a problem at all for me :)

If you want I can take care of the hardening of the System and make sure it’s as safe as possible. For the TLS Certificates we could use Let’s Encrypt which are free certificates.

Bandwidth is generally fine.

Link here: https://www.ionos.co.uk/servers/vps?ar=1#packages

Let me know if I can be of any help to you guys.

ICBW, but I thought IONOS were the current VPS provider as identified by Steve P?

@ Steve Fryatt

I thought IONOS were the current VPS provider as identified by Steve P?

Not sure I have seen that, apologies if not… However, they are also the cheapest I know of, plus if they had problems with ionos I can set things up and help them.

For instance if they need an nginx server with modsecurity patches and ruleset, hardened system, centralised certificate management, certificates auto-renewal etc… all stuff I can provide them free of charge… well maybe I may push a little for the Toolbox integration looool :D but shhhh don’t tell this to Andrew yet! :)

ICBW, but I thought IONOS were the current VPS provider as identified by Steve P?

I was thinking about that overnight and as I recall the ID was done from ownership of the IP block, but it could be they rent out.

Some setups have big warehouse size facilities that are then occupied by multiple smaller firms. Others sub-let the floor space¹
Think of how many U spaces are in a rack and how many racks you can get in a 3m x 10m space.
Translation = I could have misidentified/bundled in.

If Paolo has an in to ionos he could check what the host server setup is and what patch level everything is at.

For instance if they need an nginx server with modsecurity patches and ruleset, hardened system, centralised certificate management, certificates auto-renewal etc… all stuff I can provide them free of charge…

Well, not free, but a modest payment in kind.

¹ There’s a set of racks going in to our data centres to house some servers for a neighbouring Trust. I think the “bunker” appeals to them. It has lead impregnated concrete walls, ceiling and floor that are all over 4ft thick. The fibre routes in/out are about 10ft underground