raspiman

I'm and open source dev and had the chance to play with an Auralic MINI. I see 2 claims in this topic: 1. Auralic uses MPD Regarding the claim that Auralic uses MPD, I did not find any evidence yet. Yes there was some user-agent string that hinted to MPD, but I could not duplicate this. I setup a little lab for the Auralic MINI to connect to a UPNP server, then I used tcpdump to sniff all the headers: tcpdump -i eth0 -vvvs 1024 -l -A dst port 9000...GET /music/1318/download.aif HTTP/1.1User-Agent: LightningPlayerHost: 192.168.0.171:9000Accept: */*Icy-Metadata: 1 So either Auralic never used MPD, or they changed the User-Agent to cover it up. So this part is not yet clear. As soon as I have root on the device, we will know more. Furthermore I port scanned the MINI and did not find any ports on which MPD was listening, I tried mpc as client on several ports that came out of of nmap: Starting Nmap 6.45 ( http://nmap.org ) at 2016-11-26 13:54 ESTNmap scan report for 192.168.0.100Host is up (0.0019s latency).Not shown: 65526 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http139/tcp open netbios-ssn445/tcp open microsoft-ds5000/tcp open upnp9000/tcp open cslistener34941/tcp open unknown44974/tcp open unknown57510/tcp open unknown Some vendors like Aurender change the MPD port to no longer listen on 6600, but instead to something like 3300. We tried to connect to all these unknown ports using mpc and it always timed out. 2. Auralic violates the GPL They most certainly do. I had the chance to see the box in which the MINI was packaged, and it included a very simple wiring diagram. It did not include source code or a written offer. To be compliant, Auralic should have included one of both: Here they make the same mistake as Bluesound and Aurender (and probably many others): 1. they don't include the source or written offer 2. only if someone complains, they release "something" The problem with "something" is that a typical image for embedded arm contains so much more than just the kernel: - a boot environment (eg uboot) - a userspace, typically busybox - userspace programs, libraries, daemons, ..... They only release what they "feel" http://www.computeraudiophile.com/f22-networking-networked-audio-and-streaming/alternatives-aries-23864/index4.html#post411669 This is in violation with GPLv2 and GPLv3. They should release all GPLv2 and GPLv3 sources used in the Auralic products. Feelings are not relevant. You cannot build a Linux system just on a kernel and no userspace. This userspace is most likely busybox or something small (which still contains GPL covered works like a shell, samba, ....) that can work with the 64MB of the Mini (like most home routers which also have a limited amount of RAM). There is something like the GPL death penalty, which means that Auralic has no right to distribute their firmware image, as they are violating the GPL: The death penalty - The H Open: News and Features In such case, they should ask all authors of used GPLv2 packages in their product, to allow distribution, as their current rights have been voided.

Bluesound has created a linux distribution named BluOS which violates the GPL and many open source principles. The first violation is the fact the BluOS is based on GPLv2 based code such: - linux kernel - busybox - madplay (to decode mp3) - flac - ogg and includes the binaries in their OS, but no source code is shipped with BlueSound products. Furthermore a written offer is not included, which is mandatory if you do not include the GPL sourcecode. No sourcecode is published by Bluesound. Proof: you can browse the BlueSound root directory here: https://github.com/sashahilton00/spotify-connect-resources/tree/master/Powernode%20Firmware/rootfs To obfuscate their perl code, they used the flawed Filter::Crypto::Decrypt perl module to encrypt all of their Perl scripts, which were easily decrypted as the encryption is stored in the library, you just need to know how to fish it out. The calling of flac, ogg123 and madplay can easily be proven by decrypting /root/FileCodec.pm, which also proves we have successfully decrypted and analysed the Perl code. sub _mp3Codec { my ($track, $filename) = @_; my @seekArgs = (); if (my $offset = $track->{'seekOffset'}) { my $seek = sprintf("%d.%d", $offset / 1000, $offset % 1000); @seekArgs = ('-s', $seek); } push @seekArgs, '-S' if $track->{'channels'} == 2; return [ 'madplay', @seekArgs, '-q', '--no-tty-control', '--output=raw:-', $filename ]; } sub _flacCodec { my ($track, $filename) = @_; my @seekArgs = (); if (my $offset = $track->{'seekOffset'}) { my $seek = sprintf("--skip=%d:%02d.%d", $offset / 60_000, ($offset % 60_000) / 1000, $offset % 1000); @seekArgs = ($seek); } return [ 'flac', @seekArgs, '-F', '--decode', '--silent', '--stdout', '--force-raw-format', '--endian=little', '--sign=signed', $filename ]; } flac and madplay are in /usr/bin on any BS device: https://github.com/sashahilton00/spotify-connect-resources/tree/master/Powernode%20Firmware/rootfs/usr/bin Now this little perl snippet has no meaning if you don't have the complete Perl source, but these functions prove the BlueOS player is a derived work on top of existing open source decoders/players. You can also just download any of their firmware images, unzip and mount or burn the ISO file, and then inspect the rootfs tarball which contains their own perl scripts in /root and OSS based players in /usr/bin http://www.bluesound.com/en-eu/downloads/ BlueSound only provides zipfiles which contain the firmware, which is based on uboot+busybox and their own proprietary perl based daemon which manages playlists, players, .... and to play actual music files, they call GPLv2 binaries like flac, ogg123 and madplay. The second problem is that BlueSound actually forbids to modify their Busybox, which violates the GPL, as under the GPL you have the right to modify GPL based parts: User License Agreement and Limited Warranty : Bluesound I am a raspberry developer, and managed to run the BlueSound code in a chroot() jail on my raspberry pi2 running picoreplayer, the open source logitech client. While I don't do anything with this code as it's just for sake of figuring out the binary compatiblity with raspberry, which is the case. As I don't like the BlueOS app, but like the fact that we can buy a BlueSound device with builtin amp, I would like to add a logitech squeezelite client to BlueOS or just make a version of picoreplayer for bluesound, which for the moment has been made impossible by BlueSound as their EULA is not compatible with the user rights under the GPL. What we expect: - BlueSound / Lenbrook releases all GPLv2 and GPLv3 components - BlueSound includes a written offer, source code, or download links to the source code - BlueSound removes the EULA parts which violate the GPL, so users can use any open source and other open source players on their device More proof: MQA alsa LGPL violation analysis Meridian MQA - Breakthrough? LMS possible? - Page 15 Busybox + uboot proof: Geek review of Bluesound Node « Weblog for Thomas S. Iversen Madplay in BS logs: https://helpdesk.bluesound.com/discussions/viewtopic.php?f=4&t=1442 Jan 25 15:48:11 (none) user.info ./ms.pl: FileCodec::init FileCodec.pm (97) madplay -S -q --no-tty-control --output=raw:- Chikinki - 09 - Mystery man.mp3 What Bluesound is doing is very dangerous, as Busybox used to sue any violators including big companies: https://en.wikipedia.org/wiki/Software_Freedom_Law_Center