Quantcast

Multiple GPL violations including Samba in Auralic products

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Multiple GPL violations including Samba in Auralic products

Samba - General mailing list
Hello,

I recently bought an Auralic Aries Mini streamer. This little streamer
can also function as a NAS when mounting a laptop drive or ssd inside,
via samba.
The box did not come with a media containing source code and did not
include a GPL written offer.

So I asked Auralic to provide the source code for all GPlv2 and v3
packages used.

For the Linux kernel and their modifications, they asked to sign an
NDA, which is clearly forbidden by the GPL.
For Samba 3.6.23 which they use, they have no intentions to release
the source, as they also have already stated on computeraudiophile.com
that they only share the kernel, nothing else:

http://www.computeraudiophile.com/f22-networking-networked-audio-and-streaming/alternatives-aries-23864/index4.html#post411669

"For the repository: We only publish what we believe is 'fully
complete'. That's why the kernel source code was not published a long
time ago because we do not consider it as 'complete'. Most of the open
source code project in the community are full of bugs, I am pretty
regret about this."


Here's proof they use 3.6.23:

        Server               Comment
        ---------            -------
        ARIES-1L9YS2O8       Samba 3.6.23

It's obvious they are using various loopholes to avoid sharing the GPL
source code used in their products, and they only share the kernel,
nothing else.
They probably also violate busybox, as their embedded linux platform
runs a dropbear (SSH-2.0-dropbear_2012.55), but the root password is
not known, so the only way to know what other packages they violate is
to hack the device.

How can we obtain the source code of GPlv2 and v3 packages such as
Samba when the vendor is refusing?

Robert

---------- Forwarded message ----------
From: Xuanqian Wang (AURALIC LIMITED) <[hidden email]>
Date: Thu, Jan 19, 2017 at 7:56 AM
Subject: [AURALIC LIMITED] Re: Auralic MINI GPL source
To: Robert Ladru <[hidden email]>


##- Please type your reply above this line -##

Your request (8980) has been updated. To add additional comments,
reply to this email.

Xuanqian Wang (AURALIC LIMITED)

Jan 19, 14:56 CST

Hello Robert:

Yes, the Linux operation system we are using is under GPLv2 license
framework including the kernel and file system with all library. We
will be happy to provide you the source code of the that part. To
received the source code, we will need to collect the following
information from you:

1,  Receipt of your purchase order to prove that you own the machine.
2, Your photo ID issued by government for us to prepare NDA agreement.
3, A secondary identification document that we can verify your name
and address, such as bank statement, utility bill.

Xuanqian Wang | CEO & Designer | [hidden email]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multiple GPL violations including Samba in Auralic products

Samba - General mailing list
On Thu, Jan 19, 2017 at 01:36:18PM +0100, Robert Ladru via samba wrote:

> Hello,
>
> I recently bought an Auralic Aries Mini streamer. This little streamer
> can also function as a NAS when mounting a laptop drive or ssd inside,
> via samba.
> The box did not come with a media containing source code and did not
> include a GPL written offer.
>
> So I asked Auralic to provide the source code for all GPlv2 and v3
> packages used.
>
> For the Linux kernel and their modifications, they asked to sign an
> NDA, which is clearly forbidden by the GPL.
> For Samba 3.6.23 which they use, they have no intentions to release
> the source, as they also have already stated on computeraudiophile.com
> that they only share the kernel, nothing else:
>
> http://www.computeraudiophile.com/f22-networking-networked-audio-and-streaming/alternatives-aries-23864/index4.html#post411669
>
> "For the repository: We only publish what we believe is 'fully
> complete'. That's why the kernel source code was not published a long
> time ago because we do not consider it as 'complete'. Most of the open
> source code project in the community are full of bugs, I am pretty
> regret about this."
>
>
> Here's proof they use 3.6.23:
>
>         Server               Comment
>         ---------            -------
>         ARIES-1L9YS2O8       Samba 3.6.23
>
> It's obvious they are using various loopholes to avoid sharing the GPL
> source code used in their products, and they only share the kernel,
> nothing else.
> They probably also violate busybox, as their embedded linux platform
> runs a dropbear (SSH-2.0-dropbear_2012.55), but the root password is
> not known, so the only way to know what other packages they violate is
> to hack the device.
>
> How can we obtain the source code of GPlv2 and v3 packages such as
> Samba when the vendor is refusing?

Thanks for reporting this. I'll take this up further with the
vendor and see if we can get this fixed. Are you willing to
help us by providing binary extracts of the firmware etc. to
allow us to prove this is our code ?

Thanks,

Jeremy.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multiple GPL violations including Samba in Auralic products

Samba - General mailing list
Hello,

Auralic does not provide binaries or firmware images for download. But
an smbclient -L proves they run Samba 3.6.23:

# smbclient -L 172.20.1.138
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23]

        Sharename       Type      Comment
        ---------       ----      -------
        README          Disk
        IPC$            IPC       IPC Service (Samba 3.6.23)
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23]

        Server               Comment
        ---------            -------
        ARIES-1L9YS2O8       Samba 3.6.23

        Workgroup            Master
        ---------            -------
        WORKGROUP            ARIES-1L9YS2O8

The 1L9YS2O8 is the serial number of my device, which I can also prove
as it's written on the box.

Furthermore samba is explicitly mentioned in their firmware build release notes:

http://support.auralic.com/hc/en-us/articles/206062858-Firmware-Version-2-2-Build-20150320

I have asked Auralic to provide the "installation information" as
written in the GPLv3, which is based on this clause:

“Installation Information” for a User Product means any methods,
procedures, authorization keys, or other information required to
install and execute modified versions of a covered work in that User
Product from a modified version of its Corresponding Source. The
information must suffice to ensure that the continued functioning of
the modified object code is in no case prevented or interfered with
solely because modification has been made.

In this case, installation information are the username(s)/password(s)
to correctly login the device via SSH. These clauses were added to the
GPL to protect against Tivo's practices. They also apply to Auralic.

In his latest reply, Xuanqian Wang, CEO of Auralic, refers to his
earlier mail reply of 19th Jan 2017 that we need to sign an NDA and
also provide him with photo ID and proof of address to prepare an NDA:

1,  Receipt of your purchase order to prove that you own the machine.
2, Your photo ID issued by government for us to prepare NDA agreement.
3, A secondary identification document that we can verify your name
and address, such as bank statement, utility bill.

This is a violation of the GPL. Furthermore if Auralic had complied
with the GPL in the first place, they would have never asked for photo
ID and other privacy sensitive documents, and force an NDA to know who
is trying to exercise their GPL based rights.

I can forward the original support reply mails from Auralic, but they
may contain HTML which is not appropriate for the list.

Robert

On Fri, Jan 20, 2017 at 1:42 AM, Jeremy Allison <[hidden email]> wrote:

> On Thu, Jan 19, 2017 at 01:36:18PM +0100, Robert Ladru via samba wrote:
>> Hello,
>>
>> I recently bought an Auralic Aries Mini streamer. This little streamer
>> can also function as a NAS when mounting a laptop drive or ssd inside,
>> via samba.
>> The box did not come with a media containing source code and did not
>> include a GPL written offer.
>>
>> So I asked Auralic to provide the source code for all GPlv2 and v3
>> packages used.
>>
>> For the Linux kernel and their modifications, they asked to sign an
>> NDA, which is clearly forbidden by the GPL.
>> For Samba 3.6.23 which they use, they have no intentions to release
>> the source, as they also have already stated on computeraudiophile.com
>> that they only share the kernel, nothing else:
>>
>> http://www.computeraudiophile.com/f22-networking-networked-audio-and-streaming/alternatives-aries-23864/index4.html#post411669
>>
>> "For the repository: We only publish what we believe is 'fully
>> complete'. That's why the kernel source code was not published a long
>> time ago because we do not consider it as 'complete'. Most of the open
>> source code project in the community are full of bugs, I am pretty
>> regret about this."
>>
>>
>> Here's proof they use 3.6.23:
>>
>>         Server               Comment
>>         ---------            -------
>>         ARIES-1L9YS2O8       Samba 3.6.23
>>
>> It's obvious they are using various loopholes to avoid sharing the GPL
>> source code used in their products, and they only share the kernel,
>> nothing else.
>> They probably also violate busybox, as their embedded linux platform
>> runs a dropbear (SSH-2.0-dropbear_2012.55), but the root password is
>> not known, so the only way to know what other packages they violate is
>> to hack the device.
>>
>> How can we obtain the source code of GPlv2 and v3 packages such as
>> Samba when the vendor is refusing?
>
> Thanks for reporting this. I'll take this up further with the
> vendor and see if we can get this fixed. Are you willing to
> help us by providing binary extracts of the firmware etc. to
> allow us to prove this is our code ?
>
> Thanks,
>
> Jeremy.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...