GPL issues with BlueSound and BluOS

[raspiman]

Bluesound has created a linux distribution named BluOS which violates the GPL and many open source principles.

 

The first violation is the fact the BluOS is based on GPLv2 based code such:

- linux kernel

- busybox

- madplay (to decode mp3)

- flac

- ogg

 

and includes the binaries in their OS, but no source code is shipped with BlueSound products. Furthermore a written offer is not included, which is mandatory if you do not include the GPL sourcecode. No sourcecode is published by Bluesound.

 

Proof: you can browse the BlueSound root directory here:

https://github.com/sashahilton00/spotify-connect-resources/tree/master/Powernode%20Firmware/rootfs

 

To obfuscate their perl code, they used the flawed Filter::Crypto::Decrypt perl module to encrypt all of their Perl scripts, which were easily decrypted as the encryption is stored in the library, you just need to know how to fish it out. The calling of flac, ogg123 and madplay can easily be proven by decrypting /root/FileCodec.pm, which also proves we have successfully decrypted and analysed the Perl code.

 

sub _mp3Codec {        my ($track, $filename) = @_;


       my @seekArgs = ();
       if (my $offset = $track->{'seekOffset'}) {
               my $seek = sprintf("%d.%d", $offset / 1000, $offset % 1000);
               @seekArgs = ('-s', $seek);
       }


       push @seekArgs, '-S' if $track->{'channels'} == 2;


       return [ 'madplay', @seekArgs, '-q', '--no-tty-control', '--output=raw:-', $filename ];
}


sub _flacCodec {
       my ($track, $filename) = @_;


       my @seekArgs = ();
       if (my $offset = $track->{'seekOffset'}) {
               my $seek = sprintf("--skip=%d:%02d.%d", $offset / 60_000, ($offset % 60_000) / 1000, $offset % 1000);
               @seekArgs = ($seek);
       }


       return [ 'flac', @seekArgs, '-F', '--decode', '--silent', '--stdout', '--force-raw-format', '--endian=little', '--sign=signed', $filename ];
}

 

flac and madplay are in /usr/bin on any BS device:

 

https://github.com/sashahilton00/spotify-connect-resources/tree/master/Powernode%20Firmware/rootfs/usr/bin

 

Now this little perl snippet has no meaning if you don't have the complete Perl source, but these functions prove the BlueOS player is a derived work on top of existing open source decoders/players.

 

You can also just download any of their firmware images, unzip and mount or burn the ISO file, and then inspect the rootfs tarball which contains their own perl scripts in /root and OSS based players in /usr/bin

 

http://www.bluesound.com/en-eu/downloads/

 

BlueSound only provides zipfiles which contain the firmware, which is based on uboot+busybox and their own proprietary perl based daemon which manages playlists, players, .... and to play actual music files, they call GPLv2 binaries like flac, ogg123 and madplay.

 

The second problem is that BlueSound actually forbids to modify their Busybox, which violates the GPL, as under the GPL you have the right to modify GPL based parts:

 

User License Agreement and Limited Warranty : Bluesound

 

You agree not to modify, adapt, translate, reverse engineer, decompile, or disassemble the Bluesound Software or the Bluesound product, in whole or in part, except as expressly provided for in this agreement or upon Bluesound’s written request.

 

I am a raspberry developer, and managed to run the BlueSound code in a chroot() jail on my raspberry pi2 running picoreplayer, the open source logitech client. While I don't do anything with this code as it's just for sake of figuring out the binary compatiblity with raspberry, which is the case.

 

As I don't like the BlueOS app, but like the fact that we can buy a BlueSound device with builtin amp, I would like to add a logitech squeezelite client to BlueOS or just make a version of picoreplayer for bluesound, which for the moment has been made impossible by BlueSound as their EULA is not compatible with the user rights under the GPL.

 

What we expect:

 

- BlueSound / Lenbrook releases all GPLv2 and GPLv3 components

- BlueSound includes a written offer, source code, or download links to the source code

- BlueSound removes the EULA parts which violate the GPL, so users can use any open source and other open source players on their device

 

More proof: MQA alsa LGPL violation analysis

 

Meridian MQA - Breakthrough? LMS possible? - Page 15

 

Busybox + uboot proof:

Geek review of Bluesound Node « Weblog for Thomas S. Iversen

 

Madplay in BS logs:

https://helpdesk.bluesound.com/discussions/viewtopic.php?f=4&t=1442

 

Jan 25 15:48:11 (none) user.info ./ms.pl: FileCodec::init FileCodec.pm (97) madplay -S -q --no-tty-control --output=raw:- Chikinki - 09 - Mystery man.mp3

 

What Bluesound is doing is very dangerous, as Busybox used to sue any violators including big companies:

https://en.wikipedia.org/wiki/Software_Freedom_Law_Center

[Guest]

I'm years late but never the less I'd like BS to open up their software too.

 

They won't answer questions about the software being linux or anything else.