storex manufacturer and gpl violation

[Nicolas Sauzede]

mr a écrit :
> Please take a look at this compliance manual, it's great.
>
> http://www.loohuis-consulting.nl/downloads/compliance-manual.pdf
>
> Other than that, please state exactly which device it is, what solid 
> evidence that you have that it's running linux (use the manual), does 
> the product come with a written offer for the source code or a copy of 
> the gpl?
>
> Many times the support people really don't understand these things but 
> in general the company might be trying to do the right thing, only 
> unaware that there is any wrongdoing. You probably just have to speak 
> to the rightpeople.
>
> Alan
Thanks for your reply.

Indeed, here are the technical details :

The device is the NAS351, which is a networked hard drive, running a 
mips linux.
There is a telnet server which is open (no password), with root access, 
so I can give some
more technical info :

# cat /proc/cpuinfo
system type             : Broadcom BCM947XX
processor               : 0
cpu model               : BCM3302 V0.6
BogoMIPS                : 263.78
wait instruction        : no
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : no
hardware watchpoint     : no
VCED exceptions         : not available
VCEI exceptions         : not available
# cat /proc/version
Linux version 2.4.20 (root at xdev1.vimtron) (gcc version 3.0 20010422 
(prerelease) with bcm4710a0 modifications) #1 Wed Apr 11 13:41:14 CST 2007
# cat /proc/filesystems
nodev   rootfs
nodev   bdev
nodev   proc
nodev   sockfs
nodev   tmpfs
nodev   pipefs
        cramfs
nodev   ramfs
        vfat
        iso9660
nodev   devfs
nodev   nfs
        ntfs
nodev   autofs
        reiserfs
nodev   devpts
nodev   usbdevfs
nodev   usbfs
# cat /etc/buildinfo.txt
Microcode STOREX
Version: 2.2.2
Source Tag: code 2.2.2 +  GUI at 1519
Date du Microcode: Wed Apr 11 13:45:14 CST 2007

The shell is busybox, and if we look at the binary on a separate 
machine, here are the results :

nico at yak:~/nas351$ file busybox
busybox: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), for 
GNU/Linux 2.3.99, dynamically linked (uses shared libs), stripped
nico at yak:~/nas351$ strings busybox|grep BusyBox
...
BusyBox v1.00-pre2 (2007.03.02-09:58+0000) multi-call binary
...
So the device is definitely using busybox, which is written under the 
GPLv2 license (http://www.busybox.net/license.html)

The system serves local partitions through nfs, samba to the network.
Samba is written under the GPLv3 license (http://us3.samba.org/samba/)

I contacted their french hotline, and explained carefully, step by step, 
that they are indeed using free software, and hence should comply some 
(simple) rules.
The only response was : "everything is in the TELNET"
So I sent a couple more message, explaining why I wanted to have access 
to the source code (and why I deserve this right) : provide me with the 
sources of all free software they are shipping in the product (at least 
the kernel + patches, plus all the applications, plus ideally the 
toolchain they used to build them)
But they kept on replying the same kind of answers, adding that they 
were not supposed to do so, and pointed me to broadcom who manufactures 
the cpu and provides them with the software development kit.


By investigating further the content of the binaries I found : (from host)

nico at yak:~/nas351$ nico at yak:~/nas351$ file smbd
smbd: ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), for 
GNU/Linux 2.3.99, dynamically linked (uses shared libs), stripped

nico at yak:~/nas351$ strings smbd
...
Build environment:
xdev1.vimtron
   Built by:    %s@%s
root
   Built on:    %s
Wed Apr 11 13:33:36 CST 2007
   Built using: %s
mipsel-linux-gcc
/mnt/hdb1/Source/Broadcom/VND007/PACT/Jan302007/src/apps/samba/source
   Build host:  %s
Linux xdev1.vimtron 2.6.16-1.2122_FC5 #1 Sun May 21 15:01:01 EDT 2006 
i686 i686
i386 GNU/Linux

...

And also : (on the target)

# more /www/English/sample1.asp
<!--
Copyright 2004, Broadcom Corporation
All Rights Reserved.

This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom Corporation;
the contents of this file may not be disclosed to third parties, copied
or duplicated in any form, in whole or in part, without the prior
written permission of Broadcom Corporation.

-->
...

So it appears that broadcom did a lot of the content of the flash 
filesystem, and Storex only customized the user interface and such.. 
(who knows)

What can we do in this case ?
Do you think that, as they are selling a product which contains free 
software from a manufacturer such Broadcom, then they are supposed to 
provide the source code themselves or should we only ask broadcom to do so ?

Source code offer :
Apart from a Tux logo on the package (for linux compatibility) I've not 
seen any evidence of the GPL reference and/or source code offer in the 
manuals and/or website (I will double check to be sure)
Anyway, even if they did include some source code offer on some document 
(in the box or on the web), they refused to provide me with it via the 
hotline, although they told me first that they would ask the technical 
people to see if any such source was available for the customer.



Thanks for your support.