D-Link and Boxee Violate GPL!

The GNU General Public License was written to protect the freedoms that have brought the world so many useful things, including software like Linux and XBMC, from which Boxee has taken its code base. One of those essential freedoms is to be able to change open-source software to make it better suit a purpose.  It is essential to the evolution of open-source projects that people are free to take something and run with it as they see fit.  This is how Free Software has come so far.  D-Link and Boxee have now played a trick on the people who made it possible (developers and customers), by trying to hide behind games and deceit to exert control over your hardware.  They have blocked installation of custom software on the Boxee Box.

Boxee is NOT a small-time open-source community project by people who do it out of love; it is now a big money operation and they are using dirty tricks to exert control they should not have.  They use customers' and investors' money to have road trips and keg parties while users who have already paid are left with alpha-quality software and no way to fix it themselves.  They have decided to have a 3 month (forced) release cycle, making many users wait with completely disabling bugs.

What is also striking is Boxee's abandonment of development on the open platforms.  Progress has all but stopped, and you never see them tweeting about the PC version.  Little wonder, when they imagine for themselves a future of total power on the Boxee Box.

There has been a freight train of broken promises along the way, with the Netflix Promise Debacle and VUDU (it was on the retail box but didn't work) being some of the more publicized.  The option to use XBMC instead does not exist, and soon there will be a big surprise for many Boxee Box owners... The option to control the volume with the remote will disappear! Because of the forced updates, if you don't like something, too bad for you.  Don't get too attached to that volume function on the D-pad of the remote.

Moreover, the closed hardware breaks promises made during its promotion, by none other than Boxee CEO Avner Ronen:

"No keyboards, mice, windows or labyrinthine menus.  It should be calm and it should be beautiful. And it *must* be open." 

Instead we have labyrinthine menus, no option to skin or customize, ugly visualizations, and a COMPLETELY CLOSED SOFTWARE.  The deception continues: blog posts like this from before the release of the Boxee Box have been hidden.  (Track back through the pages and see that the history has been cut off)

Avner Ronen has publicly said hacking the Boxee Box was something they "hoped for" and they would try make it "hacker friendly". Clip Youtube Article

Part of this hacking would be the ability to use XBMC instead of Boxee on the box:
Originally Posted by avneron
yes, users should be able to run XBMC on the Boxee Box. we're not sure about the exact installation process that will be supported, but it is important for us to make sure XBMC runs properly on the Box.

Many people made buying decisions on that claim alone.  Strung along with false promises and deceptive tactics, many return periods lapsed before people realized what was happening.  Now they are stuck.

“Some devices utilize free software that can be upgraded, but are designed so that users are not allowed to modify that software. There are lots of different ways to do this; for example, sometimes the hardware checksums the software that is installed, and shuts down if it doesn't match an expected signature. The manufacturers comply with GPLv2 by giving you the source code, but you still don't have the freedom to modify the software you're using. We call this practice tivoization.

When people distribute User Products that include software under GPLv3, section 6 requires that they provide you with information necessary to modify that software. User Products is a term specially defined in the license; examples of User Products include portable music players, digital video recorders, and home security systems.”

 “Tivoization is a dangerous attempt to curtail users' freedom: the right to modify your software will become meaningless if none of your computers let you do it. GPLv3 stops tivoization by requiring the distributor to provide you with whatever information or data is necessary to install modified software on the device. This may be as simple as a set of instructions, or it may include special data such as cryptographic keys or information about how to bypass an integrity check in the hardware. It will depend on how the hardware was designed—but no matter what information you need, you must be able to get it.

This requirement is limited in scope. Distributors are still allowed to use cryptographic keys for any purpose, and they'll only be required to disclose a key if you need it to modify GPLed software on the device they gave you. The GNU Project itself uses GnuPG to prove the integrity of all the software on its FTP site, and measures like that are beneficial to users. GPLv3 does not stop people from using cryptography; we wouldn't want it to. It only stops people from taking away the rights that the license provides you—whether through patent law, technology, or any other means.”

If you would like to confirm for yourself that this software (and currently, the violation) exists,
simply follow these steps to see GPLv3 software on your own Boxee Box:

1. Factory restore your Boxee Box.  If you have ever used your Boxee Box on the internet (which is central to its functioning), you have been forced to upgrade your firmware, possibly against your will.  A factory reset will restore the firmware your Boxee Box was shipped with.  Shutdown your Boxee Box, and then press and hold the power button for 6-10 seconds before releasing.  You should get a different menu at bootup offering Factory Restore.  Follow the steps. 

2. Load the UnBoxed app from the mirror at http://infinityoverzero.com/bbox/rep/ and click “Enable Telnet”  You will be able to see your Boxee Box's IP details on the app screen.
   

3. Telnet to your Boxee Box's IP address.  If you are using a UNIX (including OS X) environment, simply open a terminal and type “telnet X.X.X.X” where the X's represent your Box's IP.  If you are using Windows you will need to use an application like PuTTY.

4. Once you have a command prompt on your Boxee Box, type “gpgv2 --help” et voila, you are greeted with the GPLv3 header. 

5. Contact D-Link AND Boxee and request the ability to modify the GPLv3 Software included in your Boxee Box.  Specifically you require the OpenSSL keys to generate the signature files found in the boxee.iso firmware file, and the scripts and instructions for their use.  For the D-Link contact, you might need to use their website.


6. Comment here and elsewhere on the web to show your support and spread the word.  Forums, blogs, status updates...  Link here and help promote the cause. Everything will help.  There are sharing links further down this page.
   

D-Link responded with a mix of denial and passing the buck:

John M at dlink.com:
"All software and development resources for the Boxee Box are directly handled by Boxee. You need to create a Developer account with Boxee to get the API keys for the unit. There is a link at the top of the Boxee Developer site to create your account."

Clint B at D-Link:
"Sorry, we are unable to assist with your question(s).  Technical Support on this questioning will not be supported."

Boxee  responded with avoidance and denial:

Marcel Hass replied:
"Sorry this is not possible and will not happen"

1. Download the firmware.  Current firmware here.
   

2. Open the squashfs file boxee.iso using a suitable method for you, some are described here. The squashfs tools under Ubuntu need an older kernel.  Hardy Heron Live USB works great.  Just make sure to mount on a different disk.
   

3. You need to mount the boxee.iso, then repeat the process with normal.img, then dlink_boxee_runtime.img, which are nested in descending order.  The commands on Linux could easily be: 
   

1. mkdir mountpoint
2. mkdir normal
3. mkdir runtime
4. sudo mount -o loop boxee.iso mountpoint
5. sudo mount -o loop mountpoint/normal.img normal
6. sudo mount -o loop mountpoint/normal/dlinl_boxee_runtime.img runtime
7. /mountpoint/normal/runtime/opt/local/bin/chown --version
8. /mountpoint/normal/runtime/opt/local/bin/chgrp --version
   
4. View the GPLv3 license notice, and compare to your system, to show that you are not simply running the local machine's binary.