What probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in "move fast" mode and there's no process for it yet.
Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
I think the problem is more that they weren't honest about the origins, even if we disregard the point where they themselves break the license terms.
> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.
If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
That's fair, and a bit ridiculous considering the license allows them to do what they are doing, minus lacking the attribution. People are too illiterate on software licenses. If you're going to use open source software, learn the licenses you're using! I'm pretty sure GitHub literally shows you what you can and cannot do with specific licenses.
Edit: Yeah they do. There's no excuse for goofing this up.
I think you're missing the crux of the problem here.
"We didn't understand the licensing!" isnt usually an incredible claim, but it becomes so when it's being made by a company that manages software licensing compliance.
I barely finished high school and I can understand them, not sure why some find it so hard to, even the license texts themselves are relatively easy to read, understand and reason about, and there is tons of further reading material all over the web, some from actual law-firms that can help you understand how it applies in your country too.
I can maybe understand not fully grasping how the GPLs work (I sometimes have to look at GNUs page of compatible and incompatible licenses myself) but something as simple as apache or MIT should be so dead simple it hurts
It's possible their spokesperson was not informed about SimStudio being the basis for Delve. Lots of people in sales and marketing do not know little about how open source software works.
I'm not sure "Person who answered a question didn't actually know the answer" is such a good defense, almost worse than "We didn't understand the license", because the implications of having such people in your company seems way wider then.
That is very much true. Lack of knowledge in a legal context is a very weak defense.
Generally speaking, open source ecosystem knowledge is not something that shows up in job descriptions, interviews, or regular training for non-technical staff in most software companies. Hopefully that will one day be the case but until then there is a high likelihood that misleading statements can be made accidentally.
Yes, great response. But is the failing here an individual one 'This person is bad at their job and needs more training/be replaced' or a company one 'This company only hires bad people and we shouldn't use them'
Every company of non-trivial sizes will eventually hire someone who is a bad hire.
Understandably it can be difficult for the machines of HN to truly understand, but humans don't normally have that kind of exacting control over what comes out of their mouth. Those who have carefully developed the skill of having that control don't waste their time working at struggling startups.
No, it is. Humans understand that to err is human and thus have compassion for other humans. Human expectations are placed on full timelines, not instants in time. A human saying the wrong thing simply doesn't matter to other humans as they know that words are part of a larger dialog and surrounded by a vast array of other context.
You don't see a problem with a startup dedicated to handling legal compliance for customers repeatedly botching even rudimentary legal compliance of its own?
> outside of lacking attribution / retaining copyright, I don't see a problem?
That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".
Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
> The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.
This sounds equivalent to using paid software without paying to me.
The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
Yeah I'm not sure if it's collapse or just the bad that was there all along has been let off the leash. I guess my point is I'm not sure that people lost their morals as much as the people with the morals lost the power.
I would say it was a collapse of ethics, not morality. Most people have morals (their own belief system on what is fair), but their morals may not be ethical (rule-based morals to achieve fairness). I personally attribute it to cars and the internet.
The internet removed consequences. You can say the most vile thing imaginable to another human being and… nothing happens. No social cost, no awkward eye contact at the grocery store, no reputation hit in your actual community. Just a dopamine hit and a notification count.
Cars did something sneakier. We spend hours every week sealed in a metal box, alone or with the same people. No random encounters, no friction with people who think differently. Just you, your podcast, and whatever is important in your tiny echo chamber.
Put those two together and you get people with deeply held morals and zero framework for applying them to anyone outside their bubble. Ethics requires seeing strangers as real. We've engineered that out of daily life.
Agreed, the ultimate state-monopoly on use of force, right to private property, legislated penalties and remedies, the time and expense of pursuing fairness, in the absence of full moral consideration, or common sense for lack of a better term, is a giveaway to entrenched authority, attorneys or deep-pockets, and not a sensible approach to dynamic real world right and wrong.
Exactly the article brushes over this too, painting it as not abbig deal. But IMO it is a huge deal. Open source licensees have very few terms usually, making the terms that do exist extremely important to satisfy so that a user is in good standing.
This phrase in the article in particular is frustrating:
DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.
Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
Not defending it, but the meme itself is derivative quote from the developer of TempleOS. He suffered from Schizophrenia and believed the CIA was tracking him. He believed you could tell a CIA agent due to them glowing, and would refer to them as "glowy nwords" very regularly.
The term "glowy" has taken on a life of its own despite the original context. The image itself is from it's 4chan days. Probably poor taste to include a version with Terry's full quote.
I'm sympathetic to Terry saying that. The guy had measurable brain damage, and it's hard to blame someone for doing things when it's their damaged brain that decides to do them. It's like getting mad at a diabetic for having high blood sugar.
But I can certainly squint at other people when they spread Terry's quotes and memes.
> But I can certainly squint at other people when they spread Terry's quotes and memes
Someone can use language you disagree with but still have a point if you dig past it. I also happen to personally think it's important to engage with this sort of thinker at least sometimes
Insisting on polite, formal language can be a type of bigotry too you know. It's historically pretty classist, and lately also indicates a sort of neuronormative bigotry.
Wait - not conversing with someone who thinks it's fine to post the N word is now classist and some kind of neuro-whateverthefuck bigotry?
No it's not, it's enforcing the norms of civil discourse. If they have some kind of actual underlying issue that causes this and it's legit beyond their control - then sure, go the extra mile and try to meet them where they are.
If on the other hand, it's some annoying person who likes ruffling feathers on purpose - I really think they ought to be ostracized for such behaviour.
Short of something like the recent event with the chap with Tourette's saying awful things at the BAFTA awards, or Terry Davis with schizophrenia saying outlandish stuff, there aren't many scenarios where I'd be willing to give someone a pass on this.
If you have the ability to choose not to use the n-word, and you're not in a group that can use it self-referentially among your peers, and you use it anyway, then you're an asshole and I don't really care to hear what else you have to say. I feel pretty OK with that blanket assessment.
No. There's a huge, eye-wateringly vast gap between impolite, informal language and racial slurs. I happen to personally think it's completely unimportant to engage with someone actively calling someone else the n-word.
That's not classist, and in no way neuronormative bigotry, unless we're classifying racism and generalized bastardry as a mental illness.
Personally I like GPL for core systems type of software, like an OS. I don't care what license you put desktop applications under, could be MIT, could be proprietary. I make software for a living, open source has a cost. If you want to profit off your open source software and have a competitive advantage against people forking it, you should 100% license it accordingly. I put a lot of thought into my projects before licensing them, I would hope others do as well.
In reality, GPL is also a cuck license. There is absolutely nothing stopping somebody in India forking your open source game, throwing ads in it, and uploading it to an app store. You cannot prevent people from making money off your free work, and the fact that it is a profitable endeavour for them will lead to them spending money on marketing, "outcompeting" your non-product and providing a strictly worse experience to people who don't know they could get it for free / without ads.
It doesn't even really need to be India, it could just as well be stolen by someone in your country. The vast majority of open source developers don't have the time to invest into copyright protection. Trying to actually enforce your license is signing up for a years-long nightmare of wasting your time, energy, and money dealing with the legal system for, in the end, no real value to yourself. If you release something as open source, you pretty much need to be ready to accept that your license is meaningless when it meets contact with reality.
This is all the more true with LLMs existing now, which are freely used to launder copyright licenses. Maybe in the past GPL would've made Microsoft or Google, at least, think twice about using your code, but now their developers will prompt GPT to reimplement your code.
This is why I prefer the AGPL over the GPL. But isn't this the entire point of open source? So long as it is attributed/following the license, who cares if they're selling it or not?
>. You cannot prevent people from making money off your free work, and the fact that it is a profitable endeavour for them will lead to them spending money on marketing
You can in-fact file a copyright claim against them if they fail to provide the source and attribution.
Using the GPL like this doesn't help unless you are willing to sue people. If you can't or won't sue people, all that happens is that the software with the GPL license is avoided by people who want to use it in GPL-incompatible ways but have a conscience, while bad people still take it and use it anyway, and since you're not going to sue them, they don't care that they're violating the license.
Yep. While maybe it's "not cool," (I guess, depending on how much work Delve did in their fork, in which case it could be "totally cool"), there is no legal problem with doing this and if someone is "blowing the whistle" about this, they don't really understand open source.
The thing that strikes me as odd is how is it that Delve becomes an unicorn superstar (by iself), and the company they steal stuff off of, is much much less of a success story.
It would make more sense that the people who actually built the thing would do the thing better and do it first.
Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.
At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.
Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
The U.S. has always idolized charismatic grifters. Tech revolutionized charisma, by showing that interpersonal charisma isn’t the correct filter: asociability, or perhaps the more familiar amorality, is. The ability of someone to extract and upstream value is correctly labeled as more important than being warm and friendly.
Perhaps but it’s quite informative as a cultural indicator: someone who sells open source code for millions despite not having a license to do so is almost certainly cheating in other areas as well. Like if my CFO was cheating on their spouse, it wouldn’t directly tell me that they were cheating the company but given that prior it’s significantly more likely that they view other promises as only binding if you get caught.
That's one thing I'm loving about AI adoption and everyone vibe coding, the importance of open-source. When I was learning how to code, it blew my mind when I realized proprietary companies were built on the shoulders of great open-source projects. These provide a nice UI/UX and the marketing, but AI coding is making that less and less of a moat.
Don' think SoC compliance is as automatable as much as investors hoped to. This mistrust and over trust in AI is based on a technology that Google invented and didn't pay much attention to themselves because they knew it isn't as reliable or that useful to the point where its output is so definitely reliable that it requires zero human input.
The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.
Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
If they really did, they just need to attribute to the original project, its Apache 2 licensed, not AGPL or something that requires sharing code. I swear Software License Literacy needs to be a require course for all CS students.
I'm not a legal expert to be fair, but it would definitely be the bare legal requirement, though them lying about it is probably what will get them in bigger trouble.
I encourage you to try selling copies of some Disney movies and Nintendo game rips on your website, representing them as your own work, and when they notice, to offer to "just delete them".
Recent news, but I do sympathize that your earlier thread didn’t get attention. One thing I think helped this one is that HN has more people who care about open source abuse than Delve specifically so this headline gets more attention.
Yeah, I felt like the TechCrunch title was a bit clickbaity ("The reputation of troubled YC startup Delve has gotten even worse"), so I opted to write my own title, which I feel helped get this thread on the front page.
a private fork is a huge maintenance liability. good luck when a CVE drops for the upstream repo and you have to scramble to backport the patch to your snowflake version before customers are compromised
Packaging up open source projects and selling them is done all the time is done all the time and is a good business model since you can outsource a lot of the work and bug fixing to people who will do it for free instead of having to pay someone.
instead of calling this corporate malfeasance lets call it what it for what it really is:
its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol
Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train
Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
Both are indictment of today's ambient startup culture, and I'm not sure which is ultimately worse.
The project in question is here:
https://github.com/simstudioai/sim
> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.
If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
Edit: Yeah they do. There's no excuse for goofing this up.
https://github.com/simstudioai/sim/blob/main/LICENSE
"We didn't understand the licensing!" isnt usually an incredible claim, but it becomes so when it's being made by a company that manages software licensing compliance.
Generally speaking, open source ecosystem knowledge is not something that shows up in job descriptions, interviews, or regular training for non-technical staff in most software companies. Hopefully that will one day be the case but until then there is a high likelihood that misleading statements can be made accidentally.
Every company of non-trivial sizes will eventually hire someone who is a bad hire.
That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".
Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.
This sounds equivalent to using paid software without paying to me.
The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
The fact that we can't comprehend even talking about anything beyond legality sometimes is just mind-boggling. We are sick.
Seeing some people’s post about prediction (gambling) markets is another eye opener on this topic.
Also the latest elected government of US is another one.
Not sure if it was always like this or I grew up. But it for sure seems like there is a collapse.
The internet removed consequences. You can say the most vile thing imaginable to another human being and… nothing happens. No social cost, no awkward eye contact at the grocery store, no reputation hit in your actual community. Just a dopamine hit and a notification count.
Cars did something sneakier. We spend hours every week sealed in a metal box, alone or with the same people. No random encounters, no friction with people who think differently. Just you, your podcast, and whatever is important in your tiny echo chamber.
Put those two together and you get people with deeply held morals and zero framework for applying them to anyone outside their bubble. Ethics requires seeing strangers as real. We've engineered that out of daily life.
Shouldn't morality be the basis for all of the laws?
This phrase in the article in particular is frustrating:
DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.
Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
Would think twice about linking that one in polite company.
The term "glowy" has taken on a life of its own despite the original context. The image itself is from it's 4chan days. Probably poor taste to include a version with Terry's full quote.
The whole thing reeks of 14 year old turned 38 year old smelly edgelord nonsense, not something I would post, that's for sure.
But I can certainly squint at other people when they spread Terry's quotes and memes.
Someone can use language you disagree with but still have a point if you dig past it. I also happen to personally think it's important to engage with this sort of thinker at least sometimes
Insisting on polite, formal language can be a type of bigotry too you know. It's historically pretty classist, and lately also indicates a sort of neuronormative bigotry.
Idk, some food for thought
No it's not, it's enforcing the norms of civil discourse. If they have some kind of actual underlying issue that causes this and it's legit beyond their control - then sure, go the extra mile and try to meet them where they are.
If on the other hand, it's some annoying person who likes ruffling feathers on purpose - I really think they ought to be ostracized for such behaviour.
Short of something like the recent event with the chap with Tourette's saying awful things at the BAFTA awards, or Terry Davis with schizophrenia saying outlandish stuff, there aren't many scenarios where I'd be willing to give someone a pass on this.
If you have the ability to choose not to use the n-word, and you're not in a group that can use it self-referentially among your peers, and you use it anyway, then you're an asshole and I don't really care to hear what else you have to say. I feel pretty OK with that blanket assessment.
No. There's a huge, eye-wateringly vast gap between impolite, informal language and racial slurs. I happen to personally think it's completely unimportant to engage with someone actively calling someone else the n-word.
That's not classist, and in no way neuronormative bigotry, unless we're classifying racism and generalized bastardry as a mental illness.
My default is almost always MIT though.
It doesn't even really need to be India, it could just as well be stolen by someone in your country. The vast majority of open source developers don't have the time to invest into copyright protection. Trying to actually enforce your license is signing up for a years-long nightmare of wasting your time, energy, and money dealing with the legal system for, in the end, no real value to yourself. If you release something as open source, you pretty much need to be ready to accept that your license is meaningless when it meets contact with reality.
This is all the more true with LLMs existing now, which are freely used to launder copyright licenses. Maybe in the past GPL would've made Microsoft or Google, at least, think twice about using your code, but now their developers will prompt GPT to reimplement your code.
You can in-fact file a copyright claim against them if they fail to provide the source and attribution.
It would make more sense that the people who actually built the thing would do the thing better and do it first.
Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.
At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.
Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
And now that right-wing groups are buying up all the media, we wont be hearing about it for much longer.
The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.
Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
https://news.ycombinator.com/item?id=47609310
its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol
Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train
On top of that engineering is so high pressured and awful these days e.g this video from the kids in silicon valley: https://youtu.be/0tLEszJs7hc?si=OXrJqPg-5PhVGnYT