What probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in "move fast" mode and there's no process for it yet.<p>Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
I wonder how much of that is posturing (less charitably, lying to outsiders) and how much is the organization effectively lying to itself.<p>Both are indictment of today's ambient startup culture, and I'm not sure which is ultimately worse.
Based on DeepDelve's recent follow-up article, I would assume the former. <a href="https://deepdelver.substack.com/p/delve-fake-compliance-as-a-service-98a" rel="nofollow">https://deepdelver.substack.com/p/delve-fake-compliance-as-a...</a>
Every layer of the organization tells a more rosy version of the truth up the chain of command. The programmer might tell the PM that they're running Apache software with the serials filed off, but by the time that filters up the chain to the CEO / Board, the product is "fully proprietary and 100% built in-house"
The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.<p>The project in question is here:<p><a href="https://github.com/simstudioai/sim" rel="nofollow">https://github.com/simstudioai/sim</a>
I think the problem is more that they weren't honest about the origins, even if we disregard the point where they themselves break the license terms.<p>> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.<p>If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
That's fair, and a bit ridiculous considering the license allows them to do what they are doing, minus lacking the attribution. People are too illiterate on software licenses. If you're going to use open source software, learn the licenses you're using! I'm pretty sure GitHub literally shows you what you can and cannot do with specific licenses.<p>Edit: Yeah they do. There's no excuse for goofing this up.<p><a href="https://github.com/simstudioai/sim/blob/main/LICENSE" rel="nofollow">https://github.com/simstudioai/sim/blob/main/LICENSE</a>
> license allows them to do what they are doing, minus lacking the attribution.<p>That's a hell of a caveat though. That is basically the entire license.<p>Its like saying you are allowed to kill people minus that whole law about murder. Well like obviously. You are allowed to do anything minus the rules that forbid you from doing the thing.
I think you're missing the crux of the problem here.<p>"We didn't understand the licensing!" isnt usually an incredible claim, but it becomes so when it's being made by a company that manages software licensing compliance.
They assume if people knew it was just a fork of an open source tool then they would use the free, open source version instead of paying for the fork.
I barely finished high school and I can understand them, not sure why some find it so hard to, even the license texts themselves are relatively easy to read, understand and reason about, and there is tons of further reading material all over the web, some from actual law-firms that can help you understand how it applies in your country too.
And if you're releasing open source software, learn the licenses you're using! You probably didn't intend a multimillion dollar AI startup to be able to just take your thing and call it their own.
It's possible their spokesperson was not informed about SimStudio being the basis for Delve. Lots of people in sales and marketing do not know little about how open source software works.
I'm not sure "Person who answered a question didn't actually know the answer" is such a good defense, almost worse than "We didn't understand the license", because the implications of having such people in your company seems way wider then.
That is very much true. Lack of knowledge in a legal context is a very weak defense.<p>Generally speaking, open source ecosystem knowledge is not something that shows up in job descriptions, interviews, or regular training for non-technical staff in most software companies. Hopefully that will one day be the case but until then there is a high likelihood that misleading statements can be made accidentally.
Compliance tech company who doesn't know about open-source. Interesting.
Then maybe say „I don’t know, let me get back to you“ instead of „no, we built it ourselves“?
Yes, great response. But is the failing here an individual one 'This person is bad at their job and needs more training/be replaced' or a company one 'This company only hires bad people and we shouldn't use them'<p>Every company of non-trivial sizes will eventually hire someone who is a bad hire.
Understandably it can be difficult for the machines of HN to truly understand, but humans don't normally have that kind of exacting control over what comes out of their mouth. Those who have carefully developed the skill of having that control don't waste their time working at struggling startups.
I'd be more concerned about a shareholder lawsuit if Delve told their investors that they owned the IP of said platform.
> outside of lacking attribution / retaining copyright, I don't see a problem?<p>That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".<p>Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
You don't see a problem with a startup dedicated to handling legal compliance for customers repeatedly botching even rudimentary legal compliance of its own?
Copyright infringement is always a problem.
> The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.<p>They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.<p>This sounds equivalent to using paid software without paying to me.<p>The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
Sometimes people consider morality instead of legality.
If you start a business relationship with people who rip-off and cover-up, you're going to have a bad time.
But they didn't attribute it. Or does this not really matter?
It does matter, that's one of the requirements.
Exactly the article brushes over this too, painting it as not abbig deal. But IMO it is a huge deal. Open source licensees have very few terms usually, making the terms that do exist extremely important to satisfy so that a user is in good standing.<p>This phrase in the article in particular is frustrating:<p><i>DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.</i><p>Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
Ask yourself why they didn’t do that in the first place.
This hilarious meme continues to prove itself correct again and again <a href="https://lukesmith.xyz/articles/why-i-use-the-gpl-and-not-cuck-licenses/" rel="nofollow">https://lukesmith.xyz/articles/why-i-use-the-gpl-and-not-cuc...</a>
Does that blog post have a glowing smiley face with "A BUNCH OF N***ERS" written in on it in pixelated text?<p>Would think twice about linking that one in polite company.
In case it is pertinent for anyone clicking, the source article does not censor the text, but it is a little blurry in the image.
Not defending it, but the meme itself is derivative quote from the developer of TempleOS. He suffered from Schizophrenia and believed the CIA was tracking him. He believed you could tell a CIA agent due to them glowing, and would refer to them as "glowy nwords" very regularly.<p>The term "glowy" has taken on a life of its own despite the original context. The image itself is from it's 4chan days. Probably poor taste to include a version with Terry's full quote.
I'm sympathetic to Terry saying that. The guy had measurable brain damage, and it's hard to blame someone for doing things when it's their damaged brain that decides to do them. It's like getting mad at a diabetic for having high blood sugar.<p>But I can certainly squint at other people when they spread Terry's quotes and memes.
> But I can certainly squint at other people when they spread Terry's quotes and memes<p>Someone can use language you disagree with but still have a point if you dig past it. I also happen to personally think it's important to engage with this sort of thinker at least sometimes<p>Insisting on polite, formal language can be a type of bigotry too you know. It's historically pretty classist, and lately also indicates a sort of neuronormative bigotry.<p>Idk, some food for thought
Wait - not conversing with someone who thinks it's fine to post the N word is now classist and some kind of neuro-whateverthefuck bigotry?<p>No it's not, it's enforcing the norms of civil discourse. If they have some kind of actual underlying issue that causes this and it's legit beyond their control - then sure, go the extra mile and try to meet them where they are.<p>If on the other hand, it's some annoying person who likes ruffling feathers on purpose - I really think they ought to be ostracized for such behaviour.
Right?! I feel like we <i>must</i> be being trolled.<p>Short of something like the recent event with the chap with Tourette's saying awful things at the BAFTA awards, or Terry Davis with schizophrenia saying outlandish stuff, there aren't many scenarios where I'd be willing to give someone a pass on this.<p>If you have the ability to choose not to use the n-word, and you're not in a group that can use it self-referentially among your peers, and you use it anyway, then you're an asshole and I don't really care to hear what else you have to say. I feel pretty OK with that blanket assessment.
> Short of something like the recent event with the chap with Tourette's saying awful things at the BAFTA awards, or Terry Davis with schizophrenia saying outlandish stuff, there aren't many scenarios where I'd be willing to give someone a pass on this.<p>"There are some scenarios where you might want to give people a pass for reasons outside their control" is literally the only point I was trying to make<p>So I guess we are in violent agreement?<p>Edit: also, you will never actually discover which people you should give the benefit of the doubt if you categorically dismiss anyone who uses language you dislike
[dead]
Ahem, <i>bullshit</i>.<p>No. There's a huge, eye-wateringly vast gap between impolite, informal language and racial slurs. I happen to personally think it's completely unimportant to engage with someone actively calling someone else the n-word.<p>That's not classist, and in no way neuronormative bigotry, unless we're classifying racism and generalized bastardry as a mental illness.
"Probably poor taste" ... it's the fuckin N word, in the context of software licenses. Of course it's in poor taste, that's putting it mildly.<p>The whole thing reeks of 14 year old turned 38 year old smelly edgelord nonsense, not something I would post, that's for sure.
In the most generous interpretation possible, I still would not say it has taken on a "life of its own", it's still very well rooted in the context of the belief the CIA plants black people in locations for gangstalking.
Hot damn, I did not notice the Terry Davis meme on the blog post had that. I wonder if they noticed the font at all or not.
Didn't notice it, to be honest.
No, it doesn't, and honestly, your comment comes off as trying to steer people away from clicking the link and learning the actual point of what's being linked to.
he's gone way off the /pol/tard deepend. He used to be a pretty good source for GNU/Linux tutorials but man he's insufferable
Personally I like GPL for core systems type of software, like an OS. I don't care what license you put desktop applications under, could be MIT, could be proprietary. I make software for a living, open source has a cost. If you want to profit off your open source software and have a competitive advantage against people forking it, you should 100% license it accordingly. I put a lot of thought into my projects before licensing them, I would hope others do as well.<p>My default is almost always MIT though.
Using the GPL like this doesn't help unless you are willing to sue people. If you can't or won't sue people, all that happens is that the software with the GPL license is avoided by people who want to use it in GPL-incompatible ways but have a conscience, while bad people still take it and use it anyway, and since you're not going to sue them, they don't care that they're violating the license.
In reality, GPL is also a cuck license. There is absolutely nothing stopping somebody in India forking your open source game, throwing ads in it, and uploading it to an app store. You cannot prevent people from making money off your free work, and the fact that it is a profitable endeavour for them will lead to them spending money on marketing, "outcompeting" your non-product and providing a strictly worse experience to people who don't know they could get it for free / without ads.<p>It doesn't even really need to be India, it could just as well be stolen by someone in your country. The vast majority of open source developers don't have the time to invest into copyright protection. Trying to actually enforce your license is signing up for a years-long nightmare of wasting your time, energy, and money dealing with the legal system for, in the end, no real value to yourself. If you release something as open source, you pretty much need to be ready to accept that your license is meaningless when it meets contact with reality.<p>This is all the more true with LLMs existing now, which are freely used to launder copyright licenses. Maybe in the past GPL would've made Microsoft or Google, at least, think twice about using your code, but now their developers will prompt GPT to reimplement your code.
This is why I prefer the AGPL over the GPL. But isn't this the entire point of open source? So long as it is attributed/following the license, who cares if they're selling it or not?
I agree with your analogy, but as an aside... "Cuck license" is not a phrase that's a term of art outside this blog post and I don't think it's a useful lens for understanding how software licenses work.<p>It also seems divorced from the practice of intentional cuckoldry. Any "bulls" would know that a more apt analogue would put Amazon and Delve and others as the cucks (expending energy to create arrangements where they can sit back and watch others do the work), and the open source contributors as the 'bulls' or 'cuckqueans' (the ones who actually do the work, but they do it because they find it enjoyable).<p>Luckily, software licenses aren't really so difficult to understand, and it behooves us to understand them in specifics. So I don't think it serves an illustrative purpose to insist on an analogy where writing software is like being physically intimate with someone elses spouse. I think the author just intends to signal political affiliation through the soft-shibboleth of Being the Type of Guy to Say Cuck A Lot.
You can submit a DMCA takedown notice to the app store, and they must take it offline for 14 days and give you the contact details of the perpetrator, or else you can use the app store for not doing that.
> they must take it offline for 14 days and give you the contact details of the perpetrator<p>These specific actions are definitely not part of the DMCA. In fact, it's basically the reverse. Unless you hire a lawyer to represent you, you must dox yourself to file a DMCA claim, which will involve handing over your name, address, and phone number to the platform committing the infringement against you, with the DMCA complaint requiring swearing under penalty of perjury that you are not falsifying any details.<p>> else you can [sue] the app store for not doing that.<p>This is, I think, the fantasy belief of someone who has never engaged with the legal system. You submit a notice of copyright infringement. They ignore it. Now what? Are you, as an independent developer, prepared to spend years of your life fighting to have it taken offline, out of pure spite, because you aren't going to get anything near the effort you put in? Even if you "win", you still lose, because it's just not worth it.<p>This is assuming you're even aware of the infringement. It was pure luck that I happened to discover the copyright infringement, in my case. It would be very easy for somebody to never discover that their game was re-labelled with a new name in a foreign app store. And once aware of it, actually trying to enforce my copyright quickly disabused me of the notion that copyright law could ever benefit individuals in any meaningful way.
>. You cannot prevent people from making money off your free work, and the fact that it is a profitable endeavour for them will lead to them spending money on marketing<p>You can in-fact file a copyright claim against them if they fail to provide the source and attribution.
Yep. While maybe it's "not cool," (I guess, depending on how much work Delve did in their fork, in which case it could be "totally cool"), there is no legal problem with doing this and if someone is "blowing the whistle" about this, they don't really understand open source.
How is there no legal problem with violating the license terms, which explicitly require attribution?
You clearly did not read the article. Why post something so confidently when you're not even informed on the topic?
> A permissive license whose main conditions require preservation of copyright and license notices.
The thing that strikes me as odd is how is it that Delve becomes an unicorn superstar (by iself), and the company they steal stuff off of, is much much less of a success story.<p>It would make more sense that the people who actually built the thing would do the thing better and do it first.
I think in real life, cheaters win.<p>Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.<p>At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.<p>Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
The U.S. has always idolized charismatic grifters. Tech revolutionized charisma, by showing that interpersonal charisma isn’t the correct filter: asociability, or perhaps the more familiar amorality, is. The ability of someone to extract and upstream value without engaging in ethics is correctly labeled as more important than being warm and friendly.
The words for this is "regulatory capture" and "deregulation". And yes, its been happening for a long time.<p>And now that right-wing groups are buying up all the media, we wont be hearing about it for much longer.
Actually building something useful and fun and spending your time convincing investors to give you enough money to <i>maybe</i> turn it into a profitable business some day are not really complimentary personality traits.<p>Steve Wozniak alone could've maybe built Apple without Steve Jobs, but his time would be wasted by doing something he (presumably) didn't enjoy very much and it would've been a much bumpier road.
Basically YC + MIT background is a license to raise infinite capital. So they just needed to check some revenue boxes etc.
Even if the prospective investors smell a rat, they might decide that it's likely that a greater fool will arrive on the scene later - justifying investing in a known scam
In the long list of Delve's misdeeds, this is probably the least of them.
Perhaps but it’s quite informative as a cultural indicator: someone who sells open source code for millions despite not having a license to do so is almost certainly cheating in other areas as well. Like if my CFO was cheating on their spouse, it wouldn’t directly tell me that they were cheating the company but given that prior it’s significantly more likely that they view other promises as only binding if you get caught.
Don' think SoC compliance is as automatable as much as investors hoped to. This mistrust and over trust in AI is based on a technology that Google invented and didn't pay much attention to themselves because they knew it isn't as reliable or that useful to the point where its output is so definitely reliable that it requires zero human input.<p>The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.<p>Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
The scrubbing of old posts says much
If they really did, they just need to attribute to the original project, its Apache 2 licensed, not AGPL or something that requires sharing code. I swear Software License Literacy needs to be a require course for all CS students.
Delved too greedily and too deep, it sounds like
Old news.<p><a href="https://news.ycombinator.com/item?id=47609310">https://news.ycombinator.com/item?id=47609310</a>
Sorry your thread didn’t gain traction, but this isn’t old news by any means. No need to be salty.
That was posted 12 hours earlier. What's your definition of old?
Recent news, but I do sympathize that your earlier thread didn’t get attention. One thing I think helped this one is that HN has more people who care about open source abuse than Delve specifically so this headline gets more attention.
Yeah, I felt like the TechCrunch title was a bit clickbaity ("The reputation of troubled YC startup Delve has gotten even worse"), so I opted to write my own title, which I feel helped get this thread on the front page.
instead of calling this corporate malfeasance lets call it what it for what it really is:<p>its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol<p>Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train<p>On top of that engineering is so high pressured and awful these days e.g this video from the kids in silicon valley: <a href="https://youtu.be/0tLEszJs7hc?si=OXrJqPg-5PhVGnYT" rel="nofollow">https://youtu.be/0tLEszJs7hc?si=OXrJqPg-5PhVGnYT</a>
[dead]
[dead]
[dead]
a private fork is a huge maintenance liability. good luck when a CVE drops for the upstream repo and you have to scramble to backport the patch to your snowflake version before customers are compromised
[dead]
Packaging up open source projects and selling them is done all the time is done all the time and is a good business model since you can outsource a lot of the work and bug fixing to people who will do it for free instead of having to pay someone.
So they added marketing and support on top. Sounds like how you run a business.
That's one thing I'm loving about AI adoption and everyone vibe coding, the importance of open-source. When I was learning how to code, it blew my mind when I realized proprietary companies were built on the shoulders of great open-source projects. These provide a nice UI/UX and the marketing, but AI coding is making that less and less of a moat.