Delve allegedly forked an open-source tool and sold it as its own (techcrunch.com)
205 points by nickvec 5 hours ago
saadn92 2 hours ago
What probably happened here is depressingly common in early-stage startups. Someone finds an open source tool that does 80% of what they need, forks it, strips the branding, and then ships it. Nobody thinks about the license because the company is in "move fast" mode and there's no process for it yet.
Sure, the Apache 2.0 allows this, but the mistake is that when someone asked "is this based on SimStudio?" the answer was "we built it ourselves" instead of "yes, it's a fork, here's what we added." It went from a fixable attribution oversight to a credibility problem. You can retroactively add a LICENSE file, but can't take the lie back.
tikhonj an hour ago
I wonder how much of that is posturing (less charitably, lying to outsiders) and how much is the organization effectively lying to itself.
Both are indictment of today's ambient startup culture, and I'm not sure which is ultimately worse.
nickvec 19 minutes ago
Based on DeepDelve's recent follow-up article, I would assume the former. https://deepdelver.substack.com/p/delve-fake-compliance-as-a...
nikanj 5 minutes ago
Every layer of the organization tells a more rosy version of the truth up the chain of command. The programmer might tell the PM that they're running Apache software with the serials filed off, but by the time that filters up the chain to the CEO / Board, the product is "fully proprietary and 100% built in-house"
giancarlostoro 4 hours ago
The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
The project in question is here:
embedding-shape 4 hours ago
I think the problem is more that they weren't honest about the origins, even if we disregard the point where they themselves break the license terms.
> DeepDelver recognized that Pathways looked a lot like Sim.ai’s open source agent-building product called SimStudio and asked Delve if it was based on SimStudio. The Delve folks said they built it themselves, the whistleblower contends.
If they were upfront about that it was a fork, and attributed it, sounds like there wouldn't have been any issues here at all.
giancarlostoro 4 hours ago
That's fair, and a bit ridiculous considering the license allows them to do what they are doing, minus lacking the attribution. People are too illiterate on software licenses. If you're going to use open source software, learn the licenses you're using! I'm pretty sure GitHub literally shows you what you can and cannot do with specific licenses.
Edit: Yeah they do. There's no excuse for goofing this up.
bawolff an hour ago
i_am_jl 3 hours ago
swingboy 4 hours ago
embedding-shape 4 hours ago
gzread 38 minutes ago
evanjrowley 3 hours ago
It's possible their spokesperson was not informed about SimStudio being the basis for Delve. Lots of people in sales and marketing do not know little about how open source software works.
embedding-shape 3 hours ago
echoangle 3 hours ago
CodingJeebus 3 hours ago
I'd be more concerned about a shareholder lawsuit if Delve told their investors that they owned the IP of said platform.
deng 2 hours ago
> outside of lacking attribution / retaining copyright, I don't see a problem?
That's a bit like a shoplifter saying "well, outside of not paying for it, I don't see a problem?".
Apache 2.0 clearly says you must include the license, include copyright, state any changes you've made and include the NOTICE file. None of that was done, so this is a pretty clear violation of the license. The copyright holders can demand that this is fixed immediately, seek at least an injunction if that does not happen, and maybe even claim profits made from selling the software while violating the license.
starkparker 3 hours ago
You don't see a problem with a startup dedicated to handling legal compliance for customers repeatedly botching even rudimentary legal compliance of its own?
WhyNotHugo 3 hours ago
> The project is Apache licensed, so even if they took it, outside of lacking attribution / retaining copyright, I don't see a problem? They would be require to add it to an "About" tab or something.
They used it without having a license. The apache license would have allowed them to use it, but they didn’t meet the conditions.
This sounds equivalent to using paid software without paying to me.
The original author could well claim that “the cost of a license under the terms which they used it is $2M”. After all, the cost of software licenses is entirely arbitrary and set by the author (copyright owner).
wredcoll 4 hours ago
Sometimes people consider morality instead of legality.
voidfunc 4 hours ago
Good thing our legal system doesn't.
happytoexplain 4 hours ago
LocalH an hour ago
bluefirebrand 2 hours ago
axus 4 hours ago
If you start a business relationship with people who rip-off and cover-up, you're going to have a bad time.
Steve16384 4 hours ago
But they didn't attribute it. Or does this not really matter?
giancarlostoro 3 hours ago
It does matter, that's one of the requirements.
NewJazz 3 hours ago
Exactly the article brushes over this too, painting it as not abbig deal. But IMO it is a huge deal. Open source licensees have very few terms usually, making the terms that do exist extremely important to satisfy so that a user is in good standing.
This phrase in the article in particular is frustrating:
DeepDelver calls this “stealing intellectual property,” which is a bit of a stretch, since open source tools are freely available to be used, if they are properly credited.
Oh because my license terms are more liberal, it doesn't matter as much when you break them?? Really? Bonkers that they would publish that.
croes 2 hours ago
Ask yourself why they didn’t do that in the first place.
PhilipRoman 4 hours ago
This hilarious meme continues to prove itself correct again and again https://lukesmith.xyz/articles/why-i-use-the-gpl-and-not-cuc...
neutronicus 3 hours ago
Does that blog post have a glowing smiley face with "A BUNCH OF N***ERS" written in on it in pixelated text?
Would think twice about linking that one in polite company.
lynndotpy an hour ago
MSFT_Edging 3 hours ago
giancarlostoro 3 hours ago
PhilipRoman 3 hours ago
gzread 33 minutes ago
mghackerlady 3 hours ago
giancarlostoro 4 hours ago
Personally I like GPL for core systems type of software, like an OS. I don't care what license you put desktop applications under, could be MIT, could be proprietary. I make software for a living, open source has a cost. If you want to profit off your open source software and have a competitive advantage against people forking it, you should 100% license it accordingly. I put a lot of thought into my projects before licensing them, I would hope others do as well.
My default is almost always MIT though.
applfanboysbgon 3 hours ago
In reality, GPL is also a cuck license. There is absolutely nothing stopping somebody in India forking your open source game, throwing ads in it, and uploading it to an app store. You cannot prevent people from making money off your free work, and the fact that it is a profitable endeavour for them will lead to them spending money on marketing, "outcompeting" your non-product and providing a strictly worse experience to people who don't know they could get it for free / without ads.
It doesn't even really need to be India, it could just as well be stolen by someone in your country. The vast majority of open source developers don't have the time to invest into copyright protection. Trying to actually enforce your license is signing up for a years-long nightmare of wasting your time, energy, and money dealing with the legal system for, in the end, no real value to yourself. If you release something as open source, you pretty much need to be ready to accept that your license is meaningless when it meets contact with reality.
This is all the more true with LLMs existing now, which are freely used to launder copyright licenses. Maybe in the past GPL would've made Microsoft or Google, at least, think twice about using your code, but now their developers will prompt GPT to reimplement your code.
withinboredom 3 hours ago
lynndotpy 31 minutes ago
gzread 26 minutes ago
delfinom 2 hours ago
Jiro 3 hours ago
Using the GPL like this doesn't help unless you are willing to sue people. If you can't or won't sue people, all that happens is that the software with the GPL license is avoided by people who want to use it in GPL-incompatible ways but have a conscience, while bad people still take it and use it anyway, and since you're not going to sue them, they don't care that they're violating the license.
mvkel 4 hours ago
Yep. While maybe it's "not cool," (I guess, depending on how much work Delve did in their fork, in which case it could be "totally cool"), there is no legal problem with doing this and if someone is "blowing the whistle" about this, they don't really understand open source.
mrgoldenbrown 3 hours ago
How is there no legal problem with violating the license terms, which explicitly require attribution?
NewJazz 3 hours ago
nickvec 2 hours ago
You clearly did not read the article. Why post something so confidently when you're not even informed on the topic?
malcolmgreaves 3 hours ago
> A permissive license whose main conditions require preservation of copyright and license notices.
torginus 4 hours ago
The thing that strikes me as odd is how is it that Delve becomes an unicorn superstar (by iself), and the company they steal stuff off of, is much much less of a success story.
It would make more sense that the people who actually built the thing would do the thing better and do it first.
MeetingsBrowser 4 hours ago
I think in real life, cheaters win.
Without proper punishment, groups who "play fair" are at a strict disadvantage against those willing to break the rules.
At least in the US, we seem to be rapidly moving away from punishing groups for breaking the rules. All the mega successful companies (and people) seem to break a lot of rules to get there.
Conversely, the honest "play by the rules" groups can't be mega successful. Without punishment, the cheater always wins.
altairprime 2 hours ago
The U.S. has always idolized charismatic grifters. Tech revolutionized charisma, by showing that interpersonal charisma isn’t the correct filter: asociability, or perhaps the more familiar amorality, is. The ability of someone to extract and upstream value without engaging in ethics is correctly labeled as more important than being warm and friendly.
superxpro12 2 hours ago
The words for this is "regulatory capture" and "deregulation". And yes, its been happening for a long time.
And now that right-wing groups are buying up all the media, we wont be hearing about it for much longer.
input_sh 18 minutes ago
Actually building something useful and fun and spending your time convincing investors to give you enough money to maybe turn it into a profitable business some day are not really complimentary personality traits.
Steve Wozniak alone could've maybe built Apple without Steve Jobs, but his time would be wasted by doing something he (presumably) didn't enjoy very much and it would've been a much bumpier road.
nikanj 3 minutes ago
Even if the prospective investors smell a rat, they might decide that it's likely that a greater fool will arrive on the scene later - justifying investing in a known scam
mikert89 3 hours ago
Basically YC + MIT background is a license to raise infinite capital. So they just needed to check some revenue boxes etc.
chuckadams 3 hours ago
In the long list of Delve's misdeeds, this is probably the least of them.
acdha 2 hours ago
Perhaps but it’s quite informative as a cultural indicator: someone who sells open source code for millions despite not having a license to do so is almost certainly cheating in other areas as well. Like if my CFO was cheating on their spouse, it wouldn’t directly tell me that they were cheating the company but given that prior it’s significantly more likely that they view other promises as only binding if you get caught.
theturtletalks 2 hours ago
That's one thing I'm loving about AI adoption and everyone vibe coding, the importance of open-source. When I was learning how to code, it blew my mind when I realized proprietary companies were built on the shoulders of great open-source projects. These provide a nice UI/UX and the marketing, but AI coding is making that less and less of a moat.
wg0 2 hours ago
Don' think SoC compliance is as automatable as much as investors hoped to. This mistrust and over trust in AI is based on a technology that Google invented and didn't pay much attention to themselves because they knew it isn't as reliable or that useful to the point where its output is so definitely reliable that it requires zero human input.
The coding agents succeeds because apart from wanna be SaaS indie vibe coders, other serious users of AI agents for coding are themselves pretty strong and competent software engineers that won't let slip things easily and have years of experience and a taste in what is architecturally correct and what is nonsense and when and how to steer in what direction.
Other fields - if they have to review every output of the LLM such as in finance running totals and such to verify the results of an LLM makes their usage not as much useful.
nikanj 3 minutes ago
It's fully automatable. The secret ingredient is fraud.
gclawes an hour ago
Delved too greedily and too deep, it sounds like
dmitrygr 4 hours ago
The scrubbing of old posts says much
giancarlostoro 4 hours ago
If they really did, they just need to attribute to the original project, its Apache 2 licensed, not AGPL or something that requires sharing code. I swear Software License Literacy needs to be a require course for all CS students.
dmitrygr 4 hours ago
You do not get to “just” retroactively fix copyright infringement (which is what this was). Try it with Disney sometimes.
giancarlostoro 4 hours ago
SanjayMehta 3 hours ago
nickvec 3 hours ago
Sorry your thread didn’t gain traction, but this isn’t old news by any means. No need to be salty.
acdha 2 hours ago
Recent news, but I do sympathize that your earlier thread didn’t get attention. One thing I think helped this one is that HN has more people who care about open source abuse than Delve specifically so this headline gets more attention.
nickvec 2 hours ago
Yeah, I felt like the TechCrunch title was a bit clickbaity ("The reputation of troubled YC startup Delve has gotten even worse"), so I opted to write my own title, which I feel helped get this thread on the front page.
AIorNot 2 hours ago
instead of calling this corporate malfeasance lets call it what it for what it really is:
its Bunch of inexperienced people (kids really) stealing stuff from each other. (Not a proper 'Compliance' company) -The CEO is like 22 years old!!! WTF guys you think this guy knows compliance??? lol
Ie in a fast high pressure environment called Y Combinator where the 'adults' are pressuring and hyping each other's products and stealing open source, AI generating and in general trying to productize every crappy idea they can think of to capture some VC or investor who is too dumb to do proper due diligence in the AI gold-rush and hype train
On top of that engineering is so high pressured and awful these days e.g this video from the kids in silicon valley: https://youtu.be/0tLEszJs7hc?si=OXrJqPg-5PhVGnYT
wg0 2 hours ago
More on that: https://www.youtube.com/watch?v=ahDQ6SSK1Y0
kikitaffner 2 hours ago
a private fork is a huge maintenance liability. good luck when a CVE drops for the upstream repo and you have to scramble to backport the patch to your snowflake version before customers are compromised
charcircuit 3 hours ago
Packaging up open source projects and selling them is done all the time is done all the time and is a good business model since you can outsource a lot of the work and bug fixing to people who will do it for free instead of having to pay someone.
mrgoldenbrown 3 hours ago
The selling wasn't the problem here. The problem was lying about what they were doing and violating the terms of the license.
randyrand 2 hours ago
So they added marketing and support on top. Sounds like how you run a business.