An AI Company Using Stolen Code Is Trying To Silence the Person Who Found Out (neowin.net) 80
segaboy81 writes: Jailbreak hacker @ronsoros found stolen, open-source code in voice.ai, a real-time voice synthesizer, but instead of complying with the open-source license, they are taking measures to shut him down. "After an extensive investigation into an installation of Voice.ai, it was found that the company had integrated code from Praat, a widely-used open-source speech analysis software, and libgcrypt, a cryptographic library, in its proprietary software without releasing the source code of its software or providing proper attribution," reports Neowin.
"In his blog, undeleted, @ronsoros details the steps that were taken to uncover the violations. [...] @ronsoros reached out to the company to let them know they were in violation of two opensource licenses and was promptly booted from the community's Discord server."
"In his blog, undeleted, @ronsoros details the steps that were taken to uncover the violations. [...] @ronsoros reached out to the company to let them know they were in violation of two opensource licenses and was promptly booted from the community's Discord server."
Legally speaking... (Score:2, Insightful)
Whoever detected this GPL licensed code should contact the copyright holders, to find out that these guys don't have a different license,
Re:Legally speaking... (Score:5, Insightful)
...Whoever detected this GPL licensed code should contact the copyright holders, to find out that these guys don't have a different license, and of course to inform the copyright holder. Don't accuse anyone of copyright infringement until you are sure f it.
And yet, that could have all been clarified within a sentence or two in a discord chat.
You really think the real reason for their actions is going to show legit behavior? Needless to say I'm not holding my breath. Far more of a chance Greed pulled some FOSS fuckery for gain than someone stumbling across a licensing issue.
Re: (Score:1)
I see! The old SILENCE IMPLIES CONSENT!!
Re: (Score:2)
What consent?
Silence in the face of a felony accusation that could be easily dismissed if false does tend to make one look guilty.
Re:Legally speaking YOU ARE NOT A LAWYER (Score:2, Informative)
FFmpeg provides for just this
https://trac.ffmpeg.org/query?... [ffmpeg.org]
making it easy to report violations and, yes, to watch some squirm like worms.
Re:Legally speaking... (Score:5, Insightful)
The first rule of "did they have a special license" club is: They did not have a special license.
You can probably guess the second rule of "did they have a special license club" -- especially given that they banned him rather than explained why he was wrong.
Yes, only the copyright holder can sue them for copyright infringement, but anyone can opine on the company's ethics and the wisdom of using software from copyright infringers.
Re: Legally speaking... (Score:2)
From a practical perspective, a business may not want to work with another business that may soon face an injunction.
Re: (Score:3)
Yes, only the copyright holder can sue them for copyright infringement
Sueing for copyright infringement you are probably right.
But I wonder if anyone can sue for tort, because you should have access to the code, but you don't. (In the US, I imagine you can always sue; but would you have a leg to stand on.)
Re: (Score:2)
Yes, only the copyright holder can sue them for copyright infringement
Sueing for copyright infringement you are probably right.
But I wonder if anyone can sue for tort, because you should have access to the code, but you don't. (In the US, I imagine you can always sue; but would you have a leg to stand on.)
IANAL, but I think the case would get dismissed immediately on the grounds that you have no right to the source code. Yes, the company has an obligation to give you access to it (assuming they distributed their product to you; the GPL does not require them to make it available to people who didn't receive their product or have use of their product through a SaaS setup) but that obligation isn't to you, it's to the copyright holder.
Re: (Score:2)
Conservancy is pursuing an angle similar to this right now:
https://sfconservancy.org/copy... [sfconservancy.org]
Re: (Score:2)
Conservancy is pursuing an angle similar to this right now:
https://sfconservancy.org/copy... [sfconservancy.org]
Interesting!
I hope they succeed. It is a novel argument, though.
Re: Legally speaking... (Score:2)
Also, FSF is one of the copyright holders in question here. There will be squirming, and there will be crawling to the cross.
Re: (Score:2)
> given that they banned him rather than explained why he was wrong.
"When you tear out a man's tongue, you are not proving him a liar, you're only telling the world that you fear what he might say. -- Tyrion Lannister"
Re:Legally speaking... (Score:5, Informative)
And everyone who legally got the program binaries from the company can sue for the source code, as stated in the GPL.
Re: (Score:2)
Not so sure, are they actually releasing a product with the source code embedded in it? You don't have to disclose anything if you're just running an app and happen to include a library, you also don't have to disclose anything if you're just running a website with an API. You only have to release modifications you made to source code you re-distribute in either compiled or uncompiled form.
Beyond that, EVERY copyright holder has to agree to sue. Otherwise you're going to start breaking down the claim into t
Re: (Score:2)
The strength of the GPL is the fact, that you need at least some license to use someone else's code. So you either adhere to the GPL, or you don't use the code at all, because you don't have any other license.
Re: (Score:2)
Sure, but what is the resolution for people contributing 2 lines of code. You then have to prove they actually use that code and that your code is itself not derivative from somewhere else.
Re: (Score:2)
That means, if someone publishes code C, and you change it to code C', then you hold the copyright to C', but can only use it if the copyright holder of C agrees. If someone wants to use C', he has to get your permission, and you in turn have to get permission of the one holding the copyright of C to allow the third party to use your code.
GPL solves the problem by explicitely permitting to create, use and
Re: (Score:2)
With GPL code, everyone who contributed to libcrypt and Praat, is a copyright holder and can sue.
The projects' contribution agreement/policy doesn't involve a copyright transfer of some kind?
Re: (Score:2)
Re: (Score:2)
The GPL is a generic license, so it cannot possibly indicate who holds the copyright in what. That would be indicated elsewhere, such as in a project's contribution contract.
Re: (Score:1)
> everyone who legally got the program binaries from the company can sue for the source code
Hopefully this lawsuit against Vizio will set that precedent:
https://sfconservancy.org/copy... [sfconservancy.org]
Re:Legally speaking... (Score:5, Insightful)
Whoever detected this GPL licensed code should contact the copyright holders, to find out that these guys don't have a different license, and of course to inform the copyright holder. Don't accuse anyone of copyright infringement until you are sure of it.
Legally speaking, in the US you are allowed to say things when you think something is wrong. We have freedom of speech.
Morally speaking, if you see something wrong, you should speak up. Which is what Ron Soros did, and the company tried to silence him.
Logically speaking, it's not hard to be sure that a library is being used. It's like you didn't even read the summary. Why are you knee-jerk defending a company that acts guilty and tries to silence him?
Is an alternative license even possible? (Score:3)
Is an alternative license even possible?
Do the infringed projects require contributors to transfer copyright to the primary developers? Or at least grant them the right to sub-license their code under arbitrary terms?
Because few do, and without that it's all but impossible to offer alternative licensing to GPLed code.
Re: (Score:2)
Is an alternative license even possible?
Do the infringed projects require contributors to transfer copyright to the primary developers? Or at least grant them the right to sub-license their code under arbitrary terms?
Because few do, and without that it's all but impossible to offer alternative licensing to GPLed code.
Dual licensing is a thing. If they were subject to a different license, then they could have explained this. Booting someone from the discord server suggests they probably didn’t have one.
Re: (Score:2)
Yes it is, which is why I asked. Because generally that only works if it's set up that way from the beginning. Once you've got dozens or hundreds of possibly poorly documented contributors it becomes almost impossible to change license terms, because you have to track down every past contributor to get permission first.
Re: (Score:3)
Is an alternative license even possible?
My last company paid for lots of GPL-licensed code to the copyright holder / developer. So we had support, and we had software where we absolutely didn't want anyone to have the source code. Especially some 3 or 4 letter agencies.
Re: (Score:2)
It is possible in a general sense, IF the project is set up to allow for dual licensing.
Most are not, and it's hard to change license terms after the fact since you need permission from every past contributor to do so.
Re: (Score:1)
There is an alternative way to sue for compliance being tried in the Software Freedom Conservancy vs Vizio lawsuit. The lawsuit against Vizio is interesting because they aren't suing as copyright holders, but as recipients of GPL binaries from Vizio, they say that they are a third-party beneficiary of the GPL and thus they ask the court to force Vizio to release the relevant source code. Thus they create the possibility for any user of GPL binaries to sue for source code release.
https://sfconservancy.org/co [sfconservancy.org]
Thievery is thievery. (Score:4, Interesting)
The irony of the "you cant decompile this" clause in the offending software is, its clearly there to stop people from uncovering the GPL violation. But because the GPL forbids such clauses, the "No decompilation" clause can be safely ignored, because it isn't valid as the GPL which applies to *all* the code in the offending software specifically overrules it.
Folks, if they don't hand over the source code, they are committing copyright theft. And aint that a grand thing. Sometimes the masters tools really can deconstruct the masters mansion.
Re: (Score:2)
The irony of the "you cant decompile this" clause in the offending software is, its clearly there to stop people from uncovering the GPL violation. But because the GPL forbids such clauses, the "No decompilation" clause can be safely ignored, because it isn't valid as the GPL which applies to *all* the code in the offending software specifically overrules it.
Folks, if they don't hand over the source code, they are committing copyright theft. And aint that a grand thing. Sometimes the masters tools really can deconstruct the masters mansion.
Please study some law, and stop before someone takes your advice and gets into trouble. Just because a piece of software is found to contain 10 lines of GPLd code does NOT mean GPL somehow magically applies to code that contains it. Yes, the voice.ai is committing copyright violation, no, that does not mean you're allowed to treat their code as if it was GPLd. *If* the copyright holders of the GPL code go to court over this, the default punitive measure is going to be for voice.ai to pay damages and to remo
Re: (Score:3, Interesting)
It doesn't matter, you can't prohibit decompilation or other forms of reverse engineering for purposes of interoperability or for determining whether someone has broken the law. Those purposes are protected by law, and a contract can't override that. You can refuse someone the right to use your other resources, though, which is what they did — so kicking him off their discord is legal, but also a de facto admission of guilt.
Re: (Score:2, Interesting)
It doesn't matter, you can't prohibit decompilation or other forms of reverse engineering for purposes of interoperability or for determining whether someone has broken the law. Those purposes are protected by law, and a contract can't override that.
They are protected by law in jurisdictions which guarantee right do decompile, and not elswhere. OP was however making the point that they are provided by GPL because someone included a piece of GPL code in it. Well, no, they're not.
You can refuse someone the right to use your other resources, though, which is what they did — so kicking him off their discord is legal, but also a de facto admission of guilt.
How the hell? If some random jerk starts making and spreading false accusations against me, I'm expected not to kick him off my social media because doing so would be "admission of guilt"?!
Re:Thievery is thievery. (Score:5, Interesting)
I don't know about your laws, mine state outright that I have the right to decompile code to provide interoperability and to show that a violation of a law has been committed. I must not distribute that decompiled code and I must not facilitate the removal of copy protection mechanisms, neither may I disclose anything I found that doesn't deal with interoperability or a breach of law, but decompilation by itself is not the problem.
The offending party can either broker a fitting license that allows them to use the code without disclosing their own, they may remove the offending code or they may put their own code under the GPL. These are the three options, the choice is theirs, though.
Re: (Score:2)
Just because a piece of software is found to contain 10 lines of GPLd code does NOT mean GPL somehow magically applies to code that contains it.
It literally does. Five notes from a song are enough to trigger a copyright suit. Google lost a copyright case involving 9 lines of code to Oracle (they won the rest of the case, but paid a fine for those nine lines in the rangeCheck() function).
There may be a defense, but by default they are in violation of the copyright and licensing agreements. The remedy is either for them to pay a fine or release the source code. They can try to win in court, but the fact is they literally copied the code, so it's a
Re: (Score:2)
Just because a piece of software is found to contain 10 lines of GPLd code does NOT mean GPL somehow magically applies to code that contains it.
It literally does. (...) The remedy is either for them to pay a fine or release the source code.
So, you agree with the poster you're replying to ? It does not?
Re: (Score:2)
Actually their code must be GPLed if it depends on GPLed code. If on the other hand the code they depended on is LGPL, then they do not. At the same time, transparency that they are using these libraries would be in their interest.
The fact they are not engaging in discussion and being forthright suggests they got caught with their hand in the cookie jar.
Re: (Score:2)
Actually their code must be GPLed if it depends on GPLed code.
No. It must be GPL licensed if it is distributed AND they don't want to be sued for copyright infringement. If you don't mind losing a court case then you don't have to give source code to anyone or license under GPL. You make your decision, and you suffer the consequences, but the decision is yours.
Re: (Score:2)
Whatever you may think of GPL, there is a spirit of sharing. If you don’t like the GPL, then don’t use GPL based code. For the creators they are bartering an exchange, which is based on sharing work, rather than dollar bills. It’s another form of equivalent exchange.
There are other projects with other licenses, as you indicate. Businesses and individuals should not be leveraging other people’s code, unless they understand the risks and costs involved.
“American freedom” al
Historical norms for GPL infringement (Score:4, Informative)
It's true that the GPL doesn't automatically apply to the entire code base... but that's usually how it shakes out in the end.
Firstly because nobody infringes over ten lines of code. Even if they did, nobody could detect it anyway unless the code was made public.
Secondly, and more importantly, copyright infringement has some serious penalties attached - I'm coming up with two different results from Google -
- up to $250,000 or 5 years in prison, or both, which I recall from the RIAA rampages decades ago
- at the infringed parties choice either damages PLUS all profits from the infringing works that can't be proven to be attributable to other factors, OR statutory damages of up to $30,000 per infringed work - rising to $150,000 if the infringement was willful, which includes any infringement occurring after being (officially?) notified of the infringement, so they're on the hook if they sell even one more copy.
Combined with the fact that the collaborative nature of open source means that any infringement likely encompasses many independently copyrighted works... and those kinds of numbers can easily bankrupt a company. Possibly even worse, if you've been previously convicted of copyright infringement the penalties increase dramatically, giving infringers added incentives to settle and avoid a first conviction.
Which is why almost every instance of GPL infringement ends with the entire code base being released under the GPL, as required by the license. The community has thus far been willing to waive claims against past infringements if they come into compliance. The alternative is removing the code (which can often be crippling to core functionality) and risking the liquidation of your company and even jail time for the infringements you've already committed.
Re: (Score:2)
I'm coming up with two different results from Google
That's because the first one is for criminal copyright infringement, and the second for civil. Almost all copyright cases are civil.
Combined with the fact that the collaborative nature of open source means that any infringement likely encompasses many independently copyrighted works...
Generally, each contributor's contributions don't get their own separate copyright. The whole project is a single copyrighted work.
Re: (Score:2)
>Generally, each contributor's contributions don't get their own separate copyright
I think you're thinking of things like movies or commercial software, where the creators are usually all work-for-hire, which means that the copyright to their work automatically belongs to their employer. Even in a movie though, the copyright to the music usually remains with the musicians, it's only been licensed for inclusion in the movie.
That's the entire reason some projects require copyright transfer with code contr
Re: (Score:2)
It also means that every contributor whose code was infringed can level a separate legal claim against the infringers.
Has this ever been tested in court?
Re: (Score:2)
Yes. In the sense that every time someone has filed a infringement claim against a GPL violatior and not had it thrown out of court for lack of standing, they established that their partial claim to the work's copyright gave them standing to file suit.
I'm not sure a GPL violation case has ever actually made it all the way to a ruling though - lawyers tend to push their clients hard to settle as soon as it's obvious they have no chance of winning. I don't think anyone has ever felt the need to bring a secon
Re:Thievery is thievery. (Score:4, Informative)
Its not a few lines of code. Its the core of the whole program.And the case law is really clear here.
You are correct that the GPL wont "infect" the code until a court rules otherwise. However since the bulk of the code is the open source product, I'd argue strongly that the primary license here isn't their one, but the one belonging to the majority of the product, the GPL3
(And I spent enough time working in the DOJ to feel confident I can safely ignore your "please stufy some law")
Copyright infringement is not theft (Score:3)
Stop propagating the copyright maximalists' disinformation. Copyright infringement is not theft - nothing is taken.
It's copyright infringement - a completely unrelated crime.
Re: (Score:2)
In this case it is theft. Copyright infringement = sharing, theft = depriving the owner. The latter includes stuff like filing false strikedown notices or, like in this article, failing to provide source.
Re: Copyright infringement is not theft (Score:2)
Re: (Score:3)
The owner is entitled to the modified version which they don't get. This is an actual (not just potential) loss.
Re: (Score:3)
The owner is entitled to the modified version which they don't get. This is an actual (not just potential) loss.
Jut as an owner is entitled to payment for a pirated product. If you consider one theft so is the other.
Re: (Score:2)
>failing to provide source
Providing the source to any derivatives is the payment required by the GPL in order to receive a license for redistribution.
Assuming the allegation is true, they failed to pay for that license. Which means they have no license, and are committing copyright infringement by copying it.
That doesn't make it theft - they didn't take the original code away from the developers who wrote it. They just copied it without permission. Exactly the same as every person who's ever illegally
Re: (Score:2)
To further clarify:
Depriving the owner of the thing you took = theft
Depriving the owner of anything else = possibly other crimes, but NOT theft.
An attack? (Score:1)
The reason you'd generally be banned/silenced for sharing such information is that people are dumb. Announcing this in a public space makes your information sharing an attack on the reputation of the author(s). It doesn't matter whether the technical information is factual. It will be interpreted by the public in ways which harm the reputation of the author(s).
As others have said, this technical information is not of interest to the general public. It's of interest to programmers, most of all to the origina
Re:An attack? (Score:5, Insightful)
As others have said, this technical information is not of interest to the general public
I want to know if someone I'm doing business with is a thief (or equivalent.)
Re: (Score:2)
Which we still don't know for certain. The original authors of the source-code that was claimed made up derivative portions in the voice.ai binaries could possibly take this to court and find whether that's the case in discovery ... but most likely this would never be made public knowledge due to the potential harm to voice.ai's reputation.
The law is a complex field much like any engineering discipline. It's foolish to believe the law is objective, it's really much like rational thought: emotional and logic
Re: (Score:2)
1) I am a human, I have emotions. If you are a very small shell script, then you might not understand that.
2) It's also logical to care when people act in bad faith, because that kind of thing causes harm. That's why we have laws against it.
Re: (Score:1)
Re: (Score:3)
False. I made an if-then statement, and you were triggered by it, and as such failed to evaluate it. Your parser is broken.
Re: (Score:2)
Re: (Score:3)
You appear to have zero understanding of the subjective interpretation of language or the obvious biases you exhibit for all to see.
May it be possible that he has a different understanding than yours - instead of his being zero and you a full understanding? And is it possible no one is wrong in this argument, but you're just arguing because you're seeing things differently?
Re: (Score:2)
I think in this scenario the company could fill out a transparency report, if they believe they did no wrong. If they don’t fill out such a report, then trust will be hard.
Re: (Score:3)
>Why would you want to know if the person you're dealing with is a "thief"?
A few reasons off the top of my head:
- Because if they're willing to screw over the people that made a (substantial?) part of their product, they're likely just as willing to screw over their customers for a quick buck. Doing business with known criminals has always been considerably more risky than with law-abiding businesses.
- Because I'm likely to lose legal access to the infringing software I bought from them, since they had
Re: (Score:2)
As others have said, this technical information is not of interest to the general public. It's of interest to programmers,
Why do you separate programmers from the general public. Nerd lives matter!
Re:What's the big deal? (Score:5, Insightful)
The big deal, I guess, is that they're trying to make money that way. I doubt you'll find a lot of people cheering here for someone selling bootleg copies of a blockbuster.
Re: (Score:3)
You do understand the difference between not paying for something you're not using and not paying for something you're using?
Re: (Score:2)
you would never download it, never play it, never lay eyes on it.
Yes, that's pretty much what I do with contemporary movies. Frankly, I haven't seen anything recently that I would even waste bandwidth on, let alone money.
So could you please go and slander someone else?
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
People on here use the excsue they're not paying for something they wouldn't have watched anyway, in the case of the movie. Aren't those companies trying to make money? People on here cheer about that.
People (not me, so much, but lots) cheer people who use content non-commercially without paying for it. That's very different from using it commercially, asking others to pay them for what they didn't pay for.
Both are wrong but the wrongness is different in kind and degree.
Re:What's the big deal? (Score:4, Insightful)
People do discuss torrent servers getting shut down - because they're stories in the news, and vaguely under the heading of "tech" - and other types of communication (including piracy) information or techniques. But I can't remember anyone asking "does anyone have a live link to the current "BatWombat versus Supervillain" movie torrent?"
To make such a request would be an admission of technical incompetence - which is not the "thing" for here.
SUPPRESSION or CONFIRMATION ? (Score:2)
When are CEOs/ CTOs, PR and Legal departments going to realise this?
malice (Score:3)
and was promptly booted from the community's Discord server.
And there's your evidence that they acted with malice, not ignorance. Should be a pretty easy case after that. Let's nail 'em to the wall.
Re: (Score:2)
The two acts can be separated. The improper use of GPL code can be due to ignorance. The booting from the Discord server can be due to malice.
You can do something by accident and then handle it badly. But both could just be due to malicious intent.