Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Voice.ai ‘Stole’ Code ¦ AWS Gets Filthier

By: on Leave a Comment

Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: Alleged theft of GPL code, and Amazon will run its data centers on gas.

1. Listen to This

First up this week: Vocal deepfake generator Voice AI Inc is accused of stealing GPL and LGPL code—by using it in violation of the licenses. Notably, the company doesn’t make available the source code of its product, as required by the GPL.

Analysis: Stupidity or Malice?

I suppose we should be shaving with Hanlon’s razor. But there’s an important lesson for all DevOps shops: Regularly audit your use of open source and ensure you’re following the license terms. And, of course, if you don’t want to open up make your code, don’t use someone else’s code under a “share alike” license—such as the GPL.

Dean Howell: Hacker uncovers ‘stolen’ open-source code in voice.ai

Companies must be diligent
It’s official – AI is now the wild west. … According to @ronsoros, known for the jail-breaking tool ra1nstorm, they’re taking shortcuts to get to the top in the audio AI game. According to him, Voice.ai has been found to have violated the terms of the GPLv3 and LGPLv2.1 licenses in its software. In short, they’ve been packaging the open-source libraries that enable the software without adhering to their [license] terms.

[He] found that the company had integrated code from Praat, a widely-used open-source speech analysis software, and libgcrypt, a cryptographic library, in its proprietary software without releasing the source code of its software or providing proper attribution. … The GPLv3 and LGPLv2.1 licenses are designed to ensure that open-source software remains free and accessible to everyone, and it is essential that companies using software like this adhere to the terms. … Misuse of open-source software can threaten the integrity of the open-source community and undermines the principles that make open-source software so valuable.

[It] serves as a warning to the tech industry about the importance of respecting open-source licenses. Companies must be diligent in their use of open-source software, ensuring that they adhere to the terms of the licenses and do not abuse the trust of the open-source community.


Thomas Claburn: Voice.ai denies claim it violated open source software license

Licenses can be complex
Voice.ai [said] claims of code misappropriation are false, but acknowledged that its software included a number of open source libraries and said it has removed the GPL licensed code in an update that’s currently being tested.

A company spokesperson replied: … ”We take accusations of this nature very seriously and would like to categorically state that they are false. … We are in full compliance with all open source code licenses. … We have included a number of open source libraries [and] we will be making the relevant source code available on a Github repository.”

[I] asked Ronsor whether he believes community pressure represents the best approach for dealing with alleged open source license violations. … “Assuming there is no blatant evidence of malice, I believe community pressure should always be the first option,” Ronsor replied. “If developers respond by complying with the license, then the past violations should be forgiven. … Licenses can be complex, after all.”


ELI5? charcircuit explains like we’re five:

It was copyright infringement for them to distribute the binary without the source code [or] an offer on how someone can acquire the code. … If they are made aware of this and they continue to distribute it then it becomes willful infringement each time they distribute it. … In this case they are choosing to take on legal risk.

Even if they were to distribute the code after the fact, that doesn’t forgive the copyright infringement. … The best option in this scenario for them is to stop distributing the binary to avoid willful infringement and then work to remove the GPL code from the project and then start distributing it again.


Let’s take the opportunity to quote Opportunist:

The offending party can either:
1. [Negotiate a] license that allows them to use the code without disclosing their own, …
2. Remove the offending code, or …
3. Put their own code under the GPL.
These are the three options, the choice is theirs.


Devs need to be careful. Heed u/nowonmai’s concern:

One of my roles where I work is Open Source governance. One of our competitors would love the opportunity to tie us up in court over a license violation, especially if it resulted in the exposure of some of our IP.


And this Anonymous Coward has a way with words:

GPLv3 … is not a particularly permissive license. So static linking to it was a big time Bozo no-no.

Gotta read the fine print, and GPLv3 is pure Stallman: It’s not very friendly to commercial projects. It’s one of the reason why I never use it on my own code, and why I avoid projects licensed under it at work. … Since they distributed this version, they are not in a position to refuse.

2. AWS Increases Carbon Footprint

In Oregon, Amazon says it’ll run its data centers on “natural” gas. It’s cut a deal with Bloom Energy to use fuel cells and will pipe in filthy fossil methane to generate electricity on site.

Analysis: Makes no Sense

Amazon’s big local competitors are reducing their CO₂e emissions. Why is Amazon so special that it gets to be dirtier?

Mike Rogoway: Amazon … would use natural gas to power Oregon data centers, increasing carbon footprint

Huge tax breaks
Amazon wants to power at least three of its Oregon data centers — and perhaps as many as seven — with natural gas fuel cells that regulators say would contribute even more to climate change than the grid electricity Amazon has been using. … Data centers need huge quantities of electricity to power their computers and keep them cool. Facebook and Apple have financed solar or wind projects.

State data shows that … the fuel cells don’t reduce emissions of carbon dioxide, the primary greenhouse gas contributing to climate change. In fact … because the fuel cells would reduce the data centers’ use of clean hydropower, they would actually increase Amazon’s carbon footprint.

Oregon is home to a large cluster of data centers operated by many of the nation’s largest tech companies. They’re attracted by relatively cheap electricity, water, big parcels of rural land and huge tax breaks.


This Anonymous Coward sees the irony:

I think this is the site at the Dalles, which … was mostly chosen because it is right next to one the biggest hydropower facilities in the US. This was a big talking point at the time, as abundant cheap hydropower was considered a game changer.

Hearing that they are moving to natural gas is thus a bit darkly humorous. … I suspect it has more to do with the relative abundance of gas in the region and the concerted push to sell … hydropower to residential customers at a considerable profit.


Cue the trope about the carbon footprint of Amazon delivery drivers. ghoul haunts your dreams:

If, instead of an Amazon driver delivering 50 parcels on an optimized route, 50 customers had to drive their own 50 cars to multiple retail shops and bring the items back, the carbon emissions would be much more. Delivery emits far fewer CO2 than in person shopping does.

The Moral of the Story:
Life is a succession of lessons, which must be lived to be understood

—Helen Keller

You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.

Image: Simon Humler (via Unsplash; leveled and cropped)