Marc and Andy discuss initiatives related to open source in the context of AI with Amanda Brock, who highlights the importance of open source as a means of transparency and accountability, allowing people to inspect and understand the code they use. Don't miss The DEVOPS Conference - Global in March 2024.

Amanda (00:06): Having discussions about things like open source should be banned, open source should be regulated, and then if you were to say to them, what is this open source? What is this evil thing you're talking about? They've got no idea.

Marc (00:21): This season, Andy and Marc are back with a fantastic group of guests.

Andy (00:26): I've been to depths that remain classified, and Marc keeps his head in the clouds. With our combined experience in the industry, we can go from the bare metal to the boardroom. Enjoy your time in the DevOps Sauna.

Marc (00:46): Hello. We are back in the sauna. I have my usual cohort, Mr. Andy Allred here.

Andy (00:53): Hello. Hello. Great to be back.

Marc (00:55): And speaking of great to be back, we are super happy to be welcoming back one of our old friends who happens to now be the 37th most influential woman in UK Tech, our old friend Amanda Brock. Hello, Amanda.

Andy (01:10): Hello there. It's wonderful to be back. Thank you for having me along again.

Marc (01:14): It's super great always to have you on the podcast. And this time we had a few exceptions that we had to work through. I understand that you just had another round of COVID.

Amanda (01:25): I did. That was round three for me. I think I've had one from each season now.

Marc (01:29): Wow. Oh, so any health effects this time? I think we're all on in probably our second round by now.

Amanda (01:37): Yeah, it's not been great out here in the UK, but I suspect it's the same everywhere. This one seems to have mutated enough that the existing boosters and things don't work. I'm not gonna get into the booster debate, but it's been one of those rough COVID like round one where you lose your taste and smell and real old school COVID. So it has not been great, but I'm pleased to be back in action after three or four weeks of COVID slowness.

Marc (02:05): We were talking in the pre-game about stress and work and vacations and piling things like an illness on top of it. I know Andy's just come back from a few days off.

Andy (02:16): Yeah, I just had two days off, so it was kind of just a little mini break, but then as soon as I went on vacation and didn't have to think about work, it's like everything just hit me and I felt even more exhausted than I did when I was at work. And just wondering that is this something like when I slow down my body and listen, my body tells me you really are tired. And so I just feel more exhausted being on vacation than I did at work. And now it was only two days, so I just got a little taste of it, but I feel so sluggish. Probably nothing like Amanda went through, but still just kind of, ugh, how do I get going again? And it was two days. Come on.

Amanda (02:56): It's the irony of it all, isn't it? I got sick after having taken holiday. So I'm not sure what to say about that. As soon as I went on holiday, I was exhausted.

Marc (03:06): It's something about the world we live in today where, for me, I get stressed when I have a day off sometimes because I know there's so much waiting for me when I have to come back to work.

Amanda (03:18): Yeah, it's hard when you run something small like OpenUK, it's hard to fully disengage. There's just so much going on. We have a small core team, bigger than it was when I last spoke to you, but a small core team, and then so many volunteers and just keeping all of those plates spinning. I was discussing this with someone a week or two ago where I'm almost a maintainer, I'm maintaining an ecosystem. It's very hard for me not to be around. And that's something we're working on and spreading the load a little bit.

Marc (03:44): Completely understand.

Amanda (03:46): But it comes back to the same problem, right? It doesn't matter about throwing money at us. It's a combination of that individuals know how deep knowledge in what it is they're running or working on and skillset, and bringing others in with that skillset is really hard.

Andy (03:59): Yeah, I work on a handful of projects at the moment. They're all really fun and really interesting and really cool cases. We do have other people who could back me up or take over some of the roles, so I'm not like unique here, but just for these two days I had off, finding somebody who can cover in the short time for something which is kind of deep and special and technical, it's like takes more time to onboard somebody than the time they would offload by taking it for you. So then how do you find the right balance there?

Amanda (04:32): That's exactly right. It's that onboarding thing. It takes time to get people up to speed. We're working to build out playbooks and things about the organisational stuff, and then we're also working to broaden out a group of people who have policy experience, a group of people with the legal experience. And I have in mind a couple of successors to be quite honest. So bringing them forward so that over the next few years they develop the skills needed if one of them wants to do my job.

Marc (04:57): I think it's a great sign of a leader when you are working towards having a successor so that you can kind of rise above or make sure that other people are able to do what you've done this far and it allows you to continue.

Amanda (05:11): Yeah, you were talking about stress. I don't really feel stressed by it because I enjoy what I do and there's nothing that I do that I don't enjoy apart from perhaps some of the engagement with the political world. It's quite hard. We could talk more about that. But I think that also when you're really passionate about what you do, it makes it hard to step away from it, right?

Marc (05:32): Yes. Completely understand. So let's go straight in. So since we last spoke, what's going on the tech policy right now in the UK?

Amanda (05:42): So you cannot have a conversation with anybody these days on any topic without discussing AI. And the UK Prime Minister called a summit, which we were expecting to be a huge event that everybody would engage with. And in the last week or two, we've been told that there'll be a hundred attendees. Day two will be very much sort of world leaders in enclosed rooms. Day one, we saw the agenda of last week, no mention of Open in it. Also, clearly, when you have a summit that focuses on risk around AI, Open is gonna be part of that. So we've been pushing since July to be part of the summit, trying to get involved in the pre-meetings that are happening at the moment. In all honesty, it's a bit like pushing something up a hill, it's hard work. It's hard work to get engagement, to get recognised, to have people understand.

I went to the Labor Party conference last week, I missed the others because I was sick. But I went to the Labor Party conference in the UK, and I was horrified. A lot of it was great, but I was horrified to see lobbying organisations not being paid by any particular faction, but wanting to be in the heart of this AI conversation and having discussions about things like, open source should be banned, open source should be regulated. And then if you were to say to them, what is this open source? What is this evil thing you're talking about? They've got no idea. They just hear these words constantly in the press around AI. If you saw Elon Musk talking about the press in the Israeli conflict war, whatever that's formally called, his response to criticism from the European Commission was that it's open source.

Now, what he meant was open source journalism, but that again, plants a seed of something evil, something that has to be stopped in people's heads, and there's complete confusion about the meaning of open source. I don't know if you wanna go there today, but you can add the whole HashiCorp debacle to that as well. And we're in a world where I'm having people say to me, oh, you should stop worrying about what open source means, it doesn't matter what it means. But then you wouldn't regulate an apple thinking it was a pear, or maybe more realistically you wouldn't put the regulations for a car on a bicycle or vice versa.

Marc (07:48): So why don't we, Amanda, let's open up for our listeners. Can you give us maybe your definition of open source and why it's important with the coming of AI in the world we live today?

Amanda (08:01): Yeah. So when I'm talking about open source software, AI is obviously different components. So AI has data, it has software, there may be a need that the open source initiative is looking at for a new definition. I don't know whether we'll need one or not. We certainly have to think about data and software, and that's something in Open UK we call open technology, that breadth of all the different opens. But when I think about open source software specifically, what I'm talking about is software that meets the open source definition. Well, I would also add to that, that the license has to be OSI approved to confirm that it meets that definition. I know some people would push back on that OSI approval piece and just say, meets the OSD, the open source definition. But critical to that definition for me are points five and six. And five and six effectively say that anybody can use open source for any purpose. That means you can't restrict it commercially., it means you can't restrict it morally or ethically. Now, when we look at something like Meta’s Llama 2, which Open UK actually partnered on, we partnered with them on the clear understanding that it was gonna be called open innovation, not open source. That went wrong when Mark Zuckerberg posted about it.

But up until then, and if you look at their website, they describe it as open innovation because it has restrictions, it has a commercial restriction on 700 million users, it has an acceptable-use policy. And those restrictions stop it being open source. Now why does it matter? To me it matters because we've got the scale of adoption today where I think the latest figures say 96% of software, whether it's open or proprietary, have open source software dependencies. So you've got this whole digital ecosystem relying on open source and relying on a free flow that anybody can use it for any purpose. You can do that with confidence that you don't have to go and double check. Yes, you have to attribute. Yes, you have to be aware that it comes without liability and you need to know what the license terms are, but you have this free flow where you won't have to go and pay somebody for a royalty or you won't have to go and pay somebody to commercialise. And that's why it's important. There's also sort of this space that we're seeing with HashiCorp and the likes where there's a point of friction and maybe we should talk about that too.

Marc (10:14): I'd love to talk about that next. But first I just kind of wanted to put one thing kind of out on the table that when we have open source with all of the definitions by OSI, but when we have open source, people can look and understand what is in there. And when you have closed source or proprietary things, there's still much of the code that we deal with on a daily basis, be it on social media, on anything in banking, in finance, all of those, when it's closed, we could have no idea who is in there or what they're doing. So it could even be that a financial institution might be using some code that was planted there by an employee and it would be very small number of people that would be able to see that. But if it's open source, the whole world can see it. And I think it's a lot easier to find these types of things in open source models than it is in any other type of software. So when something's so important to us as a society, if we cannot inspect it and understand really what's there, then it puts the whole idea of democracy at risk.

Amanda (11:15): I think that's right. And we know for sure that people who have proprietary code don't always know what's in their code base because we see things like open source audits using things like Black Duck. So when businesses come to take funding or investment or they come to IPO or they come to sell, they'll generally be asked to do an audit and to demonstrate what the code base is, and we always see open source that people didn't know was in the proprietary code sitting there. And we saw that with the Log4j, which must be nearly two years ago now, where 8 million platforms were affected, but the ones that were fixed most slowly, but the proprietary ones that weren't aware that they'd been given it in the code bases that they were given or had created for them. So yeah, that's definitely a problem.

But I think there's something in what you just said, and I'm gonna be a pedantic ex-lawyer here. So open source I think is clearly defined. Then when we look at proprietary software, that's everything else. But proprietary software isn't necessarily closed. So I sometimes use this phrase that the opposite of open source isn't closed source. And I think that's become increasingly important because what we have is software where the source is opened up, which is what Llama 2 did, and which we supported. So moving from proprietary closed to that open but still proprietary, was something we felt able to support in the AI space to see an LLM open up. But then we focus on open technology, not just open source software. So when you go back to open source software in that space of code that is opened up, that doesn't meet the open source definition, so doesn't have that free flow, might have commercial restrictions, but you can still see it and ostensibly you might be able to work on it and collaborate the way you could with open source.

There's a huge FUD space, fear, uncertainty, and doubt, and it causes a lot of friction between open source people. We had the whole problem with Elastic moving over to the SSPL, and before that Mongo having the SSPL created for them. And when it was created and they were using it, I think Dev Ittycheria, if I'm saying his name correctly, the CEO described open source as a marketing tool. So we have that whole controversy around this space between us as I've started to call it, the space between the traditional open source that we need to guard and nurture and proprietary, which currently has names like public source or shared source, but it is an open source. And we've just seen the HashiCorp piece and also Llama 2's release with people talking about it as being open source when it's not, because it doesn't meet the definition, but it is open up and that's really difficult.

Marc (13:55): Absolutely. So I believe there's a bunch of events, you mentioned one, but there's a bunch of things that are happening kind of in the event space coming, I think it was in early November. So what type of activities are there?

Amanda (14:08): Yeah, so we have a lot going on around AI. We published a report in July, and then as I mentioned we got involved in Llama 2's release. But coming up we are about to launch an opinion poll with a few dissemination partners across the UK to try to understand people's understanding of AI openness. So if they recognise what open source is, do they have a clear understanding of what openness is in relation to AI? What are the things they want out of AI? So that's gonna launch next week for a week, and we'll be sharing that before the Prime Minister's summit on the first. We'll be hosting our own political and senior AI business people debate. We're really excited. Stormy Peters is coming over from the US from GitHub to join that debate, and we'll be talking about copilot. We should have Ben Brooks who is the head of policy at Stability AI, and we've got Mike Bracken, who is the former digital director for the UK government.

So we have them on the political side, on the business side rather. And then on the political side, we should be able to announce in the next few days the politicians who are taking part in the debate. And that's free to attend, it's open to anybody who wants to come along, it's on the 16th of November at Pembroke College in Cambridge. And that's a sort of forerunner to state of Open Con 24, which will take place on the 6th and 7th of February again in London. Oh, no, but actually not again because the first one's in Cambridge, but this will be in London at the Brewery in the city, which is right in the heart of the city of London, the financial capital. And it will be for up to 1500 people to attend.

Marc (15:44): There was one thing from earlier that I was really kind of bothered by. So who is paying these lobbyists that don't know anything about open source and are coming in to try to affect it?

Amanda (15:56): Yeah, I don't know. And we raise funds from some of the companies that you would expect to be lobbying against open source. So it is quite a mixed environment. A lot of people are on both sides at the moment. I don't wanna be naive, but I think that these lobbyists are not finished out. I don't think they're sitting with enemies of open source behind them. I think they want to be part of this AI conversation. They realize that AI openness is critical and they don't understand what open source is. I've had people from major organizations who are concerned about security, who don't understand the values that it brings, so simply want to close it down. And we saw, or we are seeing still the Cyber Resilience Act in Europe and the problems there.

So, the shift to looking at a foundation being responsible for code as the first to market in Europe. So the idea is that they will not put liability on individual developers, but they will put liability on foundations and commercial entities, so anybody that makes money from code. And that would also mean if you had a business supporting your code, you're making money from it, and if you put it on the market in Europe, you're gonna be liable for that code. And of course, laws and regulations override the licenses, but our licenses have always worked and created an ecosystem where there is no liability. So I think this is gonna be a big, big topic for us. And it's probably part of the maturation of open source, right? So we've been around for 30 years and now we're thinking about what does it mean? How does this fit?

We've gone from something that was very much hobbyist to something that companies have engaged with and become part of, and now everybody is using it, but there needs to be some responsibility. Somebody somewhere said the ex-lawyer is gonna be liable. Somebody somewhere is gonna bear risk. Who should it be? And my view has always been it's the end user. Because If the end user takes this gift, and I think we have to look at open source as a gift. If they choose to take this gift rather than pay for the thing they wanted, they can't expect it to do exactly the thing they wanted would do. They have to learn how to make it do that. They have to learn how to use it or pay someone else to make that work. But governments are not taking that view. And I think they're mixing up their desire for big tech to be responsible with commercialisation. And we're seeing this in the US as well. The US is looking at anybody who commercialises open source being responsible for it, and it just doesn't work.

Marc (18:25): One of the things that I've always talked about in terms of open source contributors is most of them are paid professionals in their job contributing directly to open source. Is that still true or has the landscape changed, or how do you see it there?

Amanda (18:43): Yeah, I think from what I understand, it's still mostly paid professionals, but there's an interesting piece around that that I've been doing some thinking about recently. And when you actually contribute anything of scale and you become a maintainer, my understanding, and I'm sure some of the engineers will correct me if I'm wrong, but my understanding is that the responsibility flows with you. So if you create that, even if it's in the course of your employment, you the individual are the maintainer. So that's quite different from anything societies used to, and I think that there's nuance like that around open source that is really important. That is something that those who want to engage with discussion, how it's managed in a public sector or an enterprise context have to start to get their heads around. And what that means is they need to consult properly with open source communities and it's leadership and representation, and I just don't think that's happening the way it should be anywhere in the world right now.

Andy (19:41): Yeah, you're exactly right that when you become a maintainer of a project, even if you change your jobs, you're still the maintainer. And even if the company you're working for says, we don't wanna support that anymore, you are still the maintainer, and it's just that they aren't subsidising the development time, but then how do you kind of translate that into a typical society business model?

Amanda (20:03): You see, I don't think you do. I think there is a need for understanding. It's like a plea to be understood by governments and policy makers. But I think part of that understanding is that actually, ultimately, however companies engage, open source is about people. And one of the things that we've done differently in Open UK is that we are an industry body, but we don't focus on companies, we focus on people, and we bring the people together because they work globally. If they're in our geographic area, they're welcome to participate and engage with us, and we encourage it. But they don't have to have an employer in that geographic area. And if you were to focus on the employer being in the geographic area, you would get a fraction of the people and you would then have companies whose employees were all over the world. So the fact that we've-- I think open source is sort of ahead, I think we're a correction as to how the tech sector works. So we've created this global marketplace that's collaborative, that's cross border, hopefully rises above geopolitical shifts, and we bring the best of the tech sectors in each country together to create the most innovative collaborative code. But that's about people, that's not about the business that pays them.

Andy (21:19): Now I just realized why we love having you on the podcast so much, Amanda. Our tagline is, everything we do with machines is about the people. So I worked in submarine electronic warfare for 10 years, and I did so much cool stuff with tech. And the number one lesson I learned from that is, tech is awesome, I love it, but it's all about helping a human do a mission. And then you come here and just say, well, open source isn't really about this or that, it's about people. So it just syncs so perfectly. I love it.

Amanda (21:50): Well, it's about people and their outputs. And I had a really interesting conversation recently with Allison Randall, who I don't think will mind me saying this, but we talked about how engineers are managed in companies and why part of the reason they like to work in open source is that they're not working within management constraints that you would get in an enterprise environment. It's not driven by profit, it's not driven by the company's goals in the next six months, it's driven by what you as an engineer think needs to be done and your colleagues and your peers think needs to be done. So if you build something that nobody's interested in, it isn't gonna go anywhere. So it's sort of engineering by engineers for engineers.

Marc (22:31): Sounds an awful lot like the tech startup world.

Amanda (22:35): Well, I think it's the startup world we know, and I think part of that is that this engineering for engineers by engineers is the plumbing and the plumber's tools. And I think that's one of the reasons that governments miss what open source in their national economy because they don't see this piece that's not public facing, it sits underneath everything else. I often describe it to them as the base of the pizza, and what they're interested in is all the sexy toppings like AI and blockchain and the cloud and the internet. But actually open source is there as the base, and if you take the base away, you're left with a mess. So you have to have that base even, although nobody's that interested in it usually.

Marc (23:15): Hi, it's Marc again. We're super excited that The DEVOPS Conference is coming to London, March 14th, 2024. Sign up for the online global event, or join us for a unique face-to-face experience in London. Now, back to the show.

I like anything that we can talk about that helps to underscore how important this is to business leaders. And this is not a bad thread, it's encouraging, but it's kind of like we only complain about the plumbing when it's not working, we don't even notice the rest of the time. And then when I kind of look at the other side, like if I look at Europe versus the US as an expat, everywhere that I look in Scandinavia, there's construction cranes, the roads are ripped up because they're rebuilding them and they're continually investing in infrastructure. And then when I look across the Atlantic, I see crumbling things, there's hardly a construction crane in sight, the potholes don't get filled and all of these kinds of things. And then if I kind of translate this in my limited worldview that countries that invest in infrastructure are kind of investing in their local economies. So I could kind of extend this towards investing in open source is kind of investing in the global tech economy plus all of the other benefits that we've been talking about.

Amanda (24:43): Yeah, no, I think that's right. And I think when you're looking at those roads, bridges, hospitals, the infrastructure, today, we know that they all sit on top of that open source. And I think a big part of the forward thinking around it will have to be governments understanding it better, but also understanding the value that it brings to society, as sort of the people's code. It's code by the people, for the people, it gives back control to smaller businesses, it allows access, breaking down barriers to technology and that whole democratisation of technology that it brings. And I think we need to see governments starting to understand that. So that they do a couple of things. And for me, that's gonna be investing and across board or joined out way in those maintainers, but also in skills so that those maintainers have got people coming through with the skills to inherit the burden, the challenge, whatever we're gonna call it. Maybe I shouldn't call it the burden. That's quite offputting, isn't it?

Marc (25:45): A little more on maintainers, because it's really interesting the kind of scenario that we talked about where someone is a large contributor to a, let's say an important open source project, something that's core on the internet or on the usage of the web or something like this. And they're a paid professional working for a corporation and then they move into a job at a different corporation, yet they're still the maintainer of that open source software. And then I don't hear a lot about, I know there are some less benevolent maintainers of open source projects in the world. They're people just like anyone else. You have different flavors. But I don't hear a lot about conflicts with, if a maintainer goes working from one competitor to another or going from one company to another and them having personal priorities that are different than where the open source project is going and where their current employer versus other employers. So can you cross examine a bit of that?

Amanda (26:47): Yeah, I suspect they don't stay, I suspect if they get into that kind of conflict, it's a short-lived job for them. I certainly, I heard Kelsey Hightower speaking at Seaver Navigate at the beginning of September, that was just before I got sick. And Kelsey was talking about the pressures and how difficult it is. Anybody who is interested in learning more about that. And I think his keynote and the discussion he had at Seaver Navigate would be worth listening to. And I also recently met a chap in the UK, Mike McCade, who is one of the top contributors to open source from the UK. And we were sort of talking and he shared with me a blog post he did in 2018 about what being a maintainer means. And it doesn't mean you have to jump when somebody asks for something. And he was talking about how we often take on the mantra or the responsibility that we would see in a commercial environment in terms of providing support and fixes, et cetera. But there is no obligation on us to do that really. I really recommend his post as well.

Marc (27:51): Okay. Another thing kind of came to mind. There's been a fair amount of talk of Right to Repair in recent years in terms of hardware and vehicles and things like that. Is there an open source aspect of Right to Repair?

Amanda (28:06): I think there is, and I think that you'll see Software Freedom Conservancy have done some work around that and I'm not sure where they got to, but they had a class action started in California that was sort of focused on making sure that the Right to Repair was respected because open source allows that. And of course when we start to talk about sustainability, which is something we've done a fair bit of work around with Open UK, we look at our devices and whether we're talking phones, laptops or something in our homes, often something comes to the end of its life before the hardware is ready to die, simply because the software loses the will to live or support. And that's something that open source really opens us up for. And actually we haven't talked about this at all, it's a bit of a tangent, but we've just launched a challenge with the UN.

We created a blueprint for COP26 and that blueprint is a data center blueprint. And we've launched a challenge with five or six different kinds of contribution that can be made in order that you participate in the blueprint building codes to fill some of the gaps in it. And that will include a prize of a trip to London for the State of Open Con in February 6th and 7th. So if anybody's interest in data center technology, it'd be worth having a look at that on the Open UK website. I think you're right that the sustainability piece is important and of course there's a bit of controversy at the moment around risk five.

Marc (29:31): So what I was interested in from this, the data center blueprint, can you open up anything about open source in that blueprint? Is there something-- you got me quite interested there? Because you essentially can have an open source data center.

Amanda (29:45): So what we did was we didn't create any technology, but we brought together the landscape. So the software, hardware, data that was already opened up that could be used and reused to create an open technology based data center. And we're very much thinking of something that's edge-based. So when you start to look at the kinds of technologies that open source brings, things like containerisation, by bringing those into the data center, you can reduce vastly the amount of hardware that's required. And the figure off the top of my head as a couple years since I looked at this, was by about 70% of emissions, which was huge, which is why we're really encouraging it. 

And I know we pushed that out last week and I had something like 10 pieces of press in a week, because I know the data center industry are massively interested because as they reduce the emissions and the amount of servers that are needed, obviously, they reduce the space. And that means they can come into inner city buildings, sometimes buildings that have been left derelict post COVID and bring the whole compute closer to the user as well. So there's advantages in sort of every angle from it as I understand it.

Marc (30:51): Excellent. That sounds really good. Couple of other things that we had kind of thought about talking. One is, is there any movement or have you seen anything different on ownership of AI derivatives or open sourcing of AI derivatives or these types of topics?

Amanda (31:08): Yeah, there's a lot to go, a long way to go, and as I understanding, how AI openness is gonna work. And when you're talking about AI derivatives, you're talking about the whole sort of copilot type thing, right? The software in, software out, yeah. So we did a round table in July with the Office of AI in the UK and they had a white paper which didn't mention open source, which came out of date quite quickly, but I think they're still gonna use that consultation to move forward in the UK. And when we did the consultation, we ended up sort of breaking it down to really simplify things and we thought about what was going into the AI machinery and what was coming out of the AI machinery. And what goes in as data, somebody asks a question of that AI machinery and what comes out is something with IP attached to it potentially.

Now, whether that IP belongs to the AI, whether AI can generate IP, God, that's hard to say. Whether AI can generate IP or not is something that needs to be worked out, but it looks like most countries are gonna say no, and who will then own the copyright or any patents in that AI output and who'll be liable for it. And one of the things we talked at length about was that the outputs might have different liability from ownership. So if you think about that data going in and coming out, and the data might be the software that's licensed, that goes in, that comes out, your question is gonna be who owns the IP in that? And at the moment, it looks like in the UK, it may be the questioner. So the person who's asked the question will own the copyright in the outputs, but then we have the liability for it, which might be different.

And what they're suggesting, or the conversation we had was that the liability might depend on who put the data together that the AI is trained on. So if you're using AI where you specify what data you want it to look at, to be trained on, in respect of your question, you might be liable. But if you're buying a pre-packaged, pre-trained AI that will simply answer your question, the entity that trained the AI might be liable. And I sort of think about that as a mince meat machine. You know the another brick in the wall video from Pink Floyd, and the meat goes in, it's kind of like the data going into the AI. The AI minces it up, and what you get as an output is mince. And that mince is something you can just go and use, but who's responsible for it?

Well, whoever spec the ingredients, if they put arsenic in the ingredients, you're gonna have a problem. So whoever's liable for it will be who puts the ingredients together, but then whoever gets what the output is, it sort of depends what shape it takes, doesn't it? So if you make that into a burger or a filet mignon or whatever, you've got these different ways the output can be used that the person who's trained the questions will get the IP in, I think. But we are gonna have a really difficult time there with open source software, and there's a lot still to be understood about the code going in with licenses and coming out without it and making sure there's a way to attribute and to attach licenses to derivative works. There are also a bunch of legal rules around things like scraping and transient copies that are now being looked at because does the AI simply do that? Is it a transient copy that it has in its learning process? Can the existing scraping exceptions apply? And I think those are probably slightly more technical than my understanding, but it will be interesting to see how that evolves.

Marc (34:36): My gosh, there's a massive amount of things in that. I'm not sure that we can even answer them all. There's a few that I like the idea to begin with that the prompt engineer that essentially maybe their job, their company has the initial kind of responsibility, but then the subversion is what scares me the most where it's like, okay, who's liable for the data? And then there's kind of like a good faith, okay, fine, we could make an argument in that direction. But then there's the bad actor idea, like you said, putting arsenic in the meat before it goes into the grinder, that's really kind of scary.

Amanda (35:11): Right. And that's what happens if we don't know what the data is, but that's why we want transparency on the data. And it's why for me, AI is more than open source software. It's also open data. Do we need a whole new definition? I don't know. I'll be interested to see the outputs of the consultation that the open source initiative is doing, but I certainly know for sure that we need to look at the component parts, and it's more than just software.

Marc (35:36): All right. Thank you, Amanda. I have two more questions that we have been asking everyone that comes on the podcast, they're different than last time. This one started as I was mentoring someone on dealing with some different types of leadership. So I created a leadership thought experiment. And it goes like this, Amanda, you are the leader and I am a trusted member of your team. And the whole team is gathered here and everyone else on the team is complaining about some kind of problem. And I raise my hand, I look you in the eye and say, Amanda, I can take care of that. As the leader. What would you say?

Amanda (36:14): Depends on the problem.

Marc (36:15): Okay, spoken like an engineer more than a lawyer.

Amanda (36:18): Sorry, it's a lawyer's answer. But everything depends, right? So I say this to people all the time, and it's very hard in some ways to work with me because of this. I'm not good with rules. This probably sounds terrible for an ex-lawyer. My job was never to comply with rules, my job was to find ways to do things that didn't break the law as far as I was concerned. So in terms of having sets of rules, I'm not good at that because there's always exceptions to rules. I would say normally if I can, I would like to trust someone else to be able to go and do it. But if it was something that was really critical, say to a strategy around AI policy and we didn't wanna put a foot out of line because that could have a comeback on us, then the answer would be different. So, I'm sorry, not to give you a single answer.

Marc (37:11): All right. Andy's looking at me through the video trying to figure out how I'm going to ask the second question based upon that output.

Amanda (37:20): Did I ruin it? I'm so sorry.

Marc (37:21): Oh, it's brilliant. It's absolutely brilliant.

Amanda (37:25): Sorry.

Marc (37:26): We're gonna go point blank and we're gonna see what happens.

Amanda (37:31): Okay, let's do it.

Marc (37:32): So Amanda, how could you and I make the rest of the team act more like us in that thought experiment?

Amanda (37:40): I suppose it's about building enthusiasm and getting people on board and encouraging them to want to do this thing. So showing them what the consequences of it are and that they're positive and that sometimes things that seem like a challenge are the things that we have to get through to get to the wonderful end goal, and that there's a great advantage in it. I'm quite good. Anybody who's volunteered for Open UK will tell you this and they'll probably take the out of me as they're doing it. But I'm quite good at persuading people that something is a good idea to do. So occasionally I've overheard things like quite senior businessmen talking to another one saying, what does she make you do? I don't know why they take my calls, to be quite honest. Well, I do because we all believe in the same thing.

Marc (38:25): I absolutely love it. And I'm gonna just have to ask a little bit of follow up. Any tips on convincing people that it's the right thing, it's the right idea?

Amanda (38:35): Don't try and convince something of anything you don't believe in.

Marc (38:38): Believe it.

Amanda (38:40): Yeah, exactly. So if you're not authentic and if you don't believe it as much as you're telling them, they'll know.

Marc (38:46): All right. Absolutely brilliant. Amanda Brock, the 37th most influential woman in UK Tech. It's so nice to have you back.

Amanda (38:55): Oh, it's a great number, right?

Marc (38:57): I know.

Amanda (38:57): Thank you.

Marc (38:58): If I remember right, both three and seven are very good numbers for you.

Amanda (39:02): They are, they are, they're very lucky numbers. Thanks very much for having me along, and it's been great to talk to you.

Marc (39:07): Thanks for making the time, Amanda. Hope to have you on again. This is the DevOps Sauna. Thank you once again, Andy.

Andy (39:14): Yep. Thanks.

Marc (39:15): And we'll sign off. See you next time in the sauna. Before we go, let's give our guest an opportunity to introduce themselves and tell you a little bit about who we are.

Amanda (39:28): Thanks for inviting me into the sauna. I'm Amanda Brock. I'm CEO at Open UK. And we are the industry organization here in the UK for the business of open technology.

Marc (39:40): My name is Marc Dillon. I'm a lead consultant in the transformation business at Eficode.

Andy (39:44): My name is Andy Allred, and I'm doing platform engineering at Eficode.

Marc (39:48): Thank you for listening. If you enjoyed what you heard, please like and subscribe. It means the world to us. Also, check out our other interesting talks and tune in for our next episode. Take care of yourself. And remember, what really matters is everything we do with machines is to help humans.