Having over a decade of open source software I've written freely available online, I actually really appreciate the value that AI && LLMs have provided me.
The thing that leaves a bad taste in my mouth is the fact that my works were likely included in the training data and, if it doesn't violate my licenses (GNU 2/3), it certainly feels against the spirit of what I intended when distributing my works.
I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I wish I could be provided a dividend or royalty, however small, for my contribution to these LLMs but that will never happen.
I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
I'm guessing that such a license would not be enforceable because I am not in the US, but at least it would be nice to declare my intent and who knows what the future looks like.
> I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I think anyone here can understand and even share that feeling. And I agree with your "questionable" - its just the lame HR excuse du jour.
My 2c:
- AI megacorps aren't the only ones gaining, we all are. the leverage you have to build and ship today is higher than it was five years ago.
- It feels like megacorps own the keys right now, but that’s a temporary. In a world of autonomous agents and open-weight models, control is decentralized.inference costs continue to drop, you dont need to be running on megacorp stacks. Millions (billions?) of agents finding and sharing among themselves. How will megacorps stop?
- I see the advent of LLMs like the spread of literacy. Scribes once held a monopoly on the written word, which felt like a "loss" to them when reading/writing became universal. But today, language belongs to everyone. We aren't losing code; we are making the ability to code a universal human "literacy."
> AI megacorps aren't the only ones gaining, we all are.
No, no we are not.
> the leverage you have to build and ship today is higher than it was five years ago.
I don’t want more “leverage to build and ship”, I want to live in a world where people aren’t so disconnected from reality and so lonely they have romantic relationships with a chat window; where they don’t turn off their brains and accept any wrong information because it comes from a machine; where propaganda, mass manipulation, and surveillance aren’t at the ready hands of any two-bit despot; where people aren’t so myopic that they only look at their own belly button and use case for a tool that they are incapable of recognising all the societal harms around them.
> We aren't losing code; we are making the ability to code a universal human "literacy."
No, no we are not. What we are, however, is making ever increasingly bad comparisons.
Literacy implies understanding. To be able to read and write, you need to be able to understand how to do both. LLMs just spit text which you don’t need to understand at all, and increasingly people are not even caring to try to understand it. LLM generated code in the hands of someone who doesn’t read it is the opposite of literacy.
> We aren't losing code; we are making the ability to code a universal human "literacy."
LLMs making the ability to code a universal human “literacy” is like saying that Markov chain is making the ability to write a universal human “literacy”.
I’m not sure if the analogy is yours, but the scribe note really struck a chord with me.
I’m not a professionally trained SWE (I’m a scientist who does engineering work). LLMs have really accelerated my ability to build, ideate, and understand systems in a way that I could only loosely gain from sometimes grumpy but mostly kind senior engineers in overcrowded chat rooms.
The legality of all of this is dubious, though, per the parent. I GPL licensed my FOSS scientific software because I wanted it to help advance biomedical research. Not because I wanted it to help a big corp get rich.
But then again, maybe code like mine is what is holding these models back lol.
Sharing for advancing humanity / benefit of society, and megacorps getting rich off it, is not either-or. On the contrary, megacorps are in part how the benefit to society materializes. After all, it's megacorps that make and distribute the equipment and the software stacks I am using to write code on, that you are using to do your research on, etc.
I find the whole line of thinking, "I won't share my stuff because then a megacorp may use it without paying me the fractional picobuck I'm entitled to", to be a strong case of Dog in the Manger mindset. And I meant that even before LLM exploded, back when people were wringing their hands about Elasticsearch being used by Amazon, back in 2021 or so.
Sharing is sharing. One can't say "oh I'm sharing this for anyone to benefit", and then upon seeing someone using it to make money, say "oh but not like that!!". Or rather, one can say, but then they're just lying about having shared the thing. "OSS but not for megacorps/aicorps" is just proprietary software. Which is perfectly fine thing to work on; what's not fine is lying about it being open.
You can't avoid big corps training on your data if it's available, because "fair use".
But I hope this same 'fair use' will allow distilling of their private models into open weight models, so users are never locked in into any particular vendor. Giving back power to the user.
I think there's no meaningful case by the letter of the law that use of training data that include GPL-licensed software in models that comprise the core component of modern LLMs doesn't obligate every producer of such models to make both the models and the software stack supporting them available under the same terms. Of course, it also seems clear in the present landscape that the law often depends more on the convenience of the powerful than its actual construction and intent, but I would love to be proven wrong about that, and this kind of outcome would help
> I think there's no meaningful case by the letter of the law that use of training data that include GPL-licensed software in models that comprise the core component of modern LLMs doesn't obligate every producer of such models to make both the models and the software stack supporting them available under the same terms.
Why do you think "fair use" doesn't apply in this case? The prior Bartz vs Anthropic ruling laid out pretty clearly how training an AI model falls within the realm of fair use. Authors Guild vs Google and Authors Guild vs HathiTrust were both decided much earlier and both found that digitizing copyrighted works for the sake of making them searchable is sufficiently transformative to meet the standards of fair use. So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
> So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
The poster doesn't like it, so it's different. Most of the "legal analysis" and "foregone conclusions" in these types of discussions are vibes dressed up as objective declarations.
You seem like the type of person that will believe anything as long as someone cites a case without looking into it. Bartz v Anthropic only looked at books, and there was still a 1.5 billion settlement that Anthropic paid out because it got those books from LibGen / Anna's Archive, and the ruling also said that the data has to be acquired "legitimately".
Whether data acquired from a licence that specifically forbids building a derivative work without also releasing that derivative under the same licence counts as a legitimate data gathering operation is anyone's guess, as those specific circumstances are about as far from that prior case as they can be.
As long as they don't distribute the model's weights, even a strict interpretation of the GPL should be fine. Same reason Google doesn't have to upstream changes to the Linux kernel they only deploy in-house.
Broadly speaking, GPL is a license that has specific provisions about creating derivative software from the licensed work, and just saying "fair use" doesn't exempt you from those provisions. More specifically, an advertised use case (in fact, arguably the main one at this stage) of the most popular closed models as they're currently being used is to produce code, some of which is going to be GPL licensed. As such, the code used is part of the functionality of the program. The fact that this program was produced from the source code used by a machine learning algorithm rather than some other method doesn't change this fundamental fact.
The current supreme court may think that machine learning is some sort of magic exception, but they also seem to believe whatever oligarchs will bribe them to believe. Again, I doubt the law will be enforced as written, but that has more to do with corruption than any meaningful legal theory. Arguments against this claim seem to ignore that courts have already ruled these systems to not have intellectual property rights of their own, and the argument for fair use seems to rely pretty heavily on some handwavey anthropomorphization of the models.
Sure, but that's more a result of policy decisions than an inevitable result of some natural law. Corporate lawlessness has been reined in before and it can be again
If there was going to be a case, it's derivative works. [1]
What makes it all tricky for the courts is there's not a good way to really identify what part the generated code is a derivative of (except in maybe some extreme examples).
One could carefully calculate exactly how much a given document in the training set has influenced the LLM's weights involved in a particular response.
However, that number would typically be very very very very small, making it hard to argue that the whole model is a derivative of that one individual document.
Nevertheless, a similar approach might work if you took a FOSS project as a whole, e.g. "the model knows a lot about the Linux kernel because it has been trained on its source code".
However, it is still not clear that this would be necessarily unlawful or make the LLM output a derivative work in all cases.
It seems to me that LLMs are trained on large FOSS projects as a way to teach them generalisable development skills, with the side effect of learning a lot about those particular projects.
So if I used a LLM to contribute to the kernel, clearly it would be drawing on information acquired during its training on the kernel's code source. Perhaps it could be argued that the output in that case would be a derivative?
But if I used a LLM to write a completely unrelated piece of software, the kernel training set would be contributing a lot less to the output.
Intellectual property never made much sense to begin with. But it certainly makes no sense now, where the common creator has no protections against greedy corporate giants who are happy to wield the full weight of the courts to stifle any competition for longer than we'll be alive.
Or, in the case of LLMs, recklessly swing about software they don't understand while praying to find a business model.
hey just don't try to copy their LLM by distilling it, cause that's "theft", if we weren't all doomed anyways this industry would have never been allowed to exist in the first place, but I guess this is just what the last few decades of our civilization will look like.
Poor billionaire Rowling has no protections against the evil corporations. Everyone using this argument has no clue about artists and and writers.
Yes, corporations take a large cut, but creative people welcomed copyright and made the bargain and got fame in the process. Which was always better for them than let Twitch take 70% and be a sharecropper.
Silicon Valley middlemen are far worse than the media and music industry.
That's always what laws existed for, a law is just a formal way of saying "we will use violence against you if you do something we don't like" and that has always going to be primary written by and for the people that already have the power to do that, it's not the worst, certainly better than Kings just being able to do as they please.
The foreman had pointed out his best man - what was his name? - and, joking with the puzzled machinist, the three bright young men had hooked up the recording apparatus to the lathe controls. Hertz! That had been the machinist's name - Rudy Hertz, an old-timer, who had been about ready to retire. Paul remembered the name now, and remembered the deference the old man had shown the bright young men.
Afterward, they'd got Rudy's foreman to let him off, and, in a boisterous, whimsical spirit of industrial democracy, they'd taken him across the street for a beer. Rudy hadn't understood quite what the recording instruments were all about, but what he had understood, he'd liked: that he, out of thousands of machinists, had been chosen to have his motions immortalized on tape.
And here, now, this little loop in the box before Paul, here was Rudy as Rudy had been to his machine that afternoon - Rudy, the turner-on of power, the setter of speeds, the controller of the cutting tool. This was the essence of Rudy as far as his machine was concerned, as far as the economy was concerned, as far as the war effort had been concerned. The tape was the essence distilled from the small, polite man with the big hands and black fingernails; from the man who thought the world could be saved if everyone read a verse from the Bible every night; from the man who adored a collie for want of children; from the man who . . . What else had Rudy said that afternoon? Paul supposed the old man was dead now - or in his second childhood in Homestead.
Now, by switching in lathes on a master panel and feeding them signals from the tape, Paul could make the essence of Rudy Hertz produce one, ten, a hundred, or a thousand of the shafts.
> I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
This is increasingly common, and I don’t think it’s questionable that LLMs that software engineers help train are contributing to the obsolescence of software engineers. Large companies that operate these LLMs both 1) benefit from the huge amount of open-source software and at the same time 2) erode the very foundation that made open-source software explode in popularity (which happened thanks to copyright—or, more precisely, the ability to use copyright to enforce copyleft and thus protect the future of volunteer work made by individual contributors).
GPL was written long before this technology started to be used this way. There’s little doubt that the spirit of GPL is violated at scale by commercial LLM operators, and considering the amount of money that got sunk into this it’s very unlikely they would ever yield to the public the models, the ability to mass-scrape the entire Internet to train equivalent models, the capability to run these models to obtain comparable results, etc. The claim of “democratising knowledge” is disingenuous if you look deeper into it—somehow, they themselves will always be exempt from that democratisation and free to profit from our work, whereas our work is what gets “democratised”. Somehow, this strikes me personally more as expropriation than democratisation.
If you use GitHub, you’re automatically opted into having your code used for training. Private repo or not. You have to actually opt out and even then, will they honor that? No…
These companies pirated their training material and reached settlements with the copyright holders. I imagine they’d do the same with software licenced under Not For Training terms too. It’d be up to you to find out it is happening and then pursue them legally for compensation.
Reading this I hear The Roots playing The Seed 2.0[1] in my mind.
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
If we're being clear, it's going to be a lot more than that.
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
Taken to a hallucinated but logical conclusion, we might define a word such as "cene" to riff off of "meme" and "gene".
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
Me too, and I use LLMs often for personal and professional work. Knowing that colleagues are burning through $700/day worth of tokens, and a small fraction of those tokens were likely derived from my work while I get made redundant is a bit shite.
Yeah that's the thing making my head spin, tack a 30% profit margin on that and it's 550usd per day?
Probably going to be more than that for rocketship growth and investor expectations.
Is that the game? Lock in companies to this "new reality" with cheap tokens then once they fire all their devs, bait and switch to 2X the cost.
If you read history widely (across millennia and geographies), you'll note that most of the power-contests follow this pattern[0]. In the modern industrial world, the pattern becomes exponential rather than incremental. What I'm saying is that this is not unique to AI Labs[1]. This is caused by the deeply flawed and unbalanced system that we have constructed for ourselves.
[0]: The pattern, or, as gamers would call it, the "meta", is that every ambitious person/entity wants to control as much of the economic/material surplus as possible. The most effective and efficient (effort per control) way of doing this is to make yourself into as much of a bottle-neck as humanly possible. In graph-theory this corresponds to betweenness-centrality, and you want to maximize that value. To put it in mundane terms, you want to be as much of a monopoly as you can be (Thiel is infamous for saying this, but it does check out, historically). To maximize betweenness, or to maximize monopoly, is to maximize how much society/economy depends on you. This is such a dominant strategy (game-theory term, but in modern gaming world, they might call this a "cheesy strat" -- which just means that the game lacks strategic variety, forcing players to hone that one strategy), that we even have some old laws (anti-trust, etc) designed to prevent it. And it makes a lot of sense: Standard Oil was reviled because everything in the economy either required oil or required something that did. 20th-century USA did a lot to mitigate this. It forced monopolies like ATT to fund general research like Bell Labs (still legendary) towards a public good (a kind of tax, but probably much more socially-beneficial). It also broke up the monopolies, and passed anti-profit laws (e.g. hospitals were not allowed to make a profit until 1978; I have seen in the last 10 years a tiny cancer clinic grow into a massive gleaming hospital -- a machine that transforms sickness and grief into Scrooge McDuck vaults of cash). This monopolistic tendency of the commercial sector, is a tendency towards centralization, which yields efficiency, sure, but also creates the conditions for control and rent-seeking and exploitation.
[1]: Much of the cloud-computing craze was similar in character (and also failed to deliver on some of its promises, such as reducing/replacing IT overhead (they just renamed IT to DevOps)). And Web2 itself was about creating and monopolizing a new kind of ad-channel and lead-generation-machine. There is a funny twist, that a capitalist society like the USA, has much more deeply rooted incentives to create a panopticon than communist states of the past ever did. Neither is pretty of course. The communists demanded conformity and loyalty, while the capitalists demand consumption and rent.
My personal take is that LLMs are so transformative that they are likely not going to qualify under derivative works and therefore GPL wouldn't hold sway. There's already some evidence that courts will consider training on copyrighted material fair use, so long as it is otherwise obtained legally, which would be the case with software licensed under GPL.
I realize this is an unpopular opinion on HN, but I believe it is best because it's a weakener interpretation of copyright law, which is overall a good thing in my view.
You can train models locally now and use open source ones and there's a robust community of people training, retraining, and generally pulling data from anywhere. And then new models get trained on old models. The models in use now are already several generations deep even further trained on code freely given by the entire industry. It's like complaining about being 1/100000th of a soup with no real proof you're even in it. Can you provide proof that a model used your code? It's like a remix of a remix of a remix.
The fact that github copilot had an option to block generated code that matched public examples and the fact that the llms can regenerate Harry Potter books verbatim means the training data is definitely "stored in a digital system of retrieval" but Goodluck actually having common sense win vs trillionaire incentive group stealing from everyone
I wish Anthropic or someone would take a leadership role and re-train their models without any GPL code, or at least stop doing so in the future tense.
> I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
Personally, I want a viral (GPL-style) license that explicitly prohibits use of code for LLM training/tuning purposes — with the asterisk that while current law might view LLM training as fair use, this may not be the case forever, and blatant disregard of the terms of the license should make it easier for me to sue offenders in the future.
Alternatively, this could be expressed as: the output of any LLM trained on this code must retain this license.
> I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that
Frankly do you think AI companies have even the remotest amount of respect for these licenses anyways? They will simply take your code if it is publicly scrapeable, train their models, exactly like they have so far. Then it will be up to you to chase them down and try to sue or whatever. And good luck proving the license violation
I dunno. I just don't really believe that many tech companies these days are behaving even remotely ethically. I don't have much hope that will change anytime soon
Traditionally, large corporations have taken very conservative legal stances with regard to integrating e.g. A/GPL code, even when there's almost no risk.
If my license explicitly says "any LLM output trained on this code is legally tainted," I feel like BigAICorp would be foolish to ignore it. Maybe I couldn't sue them today, but are they confident this will remain the case 5, 10, 20 years from now? Everywhere in the world?
> it certainly feels against the spirit of what I intended when distributing my works
You can own the works, but not the vibes. If everyone owned the vibes we would all be infringing others. In my view abstractions should not be protected by copyright, only expression, currently the abstraction-filtration-comparison standard (AFC) protects abstractions too, non-literal infringement is a thing.
Trying to own the vibes is like trying to own the functionality itself, no matter the distinct implementation details, and this is closer to patents than copyrights. But patents get researched for prior art and have limited duration, copyright is automatic and almost infinite duration.
All the infrastructure that runs the whole AI-over-the-internet juggernaut is
essentially all open source.
Heck, even Claude Code would be far less useful without grep, diff, git, head, etc., etc., etc. And one can easily see a day where something like a local sort Claude Code talking to Open Weight and Open Source models is the core dev tool.
> All the infrastructure that runs the whole AI-over-the-internet juggernaut is essentially all open source.
Exactly.
> Heck, even Claude Code would be far less useful without grep, diff, git, head, etc.
It wouldn't even work. It's constantly using those.
I remember reading a Claude Code CLI install doc and the first thing was "we need ripgrep" with zero shame.
All these tools also all basically run on top of Linux: with Claude Code actually installing, on Windows and MacOS, a full linux VM on the system.
It's all open-source command line tools, an open-source OS and piping program one to the other. I'm on Linux on the desktop (and servers ofc) since the Slackware days... And I was right all along.
If I look around in the FLOSS communities, I see a lot of skepticism towards LLMs. The main concerns are:
1. they were trained on FLOSS repositories without consent of the authors, including GPL and AGPL repos
2. the best models are proprietary
3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
I agree those are legitimate problems but LLMs are the new reality, they are not going to go away. Much more powerful lobbies than the OSS ones are losing fights against the LLM companies (the big copyright holders in media).
But while companies can use LLMs to build replacements for GPL licensed code (where those LLMs have that GPL code probably in their training set), the reverse thing can also be done: one can break monopolies open using LLMs, and build so much open source software using LLMs.
> 3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
Meanwhile as people sleep on LLMs to help them audit their code for security holes, or even any security code auditing tools. Script kiddies don't care that you think AI isn't ready, they'll use AI models to scrape your website for security gaps. They'll use LLMs to figure out how to hack your employees and steal your data. We already saw that hackers broke into government servers for the Mexican government, basically scraping every document of every Mexican citizen. Now is the time to start investing in security auditing, before you become the next news headline.
AI isn't the future, it's already here, and hackers will use it against you.
I’m not so sure… what I see as more likely is that coding agents will just strip parts from open source libraries to build bespoke applications for users. Users will be ecstatic because they get exactly what they want and they don’t have to worry about upstream supply chain attacks. Maintainers get screwed because no one contributes back to the main code base. In the end open source software becomes critical to the ecosystem, but gets none of the credit.
But the users would have to maintain their own forks then. Unless you stream back patches into your forks, which implies there's some upstream being maintained. Software doesn't interoperate and maintain itself for free - somebody's gotta put in the time for that.
I think as long as AI isn't literal AGI, social pressures will keep projects alive, in some state. There definitely is something scary about stealing entire products as a mean for new market domination - e.g. steal linux then make a corporate linux, and force everybody to contribute to corporate linux only (many linux contributors are paid by corporations, after all), and make that the new central pointer. That might be worst case scenario - then Microsoft, in collusion (which I admit is far fetched, but def possible), could completely adopt linux for servers and headless compute, and enforce very strict hardware restrictions such that only Windows works.
> But the users would have to maintain their own forks then.
I suppose the idea would be, they don't have to maintain it: if it ever starts to rot from whatever environmental changes, then they can just get the LLM to patch it, or at worst, generate it again from scratch.
(And personally, I prefer writing code so that it isn't coupled so tightly to the environment or other people's fast-moving libraries to begin with, since I don't want to poke at all of my projects every other year just to keep them functional.)
The LLM can a priori test on all possible software and hardware environments, test all possible edge cases for deployment, get feedback from millions of eyes on the project explicitly or implicitly via bug reports and usage, find good general case use features given the massive amounts of data gathered through the community of where the project needs to go next, etc?
Even in a world with pure LLM coding, it's more likely that LLMs maintain an open source place for other LLMs to contribute to.
You're forgetting that code isn't just a technical problem (well, even if it was, that would be a wild claim that goes against all hardness results known to humans given the limits of a priori reasoning...)
Agents can read the binary that makes up a compiled file and detect behavior directly from that. I've been doing it to inspect my own builds for the presence of a feature.
It’s such a fun time to have 1+ decade(s) of experience in software. Knowing what simple and good are (for me), and being able to articulate it has let me create so much personal software for myself and my family. It has really felt like turning ideas into reality, about as fast as I can think of them or they can suggest them. And adding specific features, just for our needs. The latest one was a slack canvas replacement, as we moved from slack to self-hosted matrix + element but missed the multiplayer, persistent monthly notes file we used. Even getting matrix set up in the first place was a breeze.
$20/month with your provider of choice unlocks a lot.
Edit: the underlying point being, yes to the article. Either building upon the foundations of open source to making personal things, or just modifying a fork for my own needs.
Couldn't agree more. I'm building open source software for the grid, contributing in a way that feels like it could truly make a difference, while building momentum for open standards. It doesn't feel like work, just creativity and problem solving. On top of that, I can just build stuff for fun. Kids want a Minecraft mod? Let's build it and learn a thing or two on the way.
Open source has never been more alive for me. I have been publishing low key for years, and AI has expanded that capability more than 100 fold, in all directions. I had previously published packages in multiple languages but recently started to cut back to just one manually. But now with AI, I started to expand languages again. Instead of feeling constrained by toolchains I feel comfortable with, I feel freedom to publish more and more.
The benefits to publishing AI generated code as open source are immense including code hosting and CI/CD pipelines for build, test, lint, security scans, etc. In additional to CI/CD pipelines, my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc. All of this makes the code more reliable and maintainable, for both human and AI authored code.
Some thoughts on two recent posts:
1. 90% of Claude-linked output going to GitHub repos w <2 stars (https://news.ycombinator.com/item?id=47521157): I'm generally too busy to publishing code to promote, but at some time it might settle down. Additionally, with how fast AI can generate and refactor code, it can take some time before the code is stable enough to promote.
2. So where are all the AI apps? (https://news.ycombinator.com/item?id=47503006): They are in GitHub with <2 stars! They are there but without promotion it takes a while to get started in popularity. That being said, I'm starting to get some PRs.
If there's any stolen code generated by AI, it's certainly not intentional and a DMCA notice would be appreciated. It would be interesting to see how prevalent this is in AI generated code - is anyone doing a study?
Stars will likely go up over time, but more than the stars it's the testing and maintenance over time that's valuable. There's little promotion right now, but there are already some stars, PRs, and issues. In fact, I'm working on merging PRs now.
>my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc.
Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).
We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.
Given that Claude is attributed to 19M+ commits on GitHub, it will be interesting to see where this ends up. Specifically on copyright, it will be interesting to see if any DMCA takedown notices are filed, including popular projects such as OpenClaw, GSD, Gas Town, Vibium, and others.
FOSS came up around the core idea of liberating software for hardware, and later on was sustained by the idea of a commodity of commons we can build on. But with LLMs we have alternative pathways/enablement for the freedoms:
Freedom 0 (Run): LLMs troubleshoot environments and guide installations, making software executable for anyone.
Freedom 1 (Study/Change): make modifications, including lowering bar of technical knowledge.
Freedom 2 (Redistribute): LLMs force redistribution by building specs and reimplementing if needed.
Freedom 3 (Improve/Distribute): Everyone gets the improvement they want.
As we can see LLM makes these freedoms more democratic, beyond pure technical capability.
For those that cared only about these 4 freedoms, LLMs enable these in spades. But those who looked additionally for business, signalling and community values of free software (I include myself in this), these were not guaranteed by FOSS, and we find ourselves figuring out how to make up for these losses.
One thing I've noticed building developer tools is that coding agents are only as useful as the context they have access to. Most agents hallucinate on internal APIs because they can't reach your actual documentation.
The MCP protocol is starting to fix this. You can expose internal knowledge bases to agents so they generate code based on real docs instead of guessing. Still early but the difference in output quality is significant when the agent has access to your actual specs.
I've found that for API integration, developing against a spec, like OpenAPI, and using/building an auto-generated SDK is still very useful for coding agents.
When there is no spec for REST APIs, I built a tool that can convert HAR files, Postman collections and other data to OpenAPI spec from which I build client SDKs for coding agents to use.
5 years ago, I set out to build an open-source, interoperable marketplace powered by open-source SaaS. It felt like a pipe dream, but AI has made the dream into fruition. People are underestimating how much AI is a threat to rent seeking middlemen in every industry.
“Their relationship with the software is one of pure dependency, and when the software doesn’t do what they need, they just… live with it”
Or, more likely, they churn off the product.
The SaaS platforms that will survive are busy RIGHT NOW revamping their APIs, implementing oauth, and generally reorganizing their products to be discovered and manipulated by agents. Failing in this effort will ultimately result in the demise of any given platform. This goes for larger SaaS companies, too, it’ll just take longer.
And I think it’s less about letting agents modify the product source. That’s more of a platform capability which should also be a requirement for certain types of use cases. All comes back to listening to and / or innovating for customers.
> SaaS scaled by exploiting a licensing loophole that let vendors avoid sharing their modifications.
AI is going to exploit even more: "Given the repository -> Construct tech spec -> Build project based on tech spec"
At this stage, I want everyone just close their source, stop working on open source until this issue of licensing gets resolved.
Any improvement you make to the open source code will be leveraged in ways you didn't intend it to be used, eventually making you redundant in the process
This is a microcosm of a much larger problem. When AI writes code, reviews code, and now apparently manages its own git operations — who's actually in control of the codebase?
The "dangerously-skip-permissions" flag getting blamed here is telling. We're building tools where the safe default is friction, so users disable the safety to get work done, and then the tool does something destructive. That's not a user error — that's a design pattern that reliably produces failures at scale.
The broader data is concerning: AI-generated code has 2.74x more security vulnerabilities than human-written code, and reviewing it takes 3.6x longer. Now add autonomous git operations to that mix. The code review problem becomes a code ownership problem — if the AI is writing it, reviewing it, and managing the repository, what exactly is the human's role? We dug into this at sloppish.com/ghost-in-the-codebase
I don’t know what SaaS has to do with FOSS. The point of FOSS was to allow me to modify the software I run on my system. If the device drivers for some hardware I depend on are no longer supported by the company I bought it from, if it’s open source, I can modify and extend the software myself.
The Copy Left licenses ensure that I share my modifications back if I distribute them. It’s a thing for the public good.
Agent-based software development walls people off from that. Mostly by ensuring that the provenance of the code it generates is not known and by deskilling people so that they don’t know what to prompt or how to fix their code.
agree completely. When the megacorps are building hundreds of datacenters and openly talking about plans to charge for software "like a utility," there has never been a clearer mandate for the need for FOSS, and IMO there has never been as much momentum behind it either.
these are exciting times, that are coming despite any pessimism rooted in our out-dated software paradigms.
Maybe, but I don't really believe users can or want to start designing software, if it was even possible which today it isn't really unless you already have software dev skills.
That would basically make users a product manager and UX designer, which they aren't really capable of currently. At most they will discover what they think they want isn't what they actually want.
First of all, free software still matters. Then, being a slave to a $200 subscription to a oligarch application that launders other people's copyright is not what Stallman envisioned.
The AI propaganda articles are getting more devious my the minute. It's not just propaganda---it's Bernays-level manipulation!
I wonder if there will be a different phenomena — namely everyone just developing their own personal version of what they want rather than relying on what someone else built. Nowadays, if the core functionality is straightforward enough, I find that I just end up building it myself so I can tailor it to my exact needs. It takes less time than trying to understand and adapt someone else’s code base, especially if it’s (mostly) AI generated and contains a great deal of code slop.
My prompts to Claude has evolved from "what program / data source do I need to do this" to "what program / data source do I need, to make you do this for me".
After a few iterations, any data source without a free API feed, or any program without a free CLI interface are edited out of the gene pool, so to speak.
It compares and contrasts open source and free software, and then gives an example of how free software is better than closed software.
But if the premise of the article, that the agent will take the package you pick and adapt it to your needs, is correct, then honestly the agent won't give a rat's ass whether the starting point was free source or open source.
If most of the "free software" is AI slop, then it's going to make me read a lot more source code for free software, if the free software is also open-source. If it isn't open-source, oh boy, no way.
AI backdoors are already a well known problem, and vibe-coded free software is always going to present a substantial risk. We'll see how it plays out in time, but I can already see where it's heading.
After enough problems, reputation and humans in the loop could finally become important again. But I have a feeling humanity is going to have to learn the hard way first (again).
What I'm hoping for is for more competition in the tech sector. I'm tired of companies foisting Microsoft or Oracle products on everyone! WTF! The current tech sector feels like all companies are subsidiaries of Big Tech... It's likely a direct result of passive investing... Everyone who has any money and controls a small or medium sized company likely owns stock of Microsoft, Apple, Meta, Google, Amazon... So they mandate their companies to use products from those big tech companies. So all the small-fish founders feel like they are dogfooding their own investments... And that's preventing new entrants from getting a foothold in B2B space... Feels like all the small companies are working for Big Tech.
Conflict of interests is the norm. It should be illegal for a company founder or director to own stock of a supplier. It should be illegal for shareholders to own stocks of two competing companies. Index funds should be illegal.
I worry people are lacking context about how SaaS products are purchased if they think LLMs and "vibe coding" are going to replace them. It's almost never the feature set. Often it's capex vs opex budgeting (i.e., it's easier to get approval for a monthly cost than a upfront capital cost) but the biggest one is liability.
Companies buy these contracts for support and to have a throat to choke if things go wrong. It doesn't matter how much you pay your AI vendor, if you use their product to "vibe code" a SaaS replacement and it fails in some way and you lose a bunch of money/time/customers/reputation/whatever, then that's on you.
This is as much a political consideration as a financial one. If you're a C-suite and you let your staff make something (LLM generated or not) and it gets compromised then you're the one who signed off on the risky project and it's your ass on the line. If you buy a big established SaaS, do your compliance due-diligence (SOC2, ISO27001, etc.), and they get compromised then you were just following best practice. Coding agents don't change this.
The truth is that the people making the choice about what to buy or build are usually not the people using the end result. If someone down the food chain had to spend a bunch of time with "brittle hacks" to make their workflow work, they're not going to care at all. All they want is the minimum possible to meet whatever the requirement is, that isn't going to come back to bite them later.
SaaS isn't about software, it's about shifting blame.
The debate in the comment section here really boils down to: upstream freedom vs downstream freedom.
Copyleft licenses like GPL/Apache mandate upstream freedom: Upstream has the "freedom" to use anything downstream, including anything written by a corporation.
Non-copyleft FOSS licenses like MIT/BSD are about downstream freedom, which is more of a philosophically utilitarian view, where anyone who receives the software is free to use it however they want, including not giving their changes back to the community, on the assumption that this maximizes the utility of this free software in the world.
If you prioritize the former goal, then coding agents are a huge problem for you. If the latter, then coding agents are the best thing ever, because they give everyone access to an effectively unlimited amount of cheap code.
What you call 'downstream freedom' isn't very downstream. The real downstream is the end user, who should have the right to know what the software is doing on their computer, to recompile the software so it works on their machine with the software that is already on it, to make changes to the software so it can serve their needs.
I think the opposite. It will make all software matter less.
If trendlines continue... It will be faster for AI to vibe code said software to your customized specifications than to sign up for a SaaS and learn it.
"Claude, create a project management tool that simplifies jira, customize it to my workflow."
So a lot of apps will actually become closed source personalized builds.
And then you get a new hire who already knows the common SaaS products but has to re learn your vibe coded version no one else uses where no information exists online.
There is a reason why large proprietary products remain prevalent even when cheaper better alternatives exist. Being "industry standard" matters more than being the best.
It will. By translation I mean like a front end client that translates the api into a user interface they prefer. They will build something localized to their own workflow. If it doesn't end well it's localized to them only.
I can already build a ticket tracker in a weekend. I’ve been on many teams that used Jira, nobody loves Jira, none of us ever bothered to DIY something good enough.
Why?
Because it’s a massive distraction. It’s really fun to build all these side apps, but then you have to maintain them.
I’m guessing a lot of vibeware will be abandoned rather than maintained.
The hard part has always been shipping, buttoning things up, doing the design. Not the idea per say. And then if any of it is successful and starts making money guess who you're gonna call to maintain it?
These are local systems. Think of it like vibe coding your personal GUI or CLI. Each programmer uses their own custom build. There's no maintenance except only for themselves.
You typically use an off the shelf project management software because it's too time consuming to build one catered to your own preferences. But with AI, it just does it for you. I'm talking about custom one off personal solutions readily done because of AI executing on it for you.
But then all your local stuff is based on open-source software, unlike the SaaS which is probably not all the way open.
I've always preferred my stack to be on the thinner, more vanilla, less prebuilt side than others around me, and seems like LLMs are reinforcing that approach now.
if the trendlines continue on atmospheric greenhouse gases we will all be dead from climate change so I really do hope the world is a little bit more complicated than trendlines just extrapolating out. Interestingly enough that might actually be bad for OpenAI since it will be difficult to sell their product if their customers are dying from heat stroke.
You hope. But you need to think realistically. Not hopefully.
Trendlines will continue. Even the one for greenhouse gases. That is the most realistic scenario. In fact the trendline for greenhouse gases is even stronger than AI. I am far more confident about greenhouse gases continuing to rise than I am for AI.
Telling me how another trendline points to a shitty reality doesn't change the fact that the shitty reality is still reality. It's a common mistake in debate.
I haven't stated whether I hope for one reality or the other. I'm simply stating the most probable future. You haven't even disagreed with me.
There's too much value in familiar UX. "Don't make the user think" is the golden rule these days. People used to have mental bandwidth for learning new interfaces... But now people expect uniformity
Due to copyright laws and piracy bleed-through, one can't safely license "AI" output under some other use-case without the risk of getting sued or DMCA strikes. You can't make it GPL, or closed source... because it is not legally yours even if you paid someone for tokens.
Like all code-generators that came before, the current LLM will end up a niche product after the hype-cycle ends. "AI" only works if the models are fed other peoples real works, and the web is already >52% nonsense now. They add the Claude-contributor/flag to Git projects, so the scrapers don't consume as much of its own slop. ymmv =3
tl-didn't finish but I absolutely do this already. Much of the software I use is foss and codex adjusts it to my needs. Sometimes it's really good software and I end up adding something that already exists. Whatever, tokens are free...
Unfortunately for me, I believe that the algorithms won't allow me to get exposure for my work no matter how good it is so there is literally no benefit for me to do open source. Though I would love to, I'm not in a position to work for free. Exposure is required to monetize open source. It has to reach a certain scale of adoption.
The worst part is building something open source, getting positive feedback, helping a couple of startups and then some big corporation comes along and implements a similar product and then everyone gets forced by their bosses to use the corporate product against their will and people eventually forget your product exists because there are no high-paying jobs allowing people to use it.
With hindsight, Open Source is basically a con for corporations to get free labor. When you make software free for everyone, really you're just making it free for corporations to Embrace, Extend, Extinguish... They invest a huge amount of effort to suppress the sources of the ideas.
Our entire system is heavily optimized for decoupling products from their makers. We have almost no idea who is making any of the products we buy. I believe there is a reason for that. Open source is no different.
When we lived in caves, everyone in the tribe knew who caught the fish or who speared the buffalo. They would rightly get credit. Now, it's like; because none of the rich people are doing any useful work, they can only maintain credibility by obfuscating the source of the products we buy. They do nothing but control stuff. Controlling stuff does not add value. Once a process is organized, additional control only serves to destroy value through rent extraction.
This feels like an AI generated comment, but I'll reply anyway. AI has been a massive negative for open source since every project is now drowning in AI generated PRs which don't work, reports for issues which don't exist, and the general mountain of time waster automated slop.
We are getting to the point where many projects may have to close submissions from the general public since they waste far more time than they help.
I’m impressed by how current times make us consider so many completely opposite scenarios. I think it can indeed foster progress, but it can also have negative impacts.
The thing that leaves a bad taste in my mouth is the fact that my works were likely included in the training data and, if it doesn't violate my licenses (GNU 2/3), it certainly feels against the spirit of what I intended when distributing my works.
I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I wish I could be provided a dividend or royalty, however small, for my contribution to these LLMs but that will never happen.
I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
I'm guessing that such a license would not be enforceable because I am not in the US, but at least it would be nice to declare my intent and who knows what the future looks like.
I think anyone here can understand and even share that feeling. And I agree with your "questionable" - its just the lame HR excuse du jour.
My 2c:
- AI megacorps aren't the only ones gaining, we all are. the leverage you have to build and ship today is higher than it was five years ago.
- It feels like megacorps own the keys right now, but that’s a temporary. In a world of autonomous agents and open-weight models, control is decentralized.inference costs continue to drop, you dont need to be running on megacorp stacks. Millions (billions?) of agents finding and sharing among themselves. How will megacorps stop?
- I see the advent of LLMs like the spread of literacy. Scribes once held a monopoly on the written word, which felt like a "loss" to them when reading/writing became universal. But today, language belongs to everyone. We aren't losing code; we are making the ability to code a universal human "literacy."
No, no we are not.
> the leverage you have to build and ship today is higher than it was five years ago.
I don’t want more “leverage to build and ship”, I want to live in a world where people aren’t so disconnected from reality and so lonely they have romantic relationships with a chat window; where they don’t turn off their brains and accept any wrong information because it comes from a machine; where propaganda, mass manipulation, and surveillance aren’t at the ready hands of any two-bit despot; where people aren’t so myopic that they only look at their own belly button and use case for a tool that they are incapable of recognising all the societal harms around them.
> We aren't losing code; we are making the ability to code a universal human "literacy."
No, no we are not. What we are, however, is making ever increasingly bad comparisons.
Literacy implies understanding. To be able to read and write, you need to be able to understand how to do both. LLMs just spit text which you don’t need to understand at all, and increasingly people are not even caring to try to understand it. LLM generated code in the hands of someone who doesn’t read it is the opposite of literacy.
LLMs making the ability to code a universal human “literacy” is like saying that Markov chain is making the ability to write a universal human “literacy”.
I’m not a professionally trained SWE (I’m a scientist who does engineering work). LLMs have really accelerated my ability to build, ideate, and understand systems in a way that I could only loosely gain from sometimes grumpy but mostly kind senior engineers in overcrowded chat rooms.
The legality of all of this is dubious, though, per the parent. I GPL licensed my FOSS scientific software because I wanted it to help advance biomedical research. Not because I wanted it to help a big corp get rich.
But then again, maybe code like mine is what is holding these models back lol.
I find the whole line of thinking, "I won't share my stuff because then a megacorp may use it without paying me the fractional picobuck I'm entitled to", to be a strong case of Dog in the Manger mindset. And I meant that even before LLM exploded, back when people were wringing their hands about Elasticsearch being used by Amazon, back in 2021 or so.
Sharing is sharing. One can't say "oh I'm sharing this for anyone to benefit", and then upon seeing someone using it to make money, say "oh but not like that!!". Or rather, one can say, but then they're just lying about having shared the thing. "OSS but not for megacorps/aicorps" is just proprietary software. Which is perfectly fine thing to work on; what's not fine is lying about it being open.
Wake me up when you do.
The same way that doordash makes kitchen skills universal.
But I hope this same 'fair use' will allow distilling of their private models into open weight models, so users are never locked in into any particular vendor. Giving back power to the user.
Why do you think "fair use" doesn't apply in this case? The prior Bartz vs Anthropic ruling laid out pretty clearly how training an AI model falls within the realm of fair use. Authors Guild vs Google and Authors Guild vs HathiTrust were both decided much earlier and both found that digitizing copyrighted works for the sake of making them searchable is sufficiently transformative to meet the standards of fair use. So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
The poster doesn't like it, so it's different. Most of the "legal analysis" and "foregone conclusions" in these types of discussions are vibes dressed up as objective declarations.
Whether data acquired from a licence that specifically forbids building a derivative work without also releasing that derivative under the same licence counts as a legitimate data gathering operation is anyone's guess, as those specific circumstances are about as far from that prior case as they can be.
The current supreme court may think that machine learning is some sort of magic exception, but they also seem to believe whatever oligarchs will bribe them to believe. Again, I doubt the law will be enforced as written, but that has more to do with corruption than any meaningful legal theory. Arguments against this claim seem to ignore that courts have already ruled these systems to not have intellectual property rights of their own, and the argument for fair use seems to rely pretty heavily on some handwavey anthropomorphization of the models.
Are you saying that you believe that untested but technically; models trained on GPL sources need to distribute the resulting LLMs under GPL?
What makes it all tricky for the courts is there's not a good way to really identify what part the generated code is a derivative of (except in maybe some extreme examples).
[1] https://en.wikipedia.org/wiki/Derivative_work
However, that number would typically be very very very very small, making it hard to argue that the whole model is a derivative of that one individual document.
Nevertheless, a similar approach might work if you took a FOSS project as a whole, e.g. "the model knows a lot about the Linux kernel because it has been trained on its source code".
However, it is still not clear that this would be necessarily unlawful or make the LLM output a derivative work in all cases.
It seems to me that LLMs are trained on large FOSS projects as a way to teach them generalisable development skills, with the side effect of learning a lot about those particular projects.
So if I used a LLM to contribute to the kernel, clearly it would be drawing on information acquired during its training on the kernel's code source. Perhaps it could be argued that the output in that case would be a derivative?
But if I used a LLM to write a completely unrelated piece of software, the kernel training set would be contributing a lot less to the output.
Or, in the case of LLMs, recklessly swing about software they don't understand while praying to find a business model.
How is any of this new?
Yes, corporations take a large cut, but creative people welcomed copyright and made the bargain and got fame in the process. Which was always better for them than let Twitch take 70% and be a sharecropper.
Silicon Valley middlemen are far worse than the media and music industry.
Afterward, they'd got Rudy's foreman to let him off, and, in a boisterous, whimsical spirit of industrial democracy, they'd taken him across the street for a beer. Rudy hadn't understood quite what the recording instruments were all about, but what he had understood, he'd liked: that he, out of thousands of machinists, had been chosen to have his motions immortalized on tape. And here, now, this little loop in the box before Paul, here was Rudy as Rudy had been to his machine that afternoon - Rudy, the turner-on of power, the setter of speeds, the controller of the cutting tool. This was the essence of Rudy as far as his machine was concerned, as far as the economy was concerned, as far as the war effort had been concerned. The tape was the essence distilled from the small, polite man with the big hands and black fingernails; from the man who thought the world could be saved if everyone read a verse from the Bible every night; from the man who adored a collie for want of children; from the man who . . . What else had Rudy said that afternoon? Paul supposed the old man was dead now - or in his second childhood in Homestead.
Now, by switching in lathes on a master panel and feeding them signals from the tape, Paul could make the essence of Rudy Hertz produce one, ten, a hundred, or a thousand of the shafts.
Kurt Vonnegut, Player Piano
This is increasingly common, and I don’t think it’s questionable that LLMs that software engineers help train are contributing to the obsolescence of software engineers. Large companies that operate these LLMs both 1) benefit from the huge amount of open-source software and at the same time 2) erode the very foundation that made open-source software explode in popularity (which happened thanks to copyright—or, more precisely, the ability to use copyright to enforce copyleft and thus protect the future of volunteer work made by individual contributors).
GPL was written long before this technology started to be used this way. There’s little doubt that the spirit of GPL is violated at scale by commercial LLM operators, and considering the amount of money that got sunk into this it’s very unlikely they would ever yield to the public the models, the ability to mass-scrape the entire Internet to train equivalent models, the capability to run these models to obtain comparable results, etc. The claim of “democratising knowledge” is disingenuous if you look deeper into it—somehow, they themselves will always be exempt from that democratisation and free to profit from our work, whereas our work is what gets “democratised”. Somehow, this strikes me personally more as expropriation than democratisation.
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
[1]: https://youtu.be/ojC0mg2hJCc
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
There are also people who want to be eaten by a literal cannibal. I say, no thanks.
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
That's 2X the salary of a lot of the world's software developers
Is that the game? Lock in companies to this "new reality" with cheap tokens then once they fire all their devs, bait and switch to 2X the cost.
[0]: The pattern, or, as gamers would call it, the "meta", is that every ambitious person/entity wants to control as much of the economic/material surplus as possible. The most effective and efficient (effort per control) way of doing this is to make yourself into as much of a bottle-neck as humanly possible. In graph-theory this corresponds to betweenness-centrality, and you want to maximize that value. To put it in mundane terms, you want to be as much of a monopoly as you can be (Thiel is infamous for saying this, but it does check out, historically). To maximize betweenness, or to maximize monopoly, is to maximize how much society/economy depends on you. This is such a dominant strategy (game-theory term, but in modern gaming world, they might call this a "cheesy strat" -- which just means that the game lacks strategic variety, forcing players to hone that one strategy), that we even have some old laws (anti-trust, etc) designed to prevent it. And it makes a lot of sense: Standard Oil was reviled because everything in the economy either required oil or required something that did. 20th-century USA did a lot to mitigate this. It forced monopolies like ATT to fund general research like Bell Labs (still legendary) towards a public good (a kind of tax, but probably much more socially-beneficial). It also broke up the monopolies, and passed anti-profit laws (e.g. hospitals were not allowed to make a profit until 1978; I have seen in the last 10 years a tiny cancer clinic grow into a massive gleaming hospital -- a machine that transforms sickness and grief into Scrooge McDuck vaults of cash). This monopolistic tendency of the commercial sector, is a tendency towards centralization, which yields efficiency, sure, but also creates the conditions for control and rent-seeking and exploitation.
[1]: Much of the cloud-computing craze was similar in character (and also failed to deliver on some of its promises, such as reducing/replacing IT overhead (they just renamed IT to DevOps)). And Web2 itself was about creating and monopolizing a new kind of ad-channel and lead-generation-machine. There is a funny twist, that a capitalist society like the USA, has much more deeply rooted incentives to create a panopticon than communist states of the past ever did. Neither is pretty of course. The communists demanded conformity and loyalty, while the capitalists demand consumption and rent.
But yes, that's very expensive and surprising to me.
I did implicitly assume USD but yeah still crazy cash, that'd pay for 2 junior-mid level devs in aus D=
Yeah Atlassian. 1/3rd of my team were given the boot sadly. One guy had 12 years at the company - crazy times
I realize this is an unpopular opinion on HN, but I believe it is best because it's a weakener interpretation of copyright law, which is overall a good thing in my view.
Personally, I want a viral (GPL-style) license that explicitly prohibits use of code for LLM training/tuning purposes — with the asterisk that while current law might view LLM training as fair use, this may not be the case forever, and blatant disregard of the terms of the license should make it easier for me to sue offenders in the future.
Alternatively, this could be expressed as: the output of any LLM trained on this code must retain this license.
Frankly do you think AI companies have even the remotest amount of respect for these licenses anyways? They will simply take your code if it is publicly scrapeable, train their models, exactly like they have so far. Then it will be up to you to chase them down and try to sue or whatever. And good luck proving the license violation
I dunno. I just don't really believe that many tech companies these days are behaving even remotely ethically. I don't have much hope that will change anytime soon
Take a litigious company like Nintendo. If one was to train an LLM on their works and the LLM produces an emulator, that would force a lawsuit.
If Nintendo wins, then LLMs are stealing. If Nintendo loses, then we can decompile everything.
If my license explicitly says "any LLM output trained on this code is legally tainted," I feel like BigAICorp would be foolish to ignore it. Maybe I couldn't sue them today, but are they confident this will remain the case 5, 10, 20 years from now? Everywhere in the world?
You can own the works, but not the vibes. If everyone owned the vibes we would all be infringing others. In my view abstractions should not be protected by copyright, only expression, currently the abstraction-filtration-comparison standard (AFC) protects abstractions too, non-literal infringement is a thing.
Trying to own the vibes is like trying to own the functionality itself, no matter the distinct implementation details, and this is closer to patents than copyrights. But patents get researched for prior art and have limited duration, copyright is automatic and almost infinite duration.
All the infrastructure that runs the whole AI-over-the-internet juggernaut is essentially all open source.
Heck, even Claude Code would be far less useful without grep, diff, git, head, etc., etc., etc. And one can easily see a day where something like a local sort Claude Code talking to Open Weight and Open Source models is the core dev tool.
But the Libre part of Free Software has never mattered less, at least so TFA argues and while I could niggle with the point, it's not wrong.
Exactly.
> Heck, even Claude Code would be far less useful without grep, diff, git, head, etc.
It wouldn't even work. It's constantly using those.
I remember reading a Claude Code CLI install doc and the first thing was "we need ripgrep" with zero shame.
All these tools also all basically run on top of Linux: with Claude Code actually installing, on Windows and MacOS, a full linux VM on the system.
It's all open-source command line tools, an open-source OS and piping program one to the other. I'm on Linux on the desktop (and servers ofc) since the Slackware days... And I was right all along.
Without the ability to string together the basic utilities into a much greater sum, Unix would have been another blip.
1. they were trained on FLOSS repositories without consent of the authors, including GPL and AGPL repos
2. the best models are proprietary
3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
I agree those are legitimate problems but LLMs are the new reality, they are not going to go away. Much more powerful lobbies than the OSS ones are losing fights against the LLM companies (the big copyright holders in media).
But while companies can use LLMs to build replacements for GPL licensed code (where those LLMs have that GPL code probably in their training set), the reverse thing can also be done: one can break monopolies open using LLMs, and build so much open source software using LLMs.
In the end, the GPL is only a means to an end.
Let me know when you succeed.
> the GPL is only a means to an end
And how this end is closer with LLMs?
Meanwhile as people sleep on LLMs to help them audit their code for security holes, or even any security code auditing tools. Script kiddies don't care that you think AI isn't ready, they'll use AI models to scrape your website for security gaps. They'll use LLMs to figure out how to hack your employees and steal your data. We already saw that hackers broke into government servers for the Mexican government, basically scraping every document of every Mexican citizen. Now is the time to start investing in security auditing, before you become the next news headline.
AI isn't the future, it's already here, and hackers will use it against you.
I think as long as AI isn't literal AGI, social pressures will keep projects alive, in some state. There definitely is something scary about stealing entire products as a mean for new market domination - e.g. steal linux then make a corporate linux, and force everybody to contribute to corporate linux only (many linux contributors are paid by corporations, after all), and make that the new central pointer. That might be worst case scenario - then Microsoft, in collusion (which I admit is far fetched, but def possible), could completely adopt linux for servers and headless compute, and enforce very strict hardware restrictions such that only Windows works.
I suppose the idea would be, they don't have to maintain it: if it ever starts to rot from whatever environmental changes, then they can just get the LLM to patch it, or at worst, generate it again from scratch.
(And personally, I prefer writing code so that it isn't coupled so tightly to the environment or other people's fast-moving libraries to begin with, since I don't want to poke at all of my projects every other year just to keep them functional.)
Even in a world with pure LLM coding, it's more likely that LLMs maintain an open source place for other LLMs to contribute to.
You're forgetting that code isn't just a technical problem (well, even if it was, that would be a wild claim that goes against all hardness results known to humans given the limits of a priori reasoning...)
The advantage of decoupling from supply chain attacks is so large that I expect this to be standard practice as soon as later this year.
$20/month with your provider of choice unlocks a lot.
Edit: the underlying point being, yes to the article. Either building upon the foundations of open source to making personal things, or just modifying a fork for my own needs.
The benefits to publishing AI generated code as open source are immense including code hosting and CI/CD pipelines for build, test, lint, security scans, etc. In additional to CI/CD pipelines, my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc. All of this makes the code more reliable and maintainable, for both human and AI authored code.
Some thoughts on two recent posts:
1. 90% of Claude-linked output going to GitHub repos w <2 stars (https://news.ycombinator.com/item?id=47521157): I'm generally too busy to publishing code to promote, but at some time it might settle down. Additionally, with how fast AI can generate and refactor code, it can take some time before the code is stable enough to promote.
2. So where are all the AI apps? (https://news.ycombinator.com/item?id=47503006): They are in GitHub with <2 stars! They are there but without promotion it takes a while to get started in popularity. That being said, I'm starting to get some PRs.
It is completely delusional that these copied "works" will have any effect or be used by anyone but the most rabid AI proponents just to make a point.
Stars will likely go up over time, but more than the stars it's the testing and maintenance over time that's valuable. There's little promotion right now, but there are already some stars, PRs, and issues. In fact, I'm working on merging PRs now.
Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).
We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.
More on the 19M+ commits here:
https://news.ycombinator.com/item?id=47501348
FOSS came up around the core idea of liberating software for hardware, and later on was sustained by the idea of a commodity of commons we can build on. But with LLMs we have alternative pathways/enablement for the freedoms:
Freedom 0 (Run): LLMs troubleshoot environments and guide installations, making software executable for anyone.
Freedom 1 (Study/Change): make modifications, including lowering bar of technical knowledge.
Freedom 2 (Redistribute): LLMs force redistribution by building specs and reimplementing if needed.
Freedom 3 (Improve/Distribute): Everyone gets the improvement they want.
As we can see LLM makes these freedoms more democratic, beyond pure technical capability.
For those that cared only about these 4 freedoms, LLMs enable these in spades. But those who looked additionally for business, signalling and community values of free software (I include myself in this), these were not guaranteed by FOSS, and we find ourselves figuring out how to make up for these losses.
The MCP protocol is starting to fix this. You can expose internal knowledge bases to agents so they generate code based on real docs instead of guessing. Still early but the difference in output quality is significant when the agent has access to your actual specs.
When there is no spec for REST APIs, I built a tool that can convert HAR files, Postman collections and other data to OpenAPI spec from which I build client SDKs for coding agents to use.
Or, more likely, they churn off the product.
The SaaS platforms that will survive are busy RIGHT NOW revamping their APIs, implementing oauth, and generally reorganizing their products to be discovered and manipulated by agents. Failing in this effort will ultimately result in the demise of any given platform. This goes for larger SaaS companies, too, it’ll just take longer.
AI is going to exploit even more: "Given the repository -> Construct tech spec -> Build project based on tech spec"
At this stage, I want everyone just close their source, stop working on open source until this issue of licensing gets resolved.
Any improvement you make to the open source code will be leveraged in ways you didn't intend it to be used, eventually making you redundant in the process
The "dangerously-skip-permissions" flag getting blamed here is telling. We're building tools where the safe default is friction, so users disable the safety to get work done, and then the tool does something destructive. That's not a user error — that's a design pattern that reliably produces failures at scale.
The broader data is concerning: AI-generated code has 2.74x more security vulnerabilities than human-written code, and reviewing it takes 3.6x longer. Now add autonomous git operations to that mix. The code review problem becomes a code ownership problem — if the AI is writing it, reviewing it, and managing the repository, what exactly is the human's role? We dug into this at sloppish.com/ghost-in-the-codebase
(I know this isn't the actual point of your comment, apologies!)
I don’t know what SaaS has to do with FOSS. The point of FOSS was to allow me to modify the software I run on my system. If the device drivers for some hardware I depend on are no longer supported by the company I bought it from, if it’s open source, I can modify and extend the software myself.
The Copy Left licenses ensure that I share my modifications back if I distribute them. It’s a thing for the public good.
Agent-based software development walls people off from that. Mostly by ensuring that the provenance of the code it generates is not known and by deskilling people so that they don’t know what to prompt or how to fix their code.
these are exciting times, that are coming despite any pessimism rooted in our out-dated software paradigms.
That would basically make users a product manager and UX designer, which they aren't really capable of currently. At most they will discover what they think they want isn't what they actually want.
The AI propaganda articles are getting more devious my the minute. It's not just propaganda---it's Bernays-level manipulation!
My prompts to Claude has evolved from "what program / data source do I need to do this" to "what program / data source do I need, to make you do this for me".
After a few iterations, any data source without a free API feed, or any program without a free CLI interface are edited out of the gene pool, so to speak.
It compares and contrasts open source and free software, and then gives an example of how free software is better than closed software.
But if the premise of the article, that the agent will take the package you pick and adapt it to your needs, is correct, then honestly the agent won't give a rat's ass whether the starting point was free source or open source.
AI backdoors are already a well known problem, and vibe-coded free software is always going to present a substantial risk. We'll see how it plays out in time, but I can already see where it's heading.
After enough problems, reputation and humans in the loop could finally become important again. But I have a feeling humanity is going to have to learn the hard way first (again).
Conflict of interests is the norm. It should be illegal for a company founder or director to own stock of a supplier. It should be illegal for shareholders to own stocks of two competing companies. Index funds should be illegal.
Companies buy these contracts for support and to have a throat to choke if things go wrong. It doesn't matter how much you pay your AI vendor, if you use their product to "vibe code" a SaaS replacement and it fails in some way and you lose a bunch of money/time/customers/reputation/whatever, then that's on you.
This is as much a political consideration as a financial one. If you're a C-suite and you let your staff make something (LLM generated or not) and it gets compromised then you're the one who signed off on the risky project and it's your ass on the line. If you buy a big established SaaS, do your compliance due-diligence (SOC2, ISO27001, etc.), and they get compromised then you were just following best practice. Coding agents don't change this.
The truth is that the people making the choice about what to buy or build are usually not the people using the end result. If someone down the food chain had to spend a bunch of time with "brittle hacks" to make their workflow work, they're not going to care at all. All they want is the minimum possible to meet whatever the requirement is, that isn't going to come back to bite them later.
SaaS isn't about software, it's about shifting blame.
Copyleft licenses like GPL/Apache mandate upstream freedom: Upstream has the "freedom" to use anything downstream, including anything written by a corporation.
Non-copyleft FOSS licenses like MIT/BSD are about downstream freedom, which is more of a philosophically utilitarian view, where anyone who receives the software is free to use it however they want, including not giving their changes back to the community, on the assumption that this maximizes the utility of this free software in the world.
If you prioritize the former goal, then coding agents are a huge problem for you. If the latter, then coding agents are the best thing ever, because they give everyone access to an effectively unlimited amount of cheap code.
If trendlines continue... It will be faster for AI to vibe code said software to your customized specifications than to sign up for a SaaS and learn it.
"Claude, create a project management tool that simplifies jira, customize it to my workflow."
So a lot of apps will actually become closed source personalized builds.
There is a reason why large proprietary products remain prevalent even when cheaper better alternatives exist. Being "industry standard" matters more than being the best.
I can already build a ticket tracker in a weekend. I’ve been on many teams that used Jira, nobody loves Jira, none of us ever bothered to DIY something good enough.
Why?
Because it’s a massive distraction. It’s really fun to build all these side apps, but then you have to maintain them.
I’m guessing a lot of vibeware will be abandoned rather than maintained.
You typically use an off the shelf project management software because it's too time consuming to build one catered to your own preferences. But with AI, it just does it for you. I'm talking about custom one off personal solutions readily done because of AI executing on it for you.
And it’s all downhill from there…
I've always preferred my stack to be on the thinner, more vanilla, less prebuilt side than others around me, and seems like LLMs are reinforcing that approach now.
Trendlines will continue. Even the one for greenhouse gases. That is the most realistic scenario. In fact the trendline for greenhouse gases is even stronger than AI. I am far more confident about greenhouse gases continuing to rise than I am for AI.
Telling me how another trendline points to a shitty reality doesn't change the fact that the shitty reality is still reality. It's a common mistake in debate.
I haven't stated whether I hope for one reality or the other. I'm simply stating the most probable future. You haven't even disagreed with me.
Like all code-generators that came before, the current LLM will end up a niche product after the hype-cycle ends. "AI" only works if the models are fed other peoples real works, and the web is already >52% nonsense now. They add the Claude-contributor/flag to Git projects, so the scrapers don't consume as much of its own slop. ymmv =3
I think Pete Hegseth would disagree with this statement.
The worst part is building something open source, getting positive feedback, helping a couple of startups and then some big corporation comes along and implements a similar product and then everyone gets forced by their bosses to use the corporate product against their will and people eventually forget your product exists because there are no high-paying jobs allowing people to use it.
With hindsight, Open Source is basically a con for corporations to get free labor. When you make software free for everyone, really you're just making it free for corporations to Embrace, Extend, Extinguish... They invest a huge amount of effort to suppress the sources of the ideas.
Our entire system is heavily optimized for decoupling products from their makers. We have almost no idea who is making any of the products we buy. I believe there is a reason for that. Open source is no different.
When we lived in caves, everyone in the tribe knew who caught the fish or who speared the buffalo. They would rightly get credit. Now, it's like; because none of the rich people are doing any useful work, they can only maintain credibility by obfuscating the source of the products we buy. They do nothing but control stuff. Controlling stuff does not add value. Once a process is organized, additional control only serves to destroy value through rent extraction.
We are getting to the point where many projects may have to close submissions from the general public since they waste far more time than they help.