The thing that leaves a bad taste in my mouth is the fact that my works were likely included in the training data and, if it doesn't violate my licenses (GNU 2/3), it certainly feels against the spirit of what I intended when distributing my works.
I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I wish I could be provided a dividend or royalty, however small, for my contribution to these LLMs but that will never happen.
I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
I'm guessing that such a license would not be enforceable because I am not in the US, but at least it would be nice to declare my intent and who knows what the future looks like.
I think anyone here can understand and even share that feeling. And I agree with your "questionable" - its just the lame HR excuse du jour.
My 2c:
- AI megacorps aren't the only ones gaining, we all are. the leverage you have to build and ship today is higher than it was five years ago.
- It feels like megacorps own the keys right now, but that’s a temporary. In a world of autonomous agents and open-weight models, control is decentralized.inference costs continue to drop, you dont need to be running on megacorp stacks. Millions (billions?) of agents finding and sharing among themselves. How will megacorps stop?
- I see the advent of LLMs like the spread of literacy. Scribes once held a monopoly on the written word, which felt like a "loss" to them when reading/writing became universal. But today, language belongs to everyone. We aren't losing code; we are making the ability to code a universal human "literacy."
I’m not a professionally trained SWE (I’m a scientist who does engineering work). LLMs have really accelerated my ability to build, ideate, and understand systems in a way that I could only loosely gain from sometimes grumpy but mostly kind senior engineers in overcrowded chat rooms.
The legality of all of this is dubious, though, per the parent. I GPL licensed my FOSS scientific software because I wanted it to help advance biomedical research. Not because I wanted it to help a big corp get rich.
But then again, maybe code like mine is what is holding these models back lol.
Why do you think "fair use" doesn't apply in this case? The prior Bartz vs Anthropic ruling laid out pretty clearly how training an AI model falls within the realm of fair use. Authors Guild vs Google and Authors Guild vs HathiTrust were both decided much earlier and both found that digitizing copyrighted works for the sake of making them searchable is sufficiently transformative to meet the standards of fair use. So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
The poster doesn't like it, so it's different. Most of the "legal analysis" and "foregone conclusions" in these types of discussions are vibes dressed up as objective declarations.
Are you saying that you believe that untested but technically; models trained on GPL sources need to distribute the resulting LLMs under GPL?
Or, in the case of LLMs, recklessly swing about software they don't understand while praying to find a business model.
Yes, corporations take a large cut, but creative people welcomed copyright and made the bargain and got fame in the process. Which was always better for them than let Twitch take 70% and be a sharecropper.
Silicon Valley middlemen are far worse than the media and music industry.
What makes it all tricky for the courts is there's not a good way to really identify what part the generated code is a derivative of (except in maybe some extreme examples).
However, that number would typically be very very very very small, making it hard to argue that the whole model is a derivative of that one individual document.
Nevertheless, a similar approach might work if you took a FOSS project as a whole, e.g. "the model knows a lot about the Linux kernel because it has been trained on its source code".
However, it is still not clear that this would be necessarily unlawful or make the LLM output a derivative work in all cases.
It seems to me that LLMs are trained on large FOSS projects as a way to teach them generalisable development skills, with the side effect of learning a lot about those particular projects.
So if I used a LLM to contribute to the kernel, clearly it would be drawing on information acquired during its training on the kernel's code source. Perhaps it could be argued that the output in that case would be a derivative?
But if I used a LLM to write a completely unrelated piece of software, the kernel training set would be contributing a lot less to the output.
Afterward, they'd got Rudy's foreman to let him off, and, in a boisterous, whimsical spirit of industrial democracy, they'd taken him across the street for a beer. Rudy hadn't understood quite what the recording instruments were all about, but what he had understood, he'd liked: that he, out of thousands of machinists, had been chosen to have his motions immortalized on tape. And here, now, this little loop in the box before Paul, here was Rudy as Rudy had been to his machine that afternoon - Rudy, the turner-on of power, the setter of speeds, the controller of the cutting tool. This was the essence of Rudy as far as his machine was concerned, as far as the economy was concerned, as far as the war effort had been concerned. The tape was the essence distilled from the small, polite man with the big hands and black fingernails; from the man who thought the world could be saved if everyone read a verse from the Bible every night; from the man who adored a collie for want of children; from the man who . . . What else had Rudy said that afternoon? Paul supposed the old man was dead now - or in his second childhood in Homestead.
Now, by switching in lathes on a master panel and feeding them signals from the tape, Paul could make the essence of Rudy Hertz produce one, ten, a hundred, or a thousand of the shafts.
Kurt Vonnegut, Player Piano
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
That's 2X the salary of a lot of the world's software developers
Is that the game? Lock in companies to this "new reality" with cheap tokens then once they fire all their devs, bait and switch to 2X the cost.
But yes, that's very expensive and surprising to me.
I did implicitly assume USD but yeah still crazy cash, that'd pay for 2 junior-mid level devs in aus D=
Yeah Atlassian. 1/3rd of my team were given the boot sadly. One guy had 12 years at the company - crazy times
There are also people who want to be eaten by a literal cannibal. I say, no thanks.
I realize this is an unpopular opinion on HN, but I believe it is best because it's a weakener interpretation of copyright law, which is overall a good thing in my view.
Personally, I want a viral (GPL-style) license that explicitly prohibits use of code for LLM training/tuning purposes — with the asterisk that while current law might view LLM training as fair use, this may not be the case forever, and blatant disregard of the terms of the license should make it easier for me to sue offenders in the future.
Alternatively, this could be expressed as: the output of any LLM trained on this code must retain this license.
Frankly do you think AI companies have even the remotest amount of respect for these licenses anyways? They will simply take your code if it is publicly scrapeable, train their models, exactly like they have so far. Then it will be up to you to chase them down and try to sue or whatever. And good luck proving the license violation
I dunno. I just don't really believe that many tech companies these days are behaving even remotely ethically. I don't have much hope that will change anytime soon
Take a litigious company like Nintendo. If one was to train an LLM on their works and the LLM produces an emulator, that would force a lawsuit.
If Nintendo wins, then LLMs are stealing. If Nintendo loses, then we can decompile everything.
If my license explicitly says "any LLM output trained on this code is legally tainted," I feel like BigAICorp would be foolish to ignore it. Maybe I couldn't sue them today, but are they confident this will remain the case 5, 10, 20 years from now? Everywhere in the world?
You can own the works, but not the vibes. If everyone owned the vibes we would all be infringing others. In my view abstractions should not be protected by copyright, only expression, currently the abstraction-filtration-comparison standard (AFC) protects abstractions too, non-literal infringement is a thing.
Trying to own the vibes is like trying to own the functionality itself, no matter the distinct implementation details, and this is closer to patents than copyrights. But patents get researched for prior art and have limited duration, copyright is automatic and almost infinite duration.
All the infrastructure that runs the whole AI-over-the-internet juggernaut is essentially all open source.
Heck, even Claude Code would be far less useful without grep, diff, git, head, etc., etc., etc. And one can easily see a day where something like a local sort Claude Code talking to Open Weight and Open Source models is the core dev tool.
But the Libre part of Free Software has never mattered less, at least so TFA argues and while I could niggle with the point, it's not wrong.
Exactly.
> Heck, even Claude Code would be far less useful without grep, diff, git, head, etc.
It wouldn't even work. It's constantly using those.
I remember reading a Claude Code CLI install doc and the first thing was "we need ripgrep" with zero shame.
All these tools also all basically run on top of Linux: with Claude Code actually installing, on Windows and MacOS, a full linux VM on the system.
It's all open-source command line tools, an open-source OS and piping program one to the other. I'm on Linux on the desktop (and servers ofc) since the Slackware days... And I was right all along.
Without the ability to string together the basic utilities into a much greater sum, Unix would have been another blip.
$20/month with your provider of choice unlocks a lot.
Edit: the underlying point being, yes to the article. Either building upon the foundations of open source to making personal things, or just modifying a fork for my own needs.
1. they were trained on FLOSS repositories without consent of the authors, including GPL and AGPL repos
2. the best models are proprietary
3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
I agree those are legitimate problems but LLMs are the new reality, they are not going to go away. Much more powerful lobbies than the OSS ones are losing fights against the LLM companies (the big copyright holders in media).
But while companies can use LLMs to build replacements for GPL licensed code (where those LLMs have that GPL code probably in their training set), the reverse thing can also be done: one can break monopolies open using LLMs, and build so much open source software using LLMs.
In the end, the GPL is only a means to an end.
Meanwhile as people sleep on LLMs to help them audit their code for security holes, or even any security code auditing tools. Script kiddies don't care that you think AI isn't ready, they'll use AI models to scrape your website for security gaps. They'll use LLMs to figure out how to hack your employees and steal your data. We already saw that hackers broke into government servers for the Mexican government, basically scraping every document of every Mexican citizen. Now is the time to start investing in security auditing, before you become the next news headline.
AI isn't the future, it's already here, and hackers will use it against you.
I think as long as AI isn't literal AGI, social pressures will keep projects alive, in some state. There definitely is something scary about stealing entire products as a mean for new market domination - e.g. steal linux then make a corporate linux, and force everybody to contribute to corporate linux only (many linux contributors are paid by corporations, after all), and make that the new central pointer. That might be worst case scenario - then Microsoft, in collusion (which I admit is far fetched, but def possible), could completely adopt linux for servers and headless compute, and enforce very strict hardware restrictions such that only Windows works.
I suppose the idea would be, they don't have to maintain it: if it ever starts to rot from whatever environmental changes, then they can just get the LLM to patch it, or at worst, generate it again from scratch.
(And personally, I prefer writing code so that it isn't coupled so tightly to the environment or other people's fast-moving libraries to begin with, since I don't want to poke at all of my projects every other year just to keep them functional.)
Even in a world with pure LLM coding, it's more likely that LLMs maintain an open source place for other LLMs to contribute to.
You're forgetting that code isn't just a technical problem (well, even if it was, that would be a wild claim that goes against all hardness results known to humans given the limits of a priori reasoning...)
The advantage of decoupling from supply chain attacks is so large that I expect this to be standard practice as soon as later this year.
The benefits to publishing AI generated code as open source are immense including code hosting and CI/CD pipelines for build, test, lint, security scans, etc. In additional to CI/CD pipelines, my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc. All of this makes the code more reliable and maintainable, for both human and AI authored code.
Some thoughts on two recent posts:
1. 90% of Claude-linked output going to GitHub repos w <2 stars (https://news.ycombinator.com/item?id=47521157): I'm generally too busy to publishing code to promote, but at some time it might settle down. Additionally, with how fast AI can generate and refactor code, it can take some time before the code is stable enough to promote.
2. So where are all the AI apps? (https://news.ycombinator.com/item?id=47503006): They are in GitHub with <2 stars! They are there but without promotion it takes a while to get started in popularity. That being said, I'm starting to get some PRs.
Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).
We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.
More on the 19M+ commits here:
It is completely delusional that these copied "works" will have any effect or be used by anyone but the most rabid AI proponents just to make a point.
Stars will likely go up over time, but more than the stars it's the testing and maintenance over time that's valuable. There's little promotion right now, but there are already some stars, PRs, and issues. In fact, I'm working on merging PRs now.
FOSS came up around the core idea of liberating software for hardware, and later on was sustained by the idea of a commodity of commons we can build on. But with LLMs we have alternative pathways/enablement for the freedoms:
Freedom 0 (Run): LLMs troubleshoot environments and guide installations, making software executable for anyone.
Freedom 1 (Study/Change): make modifications, including lowering bar of technical knowledge.
Freedom 2 (Redistribute): LLMs force redistribution by building specs and reimplementing if needed.
Freedom 3 (Improve/Distribute): Everyone gets the improvement they want.
As we can see LLM makes these freedoms more democratic, beyond pure technical capability.
For those that cared only about these 4 freedoms, LLMs enable these in spades. But those who looked additionally for business, signalling and community values of free software (I include myself in this), these were not guaranteed by FOSS, and we find ourselves figuring out how to make up for these losses.
Or, more likely, they churn off the product.
The SaaS platforms that will survive are busy RIGHT NOW revamping their APIs, implementing oauth, and generally reorganizing their products to be discovered and manipulated by agents. Failing in this effort will ultimately result in the demise of any given platform. This goes for larger SaaS companies, too, it’ll just take longer.
The "dangerously-skip-permissions" flag getting blamed here is telling. We're building tools where the safe default is friction, so users disable the safety to get work done, and then the tool does something destructive. That's not a user error — that's a design pattern that reliably produces failures at scale.
The broader data is concerning: AI-generated code has 2.74x more security vulnerabilities than human-written code, and reviewing it takes 3.6x longer. Now add autonomous git operations to that mix. The code review problem becomes a code ownership problem — if the AI is writing it, reviewing it, and managing the repository, what exactly is the human's role? We dug into this at sloppish.com/ghost-in-the-codebase
AI is going to exploit even more: "Given the repository -> Construct tech spec -> Build project based on tech spec"
At this stage, I want everyone just close their source, stop working on open source until this issue of licensing gets resolved.
Any improvement you make to the open source code will be leveraged in ways you didn't intend it to be used, eventually making you redundant in the process
I don’t know what SaaS has to do with FOSS. The point of FOSS was to allow me to modify the software I run on my system. If the device drivers for some hardware I depend on are no longer supported by the company I bought it from, if it’s open source, I can modify and extend the software myself.
The Copy Left licenses ensure that I share my modifications back if I distribute them. It’s a thing for the public good.
Agent-based software development walls people off from that. Mostly by ensuring that the provenance of the code it generates is not known and by deskilling people so that they don’t know what to prompt or how to fix their code.
these are exciting times, that are coming despite any pessimism rooted in our out-dated software paradigms.
That would basically make users a product manager and UX designer, which they aren't really capable of currently. At most they will discover what they think they want isn't what they actually want.
We are getting to the point where many projects may have to close submissions from the general public since they waste far more time than they help.
My prompts to Claude has evolved from "what program / data source do I need to do this" to "what program / data source do I need, to make you do this for me".
After a few iterations, any data source without a free API feed, or any program without a free CLI interface are edited out of the gene pool, so to speak.
The AI propaganda articles are getting more devious my the minute. It's not just propaganda---it's Bernays-level manipulation!
It compares and contrasts open source and free software, and then gives an example of how free software is better than closed software.
But if the premise of the article, that the agent will take the package you pick and adapt it to your needs, is correct, then honestly the agent won't give a rat's ass whether the starting point was free source or open source.
Conflict of interests is the norm. It should be illegal for a company founder or director to own stock of a supplier. It should be illegal for shareholders to own stocks of two competing companies. Index funds should be illegal.
Companies buy these contracts for support and to have a throat to choke if things go wrong. It doesn't matter how much you pay your AI vendor, if you use their product to "vibe code" a SaaS replacement and it fails in some way and you lose a bunch of money/time/customers/reputation/whatever, then that's on you.
This is as much a political consideration as a financial one. If you're a C-suite and you let your staff make something (LLM generated or not) and it gets compromised then you're the one who signed off on the risky project and it's your ass on the line. If you buy a big established SaaS, do your compliance due-diligence (SOC2, ISO27001, etc.), and they get compromised then you were just following best practice. Coding agents don't change this.
The truth is that the people making the choice about what to buy or build are usually not the people using the end result. If someone down the food chain had to spend a bunch of time with "brittle hacks" to make their workflow work, they're not going to care at all. All they want is the minimum possible to meet whatever the requirement is, that isn't going to come back to bite them later.
SaaS isn't about software, it's about shifting blame.
Copyleft licenses like GPL/Apache mandate upstream freedom: Upstream has the "freedom" to use anything downstream, including anything written by a corporation.
Non-copyleft FOSS licenses like MIT/BSD are about downstream freedom, which is more of a philosophically utilitarian view, where anyone who receives the software is free to use it however they want, including not giving their changes back to the community, on the assumption that this maximizes the utility of this free software in the world.
If you prioritize the former goal, then coding agents are a huge problem for you. If the latter, then coding agents are the best thing ever, because they give everyone access to an effectively unlimited amount of cheap code.
If trendlines continue... It will be faster for AI to vibe code said software to your customized specifications than to sign up for a SaaS and learn it.
"Claude, create a project management tool that simplifies jira, customize it to my workflow."
So a lot of apps will actually become closed source personalized builds.
There is a reason why large proprietary products remain prevalent even when cheaper better alternatives exist. Being "industry standard" matters more than being the best.
I can already build a ticket tracker in a weekend. I’ve been on many teams that used Jira, nobody loves Jira, none of us ever bothered to DIY something good enough.
Why?
Because it’s a massive distraction. It’s really fun to build all these side apps, but then you have to maintain them.
I’m guessing a lot of vibeware will be abandoned rather than maintained.
And it’s all downhill from there…
I've always preferred my stack to be on the thinner, more vanilla, less prebuilt side than others around me, and seems like LLMs are reinforcing that approach now.
Like all code-generators that came before, the current LLM will end up a niche product after the hype-cycle ends. "AI" only works if the models are fed other peoples real works, and the web is already >52% nonsense now. They add the Claude-contributor/flag to Git projects, so the scrapers don't consume as much of its own slop. ymmv =3
The worst part is building something open source, getting positive feedback, helping a couple of startups and then some big corporation comes along and implements a similar product and then everyone gets forced by their bosses to use the corporate product against their will and people eventually forget your product exists because there are no high-paying jobs allowing people to use it.
With hindsight, Open Source is basically a con for corporations to get free labor. When you make software free for everyone, really you're just making it free for corporations to Embrace, Extend, Extinguish... They invest a huge amount of effort to suppress the sources of the ideas.
Our entire system is heavily optimized for decoupling products from their makers. We have almost no idea who is making any of the products we buy. I believe there is a reason for that. Open source is no different.
When we lived in caves, everyone in the tribe knew who caught the fish or who speared the buffalo. They would rightly get credit. Now, it's like; because none of the rich people are doing any useful work, they can only maintain credibility by obfuscating the source of the products we buy. They do nothing but control stuff. Controlling stuff does not add value. Once a process is organized, additional control only serves to destroy value through rent extraction.