Having over a decade of open source software I've written freely available online, I actually really appreciate the value that AI && LLMs have provided me.
The thing that leaves a bad taste in my mouth is the fact that my works were likely included in the training data and, if it doesn't violate my licenses (GNU 2/3), it certainly feels against the spirit of what I intended when distributing my works.
I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I wish I could be provided a dividend or royalty, however small, for my contribution to these LLMs but that will never happen.
I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
I'm guessing that such a license would not be enforceable because I am not in the US, but at least it would be nice to declare my intent and who knows what the future looks like.
I think there's no meaningful case by the letter of the law that use of training data that include GPL-licensed software in models that comprise the core component of modern LLMs doesn't obligate every producer of such models to make both the models and the software stack supporting them available under the same terms. Of course, it also seems clear in the present landscape that the law often depends more on the convenience of the powerful than its actual construction and intent, but I would love to be proven wrong about that, and this kind of outcome would help
> I think there's no meaningful case by the letter of the law that use of training data that include GPL-licensed software in models that comprise the core component of modern LLMs doesn't obligate every producer of such models to make both the models and the software stack supporting them available under the same terms.
Why do you think "fair use" doesn't apply in this case? The prior Bartz vs Anthropic ruling laid out pretty clearly how training an AI model falls within the realm of fair use. Authors Guild vs Google and Authors Guild vs HathiTrust were both decided much earlier and both found that digitizing copyrighted works for the sake of making them searchable is sufficiently transformative to meet the standards of fair use. So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
> So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
The poster doesn't like it, so it's different. Most of the "legal analysis" and "foregone conclusions" in these types of discussions are vibes dressed up as objective declarations.
Intellectual property never made much sense to begin with. But it certainly makes no sense now, where the common creator has no protections against greedy corporate giants who are happy to wield the full weight of the courts to stifle any competition for longer than we'll be alive.
Or, in the case of LLMs, recklessly swing about software they don't understand while praying to find a business model.
hey just don't try to copy their LLM by distilling it, cause that's "theft", if we weren't all doomed anyways this industry would have never been allowed to exist in the first place, but I guess this is just what the last few decades of our civilization will look like.
Poor billionaire Rowling has no protections against the evil corporations. Everyone using this argument has no clue about artists and and writers.
Yes, corporations take a large cut, but creative people welcomed copyright and made the bargain and got fame in the process. Which was always better for them than let Twitch take 70% and be a sharecropper.
Silicon Valley middlemen are far worse than the media and music industry.
Sure, but that's more a result of policy decisions than an inevitable result of some natural law. Corporate lawlessness has been reined in before and it can be again
If there was going to be a case, it's derivative works. [1]
What makes it all tricky for the courts is there's not a good way to really identify what part the generated code is a derivative of (except in maybe some extreme examples).
That's always what laws existed for, a law is just a formal way of saying "we will use violence against you if you do something we don't like" and that has always going to be primary written by and for the people that already have the power to do that, it's not the worst, certainly better than Kings just being able to do as they please.
If you use GitHub, you’re automatically opted into having your code used for training. Private repo or not. You have to actually opt out and even then, will they honor that? No…
The foreman had pointed out his best man - what was his name? - and, joking with the puzzled machinist, the three bright young men had hooked up the recording apparatus to the lathe controls. Hertz! That had been the machinist's name - Rudy Hertz, an old-timer, who had been about ready to retire. Paul remembered the name now, and remembered the deference the old man had shown the bright young men.
Afterward, they'd got Rudy's foreman to let him off, and, in a boisterous, whimsical spirit of industrial democracy, they'd taken him across the street for a beer. Rudy hadn't understood quite what the recording instruments were all about, but what he had understood, he'd liked: that he, out of thousands of machinists, had been chosen to have his motions immortalized on tape.
And here, now, this little loop in the box before Paul, here was Rudy as Rudy had been to his machine that afternoon - Rudy, the turner-on of power, the setter of speeds, the controller of the cutting tool. This was the essence of Rudy as far as his machine was concerned, as far as the economy was concerned, as far as the war effort had been concerned. The tape was the essence distilled from the small, polite man with the big hands and black fingernails; from the man who thought the world could be saved if everyone read a verse from the Bible every night; from the man who adored a collie for want of children; from the man who . . . What else had Rudy said that afternoon? Paul supposed the old man was dead now - or in his second childhood in Homestead.
Now, by switching in lathes on a master panel and feeding them signals from the tape, Paul could make the essence of Rudy Hertz produce one, ten, a hundred, or a thousand of the shafts.
Reading this I hear The Roots playing The Seed 2.0[1] in my mind.
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
If we're being clear, it's going to be a lot more than that.
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
Taken to a hallucinated but logical conclusion, we might define a word such as "cene" to riff off of "meme" and "gene".
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
Me too, and I use LLMs often for personal and professional work. Knowing that colleagues are burning through $700/day worth of tokens, and a small fraction of those tokens were likely derived from my work while I get made redundant is a bit shite.
Yeah that's the thing making my head spin, tack a 30% profit margin on that and it's 550usd per day?
Probably going to be more than that for rocketship growth and investor expectations.
Is that the game? Lock in companies to this "new reality" with cheap tokens then once they fire all their devs, bait and switch to 2X the cost.
My personal take is that LLMs are so transformative that they are likely not going to qualify under derivative works and therefore GPL wouldn't hold sway. There's already some evidence that courts will consider training on copyrighted material fair use, so long as it is otherwise obtained legally, which would be the case with software licensed under GPL.
I realize this is an unpopular opinion on HN, but I believe it is best because it's a weakener interpretation of copyright law, which is overall a good thing in my view.
You can train models locally now and use open source ones and there's a robust community of people training, retraining, and generally pulling data from anywhere. And then new models get trained on old models. The models in use now are already several generations deep even further trained on code freely given by the entire industry. It's like complaining about being 1/100000th of a soup with no real proof you're even in it. Can you provide proof that a model used your code? It's like a remix of a remix of a remix.
> I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
Personally, I want a viral (GPL-style) license that explicitly prohibits use of code for LLM training/tuning purposes — with the asterisk that while current law might view LLM training as fair use, this may not be the case forever, and blatant disregard of the terms of the license should make it easier for me to sue offenders in the future.
Alternatively, this could be expressed as: the output of any LLM trained on this code must retain this license.
I wish Anthropic or someone would take a leadership role and re-train their models without any GPL code, or at least stop doing so in the future tense.
> I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that
Frankly do you think AI companies have even the remotest amount of respect for these licenses anyways? They will simply take your code if it is publicly scrapeable, train their models, exactly like they have so far. Then it will be up to you to chase them down and try to sue or whatever. And good luck proving the license violation
I dunno. I just don't really believe that many tech companies these days are behaving even remotely ethically. I don't have much hope that will change anytime soon
Traditionally, large corporations have taken very conservative legal stances with regard to integrating e.g. A/GPL code, even when there's almost no risk.
If my license explicitly says "any LLM output trained on this code is legally tainted," I feel like BigAICorp would be foolish to ignore it. Maybe I couldn't sue them today, but are they confident this will remain the case 5, 10, 20 years from now? Everywhere in the world?
All the infrastructure that runs the whole AI-over-the-internet juggernaut is
essentially all open source.
Heck, even Claude Code would be far less useful without grep, diff, git, head, etc., etc., etc. And one can easily see a day where something like a local sort Claude Code talking to Open Weight and Open Source models is the core dev tool.
> All the infrastructure that runs the whole AI-over-the-internet juggernaut is essentially all open source.
Exactly.
> Heck, even Claude Code would be far less useful without grep, diff, git, head, etc.
It wouldn't even work. It's constantly using those.
I remember reading a Claude Code CLI install doc and the first thing was "we need ripgrep" with zero shame.
All these tools also all basically run on top of Linux: with Claude Code actually installing, on Windows and MacOS, a full linux VM on the system.
It's all open-source command line tools, an open-source OS and piping program one to the other. I'm on Linux on the desktop (and servers ofc) since the Slackware days... And I was right all along.
Open source has never been more alive for me. I have been publishing low key for years, and AI has expanded that capability more than 100 fold, in all directions. I had previously published packages in multiple languages but recently started to cut back to just one manually. But now with AI, I started to expand languages again. Instead of feeling constrained by toolchains I feel comfortable with, I feel freedom to publish more and more.
The benefits to publishing AI generated code as open source are immense including code hosting and CI/CD pipelines for build, test, lint, security scans, etc. In additional to CI/CD pipelines, my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc. All of this makes the code more reliable and maintainable, for both human and AI authored code.
Some thoughts on two recent posts:
1. 90% of Claude-linked output going to GitHub repos w <2 stars (https://news.ycombinator.com/item?id=47521157): I'm generally too busy to publishing code to promote, but at some time it might settle down. Additionally, with how fast AI can generate and refactor code, it can take some time before the code is stable enough to promote.
2. So where are all the AI apps? (https://news.ycombinator.com/item?id=47503006): They are in GitHub with <2 stars! They are there but without promotion it takes a while to get started in popularity. That being said, I'm starting to get some PRs.
>my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc.
Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).
We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.
Given that Claude is attributed to 19M+ commits on GitHub, it will be interesting to see where this ends up. Specifically on copyright, it will be interesting to see if any DMCA takedown notices are filed, including popular projects such as OpenClaw, GSD, Gas Town, Vibium, and others.
If there's any stolen code generated by AI, it's certainly not intentional and a DMCA notice would be appreciated. It would be interesting to see how prevalent this is in AI generated code - is anyone doing a study?
Stars will likely go up over time, but more than the stars it's the testing and maintenance over time that's valuable. There's little promotion right now, but there are already some stars, PRs, and issues. In fact, I'm working on merging PRs now.
It’s such a fun time to have 1+ decade(s) of experience in software. Knowing what simple and good are (for me), and being able to articulate it has let me create so much personal software for myself and my family. It has really felt like turning ideas into reality, about as fast as I can think of them or they can suggest them. And adding specific features, just for our needs. The latest one was a slack canvas replacement, as we moved from slack to self-hosted matrix + element but missed the multiplayer, persistent monthly notes file we used. Even getting matrix set up in the first place was a breeze.
$20/month with your provider of choice unlocks a lot.
Edit: the underlying point being, yes to the article. Either building upon the foundations of open source to making personal things, or just modifying a fork for my own needs.
Couldn't agree more. I'm building open source software for the grid, contributing in a way that feels like it could truly make a difference, while building momentum for open standards. It doesn't feel like work, just creativity and problem solving. On top of that, I can just build stuff for fun. Kids want a Minecraft mod? Let's build it and learn a thing or two on the way.
I’m not so sure… what I see as more likely is that coding agents will just strip parts from open source libraries to build bespoke applications for users. Users will be ecstatic because they get exactly what they want and they don’t have to worry about upstream supply chain attacks. Maintainers get screwed because no one contributes back to the main code base. In the end open source software becomes critical to the ecosystem, but gets none of the credit.
But the users would have to maintain their own forks then. Unless you stream back patches into your forks, which implies there's some upstream being maintained. Software doesn't interoperate and maintain itself for free - somebody's gotta put in the time for that.
I think as long as AI isn't literal AGI, social pressures will keep projects alive, in some state. There definitely is something scary about stealing entire products as a mean for new market domination - e.g. steal linux then make a corporate linux, and force everybody to contribute to corporate linux only (many linux contributors are paid by corporations, after all), and make that the new central pointer. That might be worst case scenario - then Microsoft, in collusion (which I admit is far fetched, but def possible), could completely adopt linux for servers and headless compute, and enforce very strict hardware restrictions such that only Windows works.
> But the users would have to maintain their own forks then.
I suppose the idea would be, they don't have to maintain it: if it ever starts to rot from whatever environmental changes, then they can just get the LLM to patch it, or at worst, generate it again from scratch.
(And personally, I prefer writing code so that it isn't coupled so tightly to the environment or other people's fast-moving libraries to begin with, since I don't want to poke at all of my projects every other year just to keep them functional.)
The LLM can a priori test on all possible software and hardware environments, test all possible edge cases for deployment, get feedback from millions of eyes on the project explicitly or implicitly via bug reports and usage, find good general case use features given the massive amounts of data gathered through the community of where the project needs to go next, etc?
Even in a world with pure LLM coding, it's more likely that LLMs maintain an open source place for other LLMs to contribute to.
You're forgetting that code isn't just a technical problem (well, even if it was, that would be a wild claim that goes against all hardness results known to humans given the limits of a priori reasoning...)
Agents can read the binary that makes up a compiled file and detect behavior directly from that. I've been doing it to inspect my own builds for the presence of a feature.
If I look around in the FLOSS communities, I see a lot of skepticism towards LLMs. The main concerns are:
1. they were trained on FLOSS repositories without consent of the authors, including GPL and AGPL repos
2. the best models are proprietary
3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
I agree those are legitimate problems but LLMs are the new reality, they are not going to go away. Much more powerful lobbies than the OSS ones are losing fights against the LLM companies (the big copyright holders in media).
But while companies can use LLMs to build replacements for GPL licensed code (where those LLMs have that GPL code probably in their training set), the reverse thing can also be done: one can break monopolies open using LLMs, and build so much open source software using LLMs.
> 3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
Meanwhile as people sleep on LLMs to help them audit their code for security holes, or even any security code auditing tools. Script kiddies don't care that you think AI isn't ready, they'll use AI models to scrape your website for security gaps. They'll use LLMs to figure out how to hack your employees and steal your data. We already saw that hackers broke into government servers for the Mexican government, basically scraping every document of every Mexican citizen. Now is the time to start investing in security auditing, before you become the next news headline.
AI isn't the future, it's already here, and hackers will use it against you.
5 years ago, I set out to build an open-source, interoperable marketplace powered by open-source SaaS. It felt like a pipe dream, but AI has made the dream into fruition. People are underestimating how much AI is a threat to rent seeking middlemen in every industry.
“Their relationship with the software is one of pure dependency, and when the software doesn’t do what they need, they just… live with it”
Or, more likely, they churn off the product.
The SaaS platforms that will survive are busy RIGHT NOW revamping their APIs, implementing oauth, and generally reorganizing their products to be discovered and manipulated by agents. Failing in this effort will ultimately result in the demise of any given platform. This goes for larger SaaS companies, too, it’ll just take longer.
And I think it’s less about letting agents modify the product source. That’s more of a platform capability which should also be a requirement for certain types of use cases. All comes back to listening to and / or innovating for customers.
This is a microcosm of a much larger problem. When AI writes code, reviews code, and now apparently manages its own git operations — who's actually in control of the codebase?
The "dangerously-skip-permissions" flag getting blamed here is telling. We're building tools where the safe default is friction, so users disable the safety to get work done, and then the tool does something destructive. That's not a user error — that's a design pattern that reliably produces failures at scale.
The broader data is concerning: AI-generated code has 2.74x more security vulnerabilities than human-written code, and reviewing it takes 3.6x longer. Now add autonomous git operations to that mix. The code review problem becomes a code ownership problem — if the AI is writing it, reviewing it, and managing the repository, what exactly is the human's role? We dug into this at sloppish.com/ghost-in-the-codebase
I don’t know what SaaS has to do with FOSS. The point of FOSS was to allow me to modify the software I run on my system. If the device drivers for some hardware I depend on are no longer supported by the company I bought it from, if it’s open source, I can modify and extend the software myself.
The Copy Left licenses ensure that I share my modifications back if I distribute them. It’s a thing for the public good.
Agent-based software development walls people off from that. Mostly by ensuring that the provenance of the code it generates is not known and by deskilling people so that they don’t know what to prompt or how to fix their code.
agree completely. When the megacorps are building hundreds of datacenters and openly talking about plans to charge for software "like a utility," there has never been a clearer mandate for the need for FOSS, and IMO there has never been as much momentum behind it either.
these are exciting times, that are coming despite any pessimism rooted in our out-dated software paradigms.
> SaaS scaled by exploiting a licensing loophole that let vendors avoid sharing their modifications.
AI is going to exploit even more: "Given the repository -> Construct tech spec -> Build project based on tech spec"
At this stage, I want everyone just close their source, stop working on open source until this issue of licensing gets resolved.
Any improvement you make to the open source code will be leveraged in ways you didn't intend it to be used, eventually making you redundant in the process
Maybe, but I don't really believe users can or want to start designing software, if it was even possible which today it isn't really unless you already have software dev skills.
That would basically make users a product manager and UX designer, which they aren't really capable of currently. At most they will discover what they think they want isn't what they actually want.
I wonder if there will be a different phenomena — namely everyone just developing their own personal version of what they want rather than relying on what someone else built. Nowadays, if the core functionality is straightforward enough, I find that I just end up building it myself so I can tailor it to my exact needs. It takes less time than trying to understand and adapt someone else’s code base, especially if it’s (mostly) AI generated and contains a great deal of code slop.
My prompts to Claude has evolved from "what program / data source do I need to do this" to "what program / data source do I need, to make you do this for me".
After a few iterations, any data source without a free API feed, or any program without a free CLI interface are edited out of the gene pool, so to speak.
The real unlock here isn't users becoming devs, it's maintainers becoming 10x more productive. Most OSS projects die because the maintainer burned out fixing bugs nobody wants to fix. If agents can handle the boring parts (triage, repro, patch obvious stuff) the maintainer can focus on design decisions and reviewing PRs instead of drowning in issues. That changes the economics completely.
This feels like an AI generated comment, but I'll reply anyway. AI has been a massive negative for open source since every project is now drowning in AI generated PRs which don't work, reports for issues which don't exist, and the general mountain of time waster automated slop.
We are getting to the point where many projects may have to close submissions from the general public since they waste far more time than they help.
First of all, free software still matters. Then, being a slave to a $200 subscription to a oligarch application that launders other people's copyright is not what Stallman envisioned.
The AI propaganda articles are getting more devious my the minute. It's not just propaganda---it's Bernays-level manipulation!
What I'm hoping for is for more competition in the tech sector. I'm tired of companies foisting Microsoft or Oracle products on everyone! WTF! The current tech sector feels like all companies are subsidiaries of Big Tech... It's likely a direct result of passive investing... Everyone who has any money and controls a small or medium sized company likely owns stock of Microsoft, Apple, Meta, Google, Amazon... So they mandate their companies to use products from those big tech companies. So all the small-fish founders feel like they are dogfooding their own investments... And that's preventing new entrants from getting a foothold in B2B space... Feels like all the small companies are working for Big Tech.
Conflict of interests is the norm. It should be illegal for a company founder or director to own stock of a supplier. It should be illegal for shareholders to own stocks of two competing companies. Index funds should be illegal.
I worry people are lacking context about how SaaS products are purchased if they think LLMs and "vibe coding" are going to replace them. It's almost never the feature set. Often it's capex vs opex budgeting (i.e., it's easier to get approval for a monthly cost than a upfront capital cost) but the biggest one is liability.
Companies buy these contracts for support and to have a throat to choke if things go wrong. It doesn't matter how much you pay your AI vendor, if you use their product to "vibe code" a SaaS replacement and it fails in some way and you lose a bunch of money/time/customers/reputation/whatever, then that's on you.
This is as much a political consideration as a financial one. If you're a C-suite and you let your staff make something (LLM generated or not) and it gets compromised then you're the one who signed off on the risky project and it's your ass on the line. If you buy a big established SaaS, do your compliance due-diligence (SOC2, ISO27001, etc.), and they get compromised then you were just following best practice. Coding agents don't change this.
The truth is that the people making the choice about what to buy or build are usually not the people using the end result. If someone down the food chain had to spend a bunch of time with "brittle hacks" to make their workflow work, they're not going to care at all. All they want is the minimum possible to meet whatever the requirement is, that isn't going to come back to bite them later.
SaaS isn't about software, it's about shifting blame.
It compares and contrasts open source and free software, and then gives an example of how free software is better than closed software.
But if the premise of the article, that the agent will take the package you pick and adapt it to your needs, is correct, then honestly the agent won't give a rat's ass whether the starting point was free source or open source.
The debate in the comment section here really boils down to: upstream freedom vs downstream freedom.
Copyleft licenses like GPL/Apache mandate upstream freedom: Upstream has the "freedom" to use anything downstream, including anything written by a corporation.
Non-copyleft FOSS licenses like MIT/BSD are about downstream freedom, which is more of a philosophically utilitarian view, where anyone who receives the software is free to use it however they want, including not giving their changes back to the community, on the assumption that this maximizes the utility of this free software in the world.
If you prioritize the former goal, then coding agents are a huge problem for you. If the latter, then coding agents are the best thing ever, because they give everyone access to an effectively unlimited amount of cheap code.
What you call 'downstream freedom' isn't very downstream. The real downstream is the end user, who should have the right to know what the software is doing on their computer, to recompile the software so it works on their machine with the software that is already on it, to make changes to the software so it can serve their needs.
I’m impressed by how current times make us consider so many completely opposite scenarios. I think it can indeed foster progress, but it can also have negative impacts.
I think the opposite. It will make all software matter less.
If trendlines continue... It will be faster for AI to vibe code said software to your customized specifications than to sign up for a SaaS and learn it.
"Claude, create a project management tool that simplifies jira, customize it to my workflow."
So a lot of apps will actually become closed source personalized builds.
And then you get a new hire who already knows the common SaaS products but has to re learn your vibe coded version no one else uses where no information exists online.
There is a reason why large proprietary products remain prevalent even when cheaper better alternatives exist. Being "industry standard" matters more than being the best.
I can already build a ticket tracker in a weekend. I’ve been on many teams that used Jira, nobody loves Jira, none of us ever bothered to DIY something good enough.
Why?
Because it’s a massive distraction. It’s really fun to build all these side apps, but then you have to maintain them.
I’m guessing a lot of vibeware will be abandoned rather than maintained.
The hard part has always been shipping, buttoning things up, doing the design. Not the idea per say. And then if any of it is successful and starts making money guess who you're gonna call to maintain it?
if the trendlines continue on atmospheric greenhouse gases we will all be dead from climate change so I really do hope the world is a little bit more complicated than trendlines just extrapolating out. Interestingly enough that might actually be bad for OpenAI since it will be difficult to sell their product if their customers are dying from heat stroke.
But then all your local stuff is based on open-source software, unlike the SaaS which is probably not all the way open.
I've always preferred my stack to be on the thinner, more vanilla, less prebuilt side than others around me, and seems like LLMs are reinforcing that approach now.
There's too much value in familiar UX. "Don't make the user think" is the golden rule these days. People used to have mental bandwidth for learning new interfaces... But now people expect uniformity
Due to copyright laws and piracy bleed-through, one can't safely license "AI" output under some other use-case without the risk of getting sued or DMCA strikes. You can't make it GPL, or closed source... because it is not legally yours even if you paid someone for tokens.
Like all code-generators that came before, the current LLM will end up a niche product after the hype-cycle ends. "AI" only works if the models are fed other peoples real works, and the web is already >52% nonsense now. They add the Claude-contributor/flag to Git projects, so the scrapers don't consume as much of its own slop. ymmv =3
tl-didn't finish but I absolutely do this already. Much of the software I use is foss and codex adjusts it to my needs. Sometimes it's really good software and I end up adding something that already exists. Whatever, tokens are free...
Unfortunately for me, I believe that the algorithms won't allow me to get exposure for my work no matter how good it is so there is literally no benefit for me to do open source. Though I would love to, I'm not in a position to work for free. Exposure is required to monetize open source. It has to reach a certain scale of adoption.
The worst part is building something open source, getting positive feedback, helping a couple of startups and then some big corporation comes along and implements a similar product and then everyone gets forced by their bosses to use the corporate product against their will and people eventually forget your product exists because there are no high-paying jobs allowing people to use it.
With hindsight, Open Source is basically a con for corporations to get free labor. When you make software free for everyone, really you're just making it free for corporations to Embrace, Extend, Extinguish... They invest a huge amount of effort to suppress the sources of the ideas.
Our entire system is heavily optimized for decoupling products from their makers. We have almost no idea who is making any of the products we buy. I believe there is a reason for that. Open source is no different.
When we lived in caves, everyone in the tribe knew who caught the fish or who speared the buffalo. They would rightly get credit. Now, it's like; because none of the rich people are doing any useful work, they can only maintain credibility by obfuscating the source of the products we buy. They do nothing but control stuff. Controlling stuff does not add value. Once a process is organized, additional control only serves to destroy value through rent extraction.
The thing that leaves a bad taste in my mouth is the fact that my works were likely included in the training data and, if it doesn't violate my licenses (GNU 2/3), it certainly feels against the spirit of what I intended when distributing my works.
I was made redundant recently "due to AI" (questionable) and it feels like my works in some way contributed to my redundancy where my works contributed to the profits made by these AI megacorps while I am left a victim.
I wish I could be provided a dividend or royalty, however small, for my contribution to these LLMs but that will never happen.
I've been looking for a copy-left "source available" license that allows me to distribute code openly but has a clause that says "if you would like to use these sources to train an LLM, please contact me and we'll work something out". I haven't yet found that.
I'm guessing that such a license would not be enforceable because I am not in the US, but at least it would be nice to declare my intent and who knows what the future looks like.
Why do you think "fair use" doesn't apply in this case? The prior Bartz vs Anthropic ruling laid out pretty clearly how training an AI model falls within the realm of fair use. Authors Guild vs Google and Authors Guild vs HathiTrust were both decided much earlier and both found that digitizing copyrighted works for the sake of making them searchable is sufficiently transformative to meet the standards of fair use. So what is it about GPL licensed software that you feel would make AI training on it not subject to the same copyright and fair use considerations that apply to books?
The poster doesn't like it, so it's different. Most of the "legal analysis" and "foregone conclusions" in these types of discussions are vibes dressed up as objective declarations.
Are you saying that you believe that untested but technically; models trained on GPL sources need to distribute the resulting LLMs under GPL?
Or, in the case of LLMs, recklessly swing about software they don't understand while praying to find a business model.
Yes, corporations take a large cut, but creative people welcomed copyright and made the bargain and got fame in the process. Which was always better for them than let Twitch take 70% and be a sharecropper.
Silicon Valley middlemen are far worse than the media and music industry.
What makes it all tricky for the courts is there's not a good way to really identify what part the generated code is a derivative of (except in maybe some extreme examples).
[1] https://en.wikipedia.org/wiki/Derivative_work
Afterward, they'd got Rudy's foreman to let him off, and, in a boisterous, whimsical spirit of industrial democracy, they'd taken him across the street for a beer. Rudy hadn't understood quite what the recording instruments were all about, but what he had understood, he'd liked: that he, out of thousands of machinists, had been chosen to have his motions immortalized on tape. And here, now, this little loop in the box before Paul, here was Rudy as Rudy had been to his machine that afternoon - Rudy, the turner-on of power, the setter of speeds, the controller of the cutting tool. This was the essence of Rudy as far as his machine was concerned, as far as the economy was concerned, as far as the war effort had been concerned. The tape was the essence distilled from the small, polite man with the big hands and black fingernails; from the man who thought the world could be saved if everyone read a verse from the Bible every night; from the man who adored a collie for want of children; from the man who . . . What else had Rudy said that afternoon? Paul supposed the old man was dead now - or in his second childhood in Homestead.
Now, by switching in lathes on a master panel and feeding them signals from the tape, Paul could make the essence of Rudy Hertz produce one, ten, a hundred, or a thousand of the shafts.
Kurt Vonnegut, Player Piano
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
[1]: https://youtu.be/ojC0mg2hJCc
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
There are also people who want to be eaten by a literal cannibal. I say, no thanks.
That's 2X the salary of a lot of the world's software developers
Is that the game? Lock in companies to this "new reality" with cheap tokens then once they fire all their devs, bait and switch to 2X the cost.
But yes, that's very expensive and surprising to me.
I did implicitly assume USD but yeah still crazy cash, that'd pay for 2 junior-mid level devs in aus D=
Yeah Atlassian. 1/3rd of my team were given the boot sadly. One guy had 12 years at the company - crazy times
I realize this is an unpopular opinion on HN, but I believe it is best because it's a weakener interpretation of copyright law, which is overall a good thing in my view.
Personally, I want a viral (GPL-style) license that explicitly prohibits use of code for LLM training/tuning purposes — with the asterisk that while current law might view LLM training as fair use, this may not be the case forever, and blatant disregard of the terms of the license should make it easier for me to sue offenders in the future.
Alternatively, this could be expressed as: the output of any LLM trained on this code must retain this license.
Frankly do you think AI companies have even the remotest amount of respect for these licenses anyways? They will simply take your code if it is publicly scrapeable, train their models, exactly like they have so far. Then it will be up to you to chase them down and try to sue or whatever. And good luck proving the license violation
I dunno. I just don't really believe that many tech companies these days are behaving even remotely ethically. I don't have much hope that will change anytime soon
Take a litigious company like Nintendo. If one was to train an LLM on their works and the LLM produces an emulator, that would force a lawsuit.
If Nintendo wins, then LLMs are stealing. If Nintendo loses, then we can decompile everything.
If my license explicitly says "any LLM output trained on this code is legally tainted," I feel like BigAICorp would be foolish to ignore it. Maybe I couldn't sue them today, but are they confident this will remain the case 5, 10, 20 years from now? Everywhere in the world?
All the infrastructure that runs the whole AI-over-the-internet juggernaut is essentially all open source.
Heck, even Claude Code would be far less useful without grep, diff, git, head, etc., etc., etc. And one can easily see a day where something like a local sort Claude Code talking to Open Weight and Open Source models is the core dev tool.
But the Libre part of Free Software has never mattered less, at least so TFA argues and while I could niggle with the point, it's not wrong.
Exactly.
> Heck, even Claude Code would be far less useful without grep, diff, git, head, etc.
It wouldn't even work. It's constantly using those.
I remember reading a Claude Code CLI install doc and the first thing was "we need ripgrep" with zero shame.
All these tools also all basically run on top of Linux: with Claude Code actually installing, on Windows and MacOS, a full linux VM on the system.
It's all open-source command line tools, an open-source OS and piping program one to the other. I'm on Linux on the desktop (and servers ofc) since the Slackware days... And I was right all along.
Without the ability to string together the basic utilities into a much greater sum, Unix would have been another blip.
The benefits to publishing AI generated code as open source are immense including code hosting and CI/CD pipelines for build, test, lint, security scans, etc. In additional to CI/CD pipelines, my repos have commits authored by Claude, Dependabot, GitHub Advanced Security Bot, Copilot, etc. All of this makes the code more reliable and maintainable, for both human and AI authored code.
Some thoughts on two recent posts:
1. 90% of Claude-linked output going to GitHub repos w <2 stars (https://news.ycombinator.com/item?id=47521157): I'm generally too busy to publishing code to promote, but at some time it might settle down. Additionally, with how fast AI can generate and refactor code, it can take some time before the code is stable enough to promote.
2. So where are all the AI apps? (https://news.ycombinator.com/item?id=47503006): They are in GitHub with <2 stars! They are there but without promotion it takes a while to get started in popularity. That being said, I'm starting to get some PRs.
Unless you're using an enterprise license that indemnifies your liabilities, you're almost certainly breaking copyright law and your packages are unusable by any serious company as a dependency. Even permissive OSS licenses like MIT don't take effect since they're predicated on the author actually holding a valid copyright (which you don't if AI agents have committed to your repo, as affirmed by USCO).
We'll almost certainly have a situation where if an open-source repo has direct AI agent commits in its history, it will be just as untouchable for companies as GPL repos.
More on the 19M+ commits here:
https://news.ycombinator.com/item?id=47501348
It is completely delusional that these copied "works" will have any effect or be used by anyone but the most rabid AI proponents just to make a point.
Stars will likely go up over time, but more than the stars it's the testing and maintenance over time that's valuable. There's little promotion right now, but there are already some stars, PRs, and issues. In fact, I'm working on merging PRs now.
$20/month with your provider of choice unlocks a lot.
Edit: the underlying point being, yes to the article. Either building upon the foundations of open source to making personal things, or just modifying a fork for my own needs.
I think as long as AI isn't literal AGI, social pressures will keep projects alive, in some state. There definitely is something scary about stealing entire products as a mean for new market domination - e.g. steal linux then make a corporate linux, and force everybody to contribute to corporate linux only (many linux contributors are paid by corporations, after all), and make that the new central pointer. That might be worst case scenario - then Microsoft, in collusion (which I admit is far fetched, but def possible), could completely adopt linux for servers and headless compute, and enforce very strict hardware restrictions such that only Windows works.
I suppose the idea would be, they don't have to maintain it: if it ever starts to rot from whatever environmental changes, then they can just get the LLM to patch it, or at worst, generate it again from scratch.
(And personally, I prefer writing code so that it isn't coupled so tightly to the environment or other people's fast-moving libraries to begin with, since I don't want to poke at all of my projects every other year just to keep them functional.)
Even in a world with pure LLM coding, it's more likely that LLMs maintain an open source place for other LLMs to contribute to.
You're forgetting that code isn't just a technical problem (well, even if it was, that would be a wild claim that goes against all hardness results known to humans given the limits of a priori reasoning...)
The advantage of decoupling from supply chain attacks is so large that I expect this to be standard practice as soon as later this year.
1. they were trained on FLOSS repositories without consent of the authors, including GPL and AGPL repos
2. the best models are proprietary
3. folks making low-effort contribution attempts using AI (PRs, security reports, etc).
I agree those are legitimate problems but LLMs are the new reality, they are not going to go away. Much more powerful lobbies than the OSS ones are losing fights against the LLM companies (the big copyright holders in media).
But while companies can use LLMs to build replacements for GPL licensed code (where those LLMs have that GPL code probably in their training set), the reverse thing can also be done: one can break monopolies open using LLMs, and build so much open source software using LLMs.
In the end, the GPL is only a means to an end.
Meanwhile as people sleep on LLMs to help them audit their code for security holes, or even any security code auditing tools. Script kiddies don't care that you think AI isn't ready, they'll use AI models to scrape your website for security gaps. They'll use LLMs to figure out how to hack your employees and steal your data. We already saw that hackers broke into government servers for the Mexican government, basically scraping every document of every Mexican citizen. Now is the time to start investing in security auditing, before you become the next news headline.
AI isn't the future, it's already here, and hackers will use it against you.
Or, more likely, they churn off the product.
The SaaS platforms that will survive are busy RIGHT NOW revamping their APIs, implementing oauth, and generally reorganizing their products to be discovered and manipulated by agents. Failing in this effort will ultimately result in the demise of any given platform. This goes for larger SaaS companies, too, it’ll just take longer.
The "dangerously-skip-permissions" flag getting blamed here is telling. We're building tools where the safe default is friction, so users disable the safety to get work done, and then the tool does something destructive. That's not a user error — that's a design pattern that reliably produces failures at scale.
The broader data is concerning: AI-generated code has 2.74x more security vulnerabilities than human-written code, and reviewing it takes 3.6x longer. Now add autonomous git operations to that mix. The code review problem becomes a code ownership problem — if the AI is writing it, reviewing it, and managing the repository, what exactly is the human's role? We dug into this at sloppish.com/ghost-in-the-codebase
I don’t know what SaaS has to do with FOSS. The point of FOSS was to allow me to modify the software I run on my system. If the device drivers for some hardware I depend on are no longer supported by the company I bought it from, if it’s open source, I can modify and extend the software myself.
The Copy Left licenses ensure that I share my modifications back if I distribute them. It’s a thing for the public good.
Agent-based software development walls people off from that. Mostly by ensuring that the provenance of the code it generates is not known and by deskilling people so that they don’t know what to prompt or how to fix their code.
(I know this isn't the actual point of your comment, apologies!)
these are exciting times, that are coming despite any pessimism rooted in our out-dated software paradigms.
AI is going to exploit even more: "Given the repository -> Construct tech spec -> Build project based on tech spec"
At this stage, I want everyone just close their source, stop working on open source until this issue of licensing gets resolved.
Any improvement you make to the open source code will be leveraged in ways you didn't intend it to be used, eventually making you redundant in the process
That would basically make users a product manager and UX designer, which they aren't really capable of currently. At most they will discover what they think they want isn't what they actually want.
My prompts to Claude has evolved from "what program / data source do I need to do this" to "what program / data source do I need, to make you do this for me".
After a few iterations, any data source without a free API feed, or any program without a free CLI interface are edited out of the gene pool, so to speak.
We are getting to the point where many projects may have to close submissions from the general public since they waste far more time than they help.
The AI propaganda articles are getting more devious my the minute. It's not just propaganda---it's Bernays-level manipulation!
Conflict of interests is the norm. It should be illegal for a company founder or director to own stock of a supplier. It should be illegal for shareholders to own stocks of two competing companies. Index funds should be illegal.
Companies buy these contracts for support and to have a throat to choke if things go wrong. It doesn't matter how much you pay your AI vendor, if you use their product to "vibe code" a SaaS replacement and it fails in some way and you lose a bunch of money/time/customers/reputation/whatever, then that's on you.
This is as much a political consideration as a financial one. If you're a C-suite and you let your staff make something (LLM generated or not) and it gets compromised then you're the one who signed off on the risky project and it's your ass on the line. If you buy a big established SaaS, do your compliance due-diligence (SOC2, ISO27001, etc.), and they get compromised then you were just following best practice. Coding agents don't change this.
The truth is that the people making the choice about what to buy or build are usually not the people using the end result. If someone down the food chain had to spend a bunch of time with "brittle hacks" to make their workflow work, they're not going to care at all. All they want is the minimum possible to meet whatever the requirement is, that isn't going to come back to bite them later.
SaaS isn't about software, it's about shifting blame.
It compares and contrasts open source and free software, and then gives an example of how free software is better than closed software.
But if the premise of the article, that the agent will take the package you pick and adapt it to your needs, is correct, then honestly the agent won't give a rat's ass whether the starting point was free source or open source.
Copyleft licenses like GPL/Apache mandate upstream freedom: Upstream has the "freedom" to use anything downstream, including anything written by a corporation.
Non-copyleft FOSS licenses like MIT/BSD are about downstream freedom, which is more of a philosophically utilitarian view, where anyone who receives the software is free to use it however they want, including not giving their changes back to the community, on the assumption that this maximizes the utility of this free software in the world.
If you prioritize the former goal, then coding agents are a huge problem for you. If the latter, then coding agents are the best thing ever, because they give everyone access to an effectively unlimited amount of cheap code.
If trendlines continue... It will be faster for AI to vibe code said software to your customized specifications than to sign up for a SaaS and learn it.
"Claude, create a project management tool that simplifies jira, customize it to my workflow."
So a lot of apps will actually become closed source personalized builds.
There is a reason why large proprietary products remain prevalent even when cheaper better alternatives exist. Being "industry standard" matters more than being the best.
I can already build a ticket tracker in a weekend. I’ve been on many teams that used Jira, nobody loves Jira, none of us ever bothered to DIY something good enough.
Why?
Because it’s a massive distraction. It’s really fun to build all these side apps, but then you have to maintain them.
I’m guessing a lot of vibeware will be abandoned rather than maintained.
And it’s all downhill from there…
I've always preferred my stack to be on the thinner, more vanilla, less prebuilt side than others around me, and seems like LLMs are reinforcing that approach now.
Like all code-generators that came before, the current LLM will end up a niche product after the hype-cycle ends. "AI" only works if the models are fed other peoples real works, and the web is already >52% nonsense now. They add the Claude-contributor/flag to Git projects, so the scrapers don't consume as much of its own slop. ymmv =3
The worst part is building something open source, getting positive feedback, helping a couple of startups and then some big corporation comes along and implements a similar product and then everyone gets forced by their bosses to use the corporate product against their will and people eventually forget your product exists because there are no high-paying jobs allowing people to use it.
With hindsight, Open Source is basically a con for corporations to get free labor. When you make software free for everyone, really you're just making it free for corporations to Embrace, Extend, Extinguish... They invest a huge amount of effort to suppress the sources of the ideas.
Our entire system is heavily optimized for decoupling products from their makers. We have almost no idea who is making any of the products we buy. I believe there is a reason for that. Open source is no different.
When we lived in caves, everyone in the tribe knew who caught the fish or who speared the buffalo. They would rightly get credit. Now, it's like; because none of the rich people are doing any useful work, they can only maintain credibility by obfuscating the source of the products we buy. They do nothing but control stuff. Controlling stuff does not add value. Once a process is organized, additional control only serves to destroy value through rent extraction.