Recently saw a youtube video about a service created to change an open source software license.
- One agent reads code and gather specs
- Another agent, without access to the original code, creates equivalent software
In theory this should allow someone to take any open source software and change it’s license.
For a large portion of open source likely this is not an issue, because nobody may care for the particular software, but for larger projects I wonder what sort of impact this may have. In particular any open source software where it’s authors are making a living from donations or public support.
Has anyone read, or thought, of a way to prevent getting one’s code license changed this way?
You must log in or register to comment.
I think it would be pretty cool if this was used on leaked proprietary source codes
Yeah, like Anthropic’s leaked code that was converted to Python and open sourced. It seems proprietary to open source is a bigger opportunity than open source to proprietary. If there’s already a FOSS version, why would anyone bother with a proprietary bastardization of it?
that’s the very first thing i thought.
fuck it, do it on that leaked windows codebase to improve wine.
Is this really an issue?
Technically, it’s always been possible to do this with human programmers. I could read the code to Jellyfin, write out a detailed spec, hand that to a software engineer and have them recreate it. Or I could just come up with the same app myself from first principles. In most cases it’s not really that big of a difference when you get down to it.
Arguably, that’s what Emby did to Plex, or what Kodi did to MythTV. How much was inspiration and how much was copying? And does anyone actually care?
At the end of the day, patches and updates to the original won’t work with your clean room implementation, so it’s now on you to maintain this new codebase. And you still have to test it, work the bugs out, solve all the problems, and you can’t just refer back to the original code for solutions because the whole point is that your code still needs to be meaningfully different. You haven’t really removed any of the work of creating a piece of software. If you ended up borrowing certain details of implementation - some clever solutions and novel ideas - from your access to the nuts and bolts details of the original, that’s just part of how open source works.
Clean room implementations are much more of a firmware issue than a software one.
The claim that they are doing a clean-room implementation is bullshit. The only way any of these models are able to make any working code is by being trained on every bit of code that could be scraped from the internet. Unless the project you are cloning was released after the model was trained, it was trained on the code. It may be a tiny fragment of the training data, but it still saw it.
I personally don’t think this service as a license changing of an existing project. If it reads and implements the same thing from scratch, then its a new implementation with a new license. I see it similar to how reverse engineering is done in example. And with the approach of two different agents I think this is okay, as it is a new implementation. I mean this is something humans could do themselves too. The only thing is, can they actually proof that both agents aren’t trained on the data they are reading and re-implementing it again (for the clean room implementation)?
The biggest problem to me is, using Ai tools in general, because of what and how they are trained on. But that is a different topic for another day.
Copyright law only has teeth when it’s owned by corporations, but the cleanroom reimplementing technique does still seem to create a derivative product which in this layman’s opinion would still violate licenses like the GPL, but IANAL.
In particular any open source software where it’s authors are making a living from donations or public support.
The “good” news is this is pretty rare these days.
Honestly the best defense is probably just writing maintainable software though, AI slop is going to be hard to maintain.
Copyright law only has teeth when it’s owned by corporations,
100%. It is funny how any individual can be sued for copying a handful, of pretty much anything copyrighted, yet these AI companies copy literally thousands upon thousands of copyrighted materials.
cleanroom reimplementing technique does still seem to create a derivative product
Will likely have to wait for a case to go to trial, but in theory at least, it is possible these clean room implementations may pass a legal challenge. The youtube video I was watching about this topic had phoenix technologies as an example (for those of us old enough to remember what that company was). In their case it was even more so; they took a commercial piece of software and reverse engineered. If that is possible, then doing similar to an open source software may be considered legal, but again we probably won’t know until something like this comes to courts. Different countries may also treat this differently so we will have to wait and see.
The “good” news is this is pretty rare these days.
Sadly yes. But even those that don’t make money, or much money, must feel demoralized when someone steals their code.
I think it might be hard to argue that it is a clean room implementation if the project is in the training data for the model, which it probably will have been
Yeah this is a key point. It’s pretty safe to say that AI generated code that’s based on open source projects is going to be trained on open source projects. If the people running the AI software make any mistake then they could be facing massive copyright violations.
So I’m kind of interested in whether that type of risk is something that would be pragmatic for a company to take. There probably are some situations where it would be, but I’m not convinced that would happen too often.
The irony here is if you host your open source project somewhere where it isn’t being scraped by LLMs your legal case might be weaker.
What an interesting idea
