The clone now has more stars on GitHub than the original work, CheatingDaddy. What's funny is that in a week, most likely nobody will remember that the code was stolen, thus Pickle will probably be fine with their new, shiny, popular project, which will be featured in GitHub Trends.
It's the same with another Soham, who was moonlighting for years. I would not be surprised if he starts a company soon, given the fame he has gained.
I've seen this kind of thing happen even with very small projects, where there's no marketing department or business goal attached. I've seen attempts to erase the history of forks, projects repurposed from others in order to retain GitHub stars unrelated to the repo's new purpose... not for a supply chain attack or something like that, but out of sheer vanity. Sometimes I see people talk about those projects on HN, and if you weren't there when it happened and very interested in some very niche software at the time, you'd never know.
This isn't just a license compliance issue! Even if it were compliant with the license, like if the license has been a permissive license with no attribution requirement, this is still sleazy and plagiaristic behavior. Sometimes (often!) what is right exceeds the legal bare minimum.
YC is the company that (to this day!) has Yotta - a borderline scam to take advantage of financially-illiterate people - on their website after the whole thing has completely blown up and most customers lost their savings: https://www.ycombinator.com/companies/yotta
Oh, and now they have their own rendition of the "Aviator" game often advertised by unregulated Eastern-European online casinos: https://members.withyotta.com/moonshot/. You can't make this shit up!
I wrote off YC after this. Maybe early on it was a mark of quality and good due-diligence, but now I'd argue it's the outright opposite - if it's funded by YC, buyer beware.
Did you not understand what YC was? They're essentially an investment bank that doesn't accept new clients. They make money, they're not a charity. Quality only matters insofar as it drives sales and doesn't create liabilities.
Unfortunately, that's not how someone gets that third comma in their net worth. The billionaires that so much of American society worship didn't make all of that money by being smart, kind, honest, or ethical. They made it by being dishonest, morally flexible, and ruthless.
Especially now, business ethics are for the "little people." The modern billionaire class no longer cares about even keeping up the appearance of decency.
"The overall goal of YC is to help startups really take off. They arrive at YC at all different stages. Some haven’t even started working yet, and others have been launched for a year or more. But whatever stage a startup is at when they arrive, our goal is to help them to be in dramatically better shape 3 months later."
I think that phrase was coined in an era when the tech sector moved so fast that the prevailing law couldn't keep up. It caught up somewhat, but obviously there's still much leeway for improvement. Break all the wrong habits, rigid conventions and old traditions you want, just play along with the governing laws.
> the tech sector moved so fast that the prevailing law couldn't keep up
That's an extremely charitable interpretation.
A more realistic interpretation is that the law was up to date, just that enforcement couldn't keep up because 1) nobody expected such a brazen level of breaking the law and 2) justice doesn't really apply when you have enough capital.
Little known fact: GDPR replaced the Data Protection Directive (95/46/EC) from 1995 which itself replaced the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, written in 1981. Now if you compare these three, there is enough details to get an undergrads degree in law, but on the high level the tenor did not change much. Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules. Well one of the details probably mattered: the fines went up considerably.
> Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules.
At least in Germany at the time of GDPR, the startups (and also bigger companies) were struggling with the insane amount of compliance requirements, and the uncertainty how to actually interpret these legal requirements also in terms of federal law.
In other words: these (German) companies (and startups) clearly obeyed the spirit of these, as you say, 40 year old laws, but struggled hard with the formal red-tape requirements of GDPR.
I was thinking more about regulations around taxis, short-term rentals, etc for example.
As an aside, GDPR enforcement is so lacking (even today) it doesn't register on anyone's radar beyond those that fear-monger about it or sell snake oil to pseudo-comply with it. But even then, keep in mind most of what the GDPR has was already part of many countries' own legislation, and things like spyware were illegal even in the US (but again laws don't apply if you are a company and have enough capital).
IMO that phrase came about when old tech companies (the IBMs of the world) had
* waterfall
* design up-front
* source control systems that
* defaulted all files to read-only
* required you to "check-out" files, potentially locking other devs out from editing them [1]
* probably didn't have unit tests so "deploying to prod" meant "doing a full QA pass, done by human beings"
* there was no CI/CD (We had "Build Engineers")
In this context, pushing a change to SVN/git/hg, having tests run automatically, then having CI/CD push new code to production, all as a side-effect of one engineer push a button? That was moving fast, and occasionally, breaking the whole website. But we got better tests, better CI/CD, metrics, green/blue, ... We learned it was unequivocally better than the old way.
As far as I understood the original meaning, it was about "not being too careful", and err on the side of breaking things, in the name of moving forward faster.
It ended up meaning something else, but back then this is how I understood it.
YC doesn't invest that much into any individual company and that's the most they would lose in the worst case scenario. So even if they behave badly they have a capped risk but unlimited upside
They're far more likely to just fail for other reasons, lawsuit is not going to happen regardless
One starts to wonder whether the LLM vendors laissez-faire approach to the legality of ingesting copyrighted / licensed material will start to infect the industry in general?
I think it will push opensource/ free software hackers to close source their code because it is being used to feed LLMs. Similar to how allot of hardcore free software proponents don't use Github. Is closed source the future?
No. I don't believe that. I personally want my code to outlast me and help people in the future, but I don't want allow anyone to just scrape it, strip its license and use for whatever. I use (A)GPLv3+, because I believe in "Freedom for the user", not "Freedom for the developer" which permissive licenses provide.
My code is not free labor for anyone. It has conditions attached.
This is the problem that AI solves, though: rather than steal our code directly, now the thieves will just ask their favorite AI to generate a new project that does exactly what our (A)GPLv3+ projects did, which it will be able to do only because it read our code. And, even if the result is eerily similar to what we publish -- we might, after all, be one of the few good examples in the training set for this problem -- it will be difficult to demonstrate, as the AI is more effective at the process of laundering licenses than a human (and no one seems to want to admit that, the same way that a human can be tainted by reading the source code of a project they want to reimplement -- making them have to walk a tightrope if they later want to develop anything similar -- an AI might be similarly tainted). In this shitty new world, our code, is, in fact, free labor for people who are using Cursor to rip it off.
I dunno, even after considering that move, I'll continue to publish FOSS like before.
I always did it without any expectation of gains from it, and with the intention for people to use it for whatever they want. That calculation hasn't changed, even considering machines will slurp it up now.
I do agree that it sucks for people who do care about what the code is used for, and I hope these people migrate to other licenses that support their ideas about control and ownership.
From an open source software perspective, I don't understand the feelings around LLM ingestion.
The models isn't generally recreating your software, but might be spreading your way of thinking in pieces.
I get it from the artists and to a lesser degree, writers. I just don't understand it from software projects.
I guess if you think of it as something to replace you, but since you are already a creator, it is also a way to unlock much greater capacity for turning your ideas into solutions.
I, for one, deserted GitHub, and do not use for anything else personal anymore. I'm not against permissive licensing, but all my code will be (A)GPLv3 or later.
A particular project I'm working on will be on a private Git server until I complete and open it as a package. Even after that, I might keep the development closed and release tarballs only (aka Catherdral Model).
All code I write is also AI-Free.
It won't be possible to trust in people for a long time, it seems.
None of my personal repositories are licensed with a permissive license. All of them are GPLv3, however I have found GPL licensed code in “The Stack”. Moreover, there’s an ancient and deleted tweet which confirmed GPL code (in fact any open repository) was used to train copilot in the beginning. As a result, I can’t trust anyone from now on.
I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Do you owe everyone you have ever read a royalty for influencing your writing style or voice? How about for all the other things you have leaned and become competent in?
There is a bigger issue here that is related to what humanity actually is and how we have been abused for many decades and several generations now, to the point that the abused generations have become the abusers of future generations simply because they are mentally trapped, addicted even.
A good uncontroversial example of this may be the excessive and deficit spending of governments, all based on what otherwise would be considered loan fraud, which is called national debt. It is used to keep perpetuating this system we call an economy because it has been so “successful” over ~100 years of “line go up”, solely because everyone wants the gravy train of reckless good times to continue forever.
Unfortunately for some generation of the future (maybe even our own), it simply cannot go on forever, so it won’t, because it is by definition unsustainable. But the goods times and “success” everyone sees everyone else having, keeps people from stopping the insane and utterly suicidal process of not only consistent, but accelerating addiction to every greater deficit and debt loan frauds called the national debt. It isn’t “Trumps fault” it “Biden’s fault”, or any other totem that can excuse or own actions. These are forces we don’t even understand any more than we are blindly changing at breakneck speeds. And if anyone tells you they understand these forces they are simply lying, when we cannot even understand the most basic concept of the fact that there is no alternative to this planet… as we destroy its ecosystem that produced us at ever accelerating speeds, in millions of different ways.
It’s quite similar if not the same as any other process we call addiction; we know it will cause ruin, yet we cannot extract ourselves from the endorphins, so we just keep lying to ourselves.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Humans don't read other codebases en masse. Hell, I haven't read the entirety of our own codebase. I learned by doing, from books (that I paid for or legally borrowed), and yes, by looking at a small amount of other people's code (permitted by the respective licenses).
Humans are not remix machines, AIs (currently) are.
Exactly. I could from memory recite the main story beats of The Lord of the Rings, and probably even get to the detail of all major plot points and some minor ones, and maybe even some famous phrases.
An LLM unburdened by restraint could like produce page upon page of story nearly identical to the original.
Sorry for your story. In those days open source is REALLY HARD. Put your github link here and we will support your project by starring you and spreading your project. You definitely need to fight back.
As an interviewer, I'm seeing a huge increase in proportion of candidates cheating surreptitiously during video interviews. And it's becoming difficult to suspect any wrong-doing unless you're very watchful by looking for academic responses to questions.
Why would anyone encourage building such a tool, I can't fathom.
Some first/introductory interviews are now "powered" by AI. As in, the interviewee gets an AI bot that evaluates them. I'd not be surprised if this takes over and becomes standard.
For now, this is perhaps a blessing in disguise: it tells you that a company is all aboard the hype train and that leadership is seriously lacking in critical thinking and judgment. That can certainly save you from wasting more time with them.
I really, really hope this does not become a "standard". Ugh.
Don't candidates also get a say? If a company asked me to jump through that hoop I'd have a simple one-word response. "No"
If enough good candidates have that reaction, it will become a prestige marker for a company to not use AI screening to give them access to the best candidates
Have you tried putting yourself in the perspective of the humans trying to find a job in a market that is turning over now and was already dystopian before AI was injected into a dystopian, hellish process of “putting on a tie and using a firm handshake” to apply into the void.
This is so stupid. One of the main reasons it's become a dystopian, hellish process is because people cheat; proliferating cheating will make it even worse.
Lying and cheating on a job interview isn't a victimless crime. You're harming the company and all your coworkers when they hire you into a job you're not qualified for; you're harming all the other actually qualified candidates that didn't get hired instead; you're harming yourself, when your salary comes from a company who rely on you to give something you can't give them.
Well be prepared for it to get MUCH MUCH worse, two AI agents battling it out trying to get each other to mess up. While all the human have no idea what the hell is happening.
Get ready to start having some fun in your interviews. Start including things like redirection of focus through general statements, unrelated (and false) trivia, and misleading suggestions in your interview questions. Most of the humans you'd like to hire will ignore those or ask you about them.
Many LLMs will be derailed into giving entertainingly wrong answers:
It's pretty simple - people need to eat (and fulfill other basic needs, of course), to eat they need jobs, to get jobs they need to pass the interview. The hiring process in a lot of industries is heavily gamed at this point, to the point that not cheating is basically an automatic fail. So, if you want to eat, you cheat.
> The hiring process in a lot of industries is heavily gamed at this point, to the point that not cheating is basically an automatic fail.
This sound a bit of "thief thinks everyone steals". Interview preparation is normal and common but I don't think cheating is. May depend on the location of course.
The "heavily gaming" happens before the interview. When you reorder and edit your resume to have the right keywords to get on top of the LLM/intern sorted pile.
I can totally understand thinking this way out of desperation, and being lulled into thinking it’s this simple, but it seems short sighted with hidden complexities. First of all, it’s risky. If you get caught, you don’t eat, and it could follow you and prevent you from even getting in the door elsewhere. Companies are always going to be watching for cheaters, they are always going to have more visibility than you into what interviewees are doing, and they are always going to have more resources. Even if you do cheat and get hired, it quickly becomes obvious that you’re unqualified and can’t do what you claimed, and even if you don’t lose your job, you’re less likely to get promoted. Being lazy and amoral about interviews seems like a trap people set for themselves.
The good news is that a lot of companies are starting to allow AI during the interviews, and suddenly it’s not cheating. But of course that means you need to be good at using AI and interviewing and programming, you won’t be able to cheat and rely on the AI to do your talking for you.
Doing whatever it takes to get the foot in the door may be encouraged, but only to a point and I think out and out cheating is probably crossing a line... As would murder, arson etc. etc.
If cheating means asking someone in the company you're interviewing for a peek at what will be asked then great. In my book that's using leverage.
Reviewing previously posted interview tests is probably recommended.
Hooking up a copilot to answer interview questions for you in real time is probably less so.
I won't use it, but I do see it as somewhat symmetric. If the interviewers are using AI or expecting you to use AI for these tasks once you're on the job, then it doesn't seem completely immoral.
Probably you've been out of the getting hired game but I had a glimpse of it last year: absolutely terrible.
When I started you'd send a mail to the company directly about a position, you'd go to the office, have a short interview, meet the team and they'll let you know. That's it.
Now it's 2 rounds of HR bs, 3 layers of tech interviews, then meet the CEO/CTO/etc. And then references and then a final "chat". And you still can get ghosted at literally any step, even at the final cozy chat, just because of "vibes".
And throw in companies sending you leetcode even before talking to you and you can see why one would want to get through the bs.
I still stand about my favourite approach for tech jobs: intro and tech chat (1-2h) about your resume, what you'll be doing and anything you might have questions about (no challenges or stupid riddles). Then, if everything goes smoothly, you get a 2 weeks contract and you are in probation. If everything goes well, you get another contract for 3-6 months (up to you to accept or not) and then you get converted to permanent if everything went well for both parties.
I actually like your idea of a probationary hire, but you can see this is just an even longer extended interview, right? If companies were to adopt this model en masse, they would over-hire and then drop most people after the first 2 weeks, and you’d be out looking for another job, having wasted even more time than 5 rounds of interviews, and being unable to interview for multiple jobs at the same time.
Software interviews and hiring have definitely changed over time, and I know it’s harder right now, but I think we’re seeing the past with slightly rose-tinted glasses here. It was never only just one short interview, there were applications and emails and phone screens. In my career, I’ve always had multiple interviews and technical discussions during job applications, even back in the 90s. Getting hired, for me, has always taken several weeks end to end, if not longer.
There are a bunch of reasons interviews are getting harder, and people trying to game the system and trying to cheat are one of them, a big one. Think about it from the company’s perspective: what would you do if the volume of applications you got started far exceeding the number of positions available, and an increasing percentage of the applications you got were people unqualified for the positions but adept at pretending? More face time vetting before hiring seems like the only reasonable answer.
Other reasons why interviews are getting harder is that software jobs are more competitive now, and possibly relative pay has gone up. If interviewing was easier back in the day (and I agree that it was), it’s because there wasn’t as much competition.
A two week probation means that nearly all candidates will need to quit their current job to do the probation which seems unlikely to be popular with candidates
I am old and thankfully out of the getting hired game. I was cleaning out some files (paper!) recently and ran across correspondence from old job searches. As you said, single visit and decision. I was also struck by the number of letters from companies thanking me for my resume and politely telling me they were passing but would keep me in mind for future openings. It was not uncommon to receive a letter directly from the hiring manager thanking me for coming to an interview.
> unless you're very watchful by looking for academic responses to questions
I've noticed that a lot of the supposed hallmarks of "AI slop writing" (em-dashes, certain multisyllabic words, frequent use of metaphor) are also just hallmarks of professional and academic writing. (It's true that some of them are clichés, of course.)
It seems like most efforts to instruct people on how to "fight back against AI writing" effectively instruct them to punish highly literate people as well.
I think it's often still possible to tell human writing that uses some of the same tropes or vocabulary apart from AI writing, but it's very vibes-based. I've yet to see specific guidance or characterizations of AI writing that won't also flag journalists, academics, and many random geeks.
Honestly, why would you care? IF, and this is a big if, you are confident your interview process accurately assesses the abilities of candidates to carry out the role, then why would LLM assistance even matter? Are they not going to be allowed to use LLMs on the job?
This faux-outrage is just showing how broken the whole hiring process is in tech.
Stop giving people puzzles and just talk to them. If you're unable to evaluate if someone's a good fit for a role then you either need to learn more about effective interviewing, learn more about the role, or find someone else who is good at hiring/interviewing.
Indeed, I am sympathetic to the author in this situation because I think open-source is important, but I don't approve of this software and don't want to affiliate with it by even starring it on GitHub.
Not really sure what I can do for the author but say "that sucks, bro".
From my experience in 10+ tech companies, the biggest difference between bootstrapped and VC financed is, with money you can do illegal things and pay the lawyer.
The highest jobs require these days a proven track-record of corruption. You can‘t blame young startups wanting to take the first step on that ladder. At the end of the day we are living in a merdeitocracy.
Well, there are no consequences are there? Or at least no precident of consequences of such behaviour. My hope is that folks like this always lose out in the long run but I'm not so sure anymore...
I've had similar happen to me by company out of Paris, France lol. They yoinked the backend out of my OSINTBuddy project which is AGPL licensed then tried to get me to work with them where they were going to sell access without also providing the source code
Hire a lawyer to send a legal notice. Costs practically nothing and since it's an open and shut case, free money for the lawyer (if they charge based on damages), or the startup caves and shuts down.
It's always possible to try, especially as it seems there was a technical violation here, but whether it's worth it or likely to gain enough legal traction to yield results is another story, especially in instances of "your AI generated boiler plate looks like my AI generated boilerplate, and therefore is theft"
It wouldn't matter if they wrote a program to automate stealing other people's content. If you strip a GPL license off a program you redistribute, you're breaking the law.
The founders who built Glass don't complain about cheating. Rather, the developer of https://github.com/sohzm/cheating-daddy complained of copyright infringement of his code by the developers of Glass.
While copyright infringement is clealy legally wrong and developing general software is not, I do agree with GP that one should, morally, perhaps not complain about "cheating" the legal system when the infringed application itself is meant for cheating.
Legal correctness does not necessarily imply moral correctness.
They complained of license violation, not copyright infringement. There’s a big difference. The original license already granted the rights for anyone to copy the code, so the question of copyright infringement isn’t really on the table.
If you don't abide by the license terms then you don't get to copy something under the license. So breech of license means corresponding copyright infringement.
And it has the same fake excuse as usual "Since this was our first OSS project, we didn’t realize at first."
He sure discovered this new open source thing and it's very confusing. It's not like it's almost 40 years old at that point. I'll never understand people who lie like toddlers.
Because this is how the current corporate world works. It's all about appearances, someone can do whatever bad thing, will go on and say "upsie, I didn't realise that X is bad, it was an honest mistake" and then all is good, the person actually reporting it or signalling it out will be the bad one, for being critical, aggressive, not constructive or open minded.
It's funny these "founders" only use this hollow excuse with open source licensing, you never see "since this was my first company, we didn't realize taxes exist"
> you never see "since this was my first company, we didn't realize taxes exist"
Taxes are a nitpicky example, but indeed in Germany where everything is full of regulations and red tape that only some bureaucrats understand, there indeed exist founders who argue this way for these convoluted laws:
That's different. Last time I checked he's not arguing that he didn't know, but that the regulations are ridiculous and should be changed. Which I think is completely legit. The German economy and everyone who works in it would benefit from this. Moreover, I consider euclidean zoning to be a colossal mistake...
I do not know what is wrong with software engineers. This is theft (or whatever the lawyers says in the IP law) and now stating: Ooops we did not know, our bad, we keep it till we have found a replacement. Mistakes happen also in real life, but libraries is a common thing, like cars standing on a street. You do not accidently steal a car.
Software Engineering is more than coding. Basic license management incl. library vetting is part of it. If you decide to ignore that, you do not run a business enterprise, you run a criminal enterprise.
Sure, criticize their actions, but don't parlay that into this kind of personal swipe at the individuals and their families; that's when the line is crossed from valid critique of actions to nasty mob pile-on, and that's never ok here.
Not that it should matter but as far as I can tell, the Pickle founder/CEO grew up and studied in Korea, and we have no idea what their family circumstances were.
This guy did something very immoral and callous, and will seemingly face no real consequences for it. Roasting him in the comments of the site of the people paying him is somehow overkill?
None of us knows exactly what this specific person did or what their motivation, intention or understanding of the situation was. We only know what was in the company’s code that was published, and we know what they’ve done since to try and address it.
“Roasting” is one word for something that can be described in far more serious terms. It’s against the HN guidelines and the guidelines still have to be upheld to some degree.
It’s also false that they will face no real consequences. They’ll never forget this experience and these sorts of things are often terminal for a company.
Right. They'll learn to be more discreet about it next time. Do you really believe "I got flamed on the Internet" is a memory that will counterbalance "I can make millions out of selling stolen code if I don't get caught" ? (especially considering that you flag such comments, therefore their shielding their poor egos from seeing mean words.)
>these sorts of things are often terminal for a company.
Starting a company is not hard. Thousands are created, and destroyed each day. If they're smart, under someone else's name. Maybe, maybe one person will see <generic AI company name> and think to look at the CEO, remember what he did and potentially try to warn people about it, and they'll be promptly ignored. Helped by people like you, under the guise of muh guidelines
>“Roasting” is one word for something that can be described in far more serious terms
I'd love to hear those terms. Because the worst that comes to mind that could apply is "disparaging", and unfortunately for them, "being mean on the internet" isn't something they can or will sue over.
Sometimes it's really surprising what comments you guys push back on and which ones you don't comment on. (Yes, I know, you can't see everything, etc.). I suspect it might be because this one wasn't dressed up enough.
While it is a personal attack, it is pretty tame compared to (non-flagged) comments I see here every day. I especially don't see it as a swipe at their family. Yet this is a pretty strong rebuke.
While I highly doubt it's because the subject is a YC pick, the optics aren't great.
FWIW, that comment looked like an egregious personal attack to me too (and yes I hear you that you're not defending that post! but rather asking a fair question about moderation standards).
If there are comments that are that bad or worse floating around HN, which aren't getting flagged and/or replied to by moderators, we really need to see them. If you can recall where any of them are, and can dig up links, we'd appreciate it. Failing that, if you (or anyone) see cases of this in the future, we'd appreciate a heads-up.
The one thing I can imagine you might be referring to are some of the recent politically charged threads where people were really going after each other. Those are hard to moderate without coming across as taking one political side against another (which we're careful not to, but this is easy to miss when passions are high). But even in those cases we do our best to make sure that the guideline-violating comments get flagged.
I realize you already alluded to this when you say "Yes, I know, you can't see everything," but that really is the only reason why comments of this sort should be going unflagged or unmoderated on HN. There's a lot that we just don't see here—there's far too much for us to read it all, and we rely on users bringing it to our attention.
I wasn’t surprised by the pushback. This isn’t like responding to a pseudonymous HN comment opting into a discussion, they are talking about specific people and posting pointedly mean-spirited remarks towards a party that has not opted to discuss their provenance.
The response could’ve been better worded but you can see how no one would want to moderate a community that makes it a habit to disparage specific people outside of a good faith discussion.
This comment broke the guidelines. I'm not saying it shouldn't have been moderated. I made a meta comment on the overall moderation on HN, which sometimes surprises me in which comments get reprimanded and which ones don't (and with what amount of vigor the reprimand is delivered with).
You should temper that observation with the realization that this particular thread is under a microscope. The HN mods moderate less when YC companies are involved, but somewhat ironically that actually requires more of their attention, since they need to counteract some automations. So they are more likely to spot comments here.
There’s something about the point when anger at someone’s actions turns to trawling over someone’s backstory in order to attack/demean them as a person that crosses a line for me; I’ve always pushed back on it whenever I’ve seen it, on HN and elsewhere. People doing it and supporting it always think it’s “not that bad”; nobody likes to think of themselves as doing or supporting something bad.
Any time you see egregious comments on HN that aren’t flagged/dead, you should flag them and email us so we can take a look.
>People doing it and supporting it always think it’s “not that bad”; nobody likes to think of themselves as doing “bad”.
So we're clear, because this implies I'm "supporting" it, I'm not. Just saying that this is more tame than many personal attacks I've seen, with a stronger response than I've seen (when there is a response). And, in this case, that gives off some bad optics/more ammo to people who are critical about when & why you moderate.
Without moderator transparency (which I've read the reasoning for, and can agree with!), optics is really all you've got.
In the context of this thread (and not other supposedly worse comments in other threads that I’m not able to evaluate), having allowed pretty much everything and anything to be said, I’m comfortable with this point - the point where things turn personally nasty - being the point where I draw a line and push back.
I'm guessing my comments are pushing on a sore spot, because you've implied that I support the personal attack when I've said clearly I don't, and now you're implying that I'm lying.
I’m not saying that at all. I just can’t explain the disparity in our responses when I don’t know exactly what the comparison is. I’m not surprised to hear you’ve seen worse things. As you concede, we can’t see everything and we don’t respond to everything and there are all kinds of reasons for handling things differently, a major one being randomness.
But in the context of this thread, it has largely been the free-for-all that people want it to be but I’ve drawn a line at one point where things crossed over into being personally nasty and I haven’t yet seen a reason why what was a wrong call. I know some people will criticize me for that and I’m comfortable with that.
They're not personal attacks. It's their family's money, it's YC's money, it doesn't matter: they're young people that went to expensive universities, dropped out for the lulz and moved to California, joining a VC that showers every single terrible bad idea under the sun without any oversight.
I can change the term "daddy's money" with any other term you'd prefer, it doesn't change the message.
It’s obviously diminutive and patronizing, and makes implications or assumptions about them and their families that are based on stereotypes or sparse information. It’s clearly against the guidelines and the guidelines aren’t discarded altogether just because a YC company is involved.
YC isn't that unknown and you can absolutely judge that org for funding stuff like this, you really don't need that much detail. And if you have interacted with a lot of the "founders" you know that statistically you're in the clear to judge them all too. It's a pretty weird world where a lot of dumb exists, like A LOT. The realities of their lives are frankly immaterial anyway, it's about the output (and input in case of VC money).
> Basic license management incl. library vetting is part of it.
This depends on whether you consider Compliance to be part of software engineering or a separate discipline. At least in most companies the compliance department is different from the software development/IT department, because the necessary skills are very different and barely transfer.
There exist people who are anti-copyright, which has the implications that such people are (by the golden rule) also basically fine with having their works copied.
This incompetence excuse puts YC in a bad spotlight too, because it makes them look like they are funding people with exact zero software development experience.
Paul Graham once wrote that startups are pretty hard to game unlike academia for top grades or a big company for promotions.
In a twist of fate, YC itself seems to be gamed like those broken companies.
So this is the third counterintuitive thing to remember about startups: starting a startup is where gaming the system stops working. Gaming the system may continue to work if you go to work for a big company. Depending on how broken the company is, you can succeed by sucking up to the right people, giving the impression of productivity, and so on.
When you institutionalize an ad hoc process, you turn it into a system that can be gamed. YC did that for startups, and it was already pretty obvious in 2014 when Paul Graham wrote that essay. Every other government was claiming to support startups and that their corner of the world would become the next Silicon Valley.
TBH, I know plenty of people with software development experience, who I think are genuinely pretty good at converting ideas to code, but who wouldn't have any idea what Apache or GPL mean.
Every init-command requires you to define or at least review a license for your project, so I would refrain from calling that one "software development experience".
>
By your argument, I can just torrent movies and appz becuase I'm not a lawyer and can't be bothered with minutae of copyright law.
Indeed, there exist people who argue that in many areas law has become so complicated and unclear what is allowed or not that you cannot thus expect from ordinary citizens to obey the laws anymore - even if these citizens are willing to.
Thus politicians do have an obligation to make the laws as clear, logical and comprehensible as possible, otherwise they loose their legitimization of expecting citizens to obey them.
Yes. Personally I believe current copyright law is a massive outreach and mostly serves established big companies, not small creators and innovators. I'd like to see it curtailed by a lot.
That's no excuse for a VC-backed startup just ignoring it and YOLOing their way.
This actually disincentivises small creators (open source maintainers and contributors, in this case) from participanting in the very thing copyright is supposed to foster.
That is why when such a marketing claim comes up, the first question to ask is from which base they built the respective product in 4 days, and which kind of additional value the respective company added during this process.
My observation is that HN intentionally downranks highly commented threads. I used to think of it as unfair, but now it truly makes sense, considering:
- Posts with high comment-to-vote ratio often have political, scandalous or other kinds of heated themes
- Highly popular/engaging posts already act as self-amplifying snowballs
- High-volume discussion triggered by emotions is hard to navigate, is repetitive, and attracts the dumbest trolls even in HN
- The truly important topics tend to become visible anyway
If anything, the statistics actually suggest these articles were weighted the other way around. tmux-rs stayed on the frontpage much longer than it logically should have, especially compared to this thread.
...in any case, what's the "joke" about this? GPL violation is very serious, Tesla was forced to publish a substantial amount of proprietary code after a similar infraction.
To a casual outside observer the quality of the companies YC invests in seems to have absolutely cratered. Have they just given up on vetting and switched to a throw money at everything approach?
Isn't that a very outspoken objective of YC, to fund people, not ideas? Long time ago I caught up to what YC is doing, but even when I first joined HN back in like 2013 I think the whole "Fund people, not ideas" shtick was already explicitly what they were doing, unless I remember wrong.
So why are they so insistent that they want AI ideas? I felt sick when I read the list of things they say they want to invest in and every single thing was framed as, "build some service, but for AI".
Also in this AI era I've learned something else: it isn't intelligence that builds institutions. It's philosophy, and it's faith. The AI industry is full of smart people, but If you lack a set of beliefs you won't know why you're working or what you're working towards or how to put one foot in front of the other day after day to make steady progress towards helping people over the longest time scales.
In the AI era our industry has found itself with one of the more bizarre problems I could imagine: in accepting that it builds products for AIs and not for humans, it has become philosophically bankrupt
> So why are they so insistent that they want AI ideas? I felt sick when I read the list of things they say they want to invest in and every single thing was framed as, "build some service, but for AI".
If I tried to enter the mindset of a VC, I could potentially see that as a "Is this person at the 'edge of progress' currently" flag, although I wouldn't trust it more than a "Is this person chasing hype" warning personally. Maybe it's a good way of getting some specific type of person to apply, in some other way?
Isn't that what VCs in general are doing? Hiring for more money, with more expected gains from you, with a different kind of legal arrangement, but still hiring nevertheless.
Funding people means you trust the people are so good they will push any idea to success. Funding an idea means you trust the idea is so good it will push any people to success.
Funding people means having a lot of trust in them. What's unsaid is if the investor believes coloring outside of the lines to make everyone more money is a breach of that trust, or just the normal cost/risk of business.
They expect you to come up with an idea or a business and explain it to them and show your progress. Of course one may say that those things reflect you as a person but so does stealing and relicensing code.
To be sure, there's nothing wrong with the idea that modern computers and distributed computing techniques can handle streaming updates for a significantly higher scale of concurrent same-world users than prior-generation MMOs. But clearly something unexpected happened here, and while I completely understand the lack of a public post-mortem, I hope that YC has examined why its mentorship model and community were unable to set up this team for, if not success, at least having greater integrity in its relations with its userbase.
I'd say they have historically aspired to active informed selection and then accepting that out of that portfolio many will fail cause that's how VC goes. That's not quite the same as buy everything.
This situation truly enrages me and is likely the reason (IMO) why talented programmers (today, in 2025 versus, 2008-2013 where small founder startups thrived at places like 500 + YC).
Quite ironic how YC touts technical founders > "non-tech" ones -- when acts such as this strip ones chances of wanting to become one, or even continue showcasing their talent publicly on platforms like GH.
As OC i would do that giant rewrite and add vulnerabilities - either they do a funny portation rodeo and get zero dayed all day every day, or they are at least cut off from free work.
Is it me, or "founders" are actually FREAKING dumb?
Why people continue to give them money, and praise their "work"?
Instead of making (indirect) ads for them we should publish their name and the company's name into shame publicly, and let their reputation die slowly...
I have no respect for them, and you should not too (if you care about justice).
Most of the time ROI is still bigger. You would think that some ”evil”companies would be dead but stock price just keeps increasing. Imagine what Facebook would be if they had good morals?
Doesn't this happen all the time with Ultralytics yolo code? They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
Please correct me if I'm wrong, but is the license also viral if there's a network connection involved? i.e. I run the code in a container with a little network interface added ?
And yet Microsoft have release code with different licenses that make's use of Ultralytics code.
I potentially would be interested in using these wildlife detection models in a commercial (Not open source) context but simply don't trust the claim that it would be okay to do so, sounds like a big business risk to me.
What is the opinion of the community of the MIT licenses associated with PyTorch wildlife from Microsoft okay to use in a closed source commercial context? Microsoft have put an MIT license on this, but their code does imports of ultralytics libraries, which I thought were AGPL.
Note: The GPL 3 license from the official yolov9 differs in this, it must be possible to run the same code on the platform, but your usage may be closed source.
> They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
It doesn't work like that.
The code linking with AGPL code needs to be AGPL (or compatible license) to comply with the license.
That doesn't mean that if you link some code with AGPL code it automatically becomes AGPL. It just means it doesn't comply with the license and therefore does not have the right to use the AGPL code.
The remedy to a license violation is not necessarily complying with it. In fact, I've never seen a case where a company using (A)GPL code in such a way was ordered to release their own code with that license. Generally, they have to simply remove the (A)GPL code, pay some damages and that's it. If they want to keep using the AGPL code, then they of course would have to comply with it, but that's their decision at that point.
What specific kind of "linking" is happening here?
If your code is 0% derived from GPL/AGPL code in a copyright sense then there is no virality and you can generally use them together without license worries if you're careful about how you link.
I really like the work that Microsoft did with Pytorch Wildlife but not brave enough to trust the MIT license they put on their code that uses Ultralytics code and all attempts to check if it was okay for them to change the licenses seem to indicate that they may not do this.
Love to know for sure. Maybe someone from Ultralytics can point out their view on this?
You are joking but that's exactly how it works as long as you are a company (and the bigger/more connected it is the better).
Don't pay your debts as a person: you quickly get hit with fees, chased by collections, etc.
Don't pay your debts as a company: sorry, it was merely a clerical error by our accounting department. Nothing to see here.
Lie and profit from it as an individual: that's called fraud and could land you in jail.
Lie and profit from it as a company: sorry, our website/documentation was out of date, our CS clerk was wrong and has since received additional training. Nothing to see here.
The classic playbook: copy an open-source project (or just vibe-code something similar), slap an open-source label on it, and toss in an unproven design system / framework (like Liquid Glass) to give it a shiny veneer.
Less about building something meaningful - more about manufacturing hype in hopes of catching a trend before it crashes!
I follow a bunch of YC founders on X. Lots of behavior that could be construed as 'growth hacking - or 'deceptive' depending on your bent: promoting open source libraries that don't work, rewriting tweets from smaller accounts, coordinated replies from mutuals and so on.
I guess that's the game, but they do seem a lot more cavalier about it of late. Increasingly resembles the crypto 'community' (derogatory).
The easiest way to check for integrity and ethics is if the startups YC finances routinely run afoul of YC's ethics code or the law.
If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again. If breaking the law isn't an automatic termination of the collaboration, it takes you to the same conclusion. If YC explicitly supports the startups when knowing about these problems, or implicitly by skirting due diligence and turning a blind eye, or accepts startups having no commitment to an ethics code, then ethics or integrity are not core values, or even are completely absent.
There are more nuanced topics and methods but if it doesn't pass the smell test with the basic ones, it won't pass it with any.
GGP was clearly in the context of “how would YC evaluate this pre-funding?” rather than “how would outsiders evaluate YC?” but 15 seconds of search turned up: https://www.ycombinator.com/ethics
...some latent passive aggressiveness and YC's founder ethics code not YC's own ethics code. You need an anchor for the chain of trust. That must be the VC's (YC in this case) integrity and ethics code first.
You stopped reading after the first few words, misunderstood even those, and rushed to answer didn't you?
I addressed exactly how to evaluate ethics and integrity prefunding, and ensure it post with 2 very simple concepts that would have worked perfectly at least for this easy to catch incident:
1) Do your due diligence. In this case "15 seconds of search" would have turned up the original code and the license mismatch.
2) Have clauses to ensure breaches of law or ethics have severe consequences to the founders.
The founders indisputably breached YC's founder ethics code, in particular "Being honest in the YC application and interview process" and "Generally operating in good faith and behaving in a professional and upstanding way". Or maybe the founders were honest and YC accepted this but then we circle back YC's own ethics code.
YC had means to check for this prefunding, and has means to deal with the problem now. If there's no transparency that any of this happened, it didn't happen. So the point of "checking integrity and ethics" becomes moot.
I don’t believe I misunderstood these words of yours, and provided you a ready reference to check for yourself whether YC had a code of ethics and whether that code contained the elements you were hand-wringing about.
> If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again.
--------
> YC had means to check for this prefunding
How would YC check in December 2024 for a copyright violation that was discovered in July 2025 and probably happened in 2025 during the batch (after funding)?
This is indeed a problem that Pickle/YC have to deal with, but I'm not nearly convinced that this was findable in 15 seconds pre-funding.
YC's funded over 4000 companies. How many have had ethics scandals of any size? Less than 5%? Less than 2%? They're betting on founders, probably rejecting some on ethics grounds, and trying to nudge those funded to stay ethical while being aggressively fast. If they're hitting over 95% "no scandals", that's pretty good from a 2 page application and 15 minute interview process.
sokoloff, I already told you twice that I am referring to YC's (or any VC's) own code of ethics, for themselves. Not just the one for founders. The rules YC applies to themselves are the root of trust for everything that later comes out of the startups they finance.
This issue could have been caught earlier and solved if YC checked for this earlier. And maybe it could even have been prevented if YC imposed harsher penalties for breaking the ethics code or the law. But instead it was caught and made public by someone else, and it's that public pressure that caused any reaction from the founders.
> that's pretty good from a 2 page application and 15 minute interview process.
You're damning YC with praise. 15min to assess potential for profit but also ethics and integrity doesn't make it look like they'll put much focus on the latter. Always good to have confirmation.
It's your choice to take the strawman argument and fight that instead because it's more accessible to you. It's your choice to pretend you don't get the meaning of words (like what YC's own code of ethics could mean, of the "if" that preceded every one of those sentences you keep quoting) and drag the conversation down just to save face. It's your choice to keep finding weak defense arguments for VCs who are sacrificing integrity for money in a 15min interview.
Now I see the disconnect on the code of ethics. In my view, pg, dang, tomhow, rtm, Jessica, Garry, et al are members of the YC community within the meaning of the code and I think they think they are members of the community and bound by that code, making that YC’s code for all community members and therefore YC overall. You seem to conclude otherwise.
Setting that difference of interpretation aside, It’s difficult to figure out how and when exactly you think YC could have surfaced the problem with the repo that was published in the last 24 hours months ago when they made the funding decision.
Could you help me understand the notional timeline of actions that you think would have avoided this?
There’s a reason they ask the question about describing a time you “hacked a system to your advantage” in the YC application. They have always selected for founders who are willing to take advantage of legal and ethical gray areas. Reddit created fake users and farmed content from Digg, Airbnb scraped listings from Craigslist.
There's an argument to be made that, even if it's an open and shut violation, if enforcement is nontrivial and a vanishingly low risk, it still pattern matches as "grey area" in terms of risk.
Not at all in favor of the person stealing someone else's code and slapping a new name on it in violation of the license, just that I think I see why people might list that as matching the same intent as a question like that.
This was of course a calculated move. The founders of Glass are not that stupid. They knew the original author would complain in the loudest way possible and cause a viral outrage, which would give them a ton of eyeballs and exposure.
Engagement hacks, outrage, eyeballs, distribution, attention at all cost. Welcome to tech in 2025.
Surely you can’t be too surprised. The market is pushing for move-fast high polish, speed over substance. You can just do things, move fast and break things, etc. Velocity is the moat, indeed.
This is the market YC is breeding. When these guys float to the surface, what did you think would happen?
YC, you’re one of the greatest generators of value ever. Do better.
Over the last decade or two, the builder/hacker ethos has seemed to shift towards this grifter, money-over-everything attitude. I’m sure there’s a lot at play (crypto culture, VC self-selection, the attraction of ‘easy’ high salaries), but I’m sure it’ll get markedly worse with ai tooling and the any-publicity-is-good fomo marketing that’s taken over the startup scene.
My take is both OP’s tool and the blatant plagiarism of it are examples.
Yeah, most VC founders on twitter are annoying and not worth following anymore. It used to be inspiring to follow some of them many years ago, see them build a cool product and sharing learnings. Now it's all just promotion, straight up lies, and their personal brand comes across as more important than actually building something. The "learnings" shared are now more tailored to go viral than actually help others etc.
Because I loath Nouning Verbs and Verbing Nouns, I'd really like "learnings" to always have an implied or explicit set of quotes and mean vaguely defined and not necessarily ethical stuff.
There's a perfectly good noun, "lessons" and a verb, "to learn" that, when combined, provide everything "learnings" does, without the pretension of using a verbed noun. It's like "diarize" and other even worse monstrosities.
Sorry to this poster, no personal attack intended, you just pushed one of my pedant buttons.
As you might guess from my language, I'm not a native speaker. And in Norwegian, the two words could be "å lære" and "lærdom", hence why it "sounds right" in my ear to use learn and learnings.
The author could bring the company to court for license infringement, it's an easy case, they (the original author) could easily bring home some of those sweet sweet YC vc money.
They spend a hundred grand on getting a lawyer, the company instantly declares insolvency, and then Glasss (With 3 s's - Completely unrelated to the previous one) does the exact same thing.
Things like this are why I have become disillusioned with Open Source, and why latest projects have been closed source. The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce. If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
Well, if you're writing open source because you want to write open source, then none of this matters. If you are worried about corporations stealing your work, that should drive you away from OSS. OSS should stay "hobbyist" for the individual developer.
If a corporation is stealing your OSS code (and violating a license) then that implies that they think your code has value, they might have paid a person to write that code but instead some hobbyist built it for free and a corporation steals it.
A few months ago, I made a pull request to LMAX Disruptor, which was merged. I was initially excited because even if my PR was simple it’s still a big project that I contributed to. But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
My PR there was pretty simple and only took me like 30 minutes (if that), so I am not going to cry too hard over this, but it’s just something that made me realize that if a company is going to use my work, they should pay me. I don’t think it’s wrong or weird to want to be compensated for my labor.
I am still a hobbyist. Turns out you can still be a hobbyist without sharing everything you’ve ever done on GitHub.
It only devalues labor if it's leveraged specifically to do so. You could make this argument about literally any volunteer activity, software related or otherwise. The real devaluation of labor comes from things like the "gig economy" where costs and compensation are abstracted such that companies can exploit the naivete of workers who, generally speaking, are not accustomed to things like amortization and accounting for external costs, thus significantly driving down their own labor, operational expenses, and risks by passing them directly to the workers. At least open source projects are up-front about what's to be expected, and tend not to engage in exploitative practices.
I have had a bunch of jobs. When I have wanted to use open source libraries, I have been told “no” because the repo has no recent updates, because that suggests that whomever built it isn’t working it anymore. Conversely, where there are lots of updates, the project is likely to be used.
Why am I telling this story? Because it suggests to me that companies will only use these libraries if there is a guarantee of ongoing free labor; presumably they could use an old appropriate library and pay people to fix any issues as they come up. Admittedly, I know that some companies do exactly that, and that’s great, but I do not think it’s the majority.
I don’t think the people doing Open Source are bad people at all, far from it, in fact. I think a lot of these people are very smart and hard workers, and I think they should be compensated for their work, even if they are just “hobby projects”. If my project is creating value for a company, then that company can afford to pay me.
I don’t like the gig economy either but I don’t think it’s relevant to my complaints.
There are different actors in play here, and each one has a different perspective. That's OK, there's enough room in the world for different perspectives.
For the company, making use of Open Source code is free labor. That's good for them. You are free to offer that labor or not.
For some developers, it's cool to write code that's used by zillions. That's reward enough.
Other developers release the code for free, but build an eco system around it. They get paid for related work etc.
New developers use it to flex their skills, and demonstrate ability (and then get upset when someone else turns it into something profitable, but that's another story).
Personally I write code, and ship as source, but it's under a commercial license (cause I like to eat.) Other companies have business models around whatever they do.
You are free to act as you wish. Which is great. We live in an economy that allows each his preferred path.
You're right. Many startups open source their products specifically to get free labor, free marketing, or whatever. As payment they release the code they write to you. Whether you think that deal is right for uou or not us up to you.
If you believe you can add value to a company then reach out to them. It's not like they're "making" you work for free.
Of course they’re not “making” me do anything, but I think they have weaponized well-meaning people to do work for them for free and masking it under some vague notion of “charity”.
You’re obviously free to disagree, but it’s why I have become disillusioned with it. I think it’s an exploitative relationship.
Plenty of people stay in violent abusive relationships when they really should leave, presumably because they feel like they’re getting something out of the relationship. That doesn’t give a free pass to the abuser.
I am not saying that companies using open source software are anywhere near as bad as a physically violent husband, I’m just saying that just because the contributor to OSS feels like they’re getting something from the relationship doesn’t absolve the corporation of its sins.
The current FOSS ecosystem feels like the tech equivalent of the “working for exposure” scam.
I submitted a PR to fix a bug in cloud-init a while ago.
It was in my interest to do so, because it means I benefit from fixed packages in the Linux distributions I use. This saves me a ton of time in not having to maintain my own packages with my fix included.
If it helps Canonical make money, then it’s no skin off my nose because I still got the benefit I wanted.
I’m not going around fixing bugs that don’t affect me, or adding features I don’t need.
That’s why I made the patch to Disruptor as well, because I needed the change and I didn’t want to maintain it. I’m not saying that that’s valueless but I still think programmers should not be giving free labor to corporations.
Canonical is at least a little better since they’re a much more FOSS-first company as opposed to a trading corporation, but my opinion still is the same with them.
Also, completely unrelated, if anyone at Canonical is reading this, your hiring process is terrible. Making people write nine-page essays about how smart they were in high school and then forcing them to take some absurd pop-psychology IQ tests and then multiple dedicated projects is insane. Whomever designed the interview process there should genuinely be ashamed of themselves and consider literally any other career.
> But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
If you're not ok with that possibility than you probably shouldn't be participating in open source.
And to be clear, there is nothing wrong with that. Its up to each individual to decide how they want to spend there time. There are pros and cons to open source, and you have to weigh how you feel about them yourself.
However, its not like this is some secret trick. Its the central tenant of Open Source (esp. When using that name instead of Free software). It should be very clear that this is happening. Its the entire point.
It kind of feels a bit like someone who doesn't like oranges, eats oranges, and then are surprised that they taste like oranges. By all means if you don't like oranges don't eat them, but if you knew you didn't like them why did you eat it in the first place?
It’s just why I have become disillusioned with it. I think companies exploit well-meaning people that should be paid for their work. I have used Linux and open source tools for roughly the last twenty years, a part of me loves open source, but I think that big corporations take advantage of this love and it devalues labor.
Which is why I have stopped participating in it. If I am doing work that provides value to a company then they should pay me for it.
Here's what I figured: Company misallocates fund. On the other hand, many engineers are overpaid from the same perspective (most of us here are, have been, or will be at some point, if we step out of the bubble and stop gawking at the acquihire next door). So I'm happy to shift my side of the scale a tad bit by donating a few k here and there. We can do the reallocation ourselves and the more who do, the more difference it can start to make.
That's the caveat, the contract you sign when you start an open source project. You have to have the mindset of simply not giving a fuck about who does what with your code and how much they make from it. Then you can be at peace. If you don't want to (or can't) adopt that mindset for a particular project or at all, that's completely fine and normal. OSS is not for you. As soon as you want compensation for your work, things start to go south. See the whole core-js situation and what went down for an example.
That’s exactly my point though, it’s exploitative. Companies will abuse the fact that you “don’t give a fuck” and make money from it without compensating you for your labor.
I am not trying to really convince anyone of anything, do whatever you want. I am just explaining why I have become disillusioned with FOSS.
Wouldn’t this still be accomplished with a freeware model? That way hobbyists could still get your stuff for free but a corporation would have a slightly more difficult time directly stealing it.
yeah, 100%. although there's strong propaganda to specifically make it open source (capital O and capital S)... the conspiracy-minded part of my brain thinks that it's probably because they can then use it.
But yeah, I've pretty much come to the same conclusion myself too - ship source, but ship it under ARR.
I think there's another innovation which hasn't really been explored yet - an "anti-copyright" cartel-style licencing, where you only have permission to use the product to make something dependant on the original product itself, and whatever you make can freely be used by the original creators and all the other participants in the cartel
The effect would basically be creating a "closed" ecosystem encouraging innovation inside it but protecting it from people stealing shit from the outside...
I don’t have a problem with using open source software, I run NixOS with Sway and tmux and Vim and Typst and a million other FOSS things.
I just don’t feel like directly contributing to helping a corporation make money without being paid. I have a finite amount of time on this planet, I don’t need to provide unpaid labor to make Mark Zuckerberg richer.
> The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce.
Really? If you find a piece of proprietary software does basically the same thing as yours, and the binaries contains the same strings/artwork, then it's reasonable to make a legal case of it. You can even contact FSF and they'll take it further.
If you can directly prove a violation dead to rights (or have enough cause for a discovery request) and you have money for legal defense, sure.
A lot of open source stuff is libraries and utilities though that is pretty entrenched in the code. It is hard to even find out about a violation, let alone prove anything.
Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
All completely true. And something you can clearly take into account when you decide what to do with your code.
You may decide its worth people using it, reading it, learning from it, exploiting it, or you may not. It's your choice.
Of course your work may be used outside of the license terms. That's pretty much impossible to enforce. That's true for most-all software, commercial or open or free. If that's your main objection to writing code then I recommend a different career. All good code is pirated. That's just how it is.
Because I think people should be properly compensated for their labor instead of directly donating it to a mega corporation I should choose a “different career”? Do you realize how utterly insane that sounds?
You’re free to do what you want. I just find a lot of the entire FOSS process kind of exploitative and why I have become disillusioned with it.
ETA:
To be clear, I have a fair active GitHub and I still post stuff on there fairly often, and even a few non-trivial things. I just have stopped compulsively putting every line of code I write in public repositories.
I can’t tell other programmers what to do, nor would I even if I could.
I am merely explaining why I choose not to partake in FOSS when I think it’s exploitive. People are free to disagree, or not care, and that’s obviously fine, but I choose to not directly contribute to it.
> Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
If you're doing something algorithmically different and unique, presumably that would show up in the assembly.
> That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
Important to keep in mind that copyright is not patents. If they are just stealing the "idea" of your algorithmic improvement, that probably isn't even a GPL violation. (This isn't fully right as they would probably have to use a clean-room design to avoid copyright infringement. My point is more that such a situation is pretty muddy and might actually be allowed)
> If you're doing something algorithmically different and unique, presumably that would show up in the assembly.
I don’t think it is realistic to expect a developer to load every executable that might use their software into Ghidra or something and try and find a smoking gun about how their code might be used, and then hire an attorney to put together a case on that. In the case of my example, Fourier transforms are used everywhere in a wide variety of applications, and if my implementation is only like 10% faster it wouldn’t be very clear to an outside observer.
> Important to keep in mind that copyright is not patents. If they are just stealing the "idea" of your algorithmic improvement, that probably isn't even a GPL violation.
I am not saying it’s legal or not, I have no idea, just that that is why I have become disillusioned with the idea of open source, and I am not convinced that a well-meaning license like GPL is a realistic safeguard against corporate exploitation.
> If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
I think you can notice that output looks similar, error messages are similar, etc. If the program is non-trivial its usually pretty obvious if its a copy or a reimplementation.
If it sounds plausible, presumably you could sue and read the source in discovery (ianal, not sure precisely how that works)
There plenty of things that won’t make a noticeable difference in the output, especially in libraries.
Let’s suppose I make a slight more efficient implementation of green threads, for example. I do not see how that would affect the output in a way that would be obvious, even if the library is non-trivial. Even if I slapped it with a GPL, I don’t see how I would realistically be able to check if they broke the license without first auditing the code, which I couldn’t do without a discovery request, which I likely wouldn’t have grounds for even if I could afford the lawyers for a lawsuit.
Sorry, I don't want to be offensive. I'm just curious about how the YC quality check for founders works and what kind of experience and support they offer besides the obvious like money and publicity, particularly for open-source software projects.
the backstory that explains it is the same silly con valley bullshit as always: low quality people doing low quality work and hyping the ever loving fuck out of it for some dumb vc bucks.
In a general sense, open source theft is bad, obviously. I have trouble feeling bad for this specific case though, given that it is a tool for cheating in interviews and tests.
I made an OSS tool to help you cheat on your taxes, screw your business partner, or ensure your ex wife cannot see the children. Someone stole the source and is backed by a major VC firm. Is the thought different at all or exactly the same? Just raising the question.
The difference is that the tool "cheating daddy" was specifically created for the purpose of cheating. Electricity, the Internet, and Google were not created for that purpose.
Cheating daddy's tagline is "If you're gonna cheat, cheat better".
Not that I'm in any way defending Cluely/Glass. Cluely's X bio is "cheat (noun) – an advantage so good it's unfair; rewrites the balance between effort and outcome."
Disclosure: I work at Google by my thoughts are my own.
The point is being "GPL evil" is GPL. Taking the code, not obtaining the copyright, and re-licensing it is a clear violation of copyright law and immoral.
We are not little children in the playground. Two wrongs do not make a right, and rights are most important for bad people
I'd be happy for a platform that encourages and facilities cheating to disappear and not be used anymore. So, on that front, I'd agree. As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
> The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
This is a fair point. Just to clarify, I still think open source theft/license violation is bad and should not be happening, even to a scummier project like this.
> As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
> Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
Which is, I think, a corruption. It's being missed in the discussion about the license violation which, to be fair, is what this thread it about but in my mind, that is the major issue.
A new product with four wheels that is used to transport people from A to B is a amazing new development! Some new 4 wheeled death machine to drive through crowds of people is an detriment to society.
The original product actually sounds kinda cool, but selling it as a cheating aid is incredibly low-value, and we'd be better off without it.
I’m sure there’s much more we don’t know about. They just didn’t get caught. Yc used to have this reputation of being one of the good guys but I guess nothing is really immune to corruption.
To paraphrase Voltaire, I mean, Tallentyre, I mean, Hall, I may not agree with what you publish under the GPL but I defend to the death your right to assert the GPL...
So when someone is actively losing their rights you feel the need to go out of your way to say you're unsympathetic. What did you /intend/ to convey with this? You support them, but at this dark moment, you felt the need to kick their shins also?
I initially downvoted you, but on second thought I’m actually a bit sympathetic to your argument. We see a similar pattern happening elsewhere. E.g. US citizens being round up by paramilitary forces and shuttled without due process to places which can almost be described as concentration camps. All for the stated crime of maybe entering the country improperly. The argument goes that they do not deserve anything else because they are ”illegals”.
Doing one bad thing does not necessarily justify other bad things done to you.
That said, I don’t like this cheating-enabling software either and think the world would be a better place without it.
There's no inconsistency in holding both of these positions:
- the original software is clearly unethical, and I bear no goodwill toward its developer
- I support the consistent enforcement of the GPL
In a case like this, I think it's natural to state both points. If we only focus on the second, we may be contributing to a groundswell of support for the original project/developer. That's distasteful when we only want to narrowly support their right to have their licensing terms respected.
Here you are OP, a little closer to idiocracy by your own actions and by HN zealots here, and all you SV tech bro wannabes who participate in this day by day ever more fake economy.
Propel and fund into the world the product with sole purpose to pretend, to cheat, to fraud everyone, then to make "open source" version on this, and then to complain that someone stole it from you, to fund and sell even more sophisticated product with sole purpose to pretend, to cheat, to fraud everyone.
This maliciously deliberate hustling behavior, fake it till you make it, feel good, superiority complex, reality distorted, this version of society, a bubble, a community, open source, call it, or wrap it too sell whatever you want it, this all post-post-modern obscenery will be ruin of you all.
Is this from the same Soham that is doing the "job stacking" scam to many companies? These people make the tech HR a nightmare for all others and a big reason for the back to office drive
There's actual good reason for that. the X Formally Known As Twitter company has a content weighting system that punishes external links, regardless where the link is pointed to. So apparently Mr. Soham did the smartest thing to give that post the best chance to spread.
BTW, the X Formally Known As Twitter company is not the only one who conduced the world to this, all big names do link restriction. Look what we've become, such nice world :)
Yeah, once someone posted a link I could read, I saw that. Bummer, looks like they ripped it off and sounds like they're currently doing the usual backpedal. Sorry your project got the wrong kind of attention in this way, I also (eventually) read into your tone while reading through your repo, and I understand much of it is tongue-in-cheek. It softened my position a bit. Hope you enjoy better luck in your future endeavors.
Edit: Fun fact, I cannot edit my original comment. But over-zealous flaggers seem to have taken care of it on my behalf. Unclear as to what about that comment deserved flagging, I guess raising concerns for the OPs admittedly problematic project is broadly the same behavior as the racist troll account who was previously active in this thread. Well done moralizing my original moralizing. The irony is…well pretty mundane in this case, really.
You could name a project any number of completely weird and absurd and offensive names, and it would have no bearing on the matter at hand, which is that code was illegally stolen and relicensed without the consent of the author. This is not a moral issue.
You yourself admitted that your original comment was harsh after the author responded to you.
lol, I'll bet you $10 that the name is exactly why they got themselves into this mess. Had the name been something like "meeting-agent" or some corporate friendly name like that, they probably wouldn't have tried to hide it so much.
This being on page 2 with 247 upvotes in the three hour time period this post has been up is surprising to me. I wouldn't be surprised if @dang is suppressing it (but I'd also be happy to hear that it's not being suppressed).
It's pretty spineless for the Pickle team to come out and pretend they mistakenly re-licensed GPL code. Hilarious.
> in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache
How can you write a sentence like that in good faith?
The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
This principle goes right back to pg days, and was the first thing he taught dang [1].
That said, it doesn't mean we avoid moderation at all and it doesn't mean the guidelines all go out the window.
Different factors influence the story's rank and visibility on the front page: upvotes, flags, the flamewar detector, and settings to turn these penalties on/off. I'm actively watching the thread to keep it on the front page, as per the rule.
That said, the guidelines ask us to avoid fulmination and assume good faith. Whilst it's fair enough to criticize and question a company when they do something like this, we can also be adult enough to look the evidence before us and recognize that this was most likely a dumb mistake that they've moved quickly to correct.
Setting the license text is an explicit act and it seems fairly unlikely for anyone who creates software to think they can relicence GPL code or to think they didn't need to Google it first. Doing something that you meant to do isn't a mistake it's a choice.
It seems more likely that they didn't think anyone would notice.
> It seems more likely that they didn't think anyone would notice.
Maybe, but if that's what they thought (and I have no idea, I haven't spoken to them or anyone else about it), it's very foolish, because this kind of thing will always get noticed eventually, especially if the project becomes successful.
YC tells founders that one of the fastest ways to kill your company is to base your product on code that's not legitimate to use (i.e., that you didn't write yourself or that is used in breach of its license). That's because it's one of the fastest ways to kill funding rounds, acquisitions and enterprise deals. Not everyone listens or understands.
It even asks (or at least it did the last time I checked) in the application form, if you wrote your code yourself, to raise the issue of IP ownership/licensing from the start.
The evidence clearly shows it was not a 'dumb mistake'
They claim they wrote the whole thing in 4 days. They did not attribute the original author in ANY way.
They clearly showed they intended to steal the authors work and sell it as if they wrote it. YC has just become such a dumpster fire if that kind behaviour is even remotely accepted or called a 'dumb mistake'
This comment [1] from dang a couple of years ago touches on our reasons for not publishing a moderation log, and links to many more explanations over the years.
We're happy to be judged on the outcome, which, in this instance, is that the story has been on the front page for hours and everyone is able to have their say.
> And as these events keep happening, your credibility erodes.
YC has invested in thousands of companies by now and hundreds of new ones per year. That includes many founders who are young and inexperienced, and also plenty from diverse backgrounds, which, now that I've had time to dig into it, seems to apply here. Screwups are going to happen, as in every part of life; the law of large numbers guarantees it. What matters is what people do to make it right.
They committed the (presumably ripped off) repo yesterday, changed the license from GPL to Apache, and now have changed it back (presumably in response to this thread).
Anyone that wants to have some rights to their code shouldn’t open it. If other people have access to your code, license absolutely doesn’t matter at all.
Some person living in china/russia could have done a similar thing and all you can do to them is complain on the internet. Big corporations could even falsely sue you because “you stole their code” maybe?
No matter the license someone can just take the source code and use it however they like unless you have a concrete plan to stop them. I used to feel like licenses actually meant more but seeing a lot of examples of it made me realise this
Hi everyone, this is Daniel from the Pickle team. Glass is a new open source project from us that we plan to build on and improve. We built several original features for it like live summaries, real-time STT Transcript and one-click "Ask" from summary that we're very excited about. However in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache. This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly. We are sorry to the original author of the project, Soham (CheatingDaddy), and thank him for pointing this out. We are also sorry to the open source community for messing up here. Thanks everyone for caring about this.
Hiding the entire history of this incident[1] behind a force push[2] to make it seem as if credit was given and proper license was chosen from the start really displays a lack of integrity, and tells me it’s definitely malicious (which should be quite clear from zero mention of the original project to begin with, but this act reinforces that) rather an inadvertent screwup.
I don’t think the rebase is malicious. Would they even be allowed to continue distributing the older commits (where they claim an Apache license) or would that be to perpetuate the license violation?
I'm too jaded to pointlessly debate all the misunderstandings about copyright and licenses. Bottom line is, this case is clearly not going to court, so there's no entity allowing or not allowing them to do anything, the only thing that matters is does this act of hiding enrages the original author even more? My answer to that is yes. Plus that old commit is still there, accessible after a couple of rather obscure clicks, so it's not even taken down if you want to debate technicalities.
I think the assumption that the license.txt in a given revision is accurate an applicable is erroneous. One is expected to follow the license.txt in the main repo regardless of revision.
Absolutely not, if a project relicensed and someone on earth did a git clone with a previous license that gave some specific rights, the previous commits keep their license (or if the license was incorrect you can go to court)
If so, well, I guess good for you; but the rest of us sometimes screw up. There needs to be a path for redemption. Admit you were at fault, make it right, do better next time.
ETA And, it doesn't matter whether people do the above steps because they "really mean it", or because they're just afraid of the consequences otherwise; any more than it matters, from a societal perspective, if people refrain from stealing or murdering because they're good people, or because they're afraid of being thrown in jail.
They were given a chance to admit they were at fault. They instead bullshitted about “sloppy work”. You just don’t accidentally take someone else’s work, strip their name and brand it as your own, and brag about “built in three days” or some shit.
And even if they handled it very gracefully afterwards, don’t expect everyone to be happy about it. That’s Mashimo’s problem isn’t it, someone’s gonna criticize regardless. No shit!
Btw, I have never ever taken someone else’s work and brand it as my own without credit, or cheat someone in any other way (or at the very least, never intentionally). Thank you for asking. I don’t think that’s a high bar to clear.
> They were given a chance to admit they were at fault. They instead bullshitted about “sloppy work”.
So just to point out, here you're complaining about them not performing step 1 on the redemption path sufficiently well. That's a fair criticism; but I'd point out that the "Just admit you screwed up and don't try to explain because you're just making excuses for yourself" principle is neither so self-evident nor so well-known that it's fair to expect everyone to magically know it.
What Mashimo's problem is that with regard to the "make it right" step, it's really not clear what to do in this case regarding the git history. Do you take it out? People complain you're trying to hide your sins. Do you leave it in? People complain the other way too.
This shows that the right answer is not self-evident; which means we need to cut people slack. It also means that we as a community need to figure out what is the right way to "make it right" when people do a bogus relicensing, so that there's a clear path to redemption.
But your response to Mashimo wasn't trying to help define a clear path to redemption; your response was basically, "If there's no path to redemption, that's your problem, you shouldn't have screwed it up in the first place."
That attitude is only going to harm our community in the long run. If there's no way to redeem yourself, why bother doing anything at all? Just keep claiming rights over the source code and tell the author "so sue me", knowing there's no way he'll get a fraction of his legal fees back. Or, abide by the letter of the law but don't admit fault.
> Btw, I have never ever taken someone else’s work and brand it as my own without credit
So it's, "Some things need a path for redemption and other things don't." And as it happens, the things that don't need a path for redemption are things you've never done.
> "Some things need a path for redemption and other things don't."
I'm not putting them in jail. I can't even criticize them online? Who's in the way of their redemption, whatever that means? Yeah I'm proud I'm not guilty of shady shit, now kindly get off my lawn with your moral relativism.
No I'm not. I'm not saying there should never be any consequences. But there should be a way to make things right again, even if you did it on purpose.
You might be lucky with the original author not suing you. I'm not sure your backers will be equally kind. I certainly wouldn't, depending on what exactly you told your investors we may be looking at straight up securities fraud here.
> And we're VC-funded! Doesn't that mean we can do whatever we want?
Side remark: Since YC claims all the time that they invest in people, not in ideas, YC should perhaps part from the people behind Pickle very fast, since by their investment YC rubber-stamped that the people behind Pickle are great ones (but not necessarily the product of Pickle), something that YC perhaps does not want to uphold anymore. :-)
Calling it sloppy work is too charitable. It's one thing for others to give you a benefit of the doubt, it's absolutely crazy that you yourself are doing it. It's clear if the other guy did not speak up, you would not have "corrected" the incorrect attribution. Your entire repo uses the work from someone else, and you did not even credit the person who built it until he called you out for the deception.
If you had any semblance of respect for the work of others and what is right you would sincerely apologize and shut the project down instead of rolling with it.
I love comments like this ^. It provides a solution to the table, rather than conversing the problem over dinner.
IMO This sounds pretty fair to me. Publicly apologize somewhere, and link OP to it. I like that. Or come on, at least Venmo "the kid" $1000 -- "a kid" who saved you time, and is putting food on your table.
"A kid" whose idea you took and profited on. Wow, just realizing upon writing this -- what if Pickle CEO has kids, and one your kid reads this?
Hard to say that your work isn't derived from a GPL project if you quite openly are reimplementing a GPL project you used at the core of your own project.
> This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly.
There is no fix. Your work is derived and should be/will be licensed as GPL. You do not want to accidentally succeed and then find you have nothing. You are being a smart-ass here.
Cut the grandoise talk. You stole someone's work and now you just shrug it off as "incorrectly attributed as Apache". That's not a mistake, that's a deliberate action plan. The force push others have mentioned is the proof. Atleast be honest in your apology.
I hope YC takes serious action and eliminates you guys from their cohort if you're still in one. This reflects very poorly on them otherwise.
If it was 'just' a licensing slip up sure, but there's still a lot of integrity issues here despite that. The presentation of "we created an open source library to do X in just days" comes across as a lie right?
I feel like ycombinator leads may want to look more deeply into this one. If they are presenting it as something they've achieved that's an integrity issue right?
This is the crux of it all to me. Anyone in the industry knows mistakes happen all the time but the braggadocios nature rubs me the wrong way and spits in the face to those of YC who do indeed have integrity.
It's baffling why someone would do this tbh. It's not like the base project is some spectacular piece of engineering that would be very costly to replicate.
I'm guessing they just looked at it as a jumping point. It probably went something like:
- We know how to polish an electron app
- here is a barebone electron app with an interesting idea
- Can we build a polished UI around this, and give a demo?
The baffling part is, had they just disclosed that, no one would have given a shit. Plenty of demos begin like that: "here is a cool idea we found, here is that idea on crack". is a very common demo pattern. But of course you can't give a shout out to 'cheating-daddy' at YC demo.
It's like a fine student at a fine college, in a class they are doing fine in, then they decide to copy their friend's cover letter because "eh", then they get caught and now what? wtf would you do this?
Like the frog in the parable,[1] people with integrity often struggle when they attempt to understand the motivations of people who cheat. “Why would they cheat in this particular situation?”, they ask themselves. “It makes no sense!” Well they are cheaters. Cheaters cheat.
1) I once was in a position where I had root on the linux boxes at a large corporation because I had been a sysadmin there and even when I changed roles, I was never removed from sudoers. Years later there was an accusation that someone had stolen source code and taken it with them to a new job. On its face this made absolutely no sense whatsoever - the system they were accused of stealing was a complete pos in the middle of a complex ecosystem so even if you had it, you couldn’t use it without all the other pieces and in any case, it was old and outdated and just total garbage. Anyway this accusation was somewhat hush—hush so the cto came to me and asked me to just look into whether or not it could be true. Sure enough, there in his bash history I could see him checking out the code and pushing it to an external repo. It made absolutely no sense, but he had indeed stolen the source code to a system that was a total piece of junk. He ended up with a criminal conviction, he lost his shiny new job, his wife left him etc. It was very said and baffling.
2)Second example, fast forward some years and I was working for a saas provider. We had won an initial proof of concept and were negotiating a 5-year, multi-million dollar contract. At the same time, our client asked us to just do a free two-week spike on something unrelated. We had to sign a (different) zero dollar contract to cover licenses, liability etc for the free spike. The same purchasing lawyer was working on both contracts. The usual contracting process is you send the contract over to the other side with some markup and comments, they make some markup and comments, you propose language, they amend it, they propose language, you amend it, eventually everyone agrees and you make a clean copy and both sides sign. While we were doing this for the big contract, we got to the point of signing the zero dollar contract. At the last moment with everything agreed, the other side said they would make the clean copy. They sent it over to us and when we did our final check before signing we found the guy on the other side had meticulously gone through and made a version which accepted all their changes and backed out all of our changes. This required a lot of extra work and could not have been an accident (think cherrypicking commits and fixing all the merge conflicts using only MS Word revision history), and it was on the zero dollar contract so there was no conceivable upside except he could say he “won” somehow by tricking us. All this while we were negotiating the multi-million dollar multiyear contract. It made absolutely no sense whatsoever to do what he did. There is no way to understand why he decided to do it, but he did it.
So yeah, don’t even try to understand why some people do the unethical things they do. Scorpions gotta sting. It’s just what they do.
> let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
What a poetic formulation? In reality, they deleted history and they put a license that allows the "freedom" to let them monetize the code. I wonder how's the original author more free with this license? How is anyone more free? Sounds like the license was "accidentally" "too free" in a way that only made themselves more free.
> people monetizing something you open-source isn't stealing.
It's, in fact, the precise definition when the open-source project uses the GPLv3 license.
yes, but sublicensing to even permissive ("free-er") license (GPLv3+ to Apache2.0) is a violation of license.
GPL is supposed to viral, if you are using project adopted that, you are taking the risk with it.
If you are just changing the license and took the code, that's wrong and need to get an attention. If anyone could go just yoink and relicense the GPL code to other permissive license was "legal", the https://gpl-violations.org wouldn't exist in the first place (i.e. you can just take the linux kernel code and rename it something like "mynux", redistribute in bsd-3 clause and "don't distribute the derivative part").
It looks like they've squashed everything into a single commit, since there's only a commit on their repo right now that was pushed 28 minutes ago (as of this comment).
That's probably the right thing to do Git-wise, because licences might not be retroactive.
The license they used was less free than the GPL license. Laundering GPL code into projects with licenses that aren't as free is classic copyright infringement.
From what I understand, it would be a breach of contract at minimum (based on what I remember from past discussions of this sort of activity involving different participants).
If someone else has a better idea of what “forking GPL 3 source code and using a different licence” would be, then please let me and others know.
If you don't follow the license, then you don't have a license to use, distribute or modify the code. So then you get into copyright violation territory, up to $150,000 per infringement in the US if it's intentional.
Sadly in my experience various courts have taken a stance that violating GPL does not cause monetary damages, because the software in question is free.
I somewhat doubt they can since in the US the BusyBox lawsuits pretty much all ended with the infringers settling and paying out, and those that didn’t settle, busybox won[1]. I would think that, and the original artistic license lawsuits (which were decided on by the US court of appeals) established that infringing open source softwaree licenses is a copyright infringement.
You can read the text of the GPLv3 license itself; it has a specific provision for this case.
> "Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."
Realistically this will probably just have a reputational cost for Daniel Park/Pickle. Whether he intended to or not, some amount of people will associate “pretends to make things that he did not make” with him because of this entirely unforced error.
https://xcancel.com/soham_btw/status/1940952786491027886
The clone now has more stars on GitHub than the original work, CheatingDaddy. What's funny is that in a week, most likely nobody will remember that the code was stolen, thus Pickle will probably be fine with their new, shiny, popular project, which will be featured in GitHub Trends.
It's the same with another Soham, who was moonlighting for years. I would not be surprised if he starts a company soon, given the fame he has gained.
Marketing wins.
I've seen this kind of thing happen even with very small projects, where there's no marketing department or business goal attached. I've seen attempts to erase the history of forks, projects repurposed from others in order to retain GitHub stars unrelated to the repo's new purpose... not for a supply chain attack or something like that, but out of sheer vanity. Sometimes I see people talk about those projects on HN, and if you weren't there when it happened and very interested in some very niche software at the time, you'd never know.
It's a wild world.
It's all about marketing sadly. Marketing and connections. This industry has been full of theft for years.
[dead]
"Fair enough. Since this was our first OSS project, we didn’t realize at first. We’ve now revised it. Thanks for your contribution."
We didn't notice that we copied your codebase, changed the name then pretended to have built it in four days?
Good grief.
This isn't just a license compliance issue! Even if it were compliant with the license, like if the license has been a permissive license with no attribution requirement, this is still sleazy and plagiaristic behavior. Sometimes (often!) what is right exceeds the legal bare minimum.
"we are sorry we got caught"
I would be running for the hills if I were YC. This is the kind of attitude that ends up in lawsuits.
YC is the company that (to this day!) has Yotta - a borderline scam to take advantage of financially-illiterate people - on their website after the whole thing has completely blown up and most customers lost their savings: https://www.ycombinator.com/companies/yotta
Oh, and now they have their own rendition of the "Aviator" game often advertised by unregulated Eastern-European online casinos: https://members.withyotta.com/moonshot/. You can't make this shit up!
I wrote off YC after this. Maybe early on it was a mark of quality and good due-diligence, but now I'd argue it's the outright opposite - if it's funded by YC, buyer beware.
Did you not understand what YC was? They're essentially an investment bank that doesn't accept new clients. They make money, they're not a charity. Quality only matters insofar as it drives sales and doesn't create liabilities.
>They make money, they're not a charity.
I know it can be shocking to some people to learn this, but you can make money ethically.
Unfortunately, that's not how someone gets that third comma in their net worth. The billionaires that so much of American society worship didn't make all of that money by being smart, kind, honest, or ethical. They made it by being dishonest, morally flexible, and ruthless.
Especially now, business ethics are for the "little people." The modern billionaire class no longer cares about even keeping up the appearance of decency.
There's a lot of "comfortably wealthy" available between "charity company" and "billionaire" which can be achieved ethically, though.
There absolutely is. If you're absolutely gunning to get a billion dollars you won't be comfortable with any amount of money.
These people are hungry ghosts.
> you can make money ethically
That's good, but what if the goal is min-maxing money making? Everything else becomes secondary.
> doesn't create liabilities
But you'd think that would include doing sufficient due-diligence and steering their companies away from scams or unethical activities no?
> Did you not understand what YC was? They're essentially an investment bank that doesn't accept new clients.
They rather sell themselves as early-stage startup incubator.
See https://www.ycombinator.com/
"We help founders at their earliest stages regardless of their age."
"We improve the success rate of our startups."
"We give startups a huge fundraising advantage."
and https://www.ycombinator.com/about
"The overall goal of YC is to help startups really take off. They arrive at YC at all different stages. Some haven’t even started working yet, and others have been launched for a year or more. But whatever stage a startup is at when they arrive, our goal is to help them to be in dramatically better shape 3 months later."
What do you think a "startup incubator" does exactly?
I thought tech companies were supposed to move fast and break stuff.
I think that phrase was coined in an era when the tech sector moved so fast that the prevailing law couldn't keep up. It caught up somewhat, but obviously there's still much leeway for improvement. Break all the wrong habits, rigid conventions and old traditions you want, just play along with the governing laws.
> the tech sector moved so fast that the prevailing law couldn't keep up
That's an extremely charitable interpretation.
A more realistic interpretation is that the law was up to date, just that enforcement couldn't keep up because 1) nobody expected such a brazen level of breaking the law and 2) justice doesn't really apply when you have enough capital.
> A more realistic interpretation is that the law was up to date
While I wouldn't disagree with your sentiment, just keep in mind that the General Data Protection Regulation (GDPR) got implemented 2018.
Little known fact: GDPR replaced the Data Protection Directive (95/46/EC) from 1995 which itself replaced the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, written in 1981. Now if you compare these three, there is enough details to get an undergrads degree in law, but on the high level the tenor did not change much. Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules. Well one of the details probably mattered: the fines went up considerably.
> Those who were struggling in 2018 to meet GDPR criteria before the grace period of two years ended were most likely not struggling with details, but in blatant violation of almost 40 year old rules.
At least in Germany at the time of GDPR, the startups (and also bigger companies) were struggling with the insane amount of compliance requirements, and the uncertainty how to actually interpret these legal requirements also in terms of federal law.
In other words: these (German) companies (and startups) clearly obeyed the spirit of these, as you say, 40 year old laws, but struggled hard with the formal red-tape requirements of GDPR.
I was thinking more about regulations around taxis, short-term rentals, etc for example.
As an aside, GDPR enforcement is so lacking (even today) it doesn't register on anyone's radar beyond those that fear-monger about it or sell snake oil to pseudo-comply with it. But even then, keep in mind most of what the GDPR has was already part of many countries' own legislation, and things like spyware were illegal even in the US (but again laws don't apply if you are a company and have enough capital).
> As an aside, GDPR enforcement is so lacking (even today) it doesn't register on anyone's radar
That’s not really true, every app offers some version of “Download your data” these days as a result of GDPR.
IMO that phrase came about when old tech companies (the IBMs of the world) had
In this context, pushing a change to SVN/git/hg, having tests run automatically, then having CI/CD push new code to production, all as a side-effect of one engineer push a button? That was moving fast, and occasionally, breaking the whole website. But we got better tests, better CI/CD, metrics, green/blue, ... We learned it was unequivocally better than the old way.[1] Reserved Checkouts: https://www.ibm.com/docs/en/clearcase/11.0.0?topic=ucm-check...
Its original intended meaning was sometimes breaking your social website, not laws.
As far as I understood the original meaning, it was about "not being too careful", and err on the side of breaking things, in the name of moving forward faster.
It ended up meaning something else, but back then this is how I understood it.
So what?
YC doesn't invest that much into any individual company and that's the most they would lose in the worst case scenario. So even if they behave badly they have a capped risk but unlimited upside
They're far more likely to just fail for other reasons, lawsuit is not going to happen regardless
"In our next OSS project we will steal more carefully"
It does seem really shady to not even offer a sincere apology.
> It does seem really shady to not even offer a sincere apology.
At least they attempted: https://news.ycombinator.com/item?id=44461271
This is the type of shit YC invest in? It has been like this for a long while. So fucking shady.
One starts to wonder whether the LLM vendors laissez-faire approach to the legality of ingesting copyrighted / licensed material will start to infect the industry in general?
I think it will push opensource/ free software hackers to close source their code because it is being used to feed LLMs. Similar to how allot of hardcore free software proponents don't use Github. Is closed source the future?
> Is closed source the future?
No. I don't believe that. I personally want my code to outlast me and help people in the future, but I don't want allow anyone to just scrape it, strip its license and use for whatever. I use (A)GPLv3+, because I believe in "Freedom for the user", not "Freedom for the developer" which permissive licenses provide.
My code is not free labor for anyone. It has conditions attached.
This will not stop the AI companies from using it in their training data.
This is the problem that AI solves, though: rather than steal our code directly, now the thieves will just ask their favorite AI to generate a new project that does exactly what our (A)GPLv3+ projects did, which it will be able to do only because it read our code. And, even if the result is eerily similar to what we publish -- we might, after all, be one of the few good examples in the training set for this problem -- it will be difficult to demonstrate, as the AI is more effective at the process of laundering licenses than a human (and no one seems to want to admit that, the same way that a human can be tainted by reading the source code of a project they want to reimplement -- making them have to walk a tightrope if they later want to develop anything similar -- an AI might be similarly tainted). In this shitty new world, our code, is, in fact, free labor for people who are using Cursor to rip it off.
Ouch!
I believe in OSS. But damn. I had not really considered this move.
I had a stray thought and that is most SI content I have looked at has watermarks of a sort. Perhaps this could be used?
I dunno, even after considering that move, I'll continue to publish FOSS like before.
I always did it without any expectation of gains from it, and with the intention for people to use it for whatever they want. That calculation hasn't changed, even considering machines will slurp it up now.
I do agree that it sucks for people who do care about what the code is used for, and I hope these people migrate to other licenses that support their ideas about control and ownership.
From an open source software perspective, I don't understand the feelings around LLM ingestion.
The models isn't generally recreating your software, but might be spreading your way of thinking in pieces.
I get it from the artists and to a lesser degree, writers. I just don't understand it from software projects.
I guess if you think of it as something to replace you, but since you are already a creator, it is also a way to unlock much greater capacity for turning your ideas into solutions.
I, for one, deserted GitHub, and do not use for anything else personal anymore. I'm not against permissive licensing, but all my code will be (A)GPLv3 or later.
A particular project I'm working on will be on a private Git server until I complete and open it as a package. Even after that, I might keep the development closed and release tarballs only (aka Catherdral Model).
All code I write is also AI-Free.
It won't be possible to trust in people for a long time, it seems.
if you ever used github for anything other than agpl3 you're doing it wrong
None of my personal repositories are licensed with a permissive license. All of them are GPLv3, however I have found GPL licensed code in “The Stack”. Moreover, there’s an ancient and deleted tweet which confirmed GPL code (in fact any open repository) was used to train copilot in the beginning. As a result, I can’t trust anyone from now on.
I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Do you owe everyone you have ever read a royalty for influencing your writing style or voice? How about for all the other things you have leaned and become competent in?
There is a bigger issue here that is related to what humanity actually is and how we have been abused for many decades and several generations now, to the point that the abused generations have become the abusers of future generations simply because they are mentally trapped, addicted even.
A good uncontroversial example of this may be the excessive and deficit spending of governments, all based on what otherwise would be considered loan fraud, which is called national debt. It is used to keep perpetuating this system we call an economy because it has been so “successful” over ~100 years of “line go up”, solely because everyone wants the gravy train of reckless good times to continue forever.
Unfortunately for some generation of the future (maybe even our own), it simply cannot go on forever, so it won’t, because it is by definition unsustainable. But the goods times and “success” everyone sees everyone else having, keeps people from stopping the insane and utterly suicidal process of not only consistent, but accelerating addiction to every greater deficit and debt loan frauds called the national debt. It isn’t “Trumps fault” it “Biden’s fault”, or any other totem that can excuse or own actions. These are forces we don’t even understand any more than we are blindly changing at breakneck speeds. And if anyone tells you they understand these forces they are simply lying, when we cannot even understand the most basic concept of the fact that there is no alternative to this planet… as we destroy its ecosystem that produced us at ever accelerating speeds, in millions of different ways.
It’s quite similar if not the same as any other process we call addiction; we know it will cause ruin, yet we cannot extract ourselves from the endorphins, so we just keep lying to ourselves.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Humans don't read other codebases en masse. Hell, I haven't read the entirety of our own codebase. I learned by doing, from books (that I paid for or legally borrowed), and yes, by looking at a small amount of other people's code (permitted by the respective licenses).
Humans are not remix machines, AIs (currently) are.
Plus, humans do not remember any code base they read verbatim indefinitely, strip its license and mix into any codebase regardless of its license.
Moreover humans learn and evolve their knowledge from other experiences other than books and others’ code.
As you said LLMs just remix something semi randomly according to a weighted graph with no underlying knowledge or understanding whatsoever.
Exactly. I could from memory recite the main story beats of The Lord of the Rings, and probably even get to the detail of all major plot points and some minor ones, and maybe even some famous phrases.
An LLM unburdened by restraint could like produce page upon page of story nearly identical to the original.
Even if this was Apache in the first place, you're not supposed to remove Copyright lines in source code.
That's not the kind of thing you can reasonably say "Gee, I didn't know!" about, either.
Sorry for your story. In those days open source is REALLY HARD. Put your github link here and we will support your project by starring you and spreading your project. You definitely need to fight back.
Not the developer, but here is his repo:
https://github.com/sohzm/cheating-daddy
As an interviewer, I'm seeing a huge increase in proportion of candidates cheating surreptitiously during video interviews. And it's becoming difficult to suspect any wrong-doing unless you're very watchful by looking for academic responses to questions.
Why would anyone encourage building such a tool, I can't fathom.
When interviewers use LLM gargbage to filter out participants, expect candidates to do the same.
I don't use LLMs to filter out participants and I expect candidates not to use LLMs to cheat.
Some first/introductory interviews are now "powered" by AI. As in, the interviewee gets an AI bot that evaluates them. I'd not be surprised if this takes over and becomes standard.
For now, this is perhaps a blessing in disguise: it tells you that a company is all aboard the hype train and that leadership is seriously lacking in critical thinking and judgment. That can certainly save you from wasting more time with them.
I really, really hope this does not become a "standard". Ugh.
Don't candidates also get a say? If a company asked me to jump through that hoop I'd have a simple one-word response. "No"
If enough good candidates have that reaction, it will become a prestige marker for a company to not use AI screening to give them access to the best candidates
Have you tried putting yourself in the perspective of the humans trying to find a job in a market that is turning over now and was already dystopian before AI was injected into a dystopian, hellish process of “putting on a tie and using a firm handshake” to apply into the void.
I'm afraid that thanks to this escalation hiring will be even more IRL-connection based.
This is so stupid. One of the main reasons it's become a dystopian, hellish process is because people cheat; proliferating cheating will make it even worse.
Lying and cheating on a job interview isn't a victimless crime. You're harming the company and all your coworkers when they hire you into a job you're not qualified for; you're harming all the other actually qualified candidates that didn't get hired instead; you're harming yourself, when your salary comes from a company who rely on you to give something you can't give them.
> they hire you into a job you're not qualified for
Interviewing has long been disconnected from the actual job.
> who rely on you to give something you can't give them.
That's what firing is for.
> That's what firing is for.
"I only harmed the company and my coworkers and myself for a year, before they had built up enough of a case to fire me."
That's a year they could have been paying someone competent, rather than working around your incompetence.
I sympathize with your point, but if it takes you anywhere close to a year to figure out that someone faked their way into a position... that's bad.
Well be prepared for it to get MUCH MUCH worse, two AI agents battling it out trying to get each other to mess up. While all the human have no idea what the hell is happening.
Then you can't compete with other recruiters who do. "AI" will take your job!
Get ready to start having some fun in your interviews. Start including things like redirection of focus through general statements, unrelated (and false) trivia, and misleading suggestions in your interview questions. Most of the humans you'd like to hire will ignore those or ask you about them.
Many LLMs will be derailed into giving entertainingly wrong answers:
https://arxiv.org/pdf/2503.01781
It's pretty simple - people need to eat (and fulfill other basic needs, of course), to eat they need jobs, to get jobs they need to pass the interview. The hiring process in a lot of industries is heavily gamed at this point, to the point that not cheating is basically an automatic fail. So, if you want to eat, you cheat.
> The hiring process in a lot of industries is heavily gamed at this point, to the point that not cheating is basically an automatic fail.
This sound a bit of "thief thinks everyone steals". Interview preparation is normal and common but I don't think cheating is. May depend on the location of course.
The "heavily gaming" happens before the interview. When you reorder and edit your resume to have the right keywords to get on top of the LLM/intern sorted pile.
> if you want to eat, you cheat.
I can totally understand thinking this way out of desperation, and being lulled into thinking it’s this simple, but it seems short sighted with hidden complexities. First of all, it’s risky. If you get caught, you don’t eat, and it could follow you and prevent you from even getting in the door elsewhere. Companies are always going to be watching for cheaters, they are always going to have more visibility than you into what interviewees are doing, and they are always going to have more resources. Even if you do cheat and get hired, it quickly becomes obvious that you’re unqualified and can’t do what you claimed, and even if you don’t lose your job, you’re less likely to get promoted. Being lazy and amoral about interviews seems like a trap people set for themselves.
The good news is that a lot of companies are starting to allow AI during the interviews, and suddenly it’s not cheating. But of course that means you need to be good at using AI and interviewing and programming, you won’t be able to cheat and rely on the AI to do your talking for you.
Doing whatever it takes to get the foot in the door may be encouraged, but only to a point and I think out and out cheating is probably crossing a line... As would murder, arson etc. etc.
If cheating means asking someone in the company you're interviewing for a peek at what will be asked then great. In my book that's using leverage.
Reviewing previously posted interview tests is probably recommended.
Hooking up a copilot to answer interview questions for you in real time is probably less so.
> If cheating means asking someone in the company you're interviewing for a peek at what will be asked then great. In my book that's using leverage.
In my book that is unambiguously unethical and should get the contact fired. I am shocked to see this approach promoted in such a blasé manner.
I won't use it, but I do see it as somewhat symmetric. If the interviewers are using AI or expecting you to use AI for these tasks once you're on the job, then it doesn't seem completely immoral.
That's assuming all interviewers are using AI. And if it's not immoral, why do it surreptitiously?
Not just interviewers, but tasks at the company. How many companies are not allowing you to use copilot or similar once you're hired?
Morality and restrictions are two different things. Just because someone makes up a rule doesn't mean it's morally enforceable.
Probably you've been out of the getting hired game but I had a glimpse of it last year: absolutely terrible.
When I started you'd send a mail to the company directly about a position, you'd go to the office, have a short interview, meet the team and they'll let you know. That's it.
Now it's 2 rounds of HR bs, 3 layers of tech interviews, then meet the CEO/CTO/etc. And then references and then a final "chat". And you still can get ghosted at literally any step, even at the final cozy chat, just because of "vibes".
And throw in companies sending you leetcode even before talking to you and you can see why one would want to get through the bs.
I still stand about my favourite approach for tech jobs: intro and tech chat (1-2h) about your resume, what you'll be doing and anything you might have questions about (no challenges or stupid riddles). Then, if everything goes smoothly, you get a 2 weeks contract and you are in probation. If everything goes well, you get another contract for 3-6 months (up to you to accept or not) and then you get converted to permanent if everything went well for both parties.
I actually like your idea of a probationary hire, but you can see this is just an even longer extended interview, right? If companies were to adopt this model en masse, they would over-hire and then drop most people after the first 2 weeks, and you’d be out looking for another job, having wasted even more time than 5 rounds of interviews, and being unable to interview for multiple jobs at the same time.
Software interviews and hiring have definitely changed over time, and I know it’s harder right now, but I think we’re seeing the past with slightly rose-tinted glasses here. It was never only just one short interview, there were applications and emails and phone screens. In my career, I’ve always had multiple interviews and technical discussions during job applications, even back in the 90s. Getting hired, for me, has always taken several weeks end to end, if not longer.
There are a bunch of reasons interviews are getting harder, and people trying to game the system and trying to cheat are one of them, a big one. Think about it from the company’s perspective: what would you do if the volume of applications you got started far exceeding the number of positions available, and an increasing percentage of the applications you got were people unqualified for the positions but adept at pretending? More face time vetting before hiring seems like the only reasonable answer.
Other reasons why interviews are getting harder is that software jobs are more competitive now, and possibly relative pay has gone up. If interviewing was easier back in the day (and I agree that it was), it’s because there wasn’t as much competition.
A two week probation means that nearly all candidates will need to quit their current job to do the probation which seems unlikely to be popular with candidates
Right. The only way I’d accept an “opportunity” like that is if I’m unemployed.
I am old and thankfully out of the getting hired game. I was cleaning out some files (paper!) recently and ran across correspondence from old job searches. As you said, single visit and decision. I was also struck by the number of letters from companies thanking me for my resume and politely telling me they were passing but would keep me in mind for future openings. It was not uncommon to receive a letter directly from the hiring manager thanking me for coming to an interview.
there was already a paid and closed source application, i didnt create anything new
> unless you're very watchful by looking for academic responses to questions
I've noticed that a lot of the supposed hallmarks of "AI slop writing" (em-dashes, certain multisyllabic words, frequent use of metaphor) are also just hallmarks of professional and academic writing. (It's true that some of them are clichés, of course.)
It seems like most efforts to instruct people on how to "fight back against AI writing" effectively instruct them to punish highly literate people as well.
I think it's often still possible to tell human writing that uses some of the same tropes or vocabulary apart from AI writing, but it's very vibes-based. I've yet to see specific guidance or characterizations of AI writing that won't also flag journalists, academics, and many random geeks.
Honestly, why would you care? IF, and this is a big if, you are confident your interview process accurately assesses the abilities of candidates to carry out the role, then why would LLM assistance even matter? Are they not going to be allowed to use LLMs on the job?
This faux-outrage is just showing how broken the whole hiring process is in tech.
Stop giving people puzzles and just talk to them. If you're unable to evaluate if someone's a good fit for a role then you either need to learn more about effective interviewing, learn more about the role, or find someone else who is good at hiring/interviewing.
This has all been a long time coming.
Indeed, I am sympathetic to the author in this situation because I think open-source is important, but I don't approve of this software and don't want to affiliate with it by even starring it on GitHub.
Not really sure what I can do for the author but say "that sucks, bro".
[flagged]
If a question you are asking in an interview can be answered immediately by an AI, then why hire for that position in the first place?
[dead]
From my experience in 10+ tech companies, the biggest difference between bootstrapped and VC financed is, with money you can do illegal things and pay the lawyer.
This is the second time in less than a year something similar has happened.
Previously, a different YC company (Pear AI) copied Continue, changed the licenses, and "launched".
https://news.ycombinator.com/item?id=41707495
I wonder if Pear AI is dead or pivoted, their open source repos have not been updated since May.
Probably just went closed source.
Maybe a kind of hall of shame is needed, where these companies are listed, and perhaps a link to a history of how the issue was dealt with.
> I wonder if Pear AI is dead or pivoted, their open source repos have not been updated since May.
They went pear-shaped.
We are in a crisis of morals.
There has always been trashy people but since 2020 it feels like a lack of morals is rewarded more than ever.
A natural consequence of a system that promotes radical individuality, false scarcity, fear of missing out, greed, and violence. Win at all costs.
'Move fast and break things', there is not much left unbroken.
Amen. Well said.
Surely this graph also trended way up in late 2016.
The highest jobs require these days a proven track-record of corruption. You can‘t blame young startups wanting to take the first step on that ladder. At the end of the day we are living in a merdeitocracy.
> merdeitocracy
Not sure if typo or intentional (likely?), but that's an amazing new word.
Well, there are no consequences are there? Or at least no precident of consequences of such behaviour. My hope is that folks like this always lose out in the long run but I'm not so sure anymore...
I've had similar happen to me by company out of Paris, France lol. They yoinked the backend out of my OSINTBuddy project which is AGPL licensed then tried to get me to work with them where they were going to sell access without also providing the source code
Is there a way to file lawsuits for such cases? These incidents lead to death of open-source and crush hearts of open-source developers.
Seems like this would be a pretty open and shut case of copyright infringement.
Pursuing something like this would perhaps cost more than 200k in the US. And then the startup would likely just fold and you get nothing in return.
Sending a DMCA takedown notice is free.
Unfortunately law being too expensive to pursue makes it practically non-existent. All IP/copyright etc. laws are complete bs because of this.
A large corporation can just roll over you and then say sorry and maybe pay some pocket change money
Hire a lawyer to send a legal notice. Costs practically nothing and since it's an open and shut case, free money for the lawyer (if they charge based on damages), or the startup caves and shuts down.
Absolutely. The lawsuit probably wouldn't get very far when it comes to damages, however...
I believe that BusyBox sued over violations like 17 years ago. I am not aware of any other instances.
Wikipedia has a list https://en.wikipedia.org/wiki/Open_source_license_litigation
It's always possible to try, especially as it seems there was a technical violation here, but whether it's worth it or likely to gain enough legal traction to yield results is another story, especially in instances of "your AI generated boiler plate looks like my AI generated boilerplate, and therefore is theft"
An app which is build for cheating complains about cheating ...
Would you have the same sentiment for VPN (software built for cheating region locks) or ad blockers (software built for cheating content providers)?
Cheating != Stealing
It wouldn't matter if they wrote a program to automate stealing other people's content. If you strip a GPL license off a program you redistribute, you're breaking the law.
The founders who built Glass don't complain about cheating. Rather, the developer of https://github.com/sohzm/cheating-daddy complained of copyright infringement of his code by the developers of Glass.
While copyright infringement is clealy legally wrong and developing general software is not, I do agree with GP that one should, morally, perhaps not complain about "cheating" the legal system when the infringed application itself is meant for cheating.
Legal correctness does not necessarily imply moral correctness.
Worse than copyright infringement, they pretended the code was theirs
They complained of license violation, not copyright infringement. There’s a big difference. The original license already granted the rights for anyone to copy the code, so the question of copyright infringement isn’t really on the table.
If you don't abide by the license terms then you don't get to copy something under the license. So breech of license means corresponding copyright infringement.
And it has the same fake excuse as usual "Since this was our first OSS project, we didn’t realize at first."
He sure discovered this new open source thing and it's very confusing. It's not like it's almost 40 years old at that point. I'll never understand people who lie like toddlers.
Because this is how the current corporate world works. It's all about appearances, someone can do whatever bad thing, will go on and say "upsie, I didn't realise that X is bad, it was an honest mistake" and then all is good, the person actually reporting it or signalling it out will be the bad one, for being critical, aggressive, not constructive or open minded.
It's funny these "founders" only use this hollow excuse with open source licensing, you never see "since this was my first company, we didn't realize taxes exist"
> you never see "since this was my first company, we didn't realize taxes exist"
Taxes are a nitpicky example, but indeed in Germany where everything is full of regulations and red tape that only some bureaucrats understand, there indeed exist founders who argue this way for these convoluted laws:
For example have a look at the popular videos of the following channel (in German): https://www.youtube.com/@Nordwolle/videos
That's different. Last time I checked he's not arguing that he didn't know, but that the regulations are ridiculous and should be changed. Which I think is completely legit. The German economy and everyone who works in it would benefit from this. Moreover, I consider euclidean zoning to be a colossal mistake...
I missed revenue reporting[0] for my one-man studio once. This was exactly what I told the authority.
I got fined anyway.
[0]: Not in the US.
This happens literally all the time.
It's usually never a blatant "I didn't realise taxes exist" but more like "I didn't know I couldn't add haircuts to my company's tax deducts".
I do not know what is wrong with software engineers. This is theft (or whatever the lawyers says in the IP law) and now stating: Ooops we did not know, our bad, we keep it till we have found a replacement. Mistakes happen also in real life, but libraries is a common thing, like cars standing on a street. You do not accidently steal a car.
Software Engineering is more than coding. Basic license management incl. library vetting is part of it. If you decide to ignore that, you do not run a business enterprise, you run a criminal enterprise.
[flagged]
> Playing with daddy's money
Personal attacks like this are not ok.
Sure, criticize their actions, but don't parlay that into this kind of personal swipe at the individuals and their families; that's when the line is crossed from valid critique of actions to nasty mob pile-on, and that's never ok here.
Not that it should matter but as far as I can tell, the Pickle founder/CEO grew up and studied in Korea, and we have no idea what their family circumstances were.
This guy did something very immoral and callous, and will seemingly face no real consequences for it. Roasting him in the comments of the site of the people paying him is somehow overkill?
None of us knows exactly what this specific person did or what their motivation, intention or understanding of the situation was. We only know what was in the company’s code that was published, and we know what they’ve done since to try and address it.
“Roasting” is one word for something that can be described in far more serious terms. It’s against the HN guidelines and the guidelines still have to be upheld to some degree.
It’s also false that they will face no real consequences. They’ll never forget this experience and these sorts of things are often terminal for a company.
I think you are so comprehensively wrong that there’s not enough commonality between our worldviews for me to even try to convince you
>They’ll never forget this experience
Right. They'll learn to be more discreet about it next time. Do you really believe "I got flamed on the Internet" is a memory that will counterbalance "I can make millions out of selling stolen code if I don't get caught" ? (especially considering that you flag such comments, therefore their shielding their poor egos from seeing mean words.)
>these sorts of things are often terminal for a company.
Starting a company is not hard. Thousands are created, and destroyed each day. If they're smart, under someone else's name. Maybe, maybe one person will see <generic AI company name> and think to look at the CEO, remember what he did and potentially try to warn people about it, and they'll be promptly ignored. Helped by people like you, under the guise of muh guidelines
>“Roasting” is one word for something that can be described in far more serious terms
I'd love to hear those terms. Because the worst that comes to mind that could apply is "disparaging", and unfortunately for them, "being mean on the internet" isn't something they can or will sue over.
Sometimes it's really surprising what comments you guys push back on and which ones you don't comment on. (Yes, I know, you can't see everything, etc.). I suspect it might be because this one wasn't dressed up enough.
While it is a personal attack, it is pretty tame compared to (non-flagged) comments I see here every day. I especially don't see it as a swipe at their family. Yet this is a pretty strong rebuke.
While I highly doubt it's because the subject is a YC pick, the optics aren't great.
FWIW, that comment looked like an egregious personal attack to me too (and yes I hear you that you're not defending that post! but rather asking a fair question about moderation standards).
If there are comments that are that bad or worse floating around HN, which aren't getting flagged and/or replied to by moderators, we really need to see them. If you can recall where any of them are, and can dig up links, we'd appreciate it. Failing that, if you (or anyone) see cases of this in the future, we'd appreciate a heads-up.
The one thing I can imagine you might be referring to are some of the recent politically charged threads where people were really going after each other. Those are hard to moderate without coming across as taking one political side against another (which we're careful not to, but this is easy to miss when passions are high). But even in those cases we do our best to make sure that the guideline-violating comments get flagged.
I realize you already alluded to this when you say "Yes, I know, you can't see everything," but that really is the only reason why comments of this sort should be going unflagged or unmoderated on HN. There's a lot that we just don't see here—there's far too much for us to read it all, and we rely on users bringing it to our attention.
I wasn’t surprised by the pushback. This isn’t like responding to a pseudonymous HN comment opting into a discussion, they are talking about specific people and posting pointedly mean-spirited remarks towards a party that has not opted to discuss their provenance.
The response could’ve been better worded but you can see how no one would want to moderate a community that makes it a habit to disparage specific people outside of a good faith discussion.
>I wasn’t surprised by the pushback.
This comment broke the guidelines. I'm not saying it shouldn't have been moderated. I made a meta comment on the overall moderation on HN, which sometimes surprises me in which comments get reprimanded and which ones don't (and with what amount of vigor the reprimand is delivered with).
You should temper that observation with the realization that this particular thread is under a microscope. The HN mods moderate less when YC companies are involved, but somewhat ironically that actually requires more of their attention, since they need to counteract some automations. So they are more likely to spot comments here.
There’s something about the point when anger at someone’s actions turns to trawling over someone’s backstory in order to attack/demean them as a person that crosses a line for me; I’ve always pushed back on it whenever I’ve seen it, on HN and elsewhere. People doing it and supporting it always think it’s “not that bad”; nobody likes to think of themselves as doing or supporting something bad.
Any time you see egregious comments on HN that aren’t flagged/dead, you should flag them and email us so we can take a look.
>People doing it and supporting it always think it’s “not that bad”; nobody likes to think of themselves as doing “bad”.
So we're clear, because this implies I'm "supporting" it, I'm not. Just saying that this is more tame than many personal attacks I've seen, with a stronger response than I've seen (when there is a response). And, in this case, that gives off some bad optics/more ammo to people who are critical about when & why you moderate.
Without moderator transparency (which I've read the reasoning for, and can agree with!), optics is really all you've got.
In the context of this thread (and not other supposedly worse comments in other threads that I’m not able to evaluate), having allowed pretty much everything and anything to be said, I’m comfortable with this point - the point where things turn personally nasty - being the point where I draw a line and push back.
>and not other supposedly worse comments
I'm guessing my comments are pushing on a sore spot, because you've implied that I support the personal attack when I've said clearly I don't, and now you're implying that I'm lying.
Sorry. I'll bow out.
I’m not saying that at all. I just can’t explain the disparity in our responses when I don’t know exactly what the comparison is. I’m not surprised to hear you’ve seen worse things. As you concede, we can’t see everything and we don’t respond to everything and there are all kinds of reasons for handling things differently, a major one being randomness.
But in the context of this thread, it has largely been the free-for-all that people want it to be but I’ve drawn a line at one point where things crossed over into being personally nasty and I haven’t yet seen a reason why what was a wrong call. I know some people will criticize me for that and I’m comfortable with that.
>someone’s actions turns to trawling over someone’s backstory
"using daddy's money" when talking about a VC funded founder is such a safe bet that if Berkshire Hathaway could invest in it, they would.
They're not personal attacks. It's their family's money, it's YC's money, it doesn't matter: they're young people that went to expensive universities, dropped out for the lulz and moved to California, joining a VC that showers every single terrible bad idea under the sun without any oversight.
I can change the term "daddy's money" with any other term you'd prefer, it doesn't change the message.
It’s obviously diminutive and patronizing, and makes implications or assumptions about them and their families that are based on stereotypes or sparse information. It’s clearly against the guidelines and the guidelines aren’t discarded altogether just because a YC company is involved.
damn right it's diminutive, and why the hell not? these clowns and the idiots who fund their tomfoolery deserve it
We have no idea what the realities of their lives are.
We only know the basic facts of the wrongdoing that’s been reported here, which is of course fine to criticize.
YC isn't that unknown and you can absolutely judge that org for funding stuff like this, you really don't need that much detail. And if you have interacted with a lot of the "founders" you know that statistically you're in the clear to judge them all too. It's a pretty weird world where a lot of dumb exists, like A LOT. The realities of their lives are frankly immaterial anyway, it's about the output (and input in case of VC money).
* alleged wrongdoing, if you're considering it "reporting" ;-)
Thank you for your service, and welcome to the... uhhh... show!
[dead]
> Basic license management incl. library vetting is part of it.
This depends on whether you consider Compliance to be part of software engineering or a separate discipline. At least in most companies the compliance department is different from the software development/IT department, because the necessary skills are very different and barely transfer.
I also have a different department for architecture or testing. Still part of software engineering.
GPL vs. MIT is basics!
I mean it's basic human ethics, but I guess we are in an era where taking everything is fair game.
Welcome to human nature. We are a species that pathologically wants what we do not have, and often neglects to practice the golden rule.
> often neglects to practice the golden rule
There exist people who are anti-copyright, which has the implications that such people are (by the golden rule) also basically fine with having their works copied.
Sure but here they weren't paying the work. Copying is encouraged. They were pretending they made it and owned it. That is not.
This incompetence excuse puts YC in a bad spotlight too, because it makes them look like they are funding people with exact zero software development experience.
Isn't YC supposed to offer guidance and sage advice, not just be a cash machine for naive young developers?
They're also supposed to do their due diligence before investing.
Paul Graham once wrote that startups are pretty hard to game unlike academia for top grades or a big company for promotions.
In a twist of fate, YC itself seems to be gamed like those broken companies.
https://www.paulgraham.com/before.html / https://archive.vn/UKky8When you institutionalize an ad hoc process, you turn it into a system that can be gamed. YC did that for startups, and it was already pretty obvious in 2014 when Paul Graham wrote that essay. Every other government was claiming to support startups and that their corner of the world would become the next Silicon Valley.
No. YC just throws money at the wall and sees what sticks. They fund some trash, and trash people.
Aren't VCs based on the principle of throwing money in as many directions as possible and hoping something turns out to be a unicorn?
That's what they do in practice, but not what they claim to do.
This is what happens when you have people without sufficient domain experience making decisions.
TBH, I know plenty of people with software development experience, who I think are genuinely pretty good at converting ideas to code, but who wouldn't have any idea what Apache or GPL mean.
Every init-command requires you to define or at least review a license for your project, so I would refrain from calling that one "software development experience".
> because it makes them look like they are funding people with exact zero software development experience.
Being a great software developer does not make you a lawyer (not even a bad lawyer).
You don't need to be a lawyer to understand you can't just copy others' IP without checking if you're allowed to.
By your argument, I can just torrent moviez and appz because I'm not a lawyer and can't be bothered with minutae of copyright law.
> By your argument, I can just torrent movies and appz becuase I'm not a lawyer and can't be bothered with minutae of copyright law.
Indeed, there exist people who argue that in many areas law has become so complicated and unclear what is allowed or not that you cannot thus expect from ordinary citizens to obey the laws anymore - even if these citizens are willing to.
Thus politicians do have an obligation to make the laws as clear, logical and comprehensible as possible, otherwise they loose their legitimization of expecting citizens to obey them.
Yes. Personally I believe current copyright law is a massive outreach and mostly serves established big companies, not small creators and innovators. I'd like to see it curtailed by a lot.
That's no excuse for a VC-backed startup just ignoring it and YOLOing their way.
This actually disincentivises small creators (open source maintainers and contributors, in this case) from participanting in the very thing copyright is supposed to foster.
Forking an open source repo and claiming you built something in 4 days does not make you a great software developer either though.
> claiming you built something in 4 days
That is why when such a marketing claim comes up, the first question to ask is from which base they built the respective product in 4 days, and which kind of additional value the respective company added during this process.
What a joke. Nearly as many upvotes as tmux-rs in half the time, ~50% more comments, and this is just shy of the front page / twice as far from #1.
Doesn’t seem to match the natural algorithm.
My observation is that HN intentionally downranks highly commented threads. I used to think of it as unfair, but now it truly makes sense, considering:
- Posts with high comment-to-vote ratio often have political, scandalous or other kinds of heated themes
- Highly popular/engaging posts already act as self-amplifying snowballs
- High-volume discussion triggered by emotions is hard to navigate, is repetitive, and attracts the dumbest trolls even in HN
- The truly important topics tend to become visible anyway
If anything, the statistics actually suggest these articles were weighted the other way around. tmux-rs stayed on the frontpage much longer than it logically should have, especially compared to this thread.
https://hnrankings.info/44455787/
https://hnrankings.info/44460552/
...in any case, what's the "joke" about this? GPL violation is very serious, Tesla was forced to publish a substantial amount of proprietary code after a similar infraction.
To a casual outside observer the quality of the companies YC invests in seems to have absolutely cratered. Have they just given up on vetting and switched to a throw money at everything approach?
My feeling is that they are investing in founders who they find impressive who are working in AI. Not so much in the uniqueness of their ideas.
Isn't that a very outspoken objective of YC, to fund people, not ideas? Long time ago I caught up to what YC is doing, but even when I first joined HN back in like 2013 I think the whole "Fund people, not ideas" shtick was already explicitly what they were doing, unless I remember wrong.
So why are they so insistent that they want AI ideas? I felt sick when I read the list of things they say they want to invest in and every single thing was framed as, "build some service, but for AI".
Also in this AI era I've learned something else: it isn't intelligence that builds institutions. It's philosophy, and it's faith. The AI industry is full of smart people, but If you lack a set of beliefs you won't know why you're working or what you're working towards or how to put one foot in front of the other day after day to make steady progress towards helping people over the longest time scales.
In the AI era our industry has found itself with one of the more bizarre problems I could imagine: in accepting that it builds products for AIs and not for humans, it has become philosophically bankrupt
> So why are they so insistent that they want AI ideas? I felt sick when I read the list of things they say they want to invest in and every single thing was framed as, "build some service, but for AI".
If I tried to enter the mindset of a VC, I could potentially see that as a "Is this person at the 'edge of progress' currently" flag, although I wouldn't trust it more than a "Is this person chasing hype" warning personally. Maybe it's a good way of getting some specific type of person to apply, in some other way?
Isn't "fund people" just hiring without the extra steps?
If you're constraining them to work on specific things, then yes. Otherwise no :)
Funding means investing in their company. Hiring means paying them to work for your company.
Isn't that what VCs in general are doing? Hiring for more money, with more expected gains from you, with a different kind of legal arrangement, but still hiring nevertheless.
No, words have meaning.
If i order fast food im not hiring the worker because i pay them.
Hiring means one thing, investing means something else.
VC's can force the company to pivot or double down on things not (yet) working. You don't tell the fast food worker to build houses.
Wait. Were you were investing in that burger?
Funding people means you trust the people are so good they will push any idea to success. Funding an idea means you trust the idea is so good it will push any people to success.
Funding people means having a lot of trust in them. What's unsaid is if the investor believes coloring outside of the lines to make everyone more money is a breach of that trust, or just the normal cost/risk of business.
YC invests in founders that have more odds to make it through a series A. Everything else is secondary.
They expect you to come up with an idea or a business and explain it to them and show your progress. Of course one may say that those things reflect you as a person but so does stealing and relicensing code.
Yeah, this is the vibe I have been getting for some time - investing in the person and not the idea.
This sort of thing reflects poorly precisely on the people doing it, not on "ideas".
Dreamworld (YC W21) is relevant here:
https://www.pcgamer.com/dreamworld-infinite-world-mmo-kickst...
https://news.ycombinator.com/item?id=27319457
https://news.ycombinator.com/item?id=26898266
https://www.ycombinator.com/companies/dreamworld
To be sure, there's nothing wrong with the idea that modern computers and distributed computing techniques can handle streaming updates for a significantly higher scale of concurrent same-world users than prior-generation MMOs. But clearly something unexpected happened here, and while I completely understand the lack of a public post-mortem, I hope that YC has examined why its mentorship model and community were unable to set up this team for, if not success, at least having greater integrity in its relations with its userbase.
Right now YC really only has one bet, an all-in on AI.
Any company that props up their AI bet is the most valuable to them now, even if it provides no real value for users...
> Have they just given up on vetting and switched to a throw money at everything approach?
this is exactly their business model. almost word for word.
I'd say they have historically aspired to active informed selection and then accepting that out of that portfolio many will fail cause that's how VC goes. That's not quite the same as buy everything.
Nothing has changed, as far as I'm aware.
This situation truly enrages me and is likely the reason (IMO) why talented programmers (today, in 2025 versus, 2008-2013 where small founder startups thrived at places like 500 + YC).
Quite ironic how YC touts technical founders > "non-tech" ones -- when acts such as this strip ones chances of wanting to become one, or even continue showcasing their talent publicly on platforms like GH.
As OC i would do that giant rewrite and add vulnerabilities - either they do a funny portation rodeo and get zero dayed all day every day, or they are at least cut off from free work.
Isn't this the company/founders whose whole sales pitch is about cheating/deceiving others? I guess I am not that surprised then.
Is there a way to validate this?
Startup founders just hack the value gradient. Putting a screen door lock on a resource is just inviting resource extraction.
Couldn't have happened to a nicer project.
Those are some awfully tall words from a guy who wants to sell lawyers a whitelabel Monaco editor.
The thing that disgusts me the most is this:
> Distribution isn’t the moat; velocity is.
Such an arrogant take. When you steal someone else's work it's nothing to brag about.
Is it me, or "founders" are actually FREAKING dumb?
Why people continue to give them money, and praise their "work"?
Instead of making (indirect) ads for them we should publish their name and the company's name into shame publicly, and let their reputation die slowly...
I have no respect for them, and you should not too (if you care about justice).
Most of the time ROI is still bigger. You would think that some ”evil”companies would be dead but stock price just keeps increasing. Imagine what Facebook would be if they had good morals?
Unfortunately you're right... Microsoft's stocks hit big again despite its evil background.
It is depressing to be a software developer now. Especially if you have a good heart.
I really hope the founder to have his career f**ed now, and other "founders (of nothing)" as well.
Doesn't this happen all the time with Ultralytics yolo code? They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
Please correct me if I'm wrong, but is the license also viral if there's a network connection involved? i.e. I run the code in a container with a little network interface added ?
And yet Microsoft have release code with different licenses that make's use of Ultralytics code.
I potentially would be interested in using these wildlife detection models in a commercial (Not open source) context but simply don't trust the claim that it would be okay to do so, sounds like a big business risk to me.
What is the opinion of the community of the MIT licenses associated with PyTorch wildlife from Microsoft okay to use in a closed source commercial context? Microsoft have put an MIT license on this, but their code does imports of ultralytics libraries, which I thought were AGPL.
Note: The GPL 3 license from the official yolov9 differs in this, it must be possible to run the same code on the platform, but your usage may be closed source.
> They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
It doesn't work like that.
The code linking with AGPL code needs to be AGPL (or compatible license) to comply with the license.
That doesn't mean that if you link some code with AGPL code it automatically becomes AGPL. It just means it doesn't comply with the license and therefore does not have the right to use the AGPL code.
The remedy to a license violation is not necessarily complying with it. In fact, I've never seen a case where a company using (A)GPL code in such a way was ordered to release their own code with that license. Generally, they have to simply remove the (A)GPL code, pay some damages and that's it. If they want to keep using the AGPL code, then they of course would have to comply with it, but that's their decision at that point.
What specific kind of "linking" is happening here?
If your code is 0% derived from GPL/AGPL code in a copyright sense then there is no virality and you can generally use them together without license worries if you're careful about how you link.
I really like the work that Microsoft did with Pytorch Wildlife but not brave enough to trust the MIT license they put on their code that uses Ultralytics code and all attempts to check if it was okay for them to change the licenses seem to indicate that they may not do this.
Love to know for sure. Maybe someone from Ultralytics can point out their view on this?
> their code that uses Ultralytics code [...] if it was okay for them to change the licenses
Did they copy Ultralytics code and change the licence from AGPL to MIT? Or does their code rely on AGPL code without copying it?
The first is not allowed but the second is, because the combined work can still be used under the terms of the AGPL.
"Since this was our first tax reporting, we didn’t realize at first that we're supposed to declare our income. We’ve now revised it."
You are joking but that's exactly how it works as long as you are a company (and the bigger/more connected it is the better).
Don't pay your debts as a person: you quickly get hit with fees, chased by collections, etc.
Don't pay your debts as a company: sorry, it was merely a clerical error by our accounting department. Nothing to see here.
Lie and profit from it as an individual: that's called fraud and could land you in jail.
Lie and profit from it as a company: sorry, our website/documentation was out of date, our CS clerk was wrong and has since received additional training. Nothing to see here.
not the best project but yeah still something
The classic playbook: copy an open-source project (or just vibe-code something similar), slap an open-source label on it, and toss in an unproven design system / framework (like Liquid Glass) to give it a shiny veneer.
Less about building something meaningful - more about manufacturing hype in hopes of catching a trend before it crashes!
YC should put integrity and ethics of founders as a key variable for funding.
Unfortunately, that would probably get in the way of making money.
I am sure they do.
I am not sure that they weigh it in the direction you are thinking of, though.
That would mean YC needs to reinvent itself first. That's not happening.
I follow a bunch of YC founders on X. Lots of behavior that could be construed as 'growth hacking - or 'deceptive' depending on your bent: promoting open source libraries that don't work, rewriting tweets from smaller accounts, coordinated replies from mutuals and so on.
I guess that's the game, but they do seem a lot more cavalier about it of late. Increasingly resembles the crypto 'community' (derogatory).
There's no integrity and ethics in AI, and the money's at AI.
> integrity and ethics
How do you evaluate that?
The easiest way to check for integrity and ethics is if the startups YC finances routinely run afoul of YC's ethics code or the law.
If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again. If breaking the law isn't an automatic termination of the collaboration, it takes you to the same conclusion. If YC explicitly supports the startups when knowing about these problems, or implicitly by skirting due diligence and turning a blind eye, or accepts startups having no commitment to an ethics code, then ethics or integrity are not core values, or even are completely absent.
There are more nuanced topics and methods but if it doesn't pass the smell test with the basic ones, it won't pass it with any.
GGP was clearly in the context of “how would YC evaluate this pre-funding?” rather than “how would outsiders evaluate YC?” but 15 seconds of search turned up: https://www.ycombinator.com/ethics
> 15 seconds of search turned up
...some latent passive aggressiveness and YC's founder ethics code not YC's own ethics code. You need an anchor for the chain of trust. That must be the VC's (YC in this case) integrity and ethics code first.
You stopped reading after the first few words, misunderstood even those, and rushed to answer didn't you?
I addressed exactly how to evaluate ethics and integrity prefunding, and ensure it post with 2 very simple concepts that would have worked perfectly at least for this easy to catch incident:
1) Do your due diligence. In this case "15 seconds of search" would have turned up the original code and the license mismatch.
2) Have clauses to ensure breaches of law or ethics have severe consequences to the founders.
The founders indisputably breached YC's founder ethics code, in particular "Being honest in the YC application and interview process" and "Generally operating in good faith and behaving in a professional and upstanding way". Or maybe the founders were honest and YC accepted this but then we circle back YC's own ethics code.
YC had means to check for this prefunding, and has means to deal with the problem now. If there's no transparency that any of this happened, it didn't happen. So the point of "checking integrity and ethics" becomes moot.
I don’t believe I misunderstood these words of yours, and provided you a ready reference to check for yourself whether YC had a code of ethics and whether that code contained the elements you were hand-wringing about.
> If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again.
--------
> YC had means to check for this prefunding
How would YC check in December 2024 for a copyright violation that was discovered in July 2025 and probably happened in 2025 during the batch (after funding)?
This is indeed a problem that Pickle/YC have to deal with, but I'm not nearly convinced that this was findable in 15 seconds pre-funding.
YC's funded over 4000 companies. How many have had ethics scandals of any size? Less than 5%? Less than 2%? They're betting on founders, probably rejecting some on ethics grounds, and trying to nudge those funded to stay ethical while being aggressively fast. If they're hitting over 95% "no scandals", that's pretty good from a 2 page application and 15 minute interview process.
sokoloff, I already told you twice that I am referring to YC's (or any VC's) own code of ethics, for themselves. Not just the one for founders. The rules YC applies to themselves are the root of trust for everything that later comes out of the startups they finance.
This issue could have been caught earlier and solved if YC checked for this earlier. And maybe it could even have been prevented if YC imposed harsher penalties for breaking the ethics code or the law. But instead it was caught and made public by someone else, and it's that public pressure that caused any reaction from the founders.
> that's pretty good from a 2 page application and 15 minute interview process.
You're damning YC with praise. 15min to assess potential for profit but also ethics and integrity doesn't make it look like they'll put much focus on the latter. Always good to have confirmation.
It's your choice to take the strawman argument and fight that instead because it's more accessible to you. It's your choice to pretend you don't get the meaning of words (like what YC's own code of ethics could mean, of the "if" that preceded every one of those sentences you keep quoting) and drag the conversation down just to save face. It's your choice to keep finding weak defense arguments for VCs who are sacrificing integrity for money in a 15min interview.
Now I see the disconnect on the code of ethics. In my view, pg, dang, tomhow, rtm, Jessica, Garry, et al are members of the YC community within the meaning of the code and I think they think they are members of the community and bound by that code, making that YC’s code for all community members and therefore YC overall. You seem to conclude otherwise.
Setting that difference of interpretation aside, It’s difficult to figure out how and when exactly you think YC could have surfaced the problem with the repo that was published in the last 24 hours months ago when they made the funding decision.
Could you help me understand the notional timeline of actions that you think would have avoided this?
There’s a reason they ask the question about describing a time you “hacked a system to your advantage” in the YC application. They have always selected for founders who are willing to take advantage of legal and ethical gray areas. Reddit created fake users and farmed content from Digg, Airbnb scraped listings from Craigslist.
There is no "grey area" here, and this isn't "hacking".
There's an argument to be made that, even if it's an open and shut violation, if enforcement is nontrivial and a vanishingly low risk, it still pattern matches as "grey area" in terms of risk.
Not at all in favor of the person stealing someone else's code and slapping a new name on it in violation of the license, just that I think I see why people might list that as matching the same intent as a question like that.
This isn't "hacking the system", though - this is an open-and-shut violation of a license with a strong legal pedigree.
Which could be only resolved by lawsuit that cost money. Startup can just fold and the original creator still needs to pay lawyers.
So with this in mind, that startup is kind of hacking the system.
This was of course a calculated move. The founders of Glass are not that stupid. They knew the original author would complain in the loudest way possible and cause a viral outrage, which would give them a ton of eyeballs and exposure.
Engagement hacks, outrage, eyeballs, distribution, attention at all cost. Welcome to tech in 2025.
Surely you can’t be too surprised. The market is pushing for move-fast high polish, speed over substance. You can just do things, move fast and break things, etc. Velocity is the moat, indeed.
This is the market YC is breeding. When these guys float to the surface, what did you think would happen?
YC, you’re one of the greatest generators of value ever. Do better.
Good Artists Copy; Great Artists Steal <-- Steve Jobs
I know need to check on my Open source projects :)
Stolen from Pablo Picasso.
“You miss 100% of the shots you don't take.”
I did that on purpose. Since Jobs was from Valley
Over the last decade or two, the builder/hacker ethos has seemed to shift towards this grifter, money-over-everything attitude. I’m sure there’s a lot at play (crypto culture, VC self-selection, the attraction of ‘easy’ high salaries), but I’m sure it’ll get markedly worse with ai tooling and the any-publicity-is-good fomo marketing that’s taken over the startup scene.
My take is both OP’s tool and the blatant plagiarism of it are examples.
Yeah, most VC founders on twitter are annoying and not worth following anymore. It used to be inspiring to follow some of them many years ago, see them build a cool product and sharing learnings. Now it's all just promotion, straight up lies, and their personal brand comes across as more important than actually building something. The "learnings" shared are now more tailored to go viral than actually help others etc.
Because I loath Nouning Verbs and Verbing Nouns, I'd really like "learnings" to always have an implied or explicit set of quotes and mean vaguely defined and not necessarily ethical stuff.
There's a perfectly good noun, "lessons" and a verb, "to learn" that, when combined, provide everything "learnings" does, without the pretension of using a verbed noun. It's like "diarize" and other even worse monstrosities.
Sorry to this poster, no personal attack intended, you just pushed one of my pedant buttons.
As you might guess from my language, I'm not a native speaker. And in Norwegian, the two words could be "å lære" and "lærdom", hence why it "sounds right" in my ear to use learn and learnings.
Software ate the world, now it’s defecating on it
where are we headed...
I don't know what's worse - the fact that the original project encourages cheating or that someone managed to wrangle funding to cheat the cheaters.
The author could bring the company to court for license infringement, it's an easy case, they (the original author) could easily bring home some of those sweet sweet YC vc money.
They spend a hundred grand on getting a lawyer, the company instantly declares insolvency, and then Glasss (With 3 s's - Completely unrelated to the previous one) does the exact same thing.
Things like this are why I have become disillusioned with Open Source, and why latest projects have been closed source. The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce. If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
Well, if you're writing open source because you want to write open source, then none of this matters. If you are worried about corporations stealing your work, that should drive you away from OSS. OSS should stay "hobbyist" for the individual developer.
Sure but it sort of devalues labor.
If a corporation is stealing your OSS code (and violating a license) then that implies that they think your code has value, they might have paid a person to write that code but instead some hobbyist built it for free and a corporation steals it.
A few months ago, I made a pull request to LMAX Disruptor, which was merged. I was initially excited because even if my PR was simple it’s still a big project that I contributed to. But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
My PR there was pretty simple and only took me like 30 minutes (if that), so I am not going to cry too hard over this, but it’s just something that made me realize that if a company is going to use my work, they should pay me. I don’t think it’s wrong or weird to want to be compensated for my labor.
I am still a hobbyist. Turns out you can still be a hobbyist without sharing everything you’ve ever done on GitHub.
It only devalues labor if it's leveraged specifically to do so. You could make this argument about literally any volunteer activity, software related or otherwise. The real devaluation of labor comes from things like the "gig economy" where costs and compensation are abstracted such that companies can exploit the naivete of workers who, generally speaking, are not accustomed to things like amortization and accounting for external costs, thus significantly driving down their own labor, operational expenses, and risks by passing them directly to the workers. At least open source projects are up-front about what's to be expected, and tend not to engage in exploitative practices.
I have had a bunch of jobs. When I have wanted to use open source libraries, I have been told “no” because the repo has no recent updates, because that suggests that whomever built it isn’t working it anymore. Conversely, where there are lots of updates, the project is likely to be used.
Why am I telling this story? Because it suggests to me that companies will only use these libraries if there is a guarantee of ongoing free labor; presumably they could use an old appropriate library and pay people to fix any issues as they come up. Admittedly, I know that some companies do exactly that, and that’s great, but I do not think it’s the majority.
I don’t think the people doing Open Source are bad people at all, far from it, in fact. I think a lot of these people are very smart and hard workers, and I think they should be compensated for their work, even if they are just “hobby projects”. If my project is creating value for a company, then that company can afford to pay me.
I don’t like the gig economy either but I don’t think it’s relevant to my complaints.
There are different actors in play here, and each one has a different perspective. That's OK, there's enough room in the world for different perspectives.
For the company, making use of Open Source code is free labor. That's good for them. You are free to offer that labor or not.
For some developers, it's cool to write code that's used by zillions. That's reward enough.
Other developers release the code for free, but build an eco system around it. They get paid for related work etc.
New developers use it to flex their skills, and demonstrate ability (and then get upset when someone else turns it into something profitable, but that's another story).
Personally I write code, and ship as source, but it's under a commercial license (cause I like to eat.) Other companies have business models around whatever they do.
You are free to act as you wish. Which is great. We live in an economy that allows each his preferred path.
You're right. Many startups open source their products specifically to get free labor, free marketing, or whatever. As payment they release the code they write to you. Whether you think that deal is right for uou or not us up to you.
If you believe you can add value to a company then reach out to them. It's not like they're "making" you work for free.
Of course they’re not “making” me do anything, but I think they have weaponized well-meaning people to do work for them for free and masking it under some vague notion of “charity”.
You’re obviously free to disagree, but it’s why I have become disillusioned with it. I think it’s an exploitative relationship.
I agree its often exploiting.
But presumably people who choose to participate in that relationship are getting something out of it, or they'd stop.
People might not be fully aware of harm.
Plenty of people stay in violent abusive relationships when they really should leave, presumably because they feel like they’re getting something out of the relationship. That doesn’t give a free pass to the abuser.
I am not saying that companies using open source software are anywhere near as bad as a physically violent husband, I’m just saying that just because the contributor to OSS feels like they’re getting something from the relationship doesn’t absolve the corporation of its sins.
The current FOSS ecosystem feels like the tech equivalent of the “working for exposure” scam.
I submitted a PR to fix a bug in cloud-init a while ago.
It was in my interest to do so, because it means I benefit from fixed packages in the Linux distributions I use. This saves me a ton of time in not having to maintain my own packages with my fix included.
If it helps Canonical make money, then it’s no skin off my nose because I still got the benefit I wanted.
I’m not going around fixing bugs that don’t affect me, or adding features I don’t need.
That’s why I made the patch to Disruptor as well, because I needed the change and I didn’t want to maintain it. I’m not saying that that’s valueless but I still think programmers should not be giving free labor to corporations.
Canonical is at least a little better since they’re a much more FOSS-first company as opposed to a trading corporation, but my opinion still is the same with them.
Also, completely unrelated, if anyone at Canonical is reading this, your hiring process is terrible. Making people write nine-page essays about how smart they were in high school and then forcing them to take some absurd pop-psychology IQ tests and then multiple dedicated projects is insane. Whomever designed the interview process there should genuinely be ashamed of themselves and consider literally any other career.
> But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
If you're not ok with that possibility than you probably shouldn't be participating in open source.
And to be clear, there is nothing wrong with that. Its up to each individual to decide how they want to spend there time. There are pros and cons to open source, and you have to weigh how you feel about them yourself.
However, its not like this is some secret trick. Its the central tenant of Open Source (esp. When using that name instead of Free software). It should be very clear that this is happening. Its the entire point.
It kind of feels a bit like someone who doesn't like oranges, eats oranges, and then are surprised that they taste like oranges. By all means if you don't like oranges don't eat them, but if you knew you didn't like them why did you eat it in the first place?
It’s just why I have become disillusioned with it. I think companies exploit well-meaning people that should be paid for their work. I have used Linux and open source tools for roughly the last twenty years, a part of me loves open source, but I think that big corporations take advantage of this love and it devalues labor.
Which is why I have stopped participating in it. If I am doing work that provides value to a company then they should pay me for it.
Here's what I figured: Company misallocates fund. On the other hand, many engineers are overpaid from the same perspective (most of us here are, have been, or will be at some point, if we step out of the bubble and stop gawking at the acquihire next door). So I'm happy to shift my side of the scale a tad bit by donating a few k here and there. We can do the reallocation ourselves and the more who do, the more difference it can start to make.
Which reminds me, it's about that time.
That's the caveat, the contract you sign when you start an open source project. You have to have the mindset of simply not giving a fuck about who does what with your code and how much they make from it. Then you can be at peace. If you don't want to (or can't) adopt that mindset for a particular project or at all, that's completely fine and normal. OSS is not for you. As soon as you want compensation for your work, things start to go south. See the whole core-js situation and what went down for an example.
That’s exactly my point though, it’s exploitative. Companies will abuse the fact that you “don’t give a fuck” and make money from it without compensating you for your labor.
I am not trying to really convince anyone of anything, do whatever you want. I am just explaining why I have become disillusioned with FOSS.
There’s a million reasons to want to write open source. A lack of attribution in particular is a killer for motivation.
i love open source because it feels like a kind of donation i can't make financially, so in a way, i'm trying to make up for that
but yeah someone claiming it all falsely isnt good for the motivation
Wouldn’t this still be accomplished with a freeware model? That way hobbyists could still get your stuff for free but a corporation would have a slightly more difficult time directly stealing it.
yeah, 100%. although there's strong propaganda to specifically make it open source (capital O and capital S)... the conspiracy-minded part of my brain thinks that it's probably because they can then use it.
But yeah, I've pretty much come to the same conclusion myself too - ship source, but ship it under ARR.
I think there's another innovation which hasn't really been explored yet - an "anti-copyright" cartel-style licencing, where you only have permission to use the product to make something dependant on the original product itself, and whatever you make can freely be used by the original creators and all the other participants in the cartel
The effect would basically be creating a "closed" ecosystem encouraging innovation inside it but protecting it from people stealing shit from the outside...
when i started using computer i jumped to linux ecosystem in a month, and have been using it primarily until very recently
i personally dont feel good using things that are not opensource, yeah i use closed source softwares but i try to limit them
I don’t have a problem with using open source software, I run NixOS with Sway and tmux and Vim and Typst and a million other FOSS things.
I just don’t feel like directly contributing to helping a corporation make money without being paid. I have a finite amount of time on this planet, I don’t need to provide unpaid labor to make Mark Zuckerberg richer.
> The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce.
Really? If you find a piece of proprietary software does basically the same thing as yours, and the binaries contains the same strings/artwork, then it's reasonable to make a legal case of it. You can even contact FSF and they'll take it further.
If you can directly prove a violation dead to rights (or have enough cause for a discovery request) and you have money for legal defense, sure.
A lot of open source stuff is libraries and utilities though that is pretty entrenched in the code. It is hard to even find out about a violation, let alone prove anything.
Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
All completely true. And something you can clearly take into account when you decide what to do with your code.
You may decide its worth people using it, reading it, learning from it, exploiting it, or you may not. It's your choice.
Of course your work may be used outside of the license terms. That's pretty much impossible to enforce. That's true for most-all software, commercial or open or free. If that's your main objection to writing code then I recommend a different career. All good code is pirated. That's just how it is.
Because I think people should be properly compensated for their labor instead of directly donating it to a mega corporation I should choose a “different career”? Do you realize how utterly insane that sounds?
You’re free to do what you want. I just find a lot of the entire FOSS process kind of exploitative and why I have become disillusioned with it.
ETA:
To be clear, I have a fair active GitHub and I still post stuff on there fairly often, and even a few non-trivial things. I just have stopped compulsively putting every line of code I write in public repositories.
Oh, think people should be properly compensated for their labor. And I'm still programming.
But lots of programmers don't get properly compensated. Some by choice, some by external factors.
I'm saying that's a reality. How you feel about other programmers and the choices they make for themselves is up to you.
Clearly there's no obligation to post anything yo public repositories, send the vast majority of programmers never do.
I can’t tell other programmers what to do, nor would I even if I could.
I am merely explaining why I choose not to partake in FOSS when I think it’s exploitive. People are free to disagree, or not care, and that’s obviously fine, but I choose to not directly contribute to it.
> Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
If you're doing something algorithmically different and unique, presumably that would show up in the assembly.
> That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
Important to keep in mind that copyright is not patents. If they are just stealing the "idea" of your algorithmic improvement, that probably isn't even a GPL violation. (This isn't fully right as they would probably have to use a clean-room design to avoid copyright infringement. My point is more that such a situation is pretty muddy and might actually be allowed)
> If you're doing something algorithmically different and unique, presumably that would show up in the assembly.
I don’t think it is realistic to expect a developer to load every executable that might use their software into Ghidra or something and try and find a smoking gun about how their code might be used, and then hire an attorney to put together a case on that. In the case of my example, Fourier transforms are used everywhere in a wide variety of applications, and if my implementation is only like 10% faster it wouldn’t be very clear to an outside observer.
> Important to keep in mind that copyright is not patents. If they are just stealing the "idea" of your algorithmic improvement, that probably isn't even a GPL violation.
I am not saying it’s legal or not, I have no idea, just that that is why I have become disillusioned with the idea of open source, and I am not convinced that a well-meaning license like GPL is a realistic safeguard against corporate exploitation.
> If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
I think you can notice that output looks similar, error messages are similar, etc. If the program is non-trivial its usually pretty obvious if its a copy or a reimplementation.
If it sounds plausible, presumably you could sue and read the source in discovery (ianal, not sure precisely how that works)
There plenty of things that won’t make a noticeable difference in the output, especially in libraries.
Let’s suppose I make a slight more efficient implementation of green threads, for example. I do not see how that would affect the output in a way that would be obvious, even if the library is non-trivial. Even if I slapped it with a GPL, I don’t see how I would realistically be able to check if they broke the license without first auditing the code, which I couldn’t do without a discovery request, which I likely wouldn’t have grounds for even if I could afford the lawyers for a lawsuit.
Being obvious to a developer poking at a product is quite disparate from successfully bringing a lawsuit involving source discovery.
In general, I try to add a fingerprint into the output.
For example, in a project which generates images I usually set a specific set of pixels.
Sure, but if they have access to your code then a company could pay a junior engineer to look for any kinds of explicit fingerprints and remove it.
Some companies that steal open source code are likely to cheap out on even this.
Does YC audit and evaluate the source code of the projects they fund?
Sorry, I don't want to be offensive. I'm just curious about how the YC quality check for founders works and what kind of experience and support they offer besides the obvious like money and publicity, particularly for open-source software projects.
VCs invest in marketing resources and skills, not in code. Take Cluely, for example.
Title should be updated to make it clear this is an interview cheating project. It’s quite ironic
A license violation is still a license violation even if the software in question is ethically dubious.
> It’s quite ironic
Or rather consequential? ;-)
If there's not some backstory that explains this, it's actually disgusting.
the backstory that explains it is the same silly con valley bullshit as always: low quality people doing low quality work and hyping the ever loving fuck out of it for some dumb vc bucks.
[flagged]
In a general sense, open source theft is bad, obviously. I have trouble feeling bad for this specific case though, given that it is a tool for cheating in interviews and tests.
A GPL violation is a GPL violation.
I made an OSS tool to help you cheat on your taxes, screw your business partner, or ensure your ex wife cannot see the children. Someone stole the source and is backed by a major VC firm. Is the thought different at all or exactly the same? Just raising the question.
It's exactly the same of course? Why would it be different?
Maybe it's not.
Google search and the internet can help you with all of those. Maybe we should ban the internet.
So can electricity.
The difference is that the tool "cheating daddy" was specifically created for the purpose of cheating. Electricity, the Internet, and Google were not created for that purpose.
Cheating daddy's tagline is "If you're gonna cheat, cheat better".
Not that I'm in any way defending Cluely/Glass. Cluely's X bio is "cheat (noun) – an advantage so good it's unfair; rewrites the balance between effort and outcome."
Disclosure: I work at Google by my thoughts are my own.
What about weapons?
The point is being "GPL evil" is GPL. Taking the code, not obtaining the copyright, and re-licensing it is a clear violation of copyright law and immoral.
We are not little children in the playground. Two wrongs do not make a right, and rights are most important for bad people
Two separate issues.
I'd be happy for a platform that encourages and facilities cheating to disappear and not be used anymore. So, on that front, I'd agree. As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
> The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
This is a fair point. Just to clarify, I still think open source theft/license violation is bad and should not be happening, even to a scummier project like this.
> As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
> Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
Which is, I think, a corruption. It's being missed in the discussion about the license violation which, to be fair, is what this thread it about but in my mind, that is the major issue.
A new product with four wheels that is used to transport people from A to B is a amazing new development! Some new 4 wheeled death machine to drive through crowds of people is an detriment to society.
The original product actually sounds kinda cool, but selling it as a cheating aid is incredibly low-value, and we'd be better off without it.
That’s not the only corrupt stuff that yc does. There’s dreamworld.
https://www.pcgamer.com/dreamworld-infinite-world-mmo-kickst...
I’m sure there’s much more we don’t know about. They just didn’t get caught. Yc used to have this reputation of being one of the good guys but I guess nothing is really immune to corruption.
People begging YC to "do the right thing" don't understand that this is the exact behavior that VCs love and reward.
yes, they prefer iconoclasts
Hmm... a tool for cheating is stolen and relicensed by another company that specializes in cheating tools. Sort of on brand actually.
I'm having trouble mustering sympathy.
To paraphrase Voltaire, I mean, Tallentyre, I mean, Hall, I may not agree with what you publish under the GPL but I defend to the death your right to assert the GPL...
If you paraphrase, it's still a derivative work under copyright law. /s
If our rights are contingent on taste then we have no rights at all.
If a criminal steals from another criminal, do you feel sorry for the first criminal?
If the software in question was explicitly intended for illegal purposes, would you still take the same position?
For me, moral lines exist. I don’t defend the right of people to profit from immoral acts.
Lacking sympathy for someone does not mean you condone them losing/lacking rights.
So when someone is actively losing their rights you feel the need to go out of your way to say you're unsympathetic. What did you /intend/ to convey with this? You support them, but at this dark moment, you felt the need to kick their shins also?
I initially downvoted you, but on second thought I’m actually a bit sympathetic to your argument. We see a similar pattern happening elsewhere. E.g. US citizens being round up by paramilitary forces and shuttled without due process to places which can almost be described as concentration camps. All for the stated crime of maybe entering the country improperly. The argument goes that they do not deserve anything else because they are ”illegals”.
Doing one bad thing does not necessarily justify other bad things done to you.
That said, I don’t like this cheating-enabling software either and think the world would be a better place without it.
There's no inconsistency in holding both of these positions:
- the original software is clearly unethical, and I bear no goodwill toward its developer
- I support the consistent enforcement of the GPL
In a case like this, I think it's natural to state both points. If we only focus on the second, we may be contributing to a groundswell of support for the original project/developer. That's distasteful when we only want to narrowly support their right to have their licensing terms respected.
These two guys seem like they should get together.
Here you are OP, a little closer to idiocracy by your own actions and by HN zealots here, and all you SV tech bro wannabes who participate in this day by day ever more fake economy.
Propel and fund into the world the product with sole purpose to pretend, to cheat, to fraud everyone, then to make "open source" version on this, and then to complain that someone stole it from you, to fund and sell even more sophisticated product with sole purpose to pretend, to cheat, to fraud everyone.
This maliciously deliberate hustling behavior, fake it till you make it, feel good, superiority complex, reality distorted, this version of society, a bubble, a community, open source, call it, or wrap it too sell whatever you want it, this all post-post-modern obscenery will be ruin of you all.
Real life Jian Yang?
except this is a vc-funded american company stealing from an indian solo dev
Not really on topic, but since service of startup is free and it has investment - what is monetization model here?
I really hope y-combinator does the right thing and kicks them out.
Doing the right thing only matters when the market rewards it. That hasn't been the case for decades now (if ever).
They didn't even kick the scammers of PearAI
What’s the context? Elon’s Twitter is really a pain, without using an account you only see the linked tweet, without the replies or anything else.
https://xcancel.com/soham_btw/status/1940952786491027886
Thanks, that’s great
Is this from the same Soham that is doing the "job stacking" scam to many companies? These people make the tech HR a nightmare for all others and a big reason for the back to office drive
https://www.theverge.com/news/697846/soham-parekh-startups-m...
[dead]
Maybe they "just vibe coded" it... /s
[dead]
Is this the Soham?
If you're talking about the remote work scammer in the news today, that's Soham Parekh. This is Soham Bharambe. Both are into cheating, apparently...
For those that missed it: https://techcrunch.com/2025/07/03/who-is-soham-parekh-the-se...
The Year of Soham on HN.
Soham the remote work hacker(s)*.
* The extended meaning of "hacking" is required to correctly understand this sentence.
tear him for his bad cheating!
[flagged]
Yeah I don’t think anyone here is going to find your schtick funny either
[flagged]
But… he didn’t? He used the GPLv3 license, which has other requirements. Requirements that aren’t being met by the people who forked the codebase.
But they didn’t. The company violated the GPL by re-publishing it illegally as Apache.
[flagged]
There's actual good reason for that. the X Formally Known As Twitter company has a content weighting system that punishes external links, regardless where the link is pointed to. So apparently Mr. Soham did the smartest thing to give that post the best chance to spread.
BTW, the X Formally Known As Twitter company is not the only one who conduced the world to this, all big names do link restriction. Look what we've become, such nice world :)
If you scroll down in the xcancel link (posted in the same thread), you'll find side-by-side picture comparisons of the code, comments, libraries.
He includes screenshots which (to me) do indicate a certain amount of lifting.
Also the project is open source and the website is at the end of the thread. The website has a GH link in the header.
What more do you want really?
its not the best name tbh, i just made it as a meme but people take the name seriously and that hurts the case
ive posted the evidence in twitter thread link
Yeah, once someone posted a link I could read, I saw that. Bummer, looks like they ripped it off and sounds like they're currently doing the usual backpedal. Sorry your project got the wrong kind of attention in this way, I also (eventually) read into your tone while reading through your repo, and I understand much of it is tongue-in-cheek. It softened my position a bit. Hope you enjoy better luck in your future endeavors.
The appropriate thing would be to revise your initial comment.
What about my initial comment is incorrect?
Edit: Fun fact, I cannot edit my original comment. But over-zealous flaggers seem to have taken care of it on my behalf. Unclear as to what about that comment deserved flagging, I guess raising concerns for the OPs admittedly problematic project is broadly the same behavior as the racist troll account who was previously active in this thread. Well done moralizing my original moralizing. The irony is…well pretty mundane in this case, really.
You could name a project any number of completely weird and absurd and offensive names, and it would have no bearing on the matter at hand, which is that code was illegally stolen and relicensed without the consent of the author. This is not a moral issue.
You yourself admitted that your original comment was harsh after the author responded to you.
> its not the best name tbh
lol, I'll bet you $10 that the name is exactly why they got themselves into this mess. Had the name been something like "meeting-agent" or some corporate friendly name like that, they probably wouldn't have tried to hide it so much.
If you read the post, it has examples
Today I learned about xcancel.
jeers busted, everyone wins
This being on page 2 with 247 upvotes in the three hour time period this post has been up is surprising to me. I wouldn't be surprised if @dang is suppressing it (but I'd also be happy to hear that it's not being suppressed).
It's pretty spineless for the Pickle team to come out and pretend they mistakenly re-licensed GPL code. Hilarious.
> in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache
How can you write a sentence like that in good faith?
The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
This principle goes right back to pg days, and was the first thing he taught dang [1].
That said, it doesn't mean we avoid moderation at all and it doesn't mean the guidelines all go out the window.
Different factors influence the story's rank and visibility on the front page: upvotes, flags, the flamewar detector, and settings to turn these penalties on/off. I'm actively watching the thread to keep it on the front page, as per the rule.
That said, the guidelines ask us to avoid fulmination and assume good faith. Whilst it's fair enough to criticize and question a company when they do something like this, we can also be adult enough to look the evidence before us and recognize that this was most likely a dumb mistake that they've moved quickly to correct.
[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Setting the license text is an explicit act and it seems fairly unlikely for anyone who creates software to think they can relicence GPL code or to think they didn't need to Google it first. Doing something that you meant to do isn't a mistake it's a choice.
It seems more likely that they didn't think anyone would notice.
> It seems more likely that they didn't think anyone would notice.
Maybe, but if that's what they thought (and I have no idea, I haven't spoken to them or anyone else about it), it's very foolish, because this kind of thing will always get noticed eventually, especially if the project becomes successful.
At this point it's a common strategy used by YC companies. Do you remember this? https://techcrunch.com/2024/09/30/y-combinator-is-being-crit...
YC tells founders that one of the fastest ways to kill your company is to base your product on code that's not legitimate to use (i.e., that you didn't write yourself or that is used in breach of its license). That's because it's one of the fastest ways to kill funding rounds, acquisitions and enterprise deals. Not everyone listens or understands.
It even asks (or at least it did the last time I checked) in the application form, if you wrote your code yourself, to raise the issue of IP ownership/licensing from the start.
The evidence clearly shows it was not a 'dumb mistake'
They claim they wrote the whole thing in 4 days. They did not attribute the original author in ANY way.
They clearly showed they intended to steal the authors work and sell it as if they wrote it. YC has just become such a dumpster fire if that kind behaviour is even remotely accepted or called a 'dumb mistake'
Original Author should have put 4 lines atop each source with then as copyright holder. https://github.com/sohzm/cheating-daddy/blob/master/LICENSE#.... I sometimes make GPL and forget that bit too
> The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
Unless you have transparency on flagging and mod actions, these are just your words. And as these events keep happening, your credibility erodes.
This comment [1] from dang a couple of years ago touches on our reasons for not publishing a moderation log, and links to many more explanations over the years.
We're happy to be judged on the outcome, which, in this instance, is that the story has been on the front page for hours and everyone is able to have their say.
> And as these events keep happening, your credibility erodes.
YC has invested in thousands of companies by now and hundreds of new ones per year. That includes many founders who are young and inexperienced, and also plenty from diverse backgrounds, which, now that I've had time to dig into it, seems to apply here. Screwups are going to happen, as in every part of life; the law of large numbers guarantees it. What matters is what people do to make it right.
[1] https://news.ycombinator.com/item?id=37137916
As dang said, presume good faith. It's part of the HN guideline.
Also, "Never attribute to malice that which is adequately explained by stupidity"
YC doing typical YC things
Maybe I’m looking at the wrong repos but both appear to be GPL-3 (or maybe it was relicensed back to original GPL-3?)
https://github.com/sohzm/cheating-daddy
https://github.com/pickle-com/glass
11 minutes ago "licensed fixed" https://github.com/pickle-com/glass/commit/5c462179acface889...
And now they rewrote Git history and that commit is dangling. Wow...
yeah he changed it rn https://github.com/pickle-com/glass/commit/5c462179acface889...
Then rewrote the history and force-pushed so it never happened.
He=you? What's the game here. https://news.ycombinator.com/item?id=44460855
That's the author of this post talking about the other person changing their licensing to match.
[flagged]
They committed the (presumably ripped off) repo yesterday, changed the license from GPL to Apache, and now have changed it back (presumably in response to this thread).
https://github.com/pickle-com/glass/commits/main/LICENSE
Hey I was having an interview the other day, and they had me show my task manager. Is your thing able to bypass that? (just curious)
It will just show a process named cheating-daddy. I doubt any interviewers will think that's suspicious.
Half serious: why do you think a free tool focused on real time gen ai would also have a faked task manager feature?
> why do you think a free tool focused on real time gen ai would also have a faked task manager feature?
So that you don't get caught?
Anyone that wants to have some rights to their code shouldn’t open it. If other people have access to your code, license absolutely doesn’t matter at all.
Some person living in china/russia could have done a similar thing and all you can do to them is complain on the internet. Big corporations could even falsely sue you because “you stole their code” maybe?
Doesn't matter at all according to who?
No matter the license someone can just take the source code and use it however they like unless you have a concrete plan to stop them. I used to feel like licenses actually meant more but seeing a lot of examples of it made me realise this
Hi everyone, this is Daniel from the Pickle team. Glass is a new open source project from us that we plan to build on and improve. We built several original features for it like live summaries, real-time STT Transcript and one-click "Ask" from summary that we're very excited about. However in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache. This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly. We are sorry to the original author of the project, Soham (CheatingDaddy), and thank him for pointing this out. We are also sorry to the open source community for messing up here. Thanks everyone for caring about this.
Hiding the entire history of this incident[1] behind a force push[2] to make it seem as if credit was given and proper license was chosen from the start really displays a lack of integrity, and tells me it’s definitely malicious (which should be quite clear from zero mention of the original project to begin with, but this act reinforces that) rather an inadvertent screwup.
[1] https://github.com/pickle-com/glass/commits/5c462179acface88...
[2] https://github.com/pickle-com/glass/commit/4c51d5133c4987fa1...
I don’t think the rebase is malicious. Would they even be allowed to continue distributing the older commits (where they claim an Apache license) or would that be to perpetuate the license violation?
I'm too jaded to pointlessly debate all the misunderstandings about copyright and licenses. Bottom line is, this case is clearly not going to court, so there's no entity allowing or not allowing them to do anything, the only thing that matters is does this act of hiding enrages the original author even more? My answer to that is yes. Plus that old commit is still there, accessible after a couple of rather obscure clicks, so it's not even taken down if you want to debate technicalities.
I think the assumption that the license.txt in a given revision is accurate an applicable is erroneous. One is expected to follow the license.txt in the main repo regardless of revision.
Absolutely not, if a project relicensed and someone on earth did a git clone with a previous license that gave some specific rights, the previous commits keep their license (or if the license was incorrect you can go to court)
A few weeks ago people on here where mad at a company (Microsoft?) for NOT force pushing the corrected credit of a source code.
You just can't win.
A good lesson that you should NOT do shady shit?
Do you never ever do anything that's wrong?
If so, well, I guess good for you; but the rest of us sometimes screw up. There needs to be a path for redemption. Admit you were at fault, make it right, do better next time.
ETA And, it doesn't matter whether people do the above steps because they "really mean it", or because they're just afraid of the consequences otherwise; any more than it matters, from a societal perspective, if people refrain from stealing or murdering because they're good people, or because they're afraid of being thrown in jail.
There needs to be a path to redemption, yes, but this very clearly isn't it.
They were given a chance to admit they were at fault. They instead bullshitted about “sloppy work”. You just don’t accidentally take someone else’s work, strip their name and brand it as your own, and brag about “built in three days” or some shit.
And even if they handled it very gracefully afterwards, don’t expect everyone to be happy about it. That’s Mashimo’s problem isn’t it, someone’s gonna criticize regardless. No shit!
Btw, I have never ever taken someone else’s work and brand it as my own without credit, or cheat someone in any other way (or at the very least, never intentionally). Thank you for asking. I don’t think that’s a high bar to clear.
> They were given a chance to admit they were at fault. They instead bullshitted about “sloppy work”.
So just to point out, here you're complaining about them not performing step 1 on the redemption path sufficiently well. That's a fair criticism; but I'd point out that the "Just admit you screwed up and don't try to explain because you're just making excuses for yourself" principle is neither so self-evident nor so well-known that it's fair to expect everyone to magically know it.
What Mashimo's problem is that with regard to the "make it right" step, it's really not clear what to do in this case regarding the git history. Do you take it out? People complain you're trying to hide your sins. Do you leave it in? People complain the other way too.
This shows that the right answer is not self-evident; which means we need to cut people slack. It also means that we as a community need to figure out what is the right way to "make it right" when people do a bogus relicensing, so that there's a clear path to redemption.
But your response to Mashimo wasn't trying to help define a clear path to redemption; your response was basically, "If there's no path to redemption, that's your problem, you shouldn't have screwed it up in the first place."
That attitude is only going to harm our community in the long run. If there's no way to redeem yourself, why bother doing anything at all? Just keep claiming rights over the source code and tell the author "so sue me", knowing there's no way he'll get a fraction of his legal fees back. Or, abide by the letter of the law but don't admit fault.
> Btw, I have never ever taken someone else’s work and brand it as my own without credit
So it's, "Some things need a path for redemption and other things don't." And as it happens, the things that don't need a path for redemption are things you've never done.
Whatever the path is - could even be paying or even hiring the original dev - they haven't done ANYTHING in that direction.
You're just having some abstract, theoretical conversation that has no basis in what has happened
> "Some things need a path for redemption and other things don't."
I'm not putting them in jail. I can't even criticize them online? Who's in the way of their redemption, whatever that means? Yeah I'm proud I'm not guilty of shady shit, now kindly get off my lawn with your moral relativism.
you're conflating (obfuscating?) honest oversights with what seems to be a clearly and intentionally dishonest series of actions
No I'm not. I'm not saying there should never be any consequences. But there should be a way to make things right again, even if you did it on purpose.
Well, thus far they've only made things worse by trying to bullshit their way out of it, and not tried to "make it right" in any sense.
I hope the strongest appropriate consequences for this come their way, though likely nothing will happen.
Meanwhile you're just trying to handwave it all away
[flagged]
> This was incorrect and sloppy work […]
You meant: this was illegal and unethical work.
You might be lucky with the original author not suing you. I'm not sure your backers will be equally kind. I certainly wouldn't, depending on what exactly you told your investors we may be looking at straight up securities fraud here.
You meant: this was illegal and unethical work.
But... but... but... Velocity! And moats! And we're VC-funded! Doesn't that mean we can do whatever we want?
> And we're VC-funded! Doesn't that mean we can do whatever we want?
Side remark: Since YC claims all the time that they invest in people, not in ideas, YC should perhaps part from the people behind Pickle very fast, since by their investment YC rubber-stamped that the people behind Pickle are great ones (but not necessarily the product of Pickle), something that YC perhaps does not want to uphold anymore. :-)
Calling it sloppy work is too charitable. It's one thing for others to give you a benefit of the doubt, it's absolutely crazy that you yourself are doing it. It's clear if the other guy did not speak up, you would not have "corrected" the incorrect attribution. Your entire repo uses the work from someone else, and you did not even credit the person who built it until he called you out for the deception.
The correct approach is to license your code as GPL v3 with Soham as the author. It's a simple fix.
If you had any semblance of respect for the work of others and what is right you would sincerely apologize and shut the project down instead of rolling with it.
Or how about an apology to handle it better with the company moving forward, and engage communication with the repo creator to involve him.
Really it's more of the gesture, to set the example, since we've all seen this before, and AFAIK, there haven't been too many amicable outcomes.
You won’t be forgiven unless you restore the license to GPL v3.
You restored the license to GPL v3: https://github.com/pickle-com/glass/commit/5c462179acface889...
You won't be forgiven unless you credited sohzm and state that cheating-daddy is a direct inspiration
I love comments like this ^. It provides a solution to the table, rather than conversing the problem over dinner.
IMO This sounds pretty fair to me. Publicly apologize somewhere, and link OP to it. I like that. Or come on, at least Venmo "the kid" $1000 -- "a kid" who saved you time, and is putting food on your table.
"A kid" whose idea you took and profited on. Wow, just realizing upon writing this -- what if Pickle CEO has kids, and one your kid reads this?
Hard to say that your work isn't derived from a GPL project if you quite openly are reimplementing a GPL project you used at the core of your own project.
> This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly.
There is no fix. Your work is derived and should be/will be licensed as GPL. You do not want to accidentally succeed and then find you have nothing. You are being a smart-ass here.
> This was incorrect and sloppy work on our end
Cut the grandoise talk. You stole someone's work and now you just shrug it off as "incorrectly attributed as Apache". That's not a mistake, that's a deliberate action plan. The force push others have mentioned is the proof. Atleast be honest in your apology.
I hope YC takes serious action and eliminates you guys from their cohort if you're still in one. This reflects very poorly on them otherwise.
Credit the original creator as a consultant and give him equity
Can I ask if this was an LLM mistake?
Ok you crook.
Nice try
looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...
let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
people monetizing something you open-source isn't stealing.
If it was 'just' a licensing slip up sure, but there's still a lot of integrity issues here despite that. The presentation of "we created an open source library to do X in just days" comes across as a lie right?
I feel like ycombinator leads may want to look more deeply into this one. If they are presenting it as something they've achieved that's an integrity issue right?
This is the crux of it all to me. Anyone in the industry knows mistakes happen all the time but the braggadocios nature rubs me the wrong way and spits in the face to those of YC who do indeed have integrity.
It's baffling why someone would do this tbh. It's not like the base project is some spectacular piece of engineering that would be very costly to replicate.
I'm guessing they just looked at it as a jumping point. It probably went something like:
- We know how to polish an electron app
- here is a barebone electron app with an interesting idea
- Can we build a polished UI around this, and give a demo?
The baffling part is, had they just disclosed that, no one would have given a shit. Plenty of demos begin like that: "here is a cool idea we found, here is that idea on crack". is a very common demo pattern. But of course you can't give a shout out to 'cheating-daddy' at YC demo.
It's like a fine student at a fine college, in a class they are doing fine in, then they decide to copy their friend's cover letter because "eh", then they get caught and now what? wtf would you do this?
Like the frog in the parable,[1] people with integrity often struggle when they attempt to understand the motivations of people who cheat. “Why would they cheat in this particular situation?”, they ask themselves. “It makes no sense!” Well they are cheaters. Cheaters cheat.
[1] https://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog
To attach a couple of personal anecdotes to this:
1) I once was in a position where I had root on the linux boxes at a large corporation because I had been a sysadmin there and even when I changed roles, I was never removed from sudoers. Years later there was an accusation that someone had stolen source code and taken it with them to a new job. On its face this made absolutely no sense whatsoever - the system they were accused of stealing was a complete pos in the middle of a complex ecosystem so even if you had it, you couldn’t use it without all the other pieces and in any case, it was old and outdated and just total garbage. Anyway this accusation was somewhat hush—hush so the cto came to me and asked me to just look into whether or not it could be true. Sure enough, there in his bash history I could see him checking out the code and pushing it to an external repo. It made absolutely no sense, but he had indeed stolen the source code to a system that was a total piece of junk. He ended up with a criminal conviction, he lost his shiny new job, his wife left him etc. It was very said and baffling.
2)Second example, fast forward some years and I was working for a saas provider. We had won an initial proof of concept and were negotiating a 5-year, multi-million dollar contract. At the same time, our client asked us to just do a free two-week spike on something unrelated. We had to sign a (different) zero dollar contract to cover licenses, liability etc for the free spike. The same purchasing lawyer was working on both contracts. The usual contracting process is you send the contract over to the other side with some markup and comments, they make some markup and comments, you propose language, they amend it, they propose language, you amend it, eventually everyone agrees and you make a clean copy and both sides sign. While we were doing this for the big contract, we got to the point of signing the zero dollar contract. At the last moment with everything agreed, the other side said they would make the clean copy. They sent it over to us and when we did our final check before signing we found the guy on the other side had meticulously gone through and made a version which accepted all their changes and backed out all of our changes. This required a lot of extra work and could not have been an accident (think cherrypicking commits and fixing all the merge conflicts using only MS Word revision history), and it was on the zero dollar contract so there was no conceivable upside except he could say he “won” somehow by tricking us. All this while we were negotiating the multi-million dollar multiyear contract. It made absolutely no sense whatsoever to do what he did. There is no way to understand why he decided to do it, but he did it.
So yeah, don’t even try to understand why some people do the unethical things they do. Scorpions gotta sting. It’s just what they do.
> looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...
Not fixed, covered up.
> let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
What a poetic formulation? In reality, they deleted history and they put a license that allows the "freedom" to let them monetize the code. I wonder how's the original author more free with this license? How is anyone more free? Sounds like the license was "accidentally" "too free" in a way that only made themselves more free.
> people monetizing something you open-source isn't stealing.
It's, in fact, the precise definition when the open-source project uses the GPLv3 license.
> that was accidentally too free.
You are ignoring the fact that they claimed that they "built it in just 72 hours", accidentally omitting to mention that it's a fork of another repo.
yes, but sublicensing to even permissive ("free-er") license (GPLv3+ to Apache2.0) is a violation of license.
GPL is supposed to viral, if you are using project adopted that, you are taking the risk with it. If you are just changing the license and took the code, that's wrong and need to get an attention. If anyone could go just yoink and relicense the GPL code to other permissive license was "legal", the https://gpl-violations.org wouldn't exist in the first place (i.e. you can just take the linux kernel code and rename it something like "mynux", redistribute in bsd-3 clause and "don't distribute the derivative part").
And they've now orphaned that commit, they're a sketchy bunch at best.
Unfortunately, sketchy is generally rewarded.
I'm starting to sense a pattern with this project.
They've squashed the history to hide their earlier "error". This isn't compliant with section 5a of the GPLv3[1].
"sketchy at best" is a polite description of this pattern of behaviour.
[1] https://www.gnu.org/licenses/gpl-3.0.en.html#section5
It looks like they've squashed everything into a single commit, since there's only a commit on their repo right now that was pushed 28 minutes ago (as of this comment).
That's probably the right thing to do Git-wise, because licences might not be retroactive.
The license they used was less free than the GPL license. Laundering GPL code into projects with licenses that aren't as free is classic copyright infringement.
You're ignoring the part about attribution due to copyright law, see: https://opensource.stackexchange.com/questions/13038/does-so...
From what I understand, it would be a breach of contract at minimum (based on what I remember from past discussions of this sort of activity involving different participants).
If someone else has a better idea of what “forking GPL 3 source code and using a different licence” would be, then please let me and others know.
If you don't follow the license, then you don't have a license to use, distribute or modify the code. So then you get into copyright violation territory, up to $150,000 per infringement in the US if it's intentional.
Sadly in my experience various courts have taken a stance that violating GPL does not cause monetary damages, because the software in question is free.
Can you cite some actual cases?
I somewhat doubt they can since in the US the BusyBox lawsuits pretty much all ended with the infringers settling and paying out, and those that didn’t settle, busybox won[1]. I would think that, and the original artistic license lawsuits (which were decided on by the US court of appeals) established that infringing open source softwaree licenses is a copyright infringement.
[1] https://en.wikipedia.org/wiki/BusyBox#GPL_lawsuits
You can read the text of the GPLv3 license itself; it has a specific provision for this case.
> "Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."
https://www.gnu.org/licenses/gpl-3.0.html
>From what I understand, it would be a breach of contract at minimum
Isn't that the minimum bar for a "business model" capable of attracting VC interest these days?
Realistically this will probably just have a reputational cost for Daniel Park/Pickle. Whether he intended to or not, some amount of people will associate “pretends to make things that he did not make” with him because of this entirely unforced error.
Is the copyright still attributed to the original developer?
no. its BOTH attribution AND license violation.
They cloned (not forked) the repo, removed the history, claimed it as their own, and changed the license. This is not a mistake