this post was submitted on 21 Apr 2026
61 points (100.0% liked)

Free and Open Source Software

22290 readers
80 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
Gaywallet@beehaw.org
alyaza@beehaw.org
61
This AI Tool Rips Off Open Source Software Without Violating Copyright (www.404media.co)
submitted 2 days ago by artifex@piefed.social to c/foss@beehaw.org
27 comments fedilink hide all child comments
 

Malus, which is a piece of "satire" but also fully functional, performs a "clean room" clone of open source software, meaning users could then sell, redistribute, etc. the software without crediting the original developers. But I have a hard time with the "clean room" argument since the LLM doing the behind-the-scenes work has already ingested the entire corpus of open source software -- and somehow the output of the LLMs isn't considered a derivative work.

you are viewing a single comment's thread
view the rest of the comments
[–] Gladaed@feddit.org 1 points 22 hours ago (1 children)

My issue with viral licensing is that it means you got to rewrite the code or use another product. Also software bom is a hassle.

Some advanced manufacturing techniques rely on advanced software. So does infrastructure which is often only secured by obscurity. Also all software is filled with vulnerabilities which can get easier to exploit if you have access to the source code.

[–] Senal@programming.dev 2 points 21 hours ago* (last edited 21 hours ago) (1 children)

TL;DR;

Sounds like a bunch of organisational issues using licensing as a scapegoat.

Again, not giving an opinion on FOSS licencing pro's and cons, just on the implementation of licensing in general.

My issue with viral licensing is that it means you got to rewrite the code or use another product.

Or...comply with the licence.

but yes, that's entirely the intention of a licence.

You can use this thing as long as you adhere to the rules set forth, if you don't want to then feel free to create your own or find something with a licence more to your liking.

They aren't forcing this on you, using these products is optional.

Also software bom is a hassle.

Absolutely.

However, that feels more like a procurement/evaluation issue.

e.g : "is bringing in this open source, viral GPL audio processing library worth the trade-off of dealing with the compliance vs paying money for a similar commercial product (or building our own)"

Some advanced manufacturing techniques rely on advanced software. So does infrastructure which is often only secured by obscurity. Also all software is filled with vulnerabilities which can get easier to exploit if you have access to the source code.

That sounds again like a person or persons have royally fucked up their evaluation/procurement duties when selecting the components to use in the building of the product a, quality/security/systems design issue rather than a licensing one.

if complying with an open source license causes a product to become a danger to the public, many people, at many stages, have utterly failed to do their job.

Also,i'm sure you know this, but security through obscurity is a poor systems design choice in almost all scenarios.

As you say though, it does happen in the real world.

In those cases someone needs to wear the grown up hat and evaluate the options available, such as removing or replacing the component that requires opening up your source code, or evaluating the trade off of how severe a risk opening up the source code is vs the costs involved in replacing it, or even the potential legal liability of just ignoring the licence.

If you can't afford any options then your product isn't viable ( in an "everybody follows the rules" kind of scenario, at least).

[–] TehPers@beehaw.org 1 points 20 hours ago

Also,i'm sure you know this, but security through obscurity is a poor systems design choice in almost all scenarios.

The only time I can think of from the top of my head where obscurity aids security is when secret keys are kept obscure. This isn't even what people mean by "security through obscurity" though, so I'd actually beg someone to give an example where obscurity is actually beneficial to security and doesn't just give a false sense of security instead.

That's not to say everything can or should be open source, of course, just that relying on it being closed source for your application to be secure is a good way to open yourself up to attacks.