I'll admit that I agree with a lot of the post but that I can't fully wrap myself around the cybersecurity situation today, is it basically:
-if code is open source or closed source, AI bots can still look for exploits
-so we need to use AI to develop a checklist program regardless to check for currently known and unknown exploits given our current state of AI tools
-we have to just keep running AI tools looking for more security issues as AI models become more powerful, which empowers AI bots attacking but also then AI bots to defensively find exploits and mitigate them
-so it's an ongoing effort to work on
I understand the logic of closing the source to prevent AI bot scans of the code but also fundamentally people won't trust your closed source code because it could contain harmful code, thus forcing it to be open source
Edit: Another thing that comes to mind is people are often dunking here on "vibe coding" however can't we just develop "standards / tools" to "harden" vibe coded software and also help guide well for decisions related to architecture of the program, and so on?
Like, all together? I'd agree that copyright terms are often much too long, but if you write a book, I'm totally okay with you owning the rights to that and making money off of it for a while.
We need to split "a creation" and "a set of ideas used in creation"
You created entire book ? Sell it for 40 years, sure
But that should not apply to someone taking a tiny thing from it and making their own stuff around it, 10 years maybe.
This sounds flippant, but I agree with it, so I'll expand on it:
"Property" is a useful social tool for managing stuff that is scarce and which can't easily be shared. Food, tools, shelter, land, and so on. Property produces stability. People can count on having their stuff later, even if they're not using it at this instant. That lets them make longer-term plans, which, ideally, result in lots of different kinds of things becoming less scarce.
Ideas and information, however, are not scarce. Any number of brains and storage media can hold them simultaneously. That's not true of a pizza. But for a long time "intellectual property" worked pretty well because the copying of ideas and information required significant effort and materials. Books had to be typeset and printed. Music had to be stamped onto vinyl or written onto tape, which needed specialized equipment. All this made it so that we could pretend that ideas and information were scarce.
Now, that's not true anymore. Our technology has advanced to the point where the equipment for copying information is ubiquitous and unspecialized. We have to face the actual nature of information: It's not scarce. "Property" doesn't work on it anymore.
Which really does leave artists and authors and other intellectual producers in a bad spot, since the time and effort involved in creating stuff hasn't gone down. We have this kind of thing now where it either doesn't exist at all or it exists in such abundance that the adjective is unneeded. How do we economically incentivize something like that?
Personally, I lean towards the suspicion that for some kinds of things, mainly entertainment, we don't need to incentivize it anymore at all. People are not going to stop writing fiction and recording music just because it doesn't pay anymore.
The real jam is in non-fiction, because that costs of making that stuff are higher than just food and shelter for the producer while they're writing. Research often requires travel, experimentation, equipment, materials. How do these get paid for?
>"Property" is a useful social tool for managing stuff that is scarce and which can't easily be shared. Food, tools, shelter, land, and so on. Property produces stability. People can count on having their stuff later, even if they're not using it at this instant. That lets them make longer-term plans, which, ideally, result in lots of different kinds of things becoming less scarce.
Yep
Theres no scarcity to manage here and its more comical the further I look at it.
>Which really does leave artists and authors and other intellectual producers in a bad spot, since the time and effort involved in creating stuff hasn't gone down
Well it may have done with LLMs we arent 100% sure there yet.
>Personally, I lean towards the suspicion that for some kinds of things, mainly entertainment, we don't need to incentivize it anymore at all. People are not going to stop writing fiction and recording music just because it doesn't pay anymore.
You cant copy an experience, people will always pack out stadiums for live music. If musicians wont make music because oops it got added to the gestalt cultural heritage of mankind well they can jump in a lake. And I have talked with tons of authors who have full time jobs on the side. This will only really impact the top 5% or so of professional authors, and force them to be more productive too.
>The real jam is in non-fiction, because that costs of making that stuff are higher than just food and shelter for the producer while they're writing. Research often requires travel, experimentation, equipment, materials. How do these get paid for?
Being the first person who can manufacture something still gives you a decent first mover advantage. It doesn't mean you cant sell your goods at a profit, it just means you have to sell your goods with competition. So less profit. Likewise with Music and Fiction, lots of people want to be first, your first book will sell a lot of copies, the first pressing of your vinyl also.
Honestly it probably means more public sector RND funding is required and not much else.
"Intellectual property" is a hack we put together to make capitalism properly assign value to abstract ideas that we all agree have value, but are inherently devalued by free market forces.
Capitalism by itself is incapable of valuing art and ideas beyond the marginal cost of producing duplicates, which has been on a steady downward trend since the invention of the printing press.
Our economy is increasingly reliant on a class of product that is fundamentally incompatible with how capitalism works. Maybe rather than adding to the centuries old hack that is clearly falling apart, we need to rethink things from the ground up.
What an incredible shallow reading of "capitalism".
Capitalism doesn't "assign value" to anything. It can't assign value to anything.
The value of something is determined only by a transaction. It's not assigned.
The value of something is made apparent only after an exchanged is made. Otherwise there is no "inherent" or "assigned" value to anything. The value is made explicit only after a transaction is made.
Abstract ideas don't really have value. Silicon Valley/Tech, which is perhaps the most ardent and exemplary capitalist industries today, does not assign value to abstract ideas. It assigns value to execution/tangible action.
If there’s no copyright, there’s no closed source. You get their code, decompile/disassemble and reuse as you see fit.
You might argue that doesn't help much if they never distribute that code (only runs on their servers). Here’s the inconvenient truth: GPL already allows that. Anyone can take a GPL codebase, do any modifications they want, run it forever, and never contribute back. You’d need AGPL to forbid that. GPL is only concerned if you further distribute the modifications.
And how does that exactly stop Amazon, Google or Microsoft (heh) from running GPLd software in their data centers and raking in money for hosting products built by poor open source devs?
I'm not worried about Microsoft recompiling bash and redistributing it. Is that a realistic problem for you?
Awesome. If you think that is stopping anyone, here's a challenge for you:
GNU Bash is GPL. You can run Bash (and many other Linux commands) in Windows through Windows Subsystem for Linux. In fact, WSL is a nice example of Microsoft doing embrace & extend.
The challenge: find the Microsoft's published code for Bash.
WSL does not include bash. When you use bash from within WSL, it is using the version of bash that was included in the upstream distribution of linux you have installed. If you are using a Debian based image, to get the source code run the following:
My point exactly (notice I didn't say MS distributes bash - it doesn't, as you pointed out).
Bash being GPL doesn't stop MS from benefiting from it by providing it to WSL users which make WSL more valuable for them. It also (as we talked in the other comment) doesn't prevent Amazon from running a database and charging people for it.
So what's this great advantage of GPL that it would make it worthwhile to keep the entire copyright system just so we could still have GPL?
If you dig around in its origin, GPL was concieved as a tool to "fight system from within system". If there's no system, you don't have to fight the system.
Then why did you ask for something if you knew it didn't exist???
Overall I think you are mistaken about the purpose of the GPL. It does not, nor has it ever intended to prohibit commercial activities. RMS and FSF have been pretty clear about this for many decades. And in fact, they are against the idea of licenses that prohibit commercial use.
The reason that large successful projects like Linux are so capable is not because it has a price tag of zero (and it often does not), but because of the feedback loop created by the viral-nature of the software license.
The vast majority of Linux is not a volunteer project -- but software developed by commercial software engineers who are being paid by a company to write software. Before copyleft, the idea that they would voluntarily share source code was laughable. The only reason they do is because they are legally required to do so.
This viral nature of copyleft creates a positive feedback loop:
1. Company uses software because it is free and solves a problem
2. they need a modification so they make it
3. they contribute back to the project because it is required by the copyright license
4. the project becomes more valuable at solving more problems that other companies have
5. Go to step 1
Breaking this feedback loop would put companies back to their natural state of not sharing. The result is that the software landscape would start to look a lot like the 80s and 90s again.
Without copyright, copyleft would not exist. And without copyleft, Linux would have been a hobby OS that died out in the early 90s. We'd be using things like Windows Server, Unix, etc. And to protect their business in the absence of copyright, they'd have heavy DRM schemes, obfuscation, cryptographic licensing, etc.
This entire comment is completely backwards. Linux gained momentum first, then it was adopted by the wider industry.
It's much easier to upstream your desired changes than maintain a separate fork (closed or otherwise) long-term. Additionally, many of the contributors have been using it for own servers, not required to contribute back.
Things like NVidia and other closed drivers show you can bolt a non-open part to the GPL code if you try enough.
> And without copyleft, Linux would have been a hobby OS that died out in the early 90s. We'd be using things like Windows Server, Unix, etc.
This ignores the entire existence of FreeBSD, NetBSD, OpenBSD.
> they'd have heavy DRM schemes, obfuscation, cryptographic licensing
This ignores the existence of heavy DRM schemes, obfuscation, kernel-level anticheat spyware, criminalisation of copyright-circumvention schemes, etc.
At this point, I think you're just trolling, so I'll stop here.
> It's much easier to upstream your desired changes than maintain a separate fork (closed or otherwise) long-term. Additionally, many of the contributors have been using it for own servers, not required to contribute back.
Then why is ~75% of the kernel from corporate commits today? You think large tech companies just started to become coincidentally generous with the advent of Linux?
> This ignores the entire existence of FreeBSD, NetBSD, OpenBSD.
The BSD are quite niche in install base and highly rely on GPL'd ports from Linux.
And, by far the most popular OS in the BSD family tree is MacOS, which is primarily closed source.
> This ignores the existence of heavy DRM schemes, obfuscation, kernel-level anticheat spyware, criminalisation of copyright-circumvention schemes, etc.
I'm not ignoring it, I'm telling you that would be more common, if you remove the all of the other mechanisms by which a company could choose. Without any legal controls whatsoever, the only option to control the use of a company's software would be through technical means. Removing other options would be incentivizing this.
Why? People are currently free to release all intellectual rights to what they release, so in theory these is already a intellectual property right free marketplace and people that want to create under that model creating.
Lengths just have to be reasonable, comparable to time in production (median of salaried employee-hours / median # of employees over the period) of the average item in a class. The vast majority of the private value is captured well within that time. It also keeps people honest and discourages rentseeking that isn't tied to labor.
Ownership of intellectual property still matters, but right to copy&modify shouldn't last that long. It isn't hard to imagine another system of IP rights that provide value to the creator but not to the expense of society. Disney used public domain to build it's foundation then pulled up the ladder. Disney's market cap is lower than the damage longer copyright has caused, it's already been trillions, hundreds of trillions looking into the near future.
I think land ownership should be abolished. That'll never happen for a lot of reasons, but it's highly unethical in my opinion. Ignoring who the land was stolen from to begin with, I also feel that it's looting the future, land ownership often being generational and severely kneecapping society from making better, more productive use of a finite resource as its needs change over time.
I do not think intellectual property should be abolished outright, because I can't think of a reliable incentive structure constructed entirely from the social interest. I do think it, particularly copyright, should be severely curtailed, however. Companies exclusively controlling huge swaths of popular culture for 90 years or whatever basically amounts to theft from the public commons, in my opinion. If you're going to replace folk culture with Mickey Mouse, then we ought to own a bit of that, more quickly than is being done.
I have no issue with personal property and actually think it should be strengthened. Consider the right to repair; the right to run the software we choose on the devices we ostensibly own; the erosion of our ability to freely trade, share, and preserve increasingly digital products; stronger enforcement of Magnusson-Moss; infringements of our privacy in an online world; and so on.
I feel this way too, HN has a lot of negative posters for some reason, I'd really like to find another forum with a better vibe or see the vibe improve here
Reading about Gas Town has been fun, it's definitely an experiment and may not be practical and doesn't have to be; it does seem to be a possible correct vision of the future of coordinating agents to code with (it's just not fully there yet as it is on the cutting edge of seeing what's possible)
(btw I've been wondering the same thing as you and am not sure if there's another answer besides that he and people following his projects keep building projects on their projects: Beads, to Gas Town, to Wasteland, etc.)
To me it just sounds like eventually someone will figure out how to make vibecoding more reasonably secure (with prompts to have apps be looked at for security practices?)
unless cybersecurity is such a dynamic practice that we can't create automated processes that are secured
Essentially a question of what can be done to make vibecoding "secure enough"
You don't want some gatekeeping on who will be doing surgery on you? You do obviously, and medical malpractice is a good thing if there is a problem.
Why don't you want the software engineer building your pacemaker or your medical CRM (or any other job where your immediate security is engaged) to have the same kind of verification and consequences for their actions?
It's mostly the problem of required regulations, so no we don't want mandatory gatekeeeping on surgeons as this is for example leading to doctor shortages
It's fine to set up voluntary standards and choose surgeons you think live up to those
So we want to enable more people to be able to create for example pacemakers because of things like Linus's law, "Given enough eyeballs, all bugs are shallow". If we exclude "non-professionals" from the process of creating "professional" products, we tend to have less participation in the process of innovation and therefore get less innovation
But there is already mandatory gatekeeping of surgeons? They went to medical school for so many years, and they are liable to malpractice if they don't do their job correctly.
Engineering is the same. They sign building plans with their names and may be liable for damages caused by gross negligence.
Why shouldn't any self taught "software engineer" be liable for damages they caused due to negligence?
If we had to sign off builds of critical components (like a pacemaker to stay with the analogy), there would be way more pushback against malpractice in the development process.
Of course not all software projects require that level of rigor, but for medical stuff and I'm sure a lot of other fields, it should be mandatory to have at least one qualified engineer that is ultimately responsible.
1. 99.999999% of software is not equivalent to "doing surgery" so doesn't need gatekeeping. I work on free, open-source PDF reader SumatraPDF. What kind of authorization should I get and from whom to ship this software to people?
2. pacemakers and other medical devices have to get approval from the government. So that's covered.
medical CRM software is covered by medical privacy laws which does what you say you want (criminalizes "bad" software) but in reality is a giant set of rules, many idiotic, that make health care more expensive for no benefit at all.
Adulterated food products, shoddy construction that burns like paper or crumples in an earth quake, snake oil medicine, etc. are well attested in underdeveloped nations and in history at scales far above what we see in societies with the kinds of professional bodies we’re talking about.
That said, the reality is that this safety comes at a cost, both monetary and in terms of “gatekeeping.” And many people would be fine (on paper) increasing risk 0.05% in exchange for 20% cut in costs or allowing disruption of established entities. But those 0.05% degradations add up quickly and unexpectedly.
Equating gatekeeping of professional bodies with grifting suggests you have no experience of why we have professional bodies in medicine or accountancy or civil engineering (to give just a few examples).
reply