The clone now has more stars on GitHub than the original work, CheatingDaddy. What's funny is that in a week, most likely nobody will remember that the code was stolen, thus Pickle will probably be fine with their new, shiny, popular project, which will be featured in GitHub Trends.
It's the same with another Soham, who was moonlighting for years. I would not be surprised if he starts a company soon, given the fame he has gained.
I've seen this kind of thing happen even with very small projects, where there's no marketing department or business goal attached. I've seen attempts to erase the history of forks, projects repurposed from others in order to retain GitHub stars unrelated to the repo's new purpose... not for a supply chain attack or something like that, but out of sheer vanity. Sometimes I see people talk about those projects on HN, and if you weren't there when it happened and very interested in some very niche software at the time, you'd never know.
You could say that is just a coincidence, and it's an obvious idea that anyone could have had.
But then again, also around that time, a sibling component for the configuration language was featured on "The Changelog" (then, a very popular website featuring interesting projects).
If it weren't Alan Kay would be a household name and Jobs would've crashed out, Microsoft would've been a never been and amazing Xerox would be the tech juggernaut instead of copier washout.
One starts to wonder whether the LLM vendors laissez-faire approach to the legality of ingesting copyrighted / licensed material will start to infect the industry in general?
I think it will push opensource/ free software hackers to close source their code because it is being used to feed LLMs. Similar to how allot of hardcore free software proponents don't use Github. Is closed source the future?
No. I don't believe that. I personally want my code to outlast me and help people in the future, but I don't want allow anyone to just scrape it, strip its license and use for whatever. I use (A)GPLv3+, because I believe in "Freedom for the user", not "Freedom for the developer" which permissive licenses provide.
My code is not free labor for anyone. It has conditions attached.
From an open source software perspective, I don't understand the feelings around LLM ingestion.
The models isn't generally recreating your software, but might be spreading your way of thinking in pieces.
I get it from the artists and to a lesser degree, writers. I just don't understand it from software projects.
I guess if you think of it as something to replace you, but since you are already a creator, it is also a way to unlock much greater capacity for turning your ideas into solutions.
I, for one, deserted GitHub, and do not use for anything else personal anymore. I'm not against permissive licensing, but all my code will be (A)GPLv3 or later.
A particular project I'm working on will be on a private Git server until I complete and open it as a package. Even after that, I might keep the development closed and release tarballs only (aka Catherdral Model).
All code I write is also AI-Free.
It won't be possible to trust in people for a long time, it seems.
Ya, I custom coded our startups entire bespoke sensor array and smart systems. No AI. It was build before LLMs gains the traction that we see now. I tested several models to see if they could build the same. They can't yet.
My code will never be publicly available. That's a key trade secret of our business. When investors and others tell us that someone else could build it, I let them know that they could build their own, similar version, but it wouldn't be what we have.
We've verified that by having friends and family, some of the best coders that we know - Stanford, MIT, and other CS alum, as well as top FAANG programmers - try to reproduce it. It's always something done in their own style that doesn't do the job as it needs to be done (they work ok, but they all miss some key crucial parts of why our system succeeds at what it does).
GitHub is good for those looking for a job or to share their projects openly. I wouldn't even trust a private repo. Everything is either on systems and servers that we have control over or in my head. As we grow and scale, we have a roadmap for how to keep control over those trade secrets until it's time to pass off the company (if we do). At that point, I'm confident that whoever takes over will realize that this will be like the Coca Cola recipe, or any other trade secret which could be reproduced but not necessarily in the same way. (Knowing the history of that recipe and what others have created that tastes identical, it's more apocryphal and maybe not a perfect example, but you get the idea).
Anything controlled by another company is something out of your hands. Pick and choose wisely where you keep your stuff.
Stealing ideas has been the name of the game for a long, long time. It doesn't have to be like that. We just spent $50k defending one of ours, which yields no ROI unless we pull through and make it a reality. If someone has - money, sales and marketing skills, or other business competency, of course they'd rather steal than invent their own thing or invite the dev on board.
Again, this doesn't have to be this way. Either Y-Combinator needs to boot the thiefs and invite the original dev, the thiefs need to invite them in with a fair equity share, or else we continue to perpetuate this culture. And, I agree with others, creatives have already become more and more afraid of sharing their work and having it stolen. Ours was covered with a bullet proof contract that the other party presented us with. We also have a patent pending. Neither of those stop someone from stealing from you and it's your job to protect your IP (and money). It almost bankrupt us... but because it was their contract, our lawyer constantly was scratching his head since it was a slam dunk case.
Steve Jobs and Apple stole the UI from Xerox, Tesla wasn't Elon Musk's, and you can go down the list. Look up the history of Arduino and wiring. I have no problem buying Arduino knockoffs because of it. (The two profs that didn't give their grad student attribution have a history of stuff like this as well as infighting)
But it doesn't have to be like that, it's our choice to continue perpetuating it and it will lead to emergent properties that people won't like. The question is: how long can the party last for investors, incubators, and thief startup founders in our highly connected age?
Instead of waiting to find out, I hope that Y-Combinator and associated investors pioneer a better culture of rejecting these people when they find out and promoting the actual creators. Michael Seibel talked about the best creators not being the best networkers back at startup grind 2019, and that the old model of investing is broken. 6 years people. (I've been building a network of us who are expert at going out and finding the best creators, but it would be nice to have the resources and platforms of larger institutions).
Why don't we promote the actual creators OR pair those good at identifying the opportunities and pitching and marketing them. That would be WAY better, and everyone wins while making a better, long term sustainable culture and model.
I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Do you owe everyone you have ever read a royalty for influencing your writing style or voice? How about for all the other things you have leaned and become competent in?
There is a bigger issue here that is related to what humanity actually is and how we have been abused for many decades and several generations now, to the point that the abused generations have become the abusers of future generations simply because they are mentally trapped, addicted even.
A good uncontroversial example of this may be the excessive and deficit spending of governments, all based on what otherwise would be considered loan fraud, which is called national debt. It is used to keep perpetuating this system we call an economy because it has been so “successful” over ~100 years of “line go up”, solely because everyone wants the gravy train of reckless good times to continue forever.
Unfortunately for some generation of the future (maybe even our own), it simply cannot go on forever, so it won’t, because it is by definition unsustainable. But the goods times and “success” everyone sees everyone else having, keeps people from stopping the insane and utterly suicidal process of not only consistent, but accelerating addiction to every greater deficit and debt loan frauds called the national debt. It isn’t “Trumps fault” it “Biden’s fault”, or any other totem that can excuse or own actions. These are forces we don’t even understand any more than we are blindly changing at breakneck speeds. And if anyone tells you they understand these forces they are simply lying, when we cannot even understand the most basic concept of the fact that there is no alternative to this planet… as we destroy its ecosystem that produced us at ever accelerating speeds, in millions of different ways.
It’s quite similar if not the same as any other process we call addiction; we know it will cause ruin, yet we cannot extract ourselves from the endorphins, so we just keep lying to ourselves.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
That's because you have either not read enough or have been dismissing the very sound case: Scale.
In law, scale matters. It might be legal to possess a single joint while at the same time being illegal to possess a warehouse of 400 tons of weed.
Now, at least, you cannot say anymore that you have not heard a convincing case for why ingesting every single piece of work by an artist with the intention of out-producing them is a bad idea.
You have heard at least one, supported by precedent in law in multiple jurisdictions.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Humans don't read other codebases en masse. Hell, I haven't read the entirety of our own codebase. I learned by doing, from books (that I paid for or legally borrowed), and yes, by looking at a small amount of other people's code (permitted by the respective licenses).
Humans are not remix machines, AIs (currently) are.
The only difference is that the people getting upset about this stuff is money. They hate the idea that someone is making money off their work. Even if the sum of their work amounts to a penny. They're just angry.
In 50 years they'll be useless anyway when computers are just plotting every iteration and combination of 1's and 0's that might be.
I too see no difference in machines learning from the works of others than man standing on the shoulders of those before them to reach higher plateaus.
Your base assumption that humans looking at restricted code bases and then working on competing products is OK is flawed. That has always been something you'd have to be very very careful about to avoid law suits for anything you inadvertently copied. Clean-room design is a thing for this very reason.
This isn't just a license compliance issue! Even if it were compliant with the license, like if the license has been a permissive license with no attribution requirement, this is still sleazy and plagiaristic behavior. Sometimes (often!) what is right exceeds the legal bare minimum.
Sorry for your story. In those days open source is REALLY HARD. Put your github link here and we will support your project by starring you and spreading your project. You definitely need to fight back.
As an interviewer, I'm seeing a huge increase in proportion of candidates cheating surreptitiously during video interviews. And it's becoming difficult to suspect any wrong-doing unless you're very watchful by looking for academic responses to questions.
Why would anyone encourage building such a tool, I can't fathom.
From my experience in 10+ tech companies, the biggest difference between bootstrapped and VC financed is, with money you can do illegal things and pay the lawyer.
Software Freedom Conservancy is currently suing Vizio. The interesting thing about this lawsuit is that it aims to make it possible for any recipient of GPL code sue for compliance, instead of requiring the copyright holder to sue.
It's always possible to try, especially as it seems there was a technical violation here, but whether it's worth it or likely to gain enough legal traction to yield results is another story, especially in instances of "your AI generated boiler plate looks like my AI generated boilerplate, and therefore is theft"
I'm seeing it too. I think it's not about rewards, but punishments. A lot of people have (or perceive that they have) a lot less to lose in this economy.
Well, there are no consequences are there? Or at least no precident of consequences of such behaviour. My hope is that folks like this always lose out in the long run but I'm not so sure anymore...
The highest jobs require these days a proven track-record of corruption. You can‘t blame young startups wanting to take the first step on that ladder. At the end of the day we are living in a merdeitocracy.
My observation is that HN intentionally downranks highly commented threads. I used to think of it as unfair, but now it truly makes sense, considering:
- Posts with high comment-to-vote ratio often have political, scandalous or other kinds of heated themes
- Highly popular/engaging posts already act as self-amplifying snowballs
- High-volume discussion triggered by emotions is hard to navigate, is repetitive, and attracts the dumbest trolls even in HN
- The truly important topics tend to become visible anyway
If anything, the statistics actually suggest these articles were weighted the other way around. tmux-rs stayed on the frontpage much longer than it logically should have, especially compared to this thread.
...in any case, what's the "joke" about this? GPL violation is very serious, Tesla was forced to publish a substantial amount of proprietary code after a similar infraction.
That was my point / what the joke is: it appears to be down ranked (or it’s a comment thing as your sibling points out), it’s serious, and it’s a YC company.
1. forked repository of the Albumentations library (15k stars, 5 Million monthly downloads, MIT license) and called it AlbumentationsX
2. changed the license of the fork to the Dual (restrictive AGPL to be used for free and permissive commercial if you buy license) => it is unlikely that it is legal to use it in your project as noone wants AGPL project in the list of dependencies
3. Arhived albumentations repo
---
People use albumentationsx (I can see pypi download stats + telemetry), but zero licenses were bought.
----
Coming back to the original post - what surprises me that they forked, but did not try to rewrite with LLMs. LLMs may not be that good writing complex functionality, but in rewriting something they are quite good.
In this sense, all open-source licensing is not as useful anymore as rewriting the code so that there is no way to proof the plagiarism is the new reality.
---
Looks like the future is:
- closed source code
- open source developed by companies that want to use it for lead generation
And it has the same fake excuse as usual "Since this was our first OSS project, we didn’t realize at first."
He sure discovered this new open source thing and it's very confusing. It's not like it's almost 40 years old at that point. I'll never understand people who lie like toddlers.
Because this is how the current corporate world works. It's all about appearances, someone can do whatever bad thing, will go on and say "upsie, I didn't realise that X is bad, it was an honest mistake" and then all is good, the person actually reporting it or signalling it out will be the bad one, for being critical, aggressive, not constructive or open minded.
It's funny these "founders" only use this hollow excuse with open source licensing, you never see "since this was my first company, we didn't realize taxes exist"
> you never see "since this was my first company, we didn't realize taxes exist"
Taxes are a nitpicky example, but indeed in Germany where everything is full of regulations and red tape that only some bureaucrats understand, there indeed exist founders who argue this way for these convoluted laws:
I do not know what is wrong with software engineers. This is theft (or whatever the lawyers says in the IP law) and now stating: Ooops we did not know, our bad, we keep it till we have found a replacement. Mistakes happen also in real life, but libraries is a common thing, like cars standing on a street. You do not accidently steal a car.
Software Engineering is more than coding. Basic license management incl. library vetting is part of it. If you decide to ignore that, you do not run a business enterprise, you run a criminal enterprise.
> Basic license management incl. library vetting is part of it.
This depends on whether you consider Compliance to be part of software engineering or a separate discipline. At least in most companies the compliance department is different from the software development/IT department, because the necessary skills are very different and barely transfer.
This incompetence excuse puts YC in a bad spotlight too, because it makes them look like they are funding people with exact zero software development experience.
TBH, I know plenty of people with software development experience, who I think are genuinely pretty good at converting ideas to code, but who wouldn't have any idea what Apache or GPL mean.
This situation truly enrages me and is likely the reason (IMO) why talented programmers (today, in 2025 versus, 2008-2013 where small founder startups thrived at places like 500 + YC).
Quite ironic how YC touts technical founders > "non-tech" ones -- when acts such as this strip ones chances of wanting to become one, or even continue showcasing their talent publicly on platforms like GH.
It wouldn't matter if they wrote a program to automate stealing other people's content. If you strip a GPL license off a program you redistribute, you're breaking the law.
The founders who built Glass don't complain about cheating. Rather, the developer of https://github.com/sohzm/cheating-daddy complained of copyright infringement of his code by the developers of Glass.
While copyright infringement is clealy legally wrong and developing general software is not, I do agree with GP that one should, morally, perhaps not complain about "cheating" the legal system when the infringed application itself is meant for cheating.
Legal correctness does not necessarily imply moral correctness.
They complained of license violation, not copyright infringement. There’s a big difference. The original license already granted the rights for anyone to copy the code, so the question of copyright infringement isn’t really on the table.
Over the last decade or two, the builder/hacker ethos has seemed to shift towards this grifter, money-over-everything attitude. I’m sure there’s a lot at play (crypto culture, VC self-selection, the attraction of ‘easy’ high salaries), but I’m sure it’ll get markedly worse with ai tooling and the any-publicity-is-good fomo marketing that’s taken over the startup scene.
My take is both OP’s tool and the blatant plagiarism of it are examples.
Yeah, most VC founders on twitter are annoying and not worth following anymore. It used to be inspiring to follow some of them many years ago, see them build a cool product and sharing learnings. Now it's all just promotion, straight up lies, and their personal brand comes across as more important than actually building something. The "learnings" shared are now more tailored to go viral than actually help others etc.
Because I loath Nouning Verbs and Verbing Nouns, I'd really like "learnings" to always have an implied or explicit set of quotes and mean vaguely defined and not necessarily ethical stuff.
There's a perfectly good noun, "lessons" and a verb, "to learn" that, when combined, provide everything "learnings" does, without the pretension of using a verbed noun. It's like "diarize" and other even worse monstrosities.
Sorry to this poster, no personal attack intended, you just pushed one of my pedant buttons.
We actually have a real enterprise application we developed ourselves. We are ramen profitable. Getting a boost from YC would be amazing to take us to the next level.
How does this trash get supported by YC so easily and real stuff doesn’t get a chance?
I’m sure there’s much more we don’t know about. They just didn’t get caught. Yc used to have this reputation of being one of the good guys but I guess nothing is really immune to corruption.
The company is called "cluely". Go to their twitter page and see the posts and promo videos to get an idea of how they market their product https://x.com/cluely
To a casual outside observer the quality of the companies YC invests in seems to have absolutely cratered. Have they just given up on vetting and switched to a throw money at everything approach?
Isn't that a very outspoken objective of YC, to fund people, not ideas? Long time ago I caught up to what YC is doing, but even when I first joined HN back in like 2013 I think the whole "Fund people, not ideas" shtick was already explicitly what they were doing, unless I remember wrong.
They expect you to come up with an idea or a business and explain it to them and show your progress. Of course one may say that those things reflect you as a person but so does stealing and relicensing code.
I'd say they have historically aspired to active informed selection and then accepting that out of that portfolio many will fail cause that's how VC goes. That's not quite the same as buy everything.
To be sure, there's nothing wrong with the idea that modern computers and distributed computing techniques can handle streaming updates for a significantly higher scale of concurrent same-world users than prior-generation MMOs. But clearly something unexpected happened here, and while I completely understand the lack of a public post-mortem, I hope that YC has examined why its mentorship model and community were unable to set up this team for, if not success, at least having greater integrity in its relations with its userbase.
Doesn't this happen all the time with Ultralytics yolo code? They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
Please correct me if I'm wrong, but is the license also viral if there's a network connection involved? i.e. I run the code in a container with a little network interface added ?
And yet Microsoft have release code with different licenses that make's use of Ultralytics code.
I potentially would be interested in using these wildlife detection models in a commercial (Not open source) context but simply don't trust the claim that it would be okay to do so, sounds like a big business risk to me.
What is the opinion of the community of the MIT licenses associated with PyTorch wildlife from Microsoft okay to use in a closed source commercial context? Microsoft have put an MIT license on this, but their code does imports of ultralytics libraries, which I thought were AGPL.
Note: The GPL 3 license from the official yolov9 differs in this, it must be possible to run the same code on the platform, but your usage may be closed source.
> They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
It doesn't work like that.
The code linking with AGPL code needs to be AGPL (or compatible license) to comply with the license.
That doesn't mean that if you link some code with AGPL code it automatically becomes AGPL. It just means it doesn't comply with the license and therefore does not have the right to use the AGPL code.
The remedy to a license violation is not necessarily complying with it. In fact, I've never seen a case where a company using (A)GPL code in such a way was ordered to release their own code with that license. Generally, they have to simply remove the (A)GPL code, pay some damages and that's it. If they want to keep using the AGPL code, then they of course would have to comply with it, but that's their decision at that point.
I really like the work that Microsoft did with Pytorch Wildlife but not brave enough to trust the MIT license they put on their code that uses Ultralytics code and all attempts to check if it was okay for them to change the licenses seem to indicate that they may not do this.
Love to know for sure. Maybe someone from Ultralytics can point out their view on this?
What specific kind of "linking" is happening here?
If your code is 0% derived from GPL/AGPL code in a copyright sense then there is no virality and you can generally use them together without license worries if you're careful about how you link.
You are joking but that's exactly how it works as long as you are a company (and the bigger/more connected it is the better).
Don't pay your debts as a person: you quickly get hit with fees, chased by collections, etc.
Don't pay your debts as a company: sorry, it was merely a clerical error by our accounting department. Nothing to see here.
Lie and profit from it as an individual: that's called fraud and could land you in jail.
Lie and profit from it as a company: sorry, our website/documentation was out of date, our CS clerk was wrong and has since received additional training. Nothing to see here.
There’s a reason they ask the question about describing a time you “hacked a system to your advantage” in the YC application. They have always selected for founders who are willing to take advantage of legal and ethical gray areas. Reddit created fake users and farmed content from Digg, Airbnb scraped listings from Craigslist.
There's an argument to be made that, even if it's an open and shut violation, if enforcement is nontrivial and a vanishingly low risk, it still pattern matches as "grey area" in terms of risk.
Not at all in favor of the person stealing someone else's code and slapping a new name on it in violation of the license, just that I think I see why people might list that as matching the same intent as a question like that.
I've had similar happen to me by company out of Paris, France lol. They yoinked the backend out of my OSINTBuddy project which is AGPL licensed then tried to get me to work with them where they were going to sell access without also providing the source code
As OC i would do that giant rewrite and add vulnerabilities - either they do a funny portation rodeo and get zero dayed all day every day, or they are at least cut off from free work.
The author could bring the company to court for license infringement, it's an easy case, they (the original author) could easily bring home some of those sweet sweet YC vc money.
They spend a hundred grand on getting a lawyer, the company instantly declares insolvency, and then Glasss (With 3 s's - Completely unrelated to the previous one) does the exact same thing.
I follow a bunch of YC founders on X. Lots of behavior that could be construed as 'growth hacking - or 'deceptive' depending on your bent: promoting open source libraries that don't work, rewriting tweets from smaller accounts, coordinated replies from mutuals and so on.
I guess that's the game, but they do seem a lot more cavalier about it of late. Increasingly resembles the crypto 'community' (derogatory).
The easiest way to check for integrity and ethics is if the startups YC finances routinely run afoul of YC's ethics code or the law.
If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again. If breaking the law isn't an automatic termination of the collaboration, it takes you to the same conclusion. If YC explicitly supports the startups when knowing about these problems, or implicitly by skirting due diligence and turning a blind eye, or accepts startups having no commitment to an ethics code, then ethics or integrity are not core values, or even are completely absent.
There are more nuanced topics and methods but if it doesn't pass the smell test with the basic ones, it won't pass it with any.
This was of course a calculated move. The founders of Glass are not that stupid. They knew the original author would complain in the loudest way possible and cause a viral outrage, which would give them a ton of eyeballs and exposure.
Engagement hacks, outrage, eyeballs, distribution, attention at all cost. Welcome to tech in 2025.
The classic playbook: copy an open-source project (or just vibe-code something similar), slap an open-source label on it, and toss in an unproven design system / framework (like Liquid Glass) to give it a shiny veneer.
Less about building something meaningful - more about manufacturing hype in hopes of catching a trend before it crashes!
Is it me, or "founders" are actually FREAKING dumb?
Why people continue to give them money, and praise their "work"?
Instead of making (indirect) ads for them we should publish their name and the company's name into shame publicly, and let their reputation die slowly...
I have no respect for them, and you should not too (if you care about justice).
Most of the time ROI is still bigger. You would think that some ”evil”companies would be dead but stock price just keeps increasing. Imagine what Facebook would be if they had good morals?
Here you are OP, a little closer to idiocracy by your own actions and by HN zealots here, and all you SV tech bro wannabes who participate in this day by day ever more fake economy.
Propel and fund into the world the product with sole purpose to pretend, to cheat, to fraud everyone, then to make "open source" version on this, and then to complain that someone stole it from you, to fund and sell even more sophisticated product with sole purpose to pretend, to cheat, to fraud everyone.
This maliciously deliberate hustling behavior, fake it till you make it, feel good, superiority complex, reality distorted, this version of society, a bubble, a community, open source, call it, or wrap it too sell whatever you want it, this all post-post-modern obscenery will be ruin of you all.
Surely you can’t be too surprised. The market is pushing for move-fast high polish, speed over substance. You can just do things, move fast and break things, etc. Velocity is the moat, indeed.
This is the market YC is breeding. When these guys float to the surface, what did you think would happen?
YC, you’re one of the greatest generators of value ever. Do better.
the backstory that explains it is the same silly con valley bullshit as always: low quality people doing low quality work and hyping the ever loving fuck out of it for some dumb vc bucks.
In a general sense, open source theft is bad, obviously. I have trouble feeling bad for this specific case though, given that it is a tool for cheating in interviews and tests.
I made an OSS tool to help you cheat on your taxes, screw your business partner, or ensure your ex wife cannot see the children. Someone stole the source and is backed by a major VC firm. Is the thought different at all or exactly the same? Just raising the question.
I'd be happy for a platform that encourages and facilities cheating to disappear and not be used anymore. So, on that front, I'd agree. As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
> The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
This is a fair point. Just to clarify, I still think open source theft/license violation is bad and should not be happening, even to a scummier project like this.
> As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
A new product with four wheels that is used to transport people from A to B is a amazing new development! Some new 4 wheeled death machine to drive through crowds of people is an detriment to society.
The original product actually sounds kinda cool, but selling it as a cheating aid is incredibly low-value, and we'd be better off without it.
Things like this are why I have become disillusioned with Open Source, and why latest projects have been closed source. The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce. If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
Well, if you're writing open source because you want to write open source, then none of this matters. If you are worried about corporations stealing your work, that should drive you away from OSS. OSS should stay "hobbyist" for the individual developer.
If a corporation is stealing your OSS code (and violating a license) then that implies that they think your code has value, they might have paid a person to write that code but instead some hobbyist built it for free and a corporation steals it.
A few months ago, I made a pull request to LMAX Disruptor, which was merged. I was initially excited because even if my PR was simple it’s still a big project that I contributed to. But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
My PR there was pretty simple and only took me like 30 minutes (if that), so I am not going to cry too hard over this, but it’s just something that made me realize that if a company is going to use my work, they should pay me. I don’t think it’s wrong or weird to want to be compensated for my labor.
I am still a hobbyist. Turns out you can still be a hobbyist without sharing everything you’ve ever done on GitHub.
> The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce.
Really? If you find a piece of proprietary software does basically the same thing as yours, and the binaries contains the same strings/artwork, then it's reasonable to make a legal case of it. You can even contact FSF and they'll take it further.
If you can directly prove a violation dead to rights (or have enough cause for a discovery request) and you have money for legal defense, sure.
A lot of open source stuff is libraries and utilities though that is pretty entrenched in the code. It is hard to even find out about a violation, let alone prove anything.
Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
> If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
I think you can notice that output looks similar, error messages are similar, etc. If the program is non-trivial its usually pretty obvious if its a copy or a reimplementation.
If it sounds plausible, presumably you could sue and read the source in discovery (ianal, not sure precisely how that works)
There plenty of things that won’t make a noticeable difference in the output, especially in libraries.
Let’s suppose I make a slight more efficient implementation of green threads, for example. I do not see how that would affect the output in a way that would be obvious, even if the library is non-trivial. Even if I slapped it with a GPL, I don’t see how I would realistically be able to check if they broke the license without first auditing the code, which I couldn’t do without a discovery request, which I likely wouldn’t have grounds for even if I could afford the lawyers for a lawsuit.
Sorry, I don't want to be offensive. I'm just curious about how the YC quality check for founders works and what kind of experience and support they offer besides the obvious like money and publicity, particularly for open-source software projects.
To paraphrase Voltaire, I mean, Tallentyre, I mean, Hall, I may not agree with what you publish under the GPL but I defend to the death your right to assert the GPL...
Is this from the same Soham that is doing the "job stacking" scam to many companies? These people make the tech HR a nightmare for all others and a big reason for the back to office drive
No matter the license someone can just take the source code and use it however they like unless you have a concrete plan to stop them. I used to feel like licenses actually meant more but seeing a lot of examples of it made me realise this
There's actual good reason for that. the X Formally Known As Twitter company has a content weighting system that punishes external links, regardless where the link is pointed to. So apparently Mr. Soham did the smartest thing to give that post the best chance to spread.
BTW, the X Formally Known As Twitter company is not the only one who conduced the world to this, all big names do link restriction. Look what we've become, such nice world :)
Yeah, once someone posted a link I could read, I saw that. Bummer, looks like they ripped it off and sounds like they're currently doing the usual backpedal. Sorry your project got the wrong kind of attention in this way, I also (eventually) read into your tone while reading through your repo, and I understand much of it is tongue-in-cheek. It softened my position a bit. Hope you enjoy better luck in your future endeavors.
lol, I'll bet you $10 that the name is exactly why they got themselves into this mess. Had the name been something like "meeting-agent" or some corporate friendly name like that, they probably wouldn't have tried to hide it so much.
This being on page 2 with 247 upvotes in the three hour time period this post has been up is surprising to me. I wouldn't be surprised if @dang is suppressing it (but I'd also be happy to hear that it's not being suppressed).
It's pretty spineless for the Pickle team to come out and pretend they mistakenly re-licensed GPL code. Hilarious.
> in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache
How can you write a sentence like that in good faith?
The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
This principle goes right back to pg days, and was the first thing he taught dang [1].
That said, it doesn't mean we avoid moderation at all and it doesn't mean the guidelines all go out the window.
Different factors influence the story's rank and visibility on the front page: upvotes, flags, the flamewar detector, and settings to turn these penalties on/off. I'm actively watching the thread to keep it on the front page, as per the rule.
That said, the guidelines ask us to avoid fulmination and assume good faith. Whilst it's fair enough to criticize and question a company when they do something like this, we can also be adult enough to look the evidence before us and recognize that this was most likely a dumb mistake that they've moved quickly to correct.
Setting the license text is an explicit act and it seems fairly unlikely for anyone who creates software to think they can relicence GPL code or to think they didn't need to Google it first. Doing something that you meant to do isn't a mistake it's a choice.
It seems more likely that they didn't think anyone would notice.
The evidence clearly shows it was not a 'dumb mistake'
They claim they wrote the whole thing in 4 days. They did not attribute the original author in ANY way.
They clearly showed they intended to steal the authors work and sell it as if they wrote it. YC has just become such a dumpster fire if that kind behaviour is even remotely accepted or called a 'dumb mistake'
They committed the (presumably ripped off) repo yesterday, changed the license from GPL to Apache, and now have changed it back (presumably in response to this thread).
Hi everyone, this is Daniel from the Pickle team. Glass is a new open source project from us that we plan to build on and improve. We built several original features for it like live summaries, real-time STT Transcript and one-click "Ask" from summary that we're very excited about. However in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache. This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly. We are sorry to the original author of the project, Soham (CheatingDaddy), and thank him for pointing this out. We are also sorry to the open source community for messing up here. Thanks everyone for caring about this.
Hiding the entire history of this incident[1] behind a force push[2] to make it seem as if credit was given and proper license was chosen from the start really displays a lack of integrity, and tells me it’s definitely malicious (which should be quite clear from zero mention of the original project to begin with, but this act reinforces that) rather an inadvertent screwup.
I don’t think the rebase is malicious. Would they even be allowed to continue distributing the older commits (where they claim an Apache license) or would that be to perpetuate the license violation?
You might be lucky with the original author not suing you. I'm not sure your backers will be equally kind. I certainly wouldn't, depending on what exactly you told your investors we may be looking at straight up securities fraud here.
Calling it sloppy work is too charitable. It's one thing for others to give you a benefit of the doubt, it's absolutely crazy that you yourself are doing it. It's clear if the other guy did not speak up, you would not have "corrected" the incorrect attribution. Your entire repo uses the work from someone else, and you did not even credit the person who built it until he called you out for the deception.
If you had any semblance of respect for the work of others and what is right you would sincerely apologize and shut the project down instead of rolling with it.
Hard to say that your work isn't derived from a GPL project if you quite openly are reimplementing a GPL project you used at the core of your own project.
> This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly.
There is no fix. Your work is derived and should be/will be licensed as GPL. You do not want to accidentally succeed and then find you have nothing. You are being a smart-ass here.
Cut the grandoise talk. You stole someone's work and now you just shrug it off as "incorrectly attributed as Apache". That's not a mistake, that's a deliberate action plan. The force push others have mentioned is the proof. Atleast be honest in your apology.
I hope YC takes serious action and eliminates you guys from their cohort if you're still in one. This reflects very poorly on them otherwise.
If it was 'just' a licensing slip up sure, but there's still a lot of integrity issues here despite that. The presentation of "we created an open source library to do X in just days" comes across as a lie right?
I feel like ycombinator leads may want to look more deeply into this one. If they are presenting it as something they've achieved that's an integrity issue right?
This is the crux of it all to me. Anyone in the industry knows mistakes happen all the time but the braggadocios nature rubs me the wrong way and spits in the face to those of YC who do indeed have integrity.
> let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
What a poetic formulation? In reality, they deleted history and they put a license that allows the "freedom" to let them monetize the code. I wonder how's the original author more free with this license? How is anyone more free? Sounds like the license was "accidentally" "too free" in a way that only made themselves more free.
> people monetizing something you open-source isn't stealing.
It's, in fact, the precise definition when the open-source project uses the GPLv3 license.
yes, but sublicensing to even permissive ("free-er") license (GPLv3+ to Apache2.0) is a violation of license.
GPL is supposed to viral, if you are using project adopted that, you are taking the risk with it.
If you are just changing the license and took the code, that's wrong and need to get an attention. If anyone could go just yoink and relicense the GPL code to other permissive license was "legal", the https://gpl-violations.org wouldn't exist in the first place (i.e. you can just take the linux kernel code and rename it something like "mynux", redistribute in bsd-3 clause and "don't distribute the derivative part").
It looks like they've squashed everything into a single commit, since there's only a commit on their repo right now that was pushed 28 minutes ago (as of this comment).
That's probably the right thing to do Git-wise, because licences might not be retroactive.
The license they used was less free than the GPL license. Laundering GPL code into projects with licenses that aren't as free is classic copyright infringement.
From what I understand, it would be a breach of contract at minimum (based on what I remember from past discussions of this sort of activity involving different participants).
If someone else has a better idea of what “forking GPL 3 source code and using a different licence” would be, then please let me and others know.
If you don't follow the license, then you don't have a license to use, distribute or modify the code. So then you get into copyright violation territory, up to $150,000 per infringement in the US if it's intentional.
You can read the text of the GPLv3 license itself; it has a specific provision for this case.
> "Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."
Realistically this will probably just have a reputational cost for Daniel Park/Pickle. Whether he intended to or not, some amount of people will associate “pretends to make things that he did not make” with him because of this entirely unforced error.
https://xcancel.com/soham_btw/status/1940952786491027886
The clone now has more stars on GitHub than the original work, CheatingDaddy. What's funny is that in a week, most likely nobody will remember that the code was stolen, thus Pickle will probably be fine with their new, shiny, popular project, which will be featured in GitHub Trends.
It's the same with another Soham, who was moonlighting for years. I would not be surprised if he starts a company soon, given the fame he has gained.
Marketing wins.
I've seen this kind of thing happen even with very small projects, where there's no marketing department or business goal attached. I've seen attempts to erase the history of forks, projects repurposed from others in order to retain GitHub stars unrelated to the repo's new purpose... not for a supply chain attack or something like that, but out of sheer vanity. Sometimes I see people talk about those projects on HN, and if you weren't there when it happened and very interested in some very niche software at the time, you'd never know.
It's a wild world.
It's all about marketing sadly. Marketing and connections. This industry has been full of theft for years.
Some 15 years ago, I made a small configuration language:
https://github.com/Respect/Config/blob/master/docs/README.md
Then, two years later, toml (by a GitHub founder) appeared. It is almost an exact clone of it.
https://github.com/toml-lang/toml
--
You could say that is just a coincidence, and it's an obvious idea that anyone could have had.
But then again, also around that time, a sibling component for the configuration language was featured on "The Changelog" (then, a very popular website featuring interesting projects).
https://changelog.com/posts/validation-the-most-awesome-vali...
It stayed on trending PHP repositories for months.
--
So, either toml was stolen or I independently invented it years prior.
Don't do easy to implement DSLs kids, there's no way of licensing them.
5 replies →
If it weren't Alan Kay would be a household name and Jobs would've crashed out, Microsoft would've been a never been and amazing Xerox would be the tech juggernaut instead of copier washout.
Truly a strange world.
[dead]
Some shady stuff. They seem to have "re-created" the main branch, and force pushed an "Initial Commit" with GPLv3.... https://github.com/pickle-com/glass/commits/main/
Maybe they don't know that the history is still there? https://github.com/pickle-com/glass/activity?ref=main
https://web.archive.org/web/20250704222510/https://github.co...
One starts to wonder whether the LLM vendors laissez-faire approach to the legality of ingesting copyrighted / licensed material will start to infect the industry in general?
I think it will push opensource/ free software hackers to close source their code because it is being used to feed LLMs. Similar to how allot of hardcore free software proponents don't use Github. Is closed source the future?
> Is closed source the future?
No. I don't believe that. I personally want my code to outlast me and help people in the future, but I don't want allow anyone to just scrape it, strip its license and use for whatever. I use (A)GPLv3+, because I believe in "Freedom for the user", not "Freedom for the developer" which permissive licenses provide.
My code is not free labor for anyone. It has conditions attached.
8 replies →
From an open source software perspective, I don't understand the feelings around LLM ingestion.
The models isn't generally recreating your software, but might be spreading your way of thinking in pieces.
I get it from the artists and to a lesser degree, writers. I just don't understand it from software projects.
I guess if you think of it as something to replace you, but since you are already a creator, it is also a way to unlock much greater capacity for turning your ideas into solutions.
5 replies →
I, for one, deserted GitHub, and do not use for anything else personal anymore. I'm not against permissive licensing, but all my code will be (A)GPLv3 or later.
A particular project I'm working on will be on a private Git server until I complete and open it as a package. Even after that, I might keep the development closed and release tarballs only (aka Catherdral Model).
All code I write is also AI-Free.
It won't be possible to trust in people for a long time, it seems.
Ya, I custom coded our startups entire bespoke sensor array and smart systems. No AI. It was build before LLMs gains the traction that we see now. I tested several models to see if they could build the same. They can't yet.
My code will never be publicly available. That's a key trade secret of our business. When investors and others tell us that someone else could build it, I let them know that they could build their own, similar version, but it wouldn't be what we have.
We've verified that by having friends and family, some of the best coders that we know - Stanford, MIT, and other CS alum, as well as top FAANG programmers - try to reproduce it. It's always something done in their own style that doesn't do the job as it needs to be done (they work ok, but they all miss some key crucial parts of why our system succeeds at what it does).
GitHub is good for those looking for a job or to share their projects openly. I wouldn't even trust a private repo. Everything is either on systems and servers that we have control over or in my head. As we grow and scale, we have a roadmap for how to keep control over those trade secrets until it's time to pass off the company (if we do). At that point, I'm confident that whoever takes over will realize that this will be like the Coca Cola recipe, or any other trade secret which could be reproduced but not necessarily in the same way. (Knowing the history of that recipe and what others have created that tastes identical, it's more apocryphal and maybe not a perfect example, but you get the idea).
Anything controlled by another company is something out of your hands. Pick and choose wisely where you keep your stuff.
if you ever used github for anything other than agpl3 you're doing it wrong
1 reply →
Stealing ideas has been the name of the game for a long, long time. It doesn't have to be like that. We just spent $50k defending one of ours, which yields no ROI unless we pull through and make it a reality. If someone has - money, sales and marketing skills, or other business competency, of course they'd rather steal than invent their own thing or invite the dev on board.
Again, this doesn't have to be this way. Either Y-Combinator needs to boot the thiefs and invite the original dev, the thiefs need to invite them in with a fair equity share, or else we continue to perpetuate this culture. And, I agree with others, creatives have already become more and more afraid of sharing their work and having it stolen. Ours was covered with a bullet proof contract that the other party presented us with. We also have a patent pending. Neither of those stop someone from stealing from you and it's your job to protect your IP (and money). It almost bankrupt us... but because it was their contract, our lawyer constantly was scratching his head since it was a slam dunk case.
Steve Jobs and Apple stole the UI from Xerox, Tesla wasn't Elon Musk's, and you can go down the list. Look up the history of Arduino and wiring. I have no problem buying Arduino knockoffs because of it. (The two profs that didn't give their grad student attribution have a history of stuff like this as well as infighting)
But it doesn't have to be like that, it's our choice to continue perpetuating it and it will lead to emergent properties that people won't like. The question is: how long can the party last for investors, incubators, and thief startup founders in our highly connected age?
Instead of waiting to find out, I hope that Y-Combinator and associated investors pioneer a better culture of rejecting these people when they find out and promoting the actual creators. Michael Seibel talked about the best creators not being the best networkers back at startup grind 2019, and that the old model of investing is broken. 6 years people. (I've been building a network of us who are expert at going out and finding the best creators, but it would be nice to have the resources and platforms of larger institutions).
Why don't we promote the actual creators OR pair those good at identifying the opportunities and pitching and marketing them. That would be WAY better, and everyone wins while making a better, long term sustainable culture and model.
I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Do you owe everyone you have ever read a royalty for influencing your writing style or voice? How about for all the other things you have leaned and become competent in?
There is a bigger issue here that is related to what humanity actually is and how we have been abused for many decades and several generations now, to the point that the abused generations have become the abusers of future generations simply because they are mentally trapped, addicted even.
A good uncontroversial example of this may be the excessive and deficit spending of governments, all based on what otherwise would be considered loan fraud, which is called national debt. It is used to keep perpetuating this system we call an economy because it has been so “successful” over ~100 years of “line go up”, solely because everyone wants the gravy train of reckless good times to continue forever.
Unfortunately for some generation of the future (maybe even our own), it simply cannot go on forever, so it won’t, because it is by definition unsustainable. But the goods times and “success” everyone sees everyone else having, keeps people from stopping the insane and utterly suicidal process of not only consistent, but accelerating addiction to every greater deficit and debt loan frauds called the national debt. It isn’t “Trumps fault” it “Biden’s fault”, or any other totem that can excuse or own actions. These are forces we don’t even understand any more than we are blindly changing at breakneck speeds. And if anyone tells you they understand these forces they are simply lying, when we cannot even understand the most basic concept of the fact that there is no alternative to this planet… as we destroy its ecosystem that produced us at ever accelerating speeds, in millions of different ways.
It’s quite similar if not the same as any other process we call addiction; we know it will cause ruin, yet we cannot extract ourselves from the endorphins, so we just keep lying to ourselves.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
That's because you have either not read enough or have been dismissing the very sound case: Scale.
In law, scale matters. It might be legal to possess a single joint while at the same time being illegal to possess a warehouse of 400 tons of weed.
Now, at least, you cannot say anymore that you have not heard a convincing case for why ingesting every single piece of work by an artist with the intention of out-producing them is a bad idea.
You have heard at least one, supported by precedent in law in multiple jurisdictions.
> I have yet to hear a convincing case for why what the LLM vendors did/do is different than what humans do to learn and become proficient in producing their own work.
Humans don't read other codebases en masse. Hell, I haven't read the entirety of our own codebase. I learned by doing, from books (that I paid for or legally borrowed), and yes, by looking at a small amount of other people's code (permitted by the respective licenses).
Humans are not remix machines, AIs (currently) are.
2 replies →
The only difference is that the people getting upset about this stuff is money. They hate the idea that someone is making money off their work. Even if the sum of their work amounts to a penny. They're just angry.
In 50 years they'll be useless anyway when computers are just plotting every iteration and combination of 1's and 0's that might be.
I too see no difference in machines learning from the works of others than man standing on the shoulders of those before them to reach higher plateaus.
It's all a big to-do about nothing.
1 reply →
Your base assumption that humans looking at restricted code bases and then working on competing products is OK is flawed. That has always been something you'd have to be very very careful about to avoid law suits for anything you inadvertently copied. Clean-room design is a thing for this very reason.
"Fair enough. Since this was our first OSS project, we didn’t realize at first. We’ve now revised it. Thanks for your contribution."
We didn't notice that we copied your codebase, changed the name then pretended to have built it in four days?
Good grief.
This isn't just a license compliance issue! Even if it were compliant with the license, like if the license has been a permissive license with no attribution requirement, this is still sleazy and plagiaristic behavior. Sometimes (often!) what is right exceeds the legal bare minimum.
It does seem really shady to not even offer a sincere apology.
> It does seem really shady to not even offer a sincere apology.
At least they attempted: https://news.ycombinator.com/item?id=44461271
"we are sorry we got caught"
I would be running for the hills if I were YC. This is the kind of attitude that ends up in lawsuits.
27 replies →
"In our next OSS project we will steal more carefully"
This is the type of shit YC invest in? It has been like this for a long while. So fucking shady.
I blame Zuk. His slogan was "Move fast and break laws", later changed to "things" by his lawyers.
1 reply →
Sorry for your story. In those days open source is REALLY HARD. Put your github link here and we will support your project by starring you and spreading your project. You definitely need to fight back.
Not the developer, but here is his repo:
https://github.com/sohzm/cheating-daddy
As an interviewer, I'm seeing a huge increase in proportion of candidates cheating surreptitiously during video interviews. And it's becoming difficult to suspect any wrong-doing unless you're very watchful by looking for academic responses to questions.
Why would anyone encourage building such a tool, I can't fathom.
41 replies →
[dead]
Even if this was Apache in the first place, you're not supposed to remove Copyright lines in source code.
That's not the kind of thing you can reasonably say "Gee, I didn't know!" about, either.
This is the second time in less than a year something similar has happened.
Previously, a different YC company (Pear AI) copied Continue, changed the licenses, and "launched".
https://news.ycombinator.com/item?id=41707495
I wonder if Pear AI is dead or pivoted, their open source repos have not been updated since May.
> I wonder if Pear AI is dead or pivoted, their open source repos have not been updated since May.
They went pear-shaped.
Probably just went closed source.
Maybe a kind of hall of shame is needed, where these companies are listed, and perhaps a link to a history of how the issue was dealt with.
another one: https://news.ycombinator.com/item?id=43859977 https://news.ycombinator.com/item?id=43846663
HN seems to be fine with that (!).
From my experience in 10+ tech companies, the biggest difference between bootstrapped and VC financed is, with money you can do illegal things and pay the lawyer.
Is there a way to file lawsuits for such cases? These incidents lead to death of open-source and crush hearts of open-source developers.
Seems like this would be a pretty open and shut case of copyright infringement.
Pursuing something like this would perhaps cost more than 200k in the US. And then the startup would likely just fold and you get nothing in return.
3 replies →
Absolutely. The lawsuit probably wouldn't get very far when it comes to damages, however...
I believe that BusyBox sued over violations like 17 years ago. I am not aware of any other instances.
Wikipedia has a list https://en.wikipedia.org/wiki/Open_source_license_litigation
Software Freedom Conservancy is currently suing Vizio. The interesting thing about this lawsuit is that it aims to make it possible for any recipient of GPL code sue for compliance, instead of requiring the copyright holder to sue.
https://sfconservancy.org/copyleft-compliance/vizio.html
It's always possible to try, especially as it seems there was a technical violation here, but whether it's worth it or likely to gain enough legal traction to yield results is another story, especially in instances of "your AI generated boiler plate looks like my AI generated boilerplate, and therefore is theft"
We are in a crisis of morals.
There has always been trashy people but since 2020 it feels like a lack of morals is rewarded more than ever.
A natural consequence of a system that promotes radical individuality, false scarcity, fear of missing out, greed, and violence. Win at all costs.
'Move fast and break things', there is not much left unbroken.
Amen. Well said.
Surely this graph also trended way up in late 2016.
I'm seeing it too. I think it's not about rewards, but punishments. A lot of people have (or perceive that they have) a lot less to lose in this economy.
Well, there are no consequences are there? Or at least no precident of consequences of such behaviour. My hope is that folks like this always lose out in the long run but I'm not so sure anymore...
The highest jobs require these days a proven track-record of corruption. You can‘t blame young startups wanting to take the first step on that ladder. At the end of the day we are living in a merdeitocracy.
> merdeitocracy
Not sure if typo or intentional (likely?), but that's an amazing new word.
What a joke. Nearly as many upvotes as tmux-rs in half the time, ~50% more comments, and this is just shy of the front page / twice as far from #1.
Doesn’t seem to match the natural algorithm.
My observation is that HN intentionally downranks highly commented threads. I used to think of it as unfair, but now it truly makes sense, considering:
- Posts with high comment-to-vote ratio often have political, scandalous or other kinds of heated themes
- Highly popular/engaging posts already act as self-amplifying snowballs
- High-volume discussion triggered by emotions is hard to navigate, is repetitive, and attracts the dumbest trolls even in HN
- The truly important topics tend to become visible anyway
This was informative. Thanks for the analysis.
If anything, the statistics actually suggest these articles were weighted the other way around. tmux-rs stayed on the frontpage much longer than it logically should have, especially compared to this thread.
https://hnrankings.info/44455787/
https://hnrankings.info/44460552/
...in any case, what's the "joke" about this? GPL violation is very serious, Tesla was forced to publish a substantial amount of proprietary code after a similar infraction.
Got a link about the Tesla thing?
That was my point / what the joke is: it appears to be down ranked (or it’s a comment thing as your sibling points out), it’s serious, and it’s a YC company.
Not directly related but still.
A couple weeks ago I:
1. forked repository of the Albumentations library (15k stars, 5 Million monthly downloads, MIT license) and called it AlbumentationsX
2. changed the license of the fork to the Dual (restrictive AGPL to be used for free and permissive commercial if you buy license) => it is unlikely that it is legal to use it in your project as noone wants AGPL project in the list of dependencies
3. Arhived albumentations repo ---
People use albumentationsx (I can see pypi download stats + telemetry), but zero licenses were bought.
----
Coming back to the original post - what surprises me that they forked, but did not try to rewrite with LLMs. LLMs may not be that good writing complex functionality, but in rewriting something they are quite good.
In this sense, all open-source licensing is not as useful anymore as rewriting the code so that there is no way to proof the plagiarism is the new reality.
---
Looks like the future is: - closed source code - open source developed by companies that want to use it for lead generation
And it has the same fake excuse as usual "Since this was our first OSS project, we didn’t realize at first."
He sure discovered this new open source thing and it's very confusing. It's not like it's almost 40 years old at that point. I'll never understand people who lie like toddlers.
Because this is how the current corporate world works. It's all about appearances, someone can do whatever bad thing, will go on and say "upsie, I didn't realise that X is bad, it was an honest mistake" and then all is good, the person actually reporting it or signalling it out will be the bad one, for being critical, aggressive, not constructive or open minded.
It's funny these "founders" only use this hollow excuse with open source licensing, you never see "since this was my first company, we didn't realize taxes exist"
> you never see "since this was my first company, we didn't realize taxes exist"
Taxes are a nitpicky example, but indeed in Germany where everything is full of regulations and red tape that only some bureaucrats understand, there indeed exist founders who argue this way for these convoluted laws:
For example have a look at the popular videos of the following channel (in German): https://www.youtube.com/@Nordwolle/videos
1 reply →
I missed revenue reporting[0] for my one-man studio once. This was exactly what I told the authority.
I got fined anyway.
[0]: Not in the US.
This happens literally all the time.
It's usually never a blatant "I didn't realise taxes exist" but more like "I didn't know I couldn't add haircuts to my company's tax deducts".
I do not know what is wrong with software engineers. This is theft (or whatever the lawyers says in the IP law) and now stating: Ooops we did not know, our bad, we keep it till we have found a replacement. Mistakes happen also in real life, but libraries is a common thing, like cars standing on a street. You do not accidently steal a car.
Software Engineering is more than coding. Basic license management incl. library vetting is part of it. If you decide to ignore that, you do not run a business enterprise, you run a criminal enterprise.
[flagged]
27 replies →
> Basic license management incl. library vetting is part of it.
This depends on whether you consider Compliance to be part of software engineering or a separate discipline. At least in most companies the compliance department is different from the software development/IT department, because the necessary skills are very different and barely transfer.
5 replies →
This incompetence excuse puts YC in a bad spotlight too, because it makes them look like they are funding people with exact zero software development experience.
Isn't YC supposed to offer guidance and sage advice, not just be a cash machine for naive young developers?
4 replies →
Aren't VCs based on the principle of throwing money in as many directions as possible and hoping something turns out to be a unicorn?
1 reply →
TBH, I know plenty of people with software development experience, who I think are genuinely pretty good at converting ideas to code, but who wouldn't have any idea what Apache or GPL mean.
1 reply →
> because it makes them look like they are funding people with exact zero software development experience.
Being a great software developer does not make you a lawyer (not even a bad lawyer).
5 replies →
This situation truly enrages me and is likely the reason (IMO) why talented programmers (today, in 2025 versus, 2008-2013 where small founder startups thrived at places like 500 + YC).
Quite ironic how YC touts technical founders > "non-tech" ones -- when acts such as this strip ones chances of wanting to become one, or even continue showcasing their talent publicly on platforms like GH.
An app which is build for cheating complains about cheating ...
Would you have the same sentiment for VPN (software built for cheating region locks) or ad blockers (software built for cheating content providers)?
Cheating != Stealing
It wouldn't matter if they wrote a program to automate stealing other people's content. If you strip a GPL license off a program you redistribute, you're breaking the law.
The founders who built Glass don't complain about cheating. Rather, the developer of https://github.com/sohzm/cheating-daddy complained of copyright infringement of his code by the developers of Glass.
Worse than copyright infringement, they pretended the code was theirs
While copyright infringement is clealy legally wrong and developing general software is not, I do agree with GP that one should, morally, perhaps not complain about "cheating" the legal system when the infringed application itself is meant for cheating.
Legal correctness does not necessarily imply moral correctness.
They complained of license violation, not copyright infringement. There’s a big difference. The original license already granted the rights for anyone to copy the code, so the question of copyright infringement isn’t really on the table.
2 replies →
Over the last decade or two, the builder/hacker ethos has seemed to shift towards this grifter, money-over-everything attitude. I’m sure there’s a lot at play (crypto culture, VC self-selection, the attraction of ‘easy’ high salaries), but I’m sure it’ll get markedly worse with ai tooling and the any-publicity-is-good fomo marketing that’s taken over the startup scene.
My take is both OP’s tool and the blatant plagiarism of it are examples.
Yeah, most VC founders on twitter are annoying and not worth following anymore. It used to be inspiring to follow some of them many years ago, see them build a cool product and sharing learnings. Now it's all just promotion, straight up lies, and their personal brand comes across as more important than actually building something. The "learnings" shared are now more tailored to go viral than actually help others etc.
Because I loath Nouning Verbs and Verbing Nouns, I'd really like "learnings" to always have an implied or explicit set of quotes and mean vaguely defined and not necessarily ethical stuff.
There's a perfectly good noun, "lessons" and a verb, "to learn" that, when combined, provide everything "learnings" does, without the pretension of using a verbed noun. It's like "diarize" and other even worse monstrosities.
Sorry to this poster, no personal attack intended, you just pushed one of my pedant buttons.
2 replies →
Software ate the world, now it’s defecating on it
where are we headed...
We actually have a real enterprise application we developed ourselves. We are ramen profitable. Getting a boost from YC would be amazing to take us to the next level.
How does this trash get supported by YC so easily and real stuff doesn’t get a chance?
That’s not the only corrupt stuff that yc does. There’s dreamworld.
https://www.pcgamer.com/dreamworld-infinite-world-mmo-kickst...
I’m sure there’s much more we don’t know about. They just didn’t get caught. Yc used to have this reputation of being one of the good guys but I guess nothing is really immune to corruption.
Isn't this the company/founders whose whole sales pitch is about cheating/deceiving others? I guess I am not that surprised then.
Is there a way to validate this?
The company is called "cluely". Go to their twitter page and see the posts and promo videos to get an idea of how they market their product https://x.com/cluely
Startup founders just hack the value gradient. Putting a screen door lock on a resource is just inviting resource extraction.
To a casual outside observer the quality of the companies YC invests in seems to have absolutely cratered. Have they just given up on vetting and switched to a throw money at everything approach?
My feeling is that they are investing in founders who they find impressive who are working in AI. Not so much in the uniqueness of their ideas.
Isn't that a very outspoken objective of YC, to fund people, not ideas? Long time ago I caught up to what YC is doing, but even when I first joined HN back in like 2013 I think the whole "Fund people, not ideas" shtick was already explicitly what they were doing, unless I remember wrong.
10 replies →
YC invests in founders that have more odds to make it through a series A. Everything else is secondary.
This sort of thing reflects poorly precisely on the people doing it, not on "ideas".
They expect you to come up with an idea or a business and explain it to them and show your progress. Of course one may say that those things reflect you as a person but so does stealing and relicensing code.
Yeah, this is the vibe I have been getting for some time - investing in the person and not the idea.
Right now YC really only has one bet, an all-in on AI.
Any company that props up their AI bet is the most valuable to them now, even if it provides no real value for users...
> Have they just given up on vetting and switched to a throw money at everything approach?
this is exactly their business model. almost word for word.
I'd say they have historically aspired to active informed selection and then accepting that out of that portfolio many will fail cause that's how VC goes. That's not quite the same as buy everything.
Dreamworld (YC W21) is relevant here:
https://www.ycombinator.com/companies/dreamworld
To be sure, there's nothing wrong with the idea that modern computers and distributed computing techniques can handle streaming updates for a significantly higher scale of concurrent same-world users than prior-generation MMOs. But clearly something unexpected happened here, and while I completely understand the lack of a public post-mortem, I hope that YC has examined why its mentorship model and community were unable to set up this team for, if not success, at least having greater integrity in its relations with its userbase.
Nothing has changed, as far as I'm aware.
Guy who builds software to lie and cheat on everything gets his software stolen by a lying and cheating company?
https://tenor.com/en-GB/view/oh-no-anyway-gif-19022587
The thing that disgusts me the most is this:
> Distribution isn’t the moat; velocity is.
Such an arrogant take. When you steal someone else's work it's nothing to brag about.
Couldn't have happened to a nicer project.
Those are some awfully tall words from a guy who wants to sell lawyers a whitelabel Monaco editor.
Sorry a what?
Doesn't this happen all the time with Ultralytics yolo code? They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
Please correct me if I'm wrong, but is the license also viral if there's a network connection involved? i.e. I run the code in a container with a little network interface added ?
And yet Microsoft have release code with different licenses that make's use of Ultralytics code.
I potentially would be interested in using these wildlife detection models in a commercial (Not open source) context but simply don't trust the claim that it would be okay to do so, sounds like a big business risk to me.
What is the opinion of the community of the MIT licenses associated with PyTorch wildlife from Microsoft okay to use in a closed source commercial context? Microsoft have put an MIT license on this, but their code does imports of ultralytics libraries, which I thought were AGPL.
Note: The GPL 3 license from the official yolov9 differs in this, it must be possible to run the same code on the platform, but your usage may be closed source.
> They use an AGPL license, which to my understand means that anything that links with this code also becomes AGPL.
It doesn't work like that.
The code linking with AGPL code needs to be AGPL (or compatible license) to comply with the license.
That doesn't mean that if you link some code with AGPL code it automatically becomes AGPL. It just means it doesn't comply with the license and therefore does not have the right to use the AGPL code.
The remedy to a license violation is not necessarily complying with it. In fact, I've never seen a case where a company using (A)GPL code in such a way was ordered to release their own code with that license. Generally, they have to simply remove the (A)GPL code, pay some damages and that's it. If they want to keep using the AGPL code, then they of course would have to comply with it, but that's their decision at that point.
I really like the work that Microsoft did with Pytorch Wildlife but not brave enough to trust the MIT license they put on their code that uses Ultralytics code and all attempts to check if it was okay for them to change the licenses seem to indicate that they may not do this.
Love to know for sure. Maybe someone from Ultralytics can point out their view on this?
> their code that uses Ultralytics code [...] if it was okay for them to change the licenses
Did they copy Ultralytics code and change the licence from AGPL to MIT? Or does their code rely on AGPL code without copying it?
The first is not allowed but the second is, because the combined work can still be used under the terms of the AGPL.
What specific kind of "linking" is happening here?
If your code is 0% derived from GPL/AGPL code in a copyright sense then there is no virality and you can generally use them together without license worries if you're careful about how you link.
not the best project but yeah still something
"Since this was our first tax reporting, we didn’t realize at first that we're supposed to declare our income. We’ve now revised it."
You are joking but that's exactly how it works as long as you are a company (and the bigger/more connected it is the better).
Don't pay your debts as a person: you quickly get hit with fees, chased by collections, etc.
Don't pay your debts as a company: sorry, it was merely a clerical error by our accounting department. Nothing to see here.
Lie and profit from it as an individual: that's called fraud and could land you in jail.
Lie and profit from it as a company: sorry, our website/documentation was out of date, our CS clerk was wrong and has since received additional training. Nothing to see here.
There’s a reason they ask the question about describing a time you “hacked a system to your advantage” in the YC application. They have always selected for founders who are willing to take advantage of legal and ethical gray areas. Reddit created fake users and farmed content from Digg, Airbnb scraped listings from Craigslist.
There is no "grey area" here, and this isn't "hacking".
There's an argument to be made that, even if it's an open and shut violation, if enforcement is nontrivial and a vanishingly low risk, it still pattern matches as "grey area" in terms of risk.
Not at all in favor of the person stealing someone else's code and slapping a new name on it in violation of the license, just that I think I see why people might list that as matching the same intent as a question like that.
This isn't "hacking the system", though - this is an open-and-shut violation of a license with a strong legal pedigree.
Which could be only resolved by lawsuit that cost money. Startup can just fold and the original creator still needs to pay lawyers.
So with this in mind, that startup is kind of hacking the system.
I've had similar happen to me by company out of Paris, France lol. They yoinked the backend out of my OSINTBuddy project which is AGPL licensed then tried to get me to work with them where they were going to sell access without also providing the source code
As OC i would do that giant rewrite and add vulnerabilities - either they do a funny portation rodeo and get zero dayed all day every day, or they are at least cut off from free work.
The author could bring the company to court for license infringement, it's an easy case, they (the original author) could easily bring home some of those sweet sweet YC vc money.
They spend a hundred grand on getting a lawyer, the company instantly declares insolvency, and then Glasss (With 3 s's - Completely unrelated to the previous one) does the exact same thing.
I don't know what's worse - the fact that the original project encourages cheating or that someone managed to wrangle funding to cheat the cheaters.
YC should put integrity and ethics of founders as a key variable for funding.
Unfortunately, that would probably get in the way of making money.
I follow a bunch of YC founders on X. Lots of behavior that could be construed as 'growth hacking - or 'deceptive' depending on your bent: promoting open source libraries that don't work, rewriting tweets from smaller accounts, coordinated replies from mutuals and so on.
I guess that's the game, but they do seem a lot more cavalier about it of late. Increasingly resembles the crypto 'community' (derogatory).
I am sure they do.
I am not sure that they weigh it in the direction you are thinking of, though.
That would mean YC needs to reinvent itself first. That's not happening.
There's no integrity and ethics in AI, and the money's at AI.
> integrity and ethics
How do you evaluate that?
The easiest way to check for integrity and ethics is if the startups YC finances routinely run afoul of YC's ethics code or the law.
If YC has no ethics code, that's your answer right there. If they do but it fails to mention basic things like lying, cheating, deceiving especially when done intentionally, bingo again. If breaking the law isn't an automatic termination of the collaboration, it takes you to the same conclusion. If YC explicitly supports the startups when knowing about these problems, or implicitly by skirting due diligence and turning a blind eye, or accepts startups having no commitment to an ethics code, then ethics or integrity are not core values, or even are completely absent.
There are more nuanced topics and methods but if it doesn't pass the smell test with the basic ones, it won't pass it with any.
5 replies →
This was of course a calculated move. The founders of Glass are not that stupid. They knew the original author would complain in the loudest way possible and cause a viral outrage, which would give them a ton of eyeballs and exposure.
Engagement hacks, outrage, eyeballs, distribution, attention at all cost. Welcome to tech in 2025.
The classic playbook: copy an open-source project (or just vibe-code something similar), slap an open-source label on it, and toss in an unproven design system / framework (like Liquid Glass) to give it a shiny veneer.
Less about building something meaningful - more about manufacturing hype in hopes of catching a trend before it crashes!
Is it me, or "founders" are actually FREAKING dumb?
Why people continue to give them money, and praise their "work"?
Instead of making (indirect) ads for them we should publish their name and the company's name into shame publicly, and let their reputation die slowly...
I have no respect for them, and you should not too (if you care about justice).
Most of the time ROI is still bigger. You would think that some ”evil”companies would be dead but stock price just keeps increasing. Imagine what Facebook would be if they had good morals?
Unfortunately you're right... Microsoft's stocks hit big again despite its evil background.
It is depressing to be a software developer now. Especially if you have a good heart.
I really hope the founder to have his career f**ed now, and other "founders (of nothing)" as well.
Here you are OP, a little closer to idiocracy by your own actions and by HN zealots here, and all you SV tech bro wannabes who participate in this day by day ever more fake economy.
Propel and fund into the world the product with sole purpose to pretend, to cheat, to fraud everyone, then to make "open source" version on this, and then to complain that someone stole it from you, to fund and sell even more sophisticated product with sole purpose to pretend, to cheat, to fraud everyone.
This maliciously deliberate hustling behavior, fake it till you make it, feel good, superiority complex, reality distorted, this version of society, a bubble, a community, open source, call it, or wrap it too sell whatever you want it, this all post-post-modern obscenery will be ruin of you all.
Title should be updated to make it clear this is an interview cheating project. It’s quite ironic
A license violation is still a license violation even if the software in question is ethically dubious.
> It’s quite ironic
Or rather consequential? ;-)
Surely you can’t be too surprised. The market is pushing for move-fast high polish, speed over substance. You can just do things, move fast and break things, etc. Velocity is the moat, indeed.
This is the market YC is breeding. When these guys float to the surface, what did you think would happen?
YC, you’re one of the greatest generators of value ever. Do better.
If there's not some backstory that explains this, it's actually disgusting.
the backstory that explains it is the same silly con valley bullshit as always: low quality people doing low quality work and hyping the ever loving fuck out of it for some dumb vc bucks.
[flagged]
In a general sense, open source theft is bad, obviously. I have trouble feeling bad for this specific case though, given that it is a tool for cheating in interviews and tests.
A GPL violation is a GPL violation.
I made an OSS tool to help you cheat on your taxes, screw your business partner, or ensure your ex wife cannot see the children. Someone stole the source and is backed by a major VC firm. Is the thought different at all or exactly the same? Just raising the question.
5 replies →
Two separate issues.
I'd be happy for a platform that encourages and facilities cheating to disappear and not be used anymore. So, on that front, I'd agree. As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
> The license violation is a problem independent of this. If this becomes acceptable for any reason (including the one that your post seemed to suggest - original work is unethical), it will have detrimental effects on a lot of good players as well.
This is a fair point. Just to clarify, I still think open source theft/license violation is bad and should not be happening, even to a scummier project like this.
> As a side point though, the fact that someone big is funding something like that means, it's not really an issue for, atleast some, people.
Unfortunately some people have no issue with ethical concerns around what they fund as long as it stands any chance of making them money.
1 reply →
A new product with four wheels that is used to transport people from A to B is a amazing new development! Some new 4 wheeled death machine to drive through crowds of people is an detriment to society.
The original product actually sounds kinda cool, but selling it as a cheating aid is incredibly low-value, and we'd be better off without it.
Things like this are why I have become disillusioned with Open Source, and why latest projects have been closed source. The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce. If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
Well, if you're writing open source because you want to write open source, then none of this matters. If you are worried about corporations stealing your work, that should drive you away from OSS. OSS should stay "hobbyist" for the individual developer.
Sure but it sort of devalues labor.
If a corporation is stealing your OSS code (and violating a license) then that implies that they think your code has value, they might have paid a person to write that code but instead some hobbyist built it for free and a corporation steals it.
A few months ago, I made a pull request to LMAX Disruptor, which was merged. I was initially excited because even if my PR was simple it’s still a big project that I contributed to. But after a few minutes it occurred to me that I just did free labor for a for-profit trading company. If they merged in my code then must have thought it had some value, and I decided to dedicate my time to saving this multi million dollar company some money.
My PR there was pretty simple and only took me like 30 minutes (if that), so I am not going to cry too hard over this, but it’s just something that made me realize that if a company is going to use my work, they should pay me. I don’t think it’s wrong or weird to want to be compensated for my labor.
I am still a hobbyist. Turns out you can still be a hobbyist without sharing everything you’ve ever done on GitHub.
23 replies →
There’s a million reasons to want to write open source. A lack of attribution in particular is a killer for motivation.
7 replies →
> The GPL is a good enough idea but it is basically impossible for anyone to realistically enforce.
Really? If you find a piece of proprietary software does basically the same thing as yours, and the binaries contains the same strings/artwork, then it's reasonable to make a legal case of it. You can even contact FSF and they'll take it further.
If you can directly prove a violation dead to rights (or have enough cause for a discovery request) and you have money for legal defense, sure.
A lot of open source stuff is libraries and utilities though that is pretty entrenched in the code. It is hard to even find out about a violation, let alone prove anything.
Imagine I came up with a new algorithm to do Fourier Transforms 10% faster than FFTW (or whatever the current market leader is) and make a library and I release it as GPL. A company could fairly easily just import it to whatever project they’re doing, and it would be extremely difficult for me to prove anything, especially if I don’t have any obvious things like strings in there.
That’s not even taking into account that it would be relatively easy for a corporation to just pay a junior engineer to do a direct “port” of the library to another language and pretending it’s their own independent work.
6 replies →
> If a corporation is selling an optimized binary, then it can be almost impossible to prove that there was any violation of the GPL without viewing the source.
I think you can notice that output looks similar, error messages are similar, etc. If the program is non-trivial its usually pretty obvious if its a copy or a reimplementation.
If it sounds plausible, presumably you could sue and read the source in discovery (ianal, not sure precisely how that works)
Being obvious to a developer poking at a product is quite disparate from successfully bringing a lawsuit involving source discovery.
There plenty of things that won’t make a noticeable difference in the output, especially in libraries.
Let’s suppose I make a slight more efficient implementation of green threads, for example. I do not see how that would affect the output in a way that would be obvious, even if the library is non-trivial. Even if I slapped it with a GPL, I don’t see how I would realistically be able to check if they broke the license without first auditing the code, which I couldn’t do without a discovery request, which I likely wouldn’t have grounds for even if I could afford the lawyers for a lawsuit.
In general, I try to add a fingerprint into the output.
For example, in a project which generates images I usually set a specific set of pixels.
Sure, but if they have access to your code then a company could pay a junior engineer to look for any kinds of explicit fingerprints and remove it.
1 reply →
Good Artists Copy; Great Artists Steal <-- Steve Jobs
I know need to check on my Open source projects :)
Stolen from Pablo Picasso.
I did that on purpose. Since Jobs was from Valley
“You miss 100% of the shots you don't take.”
People begging YC to "do the right thing" don't understand that this is the exact behavior that VCs love and reward.
yes, they prefer iconoclasts
Does YC audit and evaluate the source code of the projects they fund?
Sorry, I don't want to be offensive. I'm just curious about how the YC quality check for founders works and what kind of experience and support they offer besides the obvious like money and publicity, particularly for open-source software projects.
These two guys seem like they should get together.
Not really on topic, but since service of startup is free and it has investment - what is monetization model here?
VCs invest in marketing resources and skills, not in code. Take Cluely, for example.
Hmm... a tool for cheating is stolen and relicensed by another company that specializes in cheating tools. Sort of on brand actually.
I'm having trouble mustering sympathy.
To paraphrase Voltaire, I mean, Tallentyre, I mean, Hall, I may not agree with what you publish under the GPL but I defend to the death your right to assert the GPL...
1 reply →
If our rights are contingent on taste then we have no rights at all.
6 replies →
Real life Jian Yang?
except this is a vc-funded american company stealing from an indian solo dev
I really hope y-combinator does the right thing and kicks them out.
They didn't even kick the scammers of PearAI
Doing the right thing only matters when the market rewards it. That hasn't been the case for decades now (if ever).
What’s the context? Elon’s Twitter is really a pain, without using an account you only see the linked tweet, without the replies or anything else.
https://xcancel.com/soham_btw/status/1940952786491027886
Thanks, that’s great
[dead]
Is this from the same Soham that is doing the "job stacking" scam to many companies? These people make the tech HR a nightmare for all others and a big reason for the back to office drive
https://www.theverge.com/news/697846/soham-parekh-startups-m...
Maybe they "just vibe coded" it... /s
[dead]
Is this the Soham?
If you're talking about the remote work scammer in the news today, that's Soham Parekh. This is Soham Bharambe. Both are into cheating, apparently...
For those that missed it: https://techcrunch.com/2025/07/03/who-is-soham-parekh-the-se...
The Year of Soham on HN.
1 reply →
tear him for his bad cheating!
[flagged]
Yeah I don’t think anyone here is going to find your schtick funny either
[flagged]
But… he didn’t? He used the GPLv3 license, which has other requirements. Requirements that aren’t being met by the people who forked the codebase.
But they didn’t. The company violated the GPL by re-publishing it illegally as Apache.
[flagged]
Doesn't matter at all according to who?
No matter the license someone can just take the source code and use it however they like unless you have a concrete plan to stop them. I used to feel like licenses actually meant more but seeing a lot of examples of it made me realise this
[flagged]
There's actual good reason for that. the X Formally Known As Twitter company has a content weighting system that punishes external links, regardless where the link is pointed to. So apparently Mr. Soham did the smartest thing to give that post the best chance to spread.
BTW, the X Formally Known As Twitter company is not the only one who conduced the world to this, all big names do link restriction. Look what we've become, such nice world :)
If you scroll down in the xcancel link (posted in the same thread), you'll find side-by-side picture comparisons of the code, comments, libraries.
He includes screenshots which (to me) do indicate a certain amount of lifting.
Also the project is open source and the website is at the end of the thread. The website has a GH link in the header.
What more do you want really?
its not the best name tbh, i just made it as a meme but people take the name seriously and that hurts the case
ive posted the evidence in twitter thread link
Yeah, once someone posted a link I could read, I saw that. Bummer, looks like they ripped it off and sounds like they're currently doing the usual backpedal. Sorry your project got the wrong kind of attention in this way, I also (eventually) read into your tone while reading through your repo, and I understand much of it is tongue-in-cheek. It softened my position a bit. Hope you enjoy better luck in your future endeavors.
3 replies →
> its not the best name tbh
lol, I'll bet you $10 that the name is exactly why they got themselves into this mess. Had the name been something like "meeting-agent" or some corporate friendly name like that, they probably wouldn't have tried to hide it so much.
If you read the post, it has examples
Today I learned about xcancel.
jeers busted, everyone wins
This being on page 2 with 247 upvotes in the three hour time period this post has been up is surprising to me. I wouldn't be surprised if @dang is suppressing it (but I'd also be happy to hear that it's not being suppressed).
It's pretty spineless for the Pickle team to come out and pretend they mistakenly re-licensed GPL code. Hilarious.
> in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache
How can you write a sentence like that in good faith?
The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
This principle goes right back to pg days, and was the first thing he taught dang [1].
That said, it doesn't mean we avoid moderation at all and it doesn't mean the guidelines all go out the window.
Different factors influence the story's rank and visibility on the front page: upvotes, flags, the flamewar detector, and settings to turn these penalties on/off. I'm actively watching the thread to keep it on the front page, as per the rule.
That said, the guidelines ask us to avoid fulmination and assume good faith. Whilst it's fair enough to criticize and question a company when they do something like this, we can also be adult enough to look the evidence before us and recognize that this was most likely a dumb mistake that they've moved quickly to correct.
[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Setting the license text is an explicit act and it seems fairly unlikely for anyone who creates software to think they can relicence GPL code or to think they didn't need to Google it first. Doing something that you meant to do isn't a mistake it's a choice.
It seems more likely that they didn't think anyone would notice.
4 replies →
The evidence clearly shows it was not a 'dumb mistake'
They claim they wrote the whole thing in 4 days. They did not attribute the original author in ANY way.
They clearly showed they intended to steal the authors work and sell it as if they wrote it. YC has just become such a dumpster fire if that kind behaviour is even remotely accepted or called a 'dumb mistake'
2 replies →
> The first rule of HN moderation is that we moderate (i.e., intervene) less if a story reflects negatively on a YC company or YC itself.
Unless you have transparency on flagging and mod actions, these are just your words. And as these events keep happening, your credibility erodes.
2 replies →
As dang said, presume good faith. It's part of the HN guideline.
Also, "Never attribute to malice that which is adequately explained by stupidity"
YC doing typical YC things
Hey I was having an interview the other day, and they had me show my task manager. Is your thing able to bypass that? (just curious)
It will just show a process named cheating-daddy. I doubt any interviewers will think that's suspicious.
Half serious: why do you think a free tool focused on real time gen ai would also have a faked task manager feature?
> why do you think a free tool focused on real time gen ai would also have a faked task manager feature?
So that you don't get caught?
1 reply →
Maybe I’m looking at the wrong repos but both appear to be GPL-3 (or maybe it was relicensed back to original GPL-3?)
https://github.com/sohzm/cheating-daddy
https://github.com/pickle-com/glass
11 minutes ago "licensed fixed" https://github.com/pickle-com/glass/commit/5c462179acface889...
And now they rewrote Git history and that commit is dangling. Wow...
yeah he changed it rn https://github.com/pickle-com/glass/commit/5c462179acface889...
Then rewrote the history and force-pushed so it never happened.
He=you? What's the game here. https://news.ycombinator.com/item?id=44460855
2 replies →
They committed the (presumably ripped off) repo yesterday, changed the license from GPL to Apache, and now have changed it back (presumably in response to this thread).
https://github.com/pickle-com/glass/commits/main/LICENSE
Hi everyone, this is Daniel from the Pickle team. Glass is a new open source project from us that we plan to build on and improve. We built several original features for it like live summaries, real-time STT Transcript and one-click "Ask" from summary that we're very excited about. However in initially building it we included code from a GPL-licensed project that we incorrectly attributed as Apache. This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly. We are sorry to the original author of the project, Soham (CheatingDaddy), and thank him for pointing this out. We are also sorry to the open source community for messing up here. Thanks everyone for caring about this.
Hiding the entire history of this incident[1] behind a force push[2] to make it seem as if credit was given and proper license was chosen from the start really displays a lack of integrity, and tells me it’s definitely malicious (which should be quite clear from zero mention of the original project to begin with, but this act reinforces that) rather an inadvertent screwup.
[1] https://github.com/pickle-com/glass/commits/5c462179acface88...
[2] https://github.com/pickle-com/glass/commit/4c51d5133c4987fa1...
I don’t think the rebase is malicious. Would they even be allowed to continue distributing the older commits (where they claim an Apache license) or would that be to perpetuate the license violation?
4 replies →
A few weeks ago people on here where mad at a company (Microsoft?) for NOT force pushing the corrected credit of a source code.
You just can't win.
14 replies →
> This was incorrect and sloppy work […]
You meant: this was illegal and unethical work.
You might be lucky with the original author not suing you. I'm not sure your backers will be equally kind. I certainly wouldn't, depending on what exactly you told your investors we may be looking at straight up securities fraud here.
You meant: this was illegal and unethical work.
But... but... but... Velocity! And moats! And we're VC-funded! Doesn't that mean we can do whatever we want?
1 reply →
Calling it sloppy work is too charitable. It's one thing for others to give you a benefit of the doubt, it's absolutely crazy that you yourself are doing it. It's clear if the other guy did not speak up, you would not have "corrected" the incorrect attribution. Your entire repo uses the work from someone else, and you did not even credit the person who built it until he called you out for the deception.
The correct approach is to license your code as GPL v3 with Soham as the author. It's a simple fix.
You won’t be forgiven unless you restore the license to GPL v3.
You restored the license to GPL v3: https://github.com/pickle-com/glass/commit/5c462179acface889...
You won't be forgiven unless you credited sohzm and state that cheating-daddy is a direct inspiration
1 reply →
If you had any semblance of respect for the work of others and what is right you would sincerely apologize and shut the project down instead of rolling with it.
Or how about an apology to handle it better with the company moving forward, and engage communication with the repo creator to involve him.
Really it's more of the gesture, to set the example, since we've all seen this before, and AFAIK, there haven't been too many amicable outcomes.
Hard to say that your work isn't derived from a GPL project if you quite openly are reimplementing a GPL project you used at the core of your own project.
> This was incorrect and sloppy work on our end. We made a quick fix and are working right now to do a proper fix that addresses the issues fully and cleanly.
There is no fix. Your work is derived and should be/will be licensed as GPL. You do not want to accidentally succeed and then find you have nothing. You are being a smart-ass here.
> This was incorrect and sloppy work on our end
Cut the grandoise talk. You stole someone's work and now you just shrug it off as "incorrectly attributed as Apache". That's not a mistake, that's a deliberate action plan. The force push others have mentioned is the proof. Atleast be honest in your apology.
I hope YC takes serious action and eliminates you guys from their cohort if you're still in one. This reflects very poorly on them otherwise.
Credit the original creator as a consultant and give him equity
Can I ask if this was an LLM mistake?
Ok you crook.
Nice try
looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...
let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
people monetizing something you open-source isn't stealing.
If it was 'just' a licensing slip up sure, but there's still a lot of integrity issues here despite that. The presentation of "we created an open source library to do X in just days" comes across as a lie right?
I feel like ycombinator leads may want to look more deeply into this one. If they are presenting it as something they've achieved that's an integrity issue right?
This is the crux of it all to me. Anyone in the industry knows mistakes happen all the time but the braggadocios nature rubs me the wrong way and spits in the face to those of YC who do indeed have integrity.
3 replies →
> looks like they fixed it: https://github.com/pickle-com/glass/commit/5c462179acface889...
Not fixed, covered up.
> let's not freak out - you can't "steal" open-source code, they used an incompatible license. that was accidentally too free.
What a poetic formulation? In reality, they deleted history and they put a license that allows the "freedom" to let them monetize the code. I wonder how's the original author more free with this license? How is anyone more free? Sounds like the license was "accidentally" "too free" in a way that only made themselves more free.
> people monetizing something you open-source isn't stealing.
It's, in fact, the precise definition when the open-source project uses the GPLv3 license.
> that was accidentally too free.
You are ignoring the fact that they claimed that they "built it in just 72 hours", accidentally omitting to mention that it's a fork of another repo.
yes, but sublicensing to even permissive ("free-er") license (GPLv3+ to Apache2.0) is a violation of license.
GPL is supposed to viral, if you are using project adopted that, you are taking the risk with it. If you are just changing the license and took the code, that's wrong and need to get an attention. If anyone could go just yoink and relicense the GPL code to other permissive license was "legal", the https://gpl-violations.org wouldn't exist in the first place (i.e. you can just take the linux kernel code and rename it something like "mynux", redistribute in bsd-3 clause and "don't distribute the derivative part").
And they've now orphaned that commit, they're a sketchy bunch at best.
Unfortunately, sketchy is generally rewarded.
I'm starting to sense a pattern with this project.
They've squashed the history to hide their earlier "error". This isn't compliant with section 5a of the GPLv3[1].
"sketchy at best" is a polite description of this pattern of behaviour.
[1] https://www.gnu.org/licenses/gpl-3.0.en.html#section5
It looks like they've squashed everything into a single commit, since there's only a commit on their repo right now that was pushed 28 minutes ago (as of this comment).
That's probably the right thing to do Git-wise, because licences might not be retroactive.
The license they used was less free than the GPL license. Laundering GPL code into projects with licenses that aren't as free is classic copyright infringement.
You're ignoring the part about attribution due to copyright law, see: https://opensource.stackexchange.com/questions/13038/does-so...
From what I understand, it would be a breach of contract at minimum (based on what I remember from past discussions of this sort of activity involving different participants).
If someone else has a better idea of what “forking GPL 3 source code and using a different licence” would be, then please let me and others know.
If you don't follow the license, then you don't have a license to use, distribute or modify the code. So then you get into copyright violation territory, up to $150,000 per infringement in the US if it's intentional.
3 replies →
You can read the text of the GPLv3 license itself; it has a specific provision for this case.
> "Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."
https://www.gnu.org/licenses/gpl-3.0.html
Realistically this will probably just have a reputational cost for Daniel Park/Pickle. Whether he intended to or not, some amount of people will associate “pretends to make things that he did not make” with him because of this entirely unforced error.
>From what I understand, it would be a breach of contract at minimum
Isn't that the minimum bar for a "business model" capable of attracting VC interest these days?
They cloned (not forked) the repo, removed the history, claimed it as their own, and changed the license. This is not a mistake
Is the copyright still attributed to the original developer?
no. its BOTH attribution AND license violation.