In reply to a developer on one of the Linux kernel mailing lists, Linux creator Linus Torvalds firmly put a foot down to push back against anti-AI comments.
All it takes is one person using an LLM tainted with proprietary code which then just gives them that code line for line to undo decades of courtroom defense.
The GPL license no longer covers the kernel in legal terms.
The uncopyrightability of AI-written code only applies to the actual strings of code generated by an AI, not to the entire project.
A person could ignore the GPL if they only copied the AI-written portions. But, how could they know for sure which lines were AI generated and which were not? A wrong choice would leave them civilly liable for copyright violation and all they stand to gain would be tiny portions of the Linux kernel code which are worthless by themselves.
There’s no reason to steal the AI generated portions and risk a lawsuit, when you can just generate your own code.
There seems to be legal discussions about that. It’s not quite as simple as you say:
However, there may be cases in which a different assessment is justified, namely when users use and operate the LLM as a tool that merely implements their personal creative intent. This could be compared somewhat more vividly to using a paintbrush. If the brush merely rolls over the paper, for example because it is dropped, no copyright-protected work is created, even if paint remains on the paper. However, if a painter deliberately swings the brush in a certain way, a protected painting can be created. If AI is used in a comparable way a copyright-protected work can indeed be created.
yeah and the paintbrush somehow has abstracted access to millions of proprietary and copyleft licensed source code in forms of weight.
this is a clear misuse and abuse of any fair use rights, and clear push to centralisation of copyright to only a few companies with big budgets that can defend themselves.
i mean, can you really challenge and win against openai, a company backed by the govt, that your copyleft source code are misused as training data?
Yeah any decision would be on a case by case basis, which is normally something you’d want to avoid.
I’ve seen a couple of Linux devs talk about how they just give a prompt to claude and walk away leaving it alone to spit out the code, none of which can be licensed as GPL. But good luck working out what specific lines of what specific patches of theirs used an LLM vs. were re-written or such.
And extremely abusive, since they don’t review the code fully, but a human must review the whole commit before accepting it. They save their time but consume that of others.
what is a proprietary line of code? how do you look at a for loop or uf statement and say “i own that”. i can tell you that in all the huge applications i have worked on in the last 27 years, there isnt special proprietary code. there is proprietary data but not code.
the only time you really have proprietary codeis specialized code talking to a specialized device. so maybe a closed source driver.
LLMs don’t “create”. Under the hood, they’re tokenizing the queries, looking for “clouds” of tokens that are similar to the query, then returning a sequence of tokens (with some random noise thrown in) that match what their training data says the answer should be.
In short: all LLM code is an amalgamation of their training data by definition. If there’s nothing similar in there, it’s literally not possible for it to be part of any response.
You’re exactly right. I should have used „generate“ instead of „create“.The point is I don’t think LLMs normally use copyrighted code in a way that would hurt open source projects.
Under the hood, they’re tokenizing the queries, looking for “clouds” of tokens that are similar to the query, then returning a sequence of tokens (with some random noise thrown in) that match what their training data says the answer should be.
The point is I don’t think LLMs normally use copyrighted code in a way that would hurt open source projects.
I don’t know. I’m not a lawyer, and copyright for code was a hot mess even before LLMs got involved. With how many opportunistic copyright/patent trolls there are and how easily convinced judges have been in the past, it could go either way.
Lol, so how do humans code in comparison?
The good programmers normally code by breaking down the problem into constituent parts and logically working through the problem, step by step. What differentiates this from tokenization is that instead of just looking for code that is similar for a similar problem, programmers can usually understand the effects of each line of code, visualize what the state of each variable will be in that step (or dump out the variables to look directly if unsure), and then move on to the next step. This logical problem-solving approach is fundamentally different from a tokenization+noise looking for a similar-looking problem approach. For one thing, you can solve problems that haven’t been solved before.
Human programmers at least can tell you where they got a snippet they copied, whether it was in the docs, stack overflow or elsewhere, and you can try to keep attribution if you care about compliance. Not only that, but most of our skills are related to designing stuff and recognizing which pattern to use, the specific implementation isn’t necessary the same unless we go look for whatever we saw in the past, as our memories don’t just record everything and repeat it word by word. And after picking up a new language or framework I only need to look around when using a third party library or some API I’m less familiar with, or when something breaks.
All it takes is one person using an LLM tainted with proprietary code which then just gives them that code line for line to undo decades of courtroom defense.
Not only that, but AI output can’t be licensed/copyrighted. The GPL license no longer covers the kernel in legal terms.
The uncopyrightability of AI-written code only applies to the actual strings of code generated by an AI, not to the entire project.
A person could ignore the GPL if they only copied the AI-written portions. But, how could they know for sure which lines were AI generated and which were not? A wrong choice would leave them civilly liable for copyright violation and all they stand to gain would be tiny portions of the Linux kernel code which are worthless by themselves.
There’s no reason to steal the AI generated portions and risk a lawsuit, when you can just generate your own code.
There seems to be legal discussions about that. It’s not quite as simple as you say:
https://kpmg-law.de/en/ai-and-copyright-what-is-permitted-when-using-llms/
Best to not believe anything KPMG says about AI.
Actually if KPMG say the sky is blue you should probably go outside and check and also make sure you still have your wallet.
yeah and the paintbrush somehow has abstracted access to millions of proprietary and copyleft licensed source code in forms of weight.
this is a clear misuse and abuse of any fair use rights, and clear push to centralisation of copyright to only a few companies with big budgets that can defend themselves.
i mean, can you really challenge and win against openai, a company backed by the govt, that your copyleft source code are misused as training data?
Yeah any decision would be on a case by case basis, which is normally something you’d want to avoid.
I’ve seen a couple of Linux devs talk about how they just give a prompt to claude and walk away leaving it alone to spit out the code, none of which can be licensed as GPL. But good luck working out what specific lines of what specific patches of theirs used an LLM vs. were re-written or such.
While I share Linus opinion on LLMs, I think doing this shit is extremely stupid and lazy.
And extremely abusive, since they don’t review the code fully, but a human must review the whole commit before accepting it. They save their time but consume that of others.
this is FUD and not true. projects are licensed not lines of code.
But if there are proprietary lines of code that end up in a project with an open license, you get a violation. 🤷♂️
what is a proprietary line of code? how do you look at a for loop or uf statement and say “i own that”. i can tell you that in all the huge applications i have worked on in the last 27 years, there isnt special proprietary code. there is proprietary data but not code.
the only time you really have proprietary codeis specialized code talking to a specialized device. so maybe a closed source driver.
I have worked at two companies back-to-back for a total of about 8 years, so significantly less time, that both definitely had proprietary code.
It is code that does things that nobody else is doing, or able to do, and patented, I believe(?).
But nice anecdote. 👍
Ist that a common thing that LLMs using proprietary code for coding tasks?
Because I don’t think so.
What do you think the LLM is using for reference when generating code? It can’t create from nothing.
They use everything for everything, that’s the big issue. Also gpl code. Anything they can trawl through they use. And replicate, in part or in full.
They take code snippets and copy and paste them? Or do they create own code based on what they’ve learned by trawling?
LLMs don’t “create”. Under the hood, they’re tokenizing the queries, looking for “clouds” of tokens that are similar to the query, then returning a sequence of tokens (with some random noise thrown in) that match what their training data says the answer should be.
In short: all LLM code is an amalgamation of their training data by definition. If there’s nothing similar in there, it’s literally not possible for it to be part of any response.
You’re exactly right. I should have used „generate“ instead of „create“.The point is I don’t think LLMs normally use copyrighted code in a way that would hurt open source projects.
Lol, so how do humans code in comparison?
By copy pasting from Stack Overflow
Did you purposely respond like an AI?
Damn, I forgot the em dash.
I don’t know. I’m not a lawyer, and copyright for code was a hot mess even before LLMs got involved. With how many opportunistic copyright/patent trolls there are and how easily convinced judges have been in the past, it could go either way.
The good programmers normally code by breaking down the problem into constituent parts and logically working through the problem, step by step. What differentiates this from tokenization is that instead of just looking for code that is similar for a similar problem, programmers can usually understand the effects of each line of code, visualize what the state of each variable will be in that step (or dump out the variables to look directly if unsure), and then move on to the next step. This logical problem-solving approach is fundamentally different from a tokenization+noise looking for a similar-looking problem approach. For one thing, you can solve problems that haven’t been solved before.
Human programmers at least can tell you where they got a snippet they copied, whether it was in the docs, stack overflow or elsewhere, and you can try to keep attribution if you care about compliance. Not only that, but most of our skills are related to designing stuff and recognizing which pattern to use, the specific implementation isn’t necessary the same unless we go look for whatever we saw in the past, as our memories don’t just record everything and repeat it word by word. And after picking up a new language or framework I only need to look around when using a third party library or some API I’m less familiar with, or when something breaks.