Hacker News new | ask | show | jobs
by thorum 6 days ago
Unfortunately for the people mad about this, I predict the only thing they will accomplish by pressuring the rsync maintainers, is to discourage everyone else from responsibly disclosing their use of AI. You’re just going to make people disable Claude attribution on their commits to avoid drama.
7 comments
zzyzxd 6 days ago
I never care about AI usage disclosure, because I don't believe that human produced code is necessarily better than AI produced code, unless it's someone I personally know.

People need to be responsible for code they commit and push anyways. This has never changed. Whether the code is written by hand, by their cat walking over keyboard, or by AI, is not my concern.

A project's code quality can decline for all kinds of reasons. I don't think it's productive to laser-focus on whether it's produced by AI or not. That's a distraction. If a person just want to find excuse to criticize AI, and another person wants to fight back and defend AI, sure, go for it. But that's not how you would want to assess a project's code quality.

link
calvinmorrison 6 days ago
something as simple as requiring sign-offs like the DCO maybe relevant to people who care. I do think the driveby stuff may get smaller. People dont need to get stuff upstream. I have lots of patches I am keeping downmstrea and instead have a trigger system when new packages updates drop into debian and i rebuild the package with my patches on top using quill. Other systems like gentoo basically always supported this flow.

So - why bother forking or going upstream? maybe its selfish. I think publishing the patches are cool but I feel less of a need to force other people into doing what I want or even writing every possible configuration or solution. I just hack it for me

link
delusional 6 days ago
> People need to be responsible for code they commit and push anyways.

Well the GPL (which rsync is licensed under) says: "This program comes with ABSOLUTELY NO WARRANTY" so actually nobody is responsible for anything.

link
berti 6 days ago
I think they meant in terms of karma/reputation for the individual, and the project. Traditionally open source is heavily based on these social currencies.
link
saagarjha 6 days ago
Nobody is suing the maintainer for support here so this is completely irrelevant.
link
matheusmoreira 6 days ago
> You’re just going to make people disable Claude attribution on their commits to avoid drama.

People should be doing this regardless of drama. No reason to provide free advertising for trillion dollar corporations. Generated-by trailers are only relevant when contributing to third party projects, in that case disclosure is polite.

link
Aurornis 6 days ago
The value of the Claude attribution is that you can tell at a glance who used AI.

I don't care about the advertising angle. We all know Claude by now. I want some indicator that AI was used.

link
block_dagger 6 days ago
At my employer, if AI is not used, it shows up on your performance report and you’ll be told if you don’t start using it, you will be dismissed. I work at a medium sized successful YC-backed SaaS. So here, the attribution is meaningless - they look at your Bedrock and LLM API calls as well as Claude Code history.
link
Aurornis 6 days ago
If the company policy is to have everyone using it then everyone is going to assume you're using it.

I don't see a need for an attribution line in this case.

link
fragmede 6 days ago
Do you fellow ICs have access to those reports and can correlate commits from you to the prompts used to create them easily?
link
block_dagger 6 days ago
Not currently. Each IC's report is kept private unless they voluntarily share it, and IC's don't have visibility into other IC's Claude Code or Cursor logs. I think we're moving toward a model where it will be easier to correlate commits with chats, but timeline is not clear.
link
fragmede 6 days ago
Seems far more efficient to just have a line the commit message then.
link
vips7L 6 days ago
https://github.com/dtnewman/burn-baby-burn
link
ethagnawl 6 days ago
> they look at your Bedrock and LLM API calls as well as Claude Code history.

This is fucking insane. How does this correlate with productivity in any way? The results are all that matters, who cares how you got there?

link
andrekandre 6 days ago 

  > The results are all that matters, who cares how you got there?
i actually said this at $JOB to a manager, to which they replied "yes, but in the future all code will be ai generated, so thats the 'results' we are looking for"....
link
mexicocitinluez 5 days ago
If it's decent code, but attributed to AI, how does that change things? What real-world impacts does that have?

That's what I can't for the life of me figure out. Bad code is bad code regardless of who is writing it. Adding a disclaimer about how it was written is meaningless. Hell, it could say "Written by the Easter bunny" and that would have 0 impact on it's utility.

link
agentultra 5 days ago
Not the commenter you replied to:

I think many people in this camp have political or ethical concerns and want to avoid contributing to or supporting the companies behind frontier-AI tools. Or they have moral or technical concerns and want to boycott usage to maintain their principles.

It should be fairly widely known at this point.

link
mexicocitinluez 5 days ago
Obviously people have those concerns. The comment above specifically said:

> The value of the Claude attribution is that you can tell at a glance who used AI.

Specifies none of that, which is why I was asking the question.

> technical concerns

Which is exactly why I asked what I did. What technical concerns could possibly exist if the code is good? What does adding that attribution remove or add to technical concerns that you can't already see from the code itself?

link
agentultra 5 days ago
Maybe you want to resist normalizing the use of GenAI for programming?

I know my personal choice doesn’t make much of a difference but I refuse to own a car. I advocate at my local city council to remove car storage from streets, remove parking minimums, add better transit, make the core of our city car-free. It sometimes feels easier to join in and just accept that this is the way of the world but I refuse to believe in inevitability: building cities for the benefit of cars is a choice.

Maybe some folks want to avoid AI code because they don’t want to make that choice?

I can’t say for them. But I do know there’s no sense pretending like they don’t have a point or feigning shock that someone might not have the same view as you do.

link
matheusmoreira 6 days ago
And why do you want to know that? So you can call our projects slop? Ostracize us?
link
Hammershaft 6 days ago
Because LLMs are not humans, and the code they produce will have a different distribution of failure modes than human written code, so attribution is useful info while reviewing?
link
matheusmoreira 6 days ago
> while reviewing

As I said, disclosure is polite when contributing code to third party projects which will undergo human review.

No need for such things in one's own projects.

link
Groxx 6 days ago
>which will undergo human review

This can be largely assumed to be true for any open source code. It's kinda the point of open source.

link
toofy 6 days ago
for the same reason we want to know who wrote an article, a book, a movie, a song, a play, a journal paper, a painting, and on and on.

why do you so many people want to hide who the real author is?

we should be very weary of anyone claiming they’re the author of something when they’re absolutely not. if jon wrote a book and i take credit, that’s shady as hell.

link
matheusmoreira 6 days ago
Ghostwriting is a thing.
link
kelnos 6 days ago
Yes, and I respect ghostwritten work less than I do a work with a disclosed true author. Same would be true of unattributed AI-generated code.
link
Barrin92 6 days ago
yes because there's people who can't write but want to pretend that they can, just like the people who don't disclose they're using these tools. If you're the Gwyneth Paltrow of programming you're not making a great case for yourself, and I'd like to know before touching any of the software.
link
codygman 6 days ago
So that the AI model that generated code can get proper credit and we'll know to use (or not use it) next time.
link
matheusmoreira 6 days ago
That's not at all what someone who wants to "tell at a glance who used AI" actually wants to know.
link
Aurornis 6 days ago
You don't need an AI attribution tag to recognize slop. In my experience reviewing PRs, the slop-pushers are most aggressive about stripping the AI attribution anyway. It's the normal devs who use a little bit of AI who leave it in.

The tag is helpful because AI authorship is different than the human authorship. When you work with a project or team for long enough you start to trust certain people and their intuition, but when they start submitting AI-produced code you have to reset and review it like AI code.

I use these tools a lot, too. But I want to know where the code came from so I can review it accordingly. The source matters.

> Ostracize us?

I don't know why you're so defensive. If AI wrote the code just be honest about it.

If you outsourced the code writing to some guy named Bob on Fiverr, I'd want to know that too.

link
matheusmoreira 6 days ago
> I don't know why you're so defensive.

Check it out:

https://lobste.rs/s/29pm2f/llm_generated_submissions_should_...

https://lobste.rs/s/ytim7h/collection_small_low_stakes_low_e...

link
Aurornis 6 days ago
I'm not interesting in joining into some argument you're having with someone on lobste.rs
link
ezst 6 days ago
Some people prefer organic grown food for all kinds of reasons, does it matter to you they would want the same for code? (Also, I'm not picking a side here)
link
matheusmoreira 6 days ago
It matters when I'm contributing to their projects. In that case I'll go out of my way to be polite and learn their rules.
link
kelnos 6 days ago
That's really all anyone is asking of you. It's odd that this is your position, and yet you seem to be arguing (in your other comments) in a way that seems like you think that you should be able to do whatever you want, with any project, their requirements be damned.
link
eschaton 6 days ago
So we can know which commits will be infringing others’ copyright.
link
julianeon 6 days ago
If Claude is actually good enough to commit to rsync, of course I'm going to look at that and think "it's good enough for my side project too." And (benefit to companies aside) that is info it is useful to know, if it's true.
link
amiga386 6 days ago
Yeah, this is why it's obnoxious and this is why scummy marketers do it. If you don't aggressively turn it off, they leech an implicit endorsement out of you.

- Sent from my iPhone

link
AnotherGoodName 6 days ago
Alto hug the iphone sigoff is hilaripus sonce fhe meyboard is so bad it always comes across asa an ask doe forgivebeds

— Sent from my iPhone

link
AlienRobot 6 days ago
Indeed. The best endorsement is done explicitly by obnoxious users.

I use Linux, btw.

link
trwired 6 days ago
Is that a bad thing? I mean from the perspective of Anthropic's marketing department sure, but if agents are just another type of tool in developer's tool belt - as I see people recently like to claim - attribution feels kinda weird. In the end it is the developer who is responsible for their commits.
link
eli 6 days ago
Yeah I think it's a bad thing. It's context about how open source code was written that is lost.

And I guess maybe there's no such thing as bad press but at least in this cases it doesn't seem like effective marketing for Anthropic.

link
eschaton 6 days ago
“Don’t get mad at people for doing something unethical or immoral, or they’ll do something unethical or immoral!”

Disabling attribution of LLM-generated code is fraud, because you’re saying you wrote the code.

Of course that fits right in with the use of an LLM to generate code in the first place, since what it’s actually doing is regurgitating its inputs stripped of any license and copyright notice.

link
UebVar 6 days ago
I'm very certain that this is not fraud, across multiple legal systems, both roman and common law. In both cases fraud requires a person is deprived of a material good. Neither the defrauded person or their material loss is present in this case. Maybe there is a oddball legal system somewhere in the world where fraud is something entirely different, but i doubt it. "Fraud", just like "Decorator Pattern" is a well established concept and pretty simple concept, even if there are edge cases. This does not fit at all.

In academia this is miss-attribution, outside of academia this does not exist.

This is clearly not not copyright infringement either as LLMs do not claim copyright, nor could they. Just like the photograph taken by the monkey, or pictures drawn by crows. LLM output is not a creative work either.

If this is unethical or immoral is a totaly different question. I really dont think so and I dont think you argue that position well.

link
eschaton 6 days ago
It is misrepresentation for gain, that gain does not need to be monetary to be material. For example, it can be reputational.

It also is copyright infringement, because what the LLM “generates” are actually portions of its training set, which were covered by copyright. Just passing through an LLM does not remove that copyright from that work.

link
UebVar 5 days ago
No, you are wrong.

In German and French (roman) legal systems this is a "Vermögensdelikt", and explicitly about material damage and gain. Yes, common law can be more broad (in canada it isn't really, it just also includes service, btw.), and yet it clearly does not meet the definition, as there is a damaged/defraued party and fraudulent/gaining party. We are not talking about somebody usurping somebody else reputation, after all.

You misuse a technical term that is well established since antiquity.

You do not know what this word means. If you want to argue about semantics, look up the definition. This works especially well for legal terms as laws define them.

(That said, IANAL and there are very many different legal systems and I am not ruling out there exists one that is competently different - laws can be changed a will, after all.)

It is also obviously not copyright infringement, because this is simply not how copyright works, at all. I cannot and will explain of all copyright here. Instead I will point this out: Every code produced by a human who read copyrighted code would fall under your definition.

link
eschaton 4 days ago
No, you are wrong. You are either willfully misunderstanding what I’m calling fraud, or you are misinformed as to what “material gain” means in many legal systems.

With respect to the former, “fraud” is a shorthand for “fraudulent misrepresentation,” which is what you’re doing when you take someone else’s IP and try to contribute it to a project without securing the right to do so. It can be read as implicit in the attempt to contribute to the project that you have secured this permission (or do not need to, because the work is original to you). Whether the code came out of an LLM or was copied from another project or Stack Overflow doesn’t matter, it’s that you’re misrepresenting the rights you have that’s the fraudulent part.

For the latter, I specifically pointed out that the gain from fraudulent misrepresentation need not be monetary. The gain can be reputational or any other sort of benefit. For example, someone pretending to a fictional person to gain access to a space they otherwise wouldn’t is still committing fraud.

Finally, you’re wrong about whether the output of an LLM infringes copyright of material in its training set. Just running a copyrighted work through an LLM does not remove the copyright on that work if reproduced by the LLM.

link
jhack 6 days ago
"Disabling attribution of LLM-generated code is fraud, because you’re saying you wrote the code."

Should there by attribution for Google or Stack Overflow copy/paste? Who should we bully about this?

link
umanwizard 6 days ago
> Should there by attribution for Google or Stack Overflow copy/paste?

Obviously, and I'm a bit taken aback that anyone thinks otherwise.

link
eschaton 6 days ago
Yes, in fact, this is why people who do that are looked down upon.

They are in fact committing fraud if they do not attribute the code in their commit properly, because by committing it they’re claiming to have rights by virtue of authorship that they do not have. (Namely, the right to contribute that code to the project,.) They may also be committing copyright infringement, depending on the copyright and license status of some code they found via Google or Stack Overflow.

It’s always fascinating to me to see how many people on Hacker News have such extremely poor understanding of how intellectual property actually works, and how misrepresenting themselves or their work can actually have consequences.

link
dml2135 6 days ago
Are there any court cases you can point to that have clearly established that using LLM generated code can be a copyright violation? My understanding is that this is very far from being settled law.
link
eschaton 6 days ago
What cases can you cite that have determined it’s not?

It’s clear on its face that LLMs can and do store and reproduce copyrighted works; using a form of (somewhat) lossy data compression. And using a lossy stochastic or perceptual form of compression to reproduce a copyrighted work doesn’t somehow make it not storage or reproduction, otherwise sharing MP3 files wouldn’t be copyright infringement.

Anyone engaging in responsible risk management should assume that anything LLM-generated is infringing until determined otherwise by the courts, not the other way around.

link
dml2135 5 days ago
There are billion-dollar entities preparing to fight this very question out in court as we speak.

Your interpretation of the law is certainly plausible, but it is clearly not a settled question.

If you really are so confident, go bet on Kalshi and make some easy money: https://kalshi.com/markets/kxnytoai/new-york-times-wins-open...

link
Leynos 6 days ago
Outside of situations where it is required by contract, attributing AI usage is a courtesy, nothing more.
link
eschaton 4 days ago
So it’s OK to just paste other people’s IP into a change you’re submitting to a project without caring about the license or originator?
link
infamouscow 6 days ago
It's only fraud if a person signed their name stating such.

Their name being attached to the commit is itself, irrelevant, as their is no way to submit a patch otherwise. You could use a fake name, but you're just moving this fraud problem around.

You're going to have a hard time convincing anyone that using a tool constitutes fraud. Frankly, it's silly, if not genuinely stupid.

Film photographers in the early 2000s routinely called digital "not real photography" and Photoshop "cheating" because you could delete bad shots and fix everything later. Traditional musicians and critics dismissed drum machines, synthesizers, and autotune as soulless tools.

link
eschaton 6 days ago
Intent and custom both matter quite a bit in law. It is customary to treat the name attached to a commit as the copyright holder of any changes represented by that commit, just as it was for the sender of an email containing a patch back when that was how such work was done.

Often this is also spelled out in a project’s contribution guidelines, and some projects have even had more explicit copyright assignment policies they required contributors to agree to, but the lack of such guidelines or assignment policies does not mean the custom as normally observed in the field is irrelevant.

link
kelnos 6 days ago
> Intent and custom both matter quite a bit in law.

Indeed, and I'm not aware of any (Western, at least) legal system that would consider it fraud to not disclose that an LLM had generated some code.

I'd like to gently point out that your insistence of fraud here is hurting your overall argument, and is causing people to focus on the language you're using, instead of the substance of what you're trying to say. I do agree with you that people should disclose LLM generation when writing commits. But the way you're going about arguing this "fraud" thing is an unproductive dead end.

link
eschaton 5 days ago
The fraud isn’t (directly) in hiding that the LLM generated some code. The fraud is in the (implicit) misrepresentation of ownership of and/or rights to the code.

When you send a patch or pull request to a project, you’re saying (implicitly) that you have the necessary rights to contribute the intellectual property it contains. If you used an LLM to “generate” some of it, that is not necessarily the case.

A similar situation would occur if you agreed to pay someone else to create a patch, and then submitted it under your own name without paying them. Because it’s a work for hire, it’s not yours until they’re paid for it, so you’re fraudulently misrepresenting your rights to that patch to the project. If you did pay the creator, you don’t have to attribute them unless it’s in the contract between you and the creator, or unless the project requires such attribution.

link
Unit327 6 days ago
This argument gets trotted out every time but it doesn't convince me of anything. Yes, calling things out creates an incentive for people to hide them, but so what?

Setting aside the whole AI = bad argument, let's do a metaphor. Tax evasion is bad and unethical and you should call it out where you see it. But wait, that creates an incentive for people to hide it! So I'd better not call it out, it's best to just keep my mouth shut.

link
mohamedkoubaa 6 days ago
I'd be willing to be that an undisclosed LLM disclosure will follow a developer around for the rest of their career
link
eschaton 6 days ago
That kind of fraud absolutely should. (I suspect you mean “undisclosed LLM use.”)
link
mohamedkoubaa 6 days ago
Thank you, that's what I meant
link
Daishiman 6 days ago
I'm willing to be that in two years that's going to be completely irrelevant because the amount of code written by hand will drop to less than 10%.
link
overgard 6 days ago
I mean, I don't think commits are the place for tool attributions. I want to know what the change was, I'm not really interested in your tool selection (put that in the PR if it's relevant). It'd be just as irrelevant to see "written on my macbook in neovim"
link
hnav 6 days ago
Depends on what the claude attribution actually means. A lot of people will just get the thing building and then ship. To me that attribution is generally a red flag.
link
eschaton 6 days ago
It means “this contribution likely infringes someone else’s copyright.”
link