SoylentNews is people
SoylentNews
Vibe Coding Is Killing Open Source Software, Researchers Argue:
According to a new study from a team of researchers in Europe, vibe coding is killing open-source software (OSS) and it's happening faster than anyone predicted.
Thanks to vibe coding, a colloquialism for the practice of quickly writing code with the assistance of an LLM, anyone with a small amount of technical knowledge can churn out computer code and deploy software, even if they don't fully review or understand all the code they churn out. But there's a hidden cost. Vibe coding relies on vast amounts of open-source software, a trove of libraries, databases, and user knowledge that's been built up over decades.
Open-source projects rely on community support to survive. They're collaborative projects where the people who use them give back, either in time, money, or knowledge, to help maintain the projects. Humans have to come in and fix bugs and maintain libraries.
Vibe coders, according to these researchers, don't give back.
The study Vibe Coding Kills Open Source, takes an economic view of the problem and asks the question: is vibe coding economically sustainable? Can OSS survive when so many of its users are takers and not givers? According to the study, no.
"Our main result is that under traditional OSS business models, where maintainers primarily monetize direct user engagement...higher adoption of vibe coding reduces OSS provision and lowers welfare," the study said. "In the long-run equilibrium, mediated usage erodes the revenue base that sustains OSS, raises the quality threshold for sharing, and reduces the mass of shared packages...the decline can be rapid because the same magnification mechanism that amplifies positive shocks to software demand also amplifies negative shocks to monetizable engagement. In other words, feedback loops that once accelerated growth now accelerate contraction."
[...] According to Koren, vibe-coders simply don't give back to the OSS communities they're taking from. "The convenience of delegating your work to the AI agent is too strong. There are some superstar projects like Openclaw that generate a lot of community interest but I suspect the majority of vibe coders do not keep OSS developers in their minds," he said. "I am guilty of this myself. Initially I limited my vibe coding to languages I can read if not write, like TypeScript. But for my personal projects I also vibe code in Go, and I don't even know what its package manager is called, let alone be familiar with its libraries."
The study said that vibe coding is reducing the cost of software development, but that there are other costs people aren't considering. "The interaction with human users is collapsing faster than development costs are falling," Koren told 404 Media. "The key insight is that vibe coding is very easy to adopt. Even for a small increase in capability, a lot of people would switch. And recent coding models are very capable. AI companies have also begun targeting business users and other knowledge workers, which further eats into the potential 'deep-pocket' user base of OSS."
This won't end well. "Vibe coding is not sustainable without open source," Koren said. "You cannot just freeze the current state of OSS and live off of that. Projects need to be maintained, bugs fixed, security vulnerabilities patched. If OSS collapses, vibe coding will go down with it. I think we have to speak up and act now to stop that from happening."
He said that major AI firms like Anthropic and OpenAI can't continue to free ride on OSS or the whole system will collapse. "We propose a revenue sharing model based on actual usage data," he said. "The details would have to be worked out, but the technology is there to make such a business model feasible for OSS."
[...] "Popular libraries will keep finding sponsors," Koren said. "Smaller, niche projects are more likely to suffer. But many currently successful projects, like Linux, git, TeX, or grep, started out with one person trying to scratch their own itch. If the maintainers of small projects give up, who will produce the next Linux?"
arXiv link: https://arxiv.org/abs/2601.15494
(Score: 2) by aafcac on Tuesday February 10, @01:34PM (4 children)
BSD code will always have more of an impact on the world than GPL code does because of that. Not everybody is an extremist that feels the need to enforce their world view on others. Some people contribute code for the betterment of humanity without expecting anything back in return.
(Score: 3, Insightful) by Bentonite on Wednesday February 11, @04:45AM (3 children)
I'm not sure you're even on this planet, as if you were and you were able to think objectively, you would realize that weak-licensed code clearly has primarily had a negative impact on the world, while strong licensed software has primarily had a positive impact.
After all, considering how Macos and iOS and windows and almost all other proprietary software are enhanced by weak licensed code (usually the developer doesn't even bother to follow the license by attributing, as the weak license indicates the developer is weak willed and will not enforce their license) and how that proprietary software takes the users freedom, spies on the users, disobeys the users, controls the users, wastes the users time and/or empties the users bank balance, that is certainly not something that betters humanity - rather it is a case of harm against humanity.
Another example of the harm of weak licensed software is the Intel ME backdoor - billions of computers disobey their users, as those run a separate backdoor processor that run a proprietary version of MINIX, that executes Intel's malware (while Intel could have just written their own OS, they didn't need to, as a weak licensor wrote the proprietary software for them and even went so far to assist them with minimizing the size - of course Intel didn't even tell him what their plans were and maybe even violated his license by not attributing, so he only learned years later - but of course he did nothing and he was seriously proud of how many users freedom were taken).
Taking a look at most of the computers that do something useful and not something entirely harmful, like most internet routers and webservers for somewhat useful sites like Wikipedia, most mail servers, most SIP communication servers etc, you'll realize that those don't run a BSD - those run GNU/Linux (much of the freedom is deducted by how Linux is proprietary software, but that's the result of the developers treating its license like a weak license, by not enforcing the license).
While there are a handful of weak licensed programs that happen to be primarily used as free software on GNU/Linux, rather than as proprietary software, that is the exception, rather than the norm.
If you want to contribute code for the betterment of humanity, without expecting anything in return, the only license that will do that is a strong license and the best choices for a strong license is the AGPLv3-or-later, or the GPLv3-or-later, or the GPLv2-or-later.
After all, those licenses don't force anyone to give you anything at all in return (everyone can decide to keep their changes private, or choose to who to provide the changes to, which can exclude the original developer) - those just don't grant the power to attack humanity by taking the users freedom.
If you instead choose a weak license, maybe that would have a benefit if it primarily ends up being used as free software, but if it's any good, there is a severe risk of a malware author, or a malware company copying it to save a buck and using it as part of their proprietary malware as part of their humanity attacking activities.
It's incredible that you consider a strong argument, that utilizes logic and reason to inform as enforcing a worldview, but you don't consider making false claims that you know are false, as enforcing a worldview.
(Score: 2) by aafcac on Wednesday February 11, @03:44PM (2 children)
More made up nonsense. I'm not sure if it's still the case, but the entire internet, you know the place where you're posting, was built originally using the BSD TCP/IP stack with the vast majority of projects using it.
Face it, whether you care to admit it or not, the most used code is not GPL, or equivalent, and never will be. Projects like SQLite are under some incredibly permissive licensing terms that allows them to be everywhere. It's an absolute fantasy world to pretend like that's not the case. If you're relying upon a software license as a means to head off bad behavior, you've already lost as there's nothing inherent to stop the sociopathic behavior as often times the cost of writing the code is a fraction of the profit in doing so anyways.
(Score: 2) by Bentonite on Thursday February 12, @03:18AM (1 child)
If it's made up, then I'm sure you could have explained how, instead of only dismissing it in 4 words.
Even if the ME wasn't intended to be a backdoor, all of the security vulnerabilities it contained (that most vendors haven't rolled out BIOS/UEFI updates for) and likely still contains means that it works as backdoor in practice; https://en.wikipedia.org/wiki/Intel_Management_Engine?useskin=monobook#Security_vulnerabilities [wikipedia.org]
Amazing, you seriously immediately proceeded to make up nonsense?
TCP/IP is a protocol specification and there were several implementations of it prior to the BSD one; https://en.wikipedia.org/wiki/TCP/IP#Adoption [wikipedia.org]
In 1989, BSD released their stack to the public domain, which means portions of it ended up in many proprietary OS's (most of which are no dead and no longer used), but it seems that it wasn't a very good implementation, as it appears every single proprietary OS proceeded to replace large portions of it with their own implementation.
Therefore, it was *not* the case that the entire internet used *the* BSD TCP/IP stack, it was rather that many (but not all) IP implementations on proprietary OS's used for routers (like Unix's), contained a limited amount of BSD code that remained after the rewriting.
But looking at this chart of internet hosts https://en.wikipedia.org/wiki/File:Internet_Hosts_Count_log.svg [wikipedia.org] it looks like the internet was becoming popular even before such stack was released (but Unix and other proprietary OS's at the time were frankly terrible and therefore clearly never worked well as a router OS).
BSD wasn't popular as a router OS at that time either, as the litigation against BSD meant that no business would touch it; https://en.wikipedia.org/wiki/UNIX_System_Laboratories,_Inc._v._Berkeley_Software_Design,_Inc.?useskin=monobook [wikipedia.org]
What allowed the internet to become really popular was GNU/Linux in ~1994+, as Linux's custom IP stack combined with GNU's OS (that you could configure the packet routes and run RIP, OSPF and BGP implementations on), allowed for setting up internet routers that could scale as small or as large as needed, that happened to be gratis too, rather than costing a ludicrous sum (although proprietary BGP implementations and the like were still a problem until GNU implemented GNU Zebra).
Only several years after the lawsuit was settled in 1994 did the BSD's implement the required software to be an internet router (BGP etc), but BSD's were never popular as a router OS.
The reckless obsession with popularity by BSD developers is bad for humanity.
If the software is being used primarily for harmful purposes as proprietary software, that is a bad thing and therefore it would have been better if such software was never written.
Wrong - SQLite is under no license terms - it's released to the public domain - which is a problem for jurisdictions where public domain is not recognized.
SQLite is not what I would call a good database - it doesn't even have date and time types - you need to rather mungle dates with the date and time functions.
It may be very popular, but that popularity is a bad thing, as it's primarily used for harmful purposes.
There are better databases available under strong licenses, which I'd consider using instead.
What limits such sociopaths behaviors is how such sociopaths (for example proprietary software developers) are usually terrible programmers.
Throwing money at terrible programmers isn't going to magically get you functionally good software.
But, if a programmer with any skill developers functionally acceptable software and then offers it to such sociopaths on a silver platter (a weak license), for the price of $0, the sociopaths always jump at the chance to integrate it into their proprietary software and therefore make it operate at a functionally convenient level (I've found weak licensed software integrated into every single functionally convenient proprietary software program I've inspected so far).
Meanwhile, if a programmer with real skill licenses the best software under the AGPLv3-or-later, or GPLv3-or-later, sociopaths usually do not integrate it into their proprietary software or SaaSS, as they don't want to risk being taken to court and made to choose between either respecting the users freedom or removing it and therefore downgrading the functionality of the software.
Too bad the GPLv2 isn't as effective, as most GPLv2-only projects rather treat it is a weak license and don't enforce it.
(Score: 2) by aafcac on Thursday February 12, @05:52AM
Considering that none of what you've posted has any sort of actual relevance, you're fortunate that I gave you 4 words to dismiss that.
As far as it being replaced goes, I never claimed that was still the case, just that it had been the case and that much of what you're interacting with would have taken far longer to occur if everybody had to do their own stack. Not that any of what you've posted justifies your childish name-calling.