Malus – Clean Room as a Service

An interesting aspect of this, especially their blog post (https://malus.sh/blog.html ), is that it acknowledges a strain in our legal system I've been observing for decades, but don't think the legal system or people in general have dealt with, which is that generally costs matter.

A favorite example of mine is speed limits. There is a difference between "putting up a sign that says 55 mph and walking away", "putting up a sign that says 55 mph and occasionally enforcing it with expensive humans when they get around to it", and "putting up a sign that says 55 mph and rigidly enforcing it to the exact mph through a robot". Nominally, the law is "don't go faster than 55 mph". Realistically, those are three completely different policies in every way that matters.

We are all making a continual and ongoing grave error thinking that taking what were previously de jure policies that were de facto quite different in the real world, and thoughtlessly "upgrading" the de jure policies directly into de facto policies without realizing that that is in fact a huge change in policy. One that nobody voted for, one that no regulator even really thought about, one that we are just thoughtlessly putting into place because "well, the law is, 55 mph" without realizing that, no, in fact that never was the law before. That's what the law said, not what it was. In the past those could never really be the same thing. Now, more and more, they can.

This is a big change!

Cost of enforcement matters. The exact same nominal law that is very costly to enforce has completely different costs and benefits then that same law becoming all but free to rigidly enforce.

And without very many people consciously realizing it, we have centuries of laws that were written with the subconscious realization that enforcement is difficult and expensive, and that the discretion of that enforcement is part of the power of the government. Blindly translating those centuries of laws into rigid, free enforcement is a terrible idea for everyone.

Yet we still have almost no recognition that that is an issue. This could, perhaps surprisingly, be one of the first places we directly grapple with this in a legal case someday soon, that the legality of something may be at least partially influenced by the expense of the operation.

It took me a minute to recognize this as satire (thank you HN comments). However it does actually make sense - maybe this could be a way for OSS devs to get paid.

What if we did build a clean room as a service but the proceeds from that didn't go to the "Malus.sh" corporation, but to the owners / maintainers of the OSS being implemented. Maybe all OSS repos should switch to AGPL or some viral license with link to pay-me-to-implement.com. Companies that want to use that package go get their own custom implementation that is under a license strictly for that company and the OSS maintainer gets paid.

I wonder what the MVP for such a thing would look like.

"I used to feel guilty about not attributing open source maintainers. Then I remembered that guilt doesn't show up on quarterly reports. Thank you, MalusCorp." ◆ Chad Stockholder Engineering Director, Profit First LLC

The fact that it took me the comments sections to understand this is satire speaks a lot about the current status of where things are going.

EDIT: Reading it again its quite obvious, I was just skimming at first, but still damn. Hilarious

Don't believe in hell but I were I hope they'd be a special place for them.

It's like... revert patent troll? I'm not even sure I get it but the wording "liberation from open source license obligations." just wants to make me puke. I also doubt it's legit but I'm not a lawyer. I hope somebody at the FSF or Apache foundation or ... whomever who is though will clarify.

"Our proprietary AI systems have never seen" how can they prove that? Independent audit? Whom? How often?

Satire... yes but my blood pressure?!

I feel like this is related to these issues (with somebody attempting this approach for real):

https://github.com/chardet/chardet/issues/327

https://github.com/chardet/chardet/issues/331

> If any of our liberated code is found to infringe on the original license, we'll provide a full refund and relocate our corporate headquarters to international waters.*

I love it. Brilliant satire that foreshadows the future.

This is extremely good satire. Question is, why hasn't anyone done this for real? There's enough people with the right knowledge and who would love to destroy open source for personal gain. Is it that this kind of service would be so open to litigation that it would need a lot of money upfront? Or is someone already working on this, and we're just living out the last good days of OSS?

I first encountered the concept of "clean room" in the context of Sean Lahman's free baseball stats database. While technically baseball stats are free, their compiling and manner of presentation in any given format may be claimed as proprietary by any particular provider. And so there's an extensive volunteer effort from baseball fans to "clean room" source them from independent sources such that they are verifying the stats independently of their provenance as a legally permitted basis for building out the database.

I even recall Baseball Mogul relied on the Lahman DB for a period of time. It does make me wonder if we'll see more of that.

Note for people who just briefly skimmed the site: This is satire.

There are two teenagers who learned about Malus in the last hour and have started figuring out how to actually build it, right now. They will not cite their source in their IPO statements.

You can also use this to say copy proprietary software, and make it open source GPL.

"Change all your core software library dependencies to be unmaintained ripoff copies of those libraries." Sounds wise.....¡¡

This is satire but this is where things are heading. The impact on the OSS ecosystem is probably not a net positive overall, but don't forget that this also applies to commercial software as well.

There will be many questions asked, like why buy some SaaS with way too many features when you can just reimplement the parts you need? Why buy some expensive software package when you can point the LLM into the binary with Ghidra or IDA or whatever then spend a few weeks to reverse it?

The post claims (tongue-in-cheek, of course) that their customer owns the resulting code.

But that's not true!

According to binding precedent, works created by an AI are not protected by copyright. NO ONE OWNS THEM!!!

I think maybe this is a good thing, but honestly, it's hard to tell.

I know this is satire, but I have an adjacent problem I could use help with. In my company, we have some legacy apps that run, but we no longer have the source, any everyone that worked on them has probably left the planet.

We need to replatform them at some point, and ideally I'd like to let some agents "use" the apps as a means to copy them / rebuild. Most of these are desktop apps, but some have browser interfaces. Has anyone tried something like this or can recommend a service that's worked for them?

Partly hard to judge as satire because this is significantly better than most SAAS websites.

Haha, was extremely rage-baited by this. Thanks.

This time it's satire, but I bet someone will offer exactly that for real in the next few days. The idea is unethical but far too lucrative from a business perspective.

> Our proprietary AI systems have never seen the original source code.

For this to be plausible satire, they need to show how they've trained their models to code, without mit, apache, bsd or GPL/agpl code being in the training set...

they really had an entertaining presentation in fosdem 2026 about this. bit too noisy for my taste but regardless:

https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...

Of course, the trained model they use to do the code generation may itself have been trained on the very open source code they are trying to replicate 'cleanly'.

…scanning… …fuming… …blood pressure rising… sees a quote attributed to “Chad Stockholder Engineering Director, Profit First LLC” …oh phew, thank god for that. I actually believed this could be real for a moment!

Couldn't this be done on proprietary software as well? Have an agent fuzz an interface (any type) for every bit of functionality and document it. Then have it build based on the document?

> You have been so generous, so unreasonably, almost suspiciously generous, that you have made it possible for an entire global economy to run on software that nobody technically owns, maintained by people that nobody technically employs, governed by licenses that nobody technically reads. It is a miracle of human cooperation. It is also, from a fiduciary standpoint, completely insane.

Funny but true.

Love the product link in footer to "Emergency AGPL Removal"

>Our proprietary AI robots independently recreate any open source project from scratch.

Fact that this is satire aside, why would a company like this limit this methodology to only open source? Since they can make a "dirty room" AI that uses computer-use models, plays with an app, observes how it looks from the outside (UI) and inside (with debug tools), creates a spec sheet of how the app functions, and then sends those specs to the "clean room" AI.

This is essentially 'License Laundering as a Service.' The 'Firewall' they describe is an illusion because the contamination happens at the training phase, not the inference phase. You can't claim independent creation when your 'independent developer' (the commercial LLM) already has the original implementation's patterns and edge cases baked into its weights.

In order to really do this, they would need to train LLMs from scratch that had no exposure whatsoever to open source code which they may be asked to reproduce. Those models in turn would be terrible at coding given how much of the training corpus is open source code.

Yes, we hate the abuse of open source, in its everlasting legal purgatory, by large evil "other" shadows acting at a distance...

But I'm stupefied at m/y/our own oblivious excitement when extracting our expertise for others in the form of skills we share. It's a profound hacking of our reward system, on the fear of losing a job and the hope of climbing the ladder of abstraction.

Tech companies have for decades subsidized developer training and careers with free tools and tiers, support for developer communities and open-source -- in order to reduce the costs of expertise and to expand their markets. Now skills do both. For developers, the result will be like developing for or at Apple: the lucky few will work in secret, based on personal connections and product skills.

That's funny.

I find surprising that the polemic I heard more talking, seems to be in the open source to close source direction.

It seems to me, that the more relevant part of this new development, for the software industry, it's a teenager working in the weekend with a LLM and making a functional clone of Autocad, for instance.

Why only FOSS? Why not Wikipedia?

You take Wikipedia, an LLM rewrites every single article giving them your preferred political spin and generates many more pictures for it. You make it sleeker, and price it at 4.99$ per month.

EDIT: That's crazy. They already did that. Waiting for the torment nexus now I guess.

This is brilliant satire. Wonderful response to the “rewrite” of chardet.

^ For those who haven’t been keeping up on the debacle.

If this site actually connects to Stripe, it's much more than just satire. It's a honeypot :D

Well I didn't understand it was satire at first glance which tells a lot about the state of our industry...

The joke is that the models have already seen the source code of said packages regardless, right?

Not sure their attempted point lands the way they think it will. I view this as an unmitigated good. Open source every damn thing. Open the floodgates. Break the system.

I'd cheer for a company like this.

It seems to dance just on the other side of what's legal, though.

The frustrating thing is I also thought about this as a natural conclusion - but as a natural workflow that corporations will do when they see AGPL dependencies they want to use. (I also think there's a world where we start tightening our software bill of materials anyway.)

I do not believe it will ever again make sense to build open source for business. the era of OSS as a business model will be very limited going forward. As sad and frustrating as it is, we did it to ourselves.

Its not just doing this to open source GPL software. I have seen friends disassemble code in archaic languages, and have Claude translate the Assembly back to the original language, and churn on it until it compiles. It worked.

Theory: Any system, legal or otherwise, that denies the Axioms of Reality, will eventually fail.

Axiom of Reality: “Intellectual Property” does not exist.

As a hypothetical.

Let’s say instead it consolidated a few packages into 1. This might even be a good idea for security reasons.

Then it offered a mandatory 15% revenue tip to the original projects.

So far GPL enforcement usually comes down to “umm, try and sue us lol”.

How much human intervention is needed for it to be a real innovation and not llm generated. Can I someone to watch Claude do its thing and press enter 3 times ?

Was hoping this was a service that cleaned actual rooms, combining organizing and cleaning. :-(

I was really hoping that this was just a service that would literally clean my room.

I have a feeling this will lead to huge interoperability and ecosystem fragmentation issues.

Well, there is one way... You can have a government steal all open source code and force its citizens to only use proprietary hardware and proprietary code, all government sanctioned btw. I wonder if we're headed this way.

very bottom of the page: "This service is provided "as is" without warranty. MalusCorp is not responsible for any legal consequences, moral implications, or late-night guilt spirals resulting from use of our services."

Clean room was a poor choice of words… I thought it was an actual clean room for semiconductor devices :(

Can't wait to see GPL2 ZFS :-)

Good idea, but as several comments here suggest, the time when this sort of thing could be taken as satire is gone. I promise you there are multiple people here thinking that this is a good idea. I predict that within a year we will see a service that does exactly this.

So they recreate the open source project by using an llm that was trained in the open source project's source code.

I feel like we live in an interesting time, where you have to second guess whether someone would actually build something like this. Like, the language is very tongue in cheek, but given how messed up copyright law is, you'd think that by now someone would be doing this, and proudly.