An interesting aspect of this, especially their blog post (https://malus.sh/blog.html ), is that it acknowledges a strain in our legal system I've been observing for decades, but don't think the legal system or people in general have dealt with, which is that generally costs matter.
A favorite example of mine is speed limits. There is a difference between "putting up a sign that says 55 mph and walking away", "putting up a sign that says 55 mph and occasionally enforcing it with expensive humans when they get around to it", and "putting up a sign that says 55 mph and rigidly enforcing it to the exact mph through a robot". Nominally, the law is "don't go faster than 55 mph". Realistically, those are three completely different policies in every way that matters.
We are all making a continual and ongoing grave error thinking that taking what were previously de jure policies that were de facto quite different in the real world, and thoughtlessly "upgrading" the de jure policies directly into de facto policies without realizing that that is in fact a huge change in policy. One that nobody voted for, one that no regulator even really thought about, one that we are just thoughtlessly putting into place because "well, the law is, 55 mph" without realizing that, no, in fact that never was the law before. That's what the law said, not what it was. In the past those could never really be the same thing. Now, more and more, they can.
This is a big change!
Cost of enforcement matters. The exact same nominal law that is very costly to enforce has completely different costs and benefits then that same law becoming all but free to rigidly enforce.
And without very many people consciously realizing it, we have centuries of laws that were written with the subconscious realization that enforcement is difficult and expensive, and that the discretion of that enforcement is part of the power of the government. Blindly translating those centuries of laws into rigid, free enforcement is a terrible idea for everyone.
Yet we still have almost no recognition that that is an issue. This could, perhaps surprisingly, be one of the first places we directly grapple with this in a legal case someday soon, that the legality of something may be at least partially influenced by the expense of the operation.
show comments
arrsingh
It took me a minute to recognize this as satire (thank you HN comments). However it does actually make sense - maybe this could be a way for OSS devs to get paid.
What if we did build a clean room as a service but the proceeds from that didn't go to the "Malus.sh" corporation, but to the owners / maintainers of the OSS being implemented. Maybe all OSS repos should switch to AGPL or some viral license with link to pay-me-to-implement.com. Companies that want to use that package go get their own custom implementation that is under a license strictly for that company and the OSS maintainer gets paid.
I wonder what the MVP for such a thing would look like.
show comments
ks2048
"I used to feel guilty about not attributing open source maintainers. Then I remembered that guilt doesn't show up on quarterly reports. Thank you, MalusCorp."
◆
Chad Stockholder
Engineering Director, Profit First LLC
show comments
utopiah
Don't believe in hell but I were I hope they'd be a special place for them.
It's like... revert patent troll? I'm not even sure I get it but the wording "liberation from open source license obligations." just wants to make me puke. I also doubt it's legit but I'm not a lawyer. I hope somebody at the FSF or Apache foundation or ... whomever who is though will clarify.
"Our proprietary AI systems have never seen" how can they prove that? Independent audit? Whom? How often?
Satire... yes but my blood pressure?!
show comments
hmokiguess
The fact that it took me the comments sections to understand this is satire speaks a lot about the current status of where things are going.
EDIT: Reading it again its quite obvious, I was just skimming at first, but still damn. Hilarious
show comments
kpcyrd
I feel like this is related to these issues (with somebody attempting this approach for real):
The post claims (tongue-in-cheek, of course) that their customer owns the resulting code.
But that's not true!
According to binding precedent, works created by an AI are not protected by copyright. NO ONE OWNS THEM!!!
I think maybe this is a good thing, but honestly, it's hard to tell.
show comments
tavavex
This is extremely good satire. Question is, why hasn't anyone done this for real? There's enough people with the right knowledge and who would love to destroy open source for personal gain. Is it that this kind of service would be so open to litigation that it would need a lot of money upfront? Or is someone already working on this, and we're just living out the last good days of OSS?
show comments
glenstein
I first encountered the concept of "clean room" in the context of Sean Lahman's free baseball stats database. While technically baseball stats are free, their compiling and manner of presentation in any given format may be claimed as proprietary by any particular provider. And so there's an extensive volunteer effort from baseball fans to "clean room" source them from independent sources such that they are verifying the stats independently of their provenance as a legally permitted basis for building out the database.
I even recall Baseball Mogul relied on the Lahman DB for a period of time. It does make me wonder if we'll see more of that.
0xWTF
There are two teenagers who learned about Malus in the last hour and have started figuring out how to actually build it, right now. They will not cite their source in their IPO statements.
show comments
egonschiele
Good idea, but as several comments here suggest, the time when this sort of thing could be taken as satire is gone. I promise you there are multiple people here thinking that this is a good idea. I predict that within a year we will see a service that does exactly this.
0x500x79
> If any of our liberated code is found to infringe on the original license, we'll provide a full refund and relocate our corporate headquarters to international waters.*
I love it. Brilliant satire that foreshadows the future.
show comments
ameliaquining
Note for people who just briefly skimmed the site: This is satire.
show comments
Pannoniae
This is satire but this is where things are heading. The impact on the OSS ecosystem is probably not a net positive overall, but don't forget that this also applies to commercial software as well.
There will be many questions asked, like why buy some SaaS with way too many features when you can just reimplement the parts you need? Why buy some expensive software package when you can point the LLM into the binary with Ghidra or IDA or whatever then spend a few weeks to reverse it?
show comments
pradn
Is AI-driven clean room implementation a wild west at the moment? I suppose there haven't yet been any cases to test this out in real life?
e12e
> Our proprietary AI systems have never seen the original source code.
For this to be plausible satire, they need to show how they've trained their models to code, without mit, apache, bsd or GPL/agpl code being in the training set...
mushufasa
"Change all your core software library dependencies to be unmaintained ripoff copies of those libraries." Sounds wise.....¡¡
show comments
typeiierror
I know this is satire, but I have an adjacent problem I could use help with. In my company, we have some legacy apps that run, but we no longer have the source, any everyone that worked on them has probably left the planet.
We need to replatform them at some point, and ideally I'd like to let some agents "use" the apps as a means to copy them / rebuild. Most of these are desktop apps, but some have browser interfaces. Has anyone tried something like this or can recommend a service that's worked for them?
show comments
temp123789246
Theory:
Any system, legal or otherwise, that denies the Axioms of Reality, will eventually fail.
Axiom of Reality:
“Intellectual Property” does not exist.
logdahl
Haha, was extremely rage-baited by this. Thanks.
mikelitoris
Clean room was a poor choice of words… I thought it was an actual clean room for semiconductor devices :(
show comments
iepathos
This is essentially 'License Laundering as a Service.' The 'Firewall' they describe is an illusion because the contamination happens at the training phase, not the inference phase. You can't claim independent creation when your 'independent developer' (the commercial LLM) already has the original implementation's patterns and edge cases baked into its weights.
In order to really do this, they would need to train LLMs from scratch that had no exposure whatsoever to open source code which they may be asked to reproduce. Those models in turn would be terrible at coding given how much of the training corpus is open source code.
show comments
RobertoG
That's funny.
I find surprising that the polemic I heard more talking, seems to be in the open source to close source direction.
It seems to me, that the more relevant part of this new development, for the software industry, it's a teenager working in the weekend with a LLM and making a functional clone of Autocad, for instance.
teeray
The law should be updated to limit clean room reimplementation to a strictly human endeavor. Person, in a faraday cage room, with a machine that is too underpowered to run local LLMs. Reference material (stack overflow archives, language docs, specs, etc) are permitted.
RandomGerm4n
This time it's satire, but I bet someone will offer exactly that for real in the next few days. The idea is unethical but far too lucrative from a business perspective.
show comments
ragazzina
Why only FOSS? Why not Wikipedia?
You take Wikipedia, an LLM rewrites every single article giving them your preferred political spin and generates many more pictures for it. You make it sleeker, and price it at 4.99$ per month.
EDIT: That's crazy. They already did that. Waiting for the torment nexus now I guess.
show comments
gorgoiler
…scanning… …fuming… …blood pressure rising… sees a quote attributed to “Chad Stockholder
Engineering Director, Profit First LLC” …oh phew, thank god for that. I actually believed this could be real for a moment!
rhoopr
> You have been so generous, so unreasonably, almost suspiciously generous, that you have made it possible for an entire global economy to run on software that nobody technically owns, maintained by people that nobody technically employs, governed by licenses that nobody technically reads. It is a miracle of human cooperation. It is also, from a fiduciary standpoint, completely insane.
Funny but true.
show comments
fuddle
> MalusCorp International Holdings Ltd. is not responsible for any moral implications, existential crises, or late-night guilt spirals resulting from the use of our services.
I think they should take some responsibility!
sigbottle
I have a feeling this will lead to huge interoperability and ecosystem fragmentation issues.
Well, there is one way... You can have a government steal all open source code and force its citizens to only use proprietary hardware and proprietary code, all government sanctioned btw. I wonder if we're headed this way.
neonstatic
> 2010, Jordan Peterson: clean your room
> 2026, Malus: Clean Room as a Service
> 2026, Jordan Peterson: how could I have missed this business opportunity
Sardtok
Before I visited the site, I was really confused. First, the name means bad, as in evil. Second, I couldn't understand what CRaaS was supposed to be.
But I love it! The perfect response to the "clean room" AI re-implementation and re-licensing of whatever that library is called.
show comments
wesselbindt
I ate the onion. But in my defense, people are really putting forward this argument to relicense from GPL to MIT:
If this site actually connects to Stripe, it's much more than just satire. It's a honeypot :D
KronisLV
I feel like we live in an interesting time, where you have to second guess whether someone would actually build something like this. Like, the language is very tongue in cheek, but given how messed up copyright law is, you'd think that by now someone would be doing this, and proudly.
alsetmusic
This is brilliant satire. Wonderful response to the “rewrite” of chardet.
^ For those who haven’t been keeping up on the debacle.
TheMiddleMan
Couldn't this be done on proprietary software as well? Have an agent fuzz an interface (any type) for every bit of functionality and document it. Then have it build based on the document?
fallingmeat
Love the product link in footer to "Emergency AGPL Removal"
tekawade
How is this legal. Unless it’s trained excluding *all* open source code it’s not legal.
Also, using api and docs itself though not illegal seems defeat the purpose.
Also, it’s not right how creator says “pesky credits to creator”.
Just build your own then. Credit is the least thing everyone using should do.
show comments
copperx
Are licenses even enforceable now? Given that the law is not being followed in the United States anymore?
show comments
headgasket
interesting name. The opposite of a bonus. So what is, the fact that your fork looses the thousands of eyes (meat and ai) that spot and fix bugs and security leaks?
tripdout
The joke is that the models have already seen the source code of said packages regardless, right?
show comments
Perz1val
I'd have mined the copied libraries with something that makes it possible to later change terms and extract fees, as it'd be expected that nobody reads the terms for such service
jaredchung
Edit: I did it. Paid them $0.51 to clean room `copyleft`, just to see what would happen. A clean package is now sitting on my desktop, custom-built (I presume) and fully documented. Deleting it now, for obvious reasons. But is it still satire if they actually provide the literal service they're satirizing?
How far do they take the satire? If you pay them do they actually generate output?
show comments
jabedude
This is quite literally the end of open source. projects will find themselves in the position of making their test suites private to avoid being sherlocked like this
sigmar
>Our proprietary AI robots independently recreate any open source project from scratch.
Fact that this is satire aside, why would a company like this limit this methodology to only open source? Since they can make a "dirty room" AI that uses computer-use models, plays with an app, observes how it looks from the outside (UI) and inside (with debug tools), creates a spec sheet of how the app functions, and then sends those specs to the "clean room" AI.
show comments
fraywing
The smells suspiciously like a well positioned gag that is secretly seeking VC attention. The emotional reaction turned attention seeking feels a bit like having ulterior motives... or maybe Moltbook has made me paranoid?
observationist
Not sure their attempted point lands the way they think it will. I view this as an unmitigated good. Open source every damn thing. Open the floodgates. Break the system.
I'd cheer for a company like this.
It seems to dance just on the other side of what's legal, though.
show comments
ebiester
The frustrating thing is I also thought about this as a natural conclusion - but as a natural workflow that corporations will do when they see AGPL dependencies they want to use. (I also think there's a world where we start tightening our software bill of materials anyway.)
I do not believe it will ever again make sense to build open source for business. the era of OSS as a business model will be very limited going forward. As sad and frustrating as it is, we did it to ourselves.
izucken
Some parties wouldn't be thrilled about their "source available" getting cleaned this way. So when this gets completed it would only "clean" real open source that can't afford legal trouble. Satirically structured LLM text is not a defence.
comrade1234
So they recreate the open source project by using an llm that was trained in the open source project's source code.
ivanjermakov
First I thought this is about manufacturing. Like semiconductor fabs requirement for room cleanness.
floathub
Man, how could they not wait 2.5 weeks until April 1 !!!
999900000999
As a hypothetical.
Let’s say instead it consolidated a few packages into 1. This might even be a good idea for security reasons.
Then it offered a mandatory 15% revenue tip to the original projects.
So far GPL enforcement usually comes down to “umm, try and sue us lol”.
How much human intervention is needed for it to be a real innovation and not llm generated. Can I someone to watch Claude do its thing and press enter 3 times ?
show comments
sam0x17
Have fun when using this service is itself used in court as evidence for creating a malicious copy
neya
You know the satire is so good that people actually confused this for something real:))
mapcars
Heh, why don't you do the opposite - recreate proprietary software with open source license
show comments
amiga386
I did try to upload a requirements.txt with "chardet < 7.0" in it ("Copyright (C) 2024 Dan Blanchard"? I don't think so buddy, it's mine now), but despite claiming otherwise, the satirical site only takes package.json so I uploaded the one from https://github.com/prokopschield/require-gpl/
It does actually generate a price (which is suspiciously like a fixed rate of $1 per megabyte), and does actually lead you to Stripe. What happens if someone actually pays? Are they going to be refunding everything, or are they actually going to file the serial numbers off for you?
boje
Today's satire is tomorrow's reality, if the last 50 or so years is anything to go by.
forvelin
they really had an entertaining presentation in fosdem 2026 about this. bit too noisy for my taste but regardless:
I have to admit It took me an unconfortably long amount of time to realize this was fake-
asimpletune
This is an art project right? …right?
rgilton
It's interesting that the focus is just on open source licenses. If one can strip licenses from source code using LLMs, then surely a Microsoft employee could do the same with the Windows source code!
noemit
is the motto, "Don't be good?"
show comments
phpnode
This is satire, but I actually have built something that can do this extremely well as an unintentional side effect. I will not be building my business around this capability however
bingemaker
It will be nice to know how many legal personnel fell for this trip. Maybe a leaderboard :D
spudlyo
malus, mala, malum ADJ
bad, evil, wicked; ugly; unlucky;
It's an interesting word in Latin, because depending on the phonetic length of the vowel and gender it vary greatly in meaning. The word 'malus' (short a, masculine adjective) means wicked, the word 'mālus' (long ā, feminine noun) means apple tree, and 'mālus' (long ā, masculine noun) means the mast of a ship.
show comments
v9v
Thought this was about semiconductor cleanrooms at first. Any startups doing that?
danorama
Poe's Law just smacked me upside the head on this one. Hard.
keeda
The name was too much of a giveaway. I just hope that somebody who inevitably builds this for real is self-aware enough to name themselves so transparently.
About the only reason nobody would actually build this is there's no money in it. Who'd pay for a CRaaS version when they're not even paying for the original open source version?
I do think somebody will eventually vibe-code it for the lulz.
scblock
Presumably this is a joke, based on the "Success Reports" and the footer, among other things.
"This service is provided "as is" without warranty. MalusCorp is not responsible for any legal consequences, moral implications, or late-night guilt spirals resulting from use of our services."
duiker101
Let's not give anyone ideas!
agile-gift0262
if it were true that indeed was legal to rewrite and relicense open source code, would that also be true for non-open source code? as in, could someone do a similar rewrite of their employers proprietary code and release it publicly?
pringk02
> per package = max( $0.01, size_kb × $0.01 )
> order total = max( $0.50, sum of all packages )
> $0.50 minimum applies per order (Stripe processing floor). No base fee.
Not sure I can trust their output if this simple thing is fluffed
groby_b
I wish we'd distinguish between bullshit and clearly identified things that _may_ be future threats.
The linked post contains a whopping lie - "What does it mean for the open source ecosystem that 90% of our open source supply chain can currently be recreated in seconds with today's AI agents"
It can't. Not even close. Please, do show a working clean-room implementation of a major opensource package. (Not left-pad)
We really need to stop hyperventilating and get back to reality.
Jerry2
From their front page:
>*Full legal indemnification: *Through our offshore subsidiary in a jurisdiction that doesn't recognize software copyright*
Heh, ok. So, the thinking is:
1. You contract them.
2. The actual Copyright infringement is done by an __offshore__ company.
3. If you get sued by the original software devs, you seek indemnification from the offshore subsidiary.
4. That offshore subsidiary is in a country without copyright laws or with weak laws so "you're good!"
...
5. Profit.
This is a ridiculous legal defense since this "one-way-street" legal process will almost certainly result in you being sued first... the company actually using the infringing code.
The indemnification is likely worthless since the offshore company won't have any assets anyway and will dissolve once there's a lawsuit and legal process is established.
The "guarantee" is absurd: Their "MalusCorp Guarantee" promises a refund and moving headquarters to international waters if infringement is found. This is not a real legal remedy and is written to sound like a joke, which is telling about their seriousness...
This whole "clean room as a service" concept is a legal gray area at best. In practice, it's extremely difficult to prove tha ta "clean room" process was truly clean, especially with AI models that have been trained on vast amounts of existing code (including the very projects they are "recreating").
The indemnification is a marketing gimmick to make a legally dangerous service seem safe. It creates a facade of protection while ensuring that any financial liability stays with you, the customer who wants to avoid infringement .
show comments
lxe
Distinguished staff level trolling
yomismoaqui
I bet someone has already made this service for real.
show comments
cloverich
1. Best part of this (satirical) post is, the service they offer isn't really needed. LLM's can do this already for small projects, and soon likely will for large ones too. You don't need a company to do this, we all have the LLM tooling to do it. Critical we're all spending time thinking about what that means in a thoughtful way.
2. For the sake of argument assume 1 is completely true and feasible now and / or in the near term. If LLM generated code is also non copyrightable... but even if it is... if you can just make a copyleft version via the same manner... what will the licenses even mean any longer?
gmerc
See also: claw-guard.org/adnet, ai-ceo.org and ai-chro.org in this category
badrequest
Was malice.sh taken?
ultratalk
Am I the only one who saw the title and thought it was about physical clean-rooms?
show comments
neutrinobro
Ah yes, how apropos, a "modest proposal" for a new AI era.
p_j_w
I know this is satire, but I worry that it's giving some scumbags out there ideas.
CodeCompost
I know this is satire but we're in the process of rewriting the .NET Mediatr library because ... it's nothing but a simple design pattern packaged as a paid nuget package. We don't even need LLMs to reprogram it.
So the need is real, at least for enshittified libraries.
dakolli
I love these satirical sites that take a jab at how LLMs are (genuinely) ruining software.
Wait this is joke, yep this is a joke... Wait it's not a joke why are people taking this seriously? Ok good this is a joke wait it's REAL?
slopinthebag
The irony of course is that this service already exists. It's called Claude Code (or Codex, etc...) and it costs $200 / month.
Goofy_Coyote
It took me too long to understand it’s satire. BP went through stratosphere before I noticed.
Let’s hope one of these fake AI grifters doesn’t take this as a serious idea, raised a couple hundred million, and do real damage.
(I’m not against AI, I just don’t like nonsense either in tech, or people)
sourcegrift
Amazon getting all excited hoping it's real.
show comments
moralestapia
Oof, this is unironically amazing!
ramon156
blegh, i like the motivation but why again and again do you need to write the content of the page with Slop-LLM-GPT? Your motive and points are valid, why waste it on a word filter that cannot capture it?
bensyverson
Oh no… VCs will see this and take it seriously
show comments
ftumminello
Bruh this feels evil hahaha
ge96
turd.png classy
hirako2000
In this climate, it almost feels like it's not satire.
n0r0n1n
Can we stop with the AI slop here?
Last chance then I have to look elsewhere for real content.
petterroea
Now this is a conversation piece
jhatemyjob
I unironically want this service to exist. The GNU GPL "is a tumor on the programming community, in that not only is it completely braindead, but the people who use it go on to infect other people who can't think for themselves."
Historically, it was a good license, and was able to keep Microsoft and Apple in check, in certain respects. But it's too played out now. In the past, a lot of its value came from it being not fully understood. Now it's a known quantity. You will never have a situation where NeXT is forced to open source their Objective-C frontend, for example
tonymet
edit: it's satire. but likely not too far off from the reality in 6 months.
> Our process is deliberately, provably, almost tediously legal. One set of AI agents analyzes only public documentation: README files, API specifications, type definitions.
since nearly all open source dependencies couple the implementation with type definitions, I'm curious how this could pass the legal bar of the clean room.
Even if they claim to strip the implementation during their clean room process -- their own staff & services have access to the implementation during the stripping process.
ceayo
yay capitalism. thank god it is a joke!
> Those maintainers worked for free—why should they get credit?
ROFL
throwaway2037
I am blown away. Just 16 days ago, we were discussing this HN post: "FreeBSD doesn't have Wi-Fi driver for my old MacBook, so AI built one for me": https://news.ycombinator.com/item?id=47129361
In this post that I wrote: https://news.ycombinator.com/item?id=47131572 ... I theorised about how a company could reuse a similar technique to re-implement an open source project to change its license. In short: (1) Use an LLM to write a "perfect" spec from an existing open source project. (2) Use a different LLM to implement a functionally identical project in same/different programming language then select any license that you wish. Honestly, this is a terrifying reality if you can pay some service to do it on your behalf.
An interesting aspect of this, especially their blog post (https://malus.sh/blog.html ), is that it acknowledges a strain in our legal system I've been observing for decades, but don't think the legal system or people in general have dealt with, which is that generally costs matter.
A favorite example of mine is speed limits. There is a difference between "putting up a sign that says 55 mph and walking away", "putting up a sign that says 55 mph and occasionally enforcing it with expensive humans when they get around to it", and "putting up a sign that says 55 mph and rigidly enforcing it to the exact mph through a robot". Nominally, the law is "don't go faster than 55 mph". Realistically, those are three completely different policies in every way that matters.
We are all making a continual and ongoing grave error thinking that taking what were previously de jure policies that were de facto quite different in the real world, and thoughtlessly "upgrading" the de jure policies directly into de facto policies without realizing that that is in fact a huge change in policy. One that nobody voted for, one that no regulator even really thought about, one that we are just thoughtlessly putting into place because "well, the law is, 55 mph" without realizing that, no, in fact that never was the law before. That's what the law said, not what it was. In the past those could never really be the same thing. Now, more and more, they can.
This is a big change!
Cost of enforcement matters. The exact same nominal law that is very costly to enforce has completely different costs and benefits then that same law becoming all but free to rigidly enforce.
And without very many people consciously realizing it, we have centuries of laws that were written with the subconscious realization that enforcement is difficult and expensive, and that the discretion of that enforcement is part of the power of the government. Blindly translating those centuries of laws into rigid, free enforcement is a terrible idea for everyone.
Yet we still have almost no recognition that that is an issue. This could, perhaps surprisingly, be one of the first places we directly grapple with this in a legal case someday soon, that the legality of something may be at least partially influenced by the expense of the operation.
It took me a minute to recognize this as satire (thank you HN comments). However it does actually make sense - maybe this could be a way for OSS devs to get paid.
What if we did build a clean room as a service but the proceeds from that didn't go to the "Malus.sh" corporation, but to the owners / maintainers of the OSS being implemented. Maybe all OSS repos should switch to AGPL or some viral license with link to pay-me-to-implement.com. Companies that want to use that package go get their own custom implementation that is under a license strictly for that company and the OSS maintainer gets paid.
I wonder what the MVP for such a thing would look like.
"I used to feel guilty about not attributing open source maintainers. Then I remembered that guilt doesn't show up on quarterly reports. Thank you, MalusCorp." ◆ Chad Stockholder Engineering Director, Profit First LLC
Don't believe in hell but I were I hope they'd be a special place for them.
It's like... revert patent troll? I'm not even sure I get it but the wording "liberation from open source license obligations." just wants to make me puke. I also doubt it's legit but I'm not a lawyer. I hope somebody at the FSF or Apache foundation or ... whomever who is though will clarify.
"Our proprietary AI systems have never seen" how can they prove that? Independent audit? Whom? How often?
Satire... yes but my blood pressure?!
The fact that it took me the comments sections to understand this is satire speaks a lot about the current status of where things are going.
EDIT: Reading it again its quite obvious, I was just skimming at first, but still damn. Hilarious
I feel like this is related to these issues (with somebody attempting this approach for real):
https://github.com/chardet/chardet/issues/327
https://github.com/chardet/chardet/issues/331
The post claims (tongue-in-cheek, of course) that their customer owns the resulting code.
But that's not true!
According to binding precedent, works created by an AI are not protected by copyright. NO ONE OWNS THEM!!!
I think maybe this is a good thing, but honestly, it's hard to tell.
This is extremely good satire. Question is, why hasn't anyone done this for real? There's enough people with the right knowledge and who would love to destroy open source for personal gain. Is it that this kind of service would be so open to litigation that it would need a lot of money upfront? Or is someone already working on this, and we're just living out the last good days of OSS?
I first encountered the concept of "clean room" in the context of Sean Lahman's free baseball stats database. While technically baseball stats are free, their compiling and manner of presentation in any given format may be claimed as proprietary by any particular provider. And so there's an extensive volunteer effort from baseball fans to "clean room" source them from independent sources such that they are verifying the stats independently of their provenance as a legally permitted basis for building out the database.
I even recall Baseball Mogul relied on the Lahman DB for a period of time. It does make me wonder if we'll see more of that.
There are two teenagers who learned about Malus in the last hour and have started figuring out how to actually build it, right now. They will not cite their source in their IPO statements.
Good idea, but as several comments here suggest, the time when this sort of thing could be taken as satire is gone. I promise you there are multiple people here thinking that this is a good idea. I predict that within a year we will see a service that does exactly this.
> If any of our liberated code is found to infringe on the original license, we'll provide a full refund and relocate our corporate headquarters to international waters.*
I love it. Brilliant satire that foreshadows the future.
Note for people who just briefly skimmed the site: This is satire.
This is satire but this is where things are heading. The impact on the OSS ecosystem is probably not a net positive overall, but don't forget that this also applies to commercial software as well.
There will be many questions asked, like why buy some SaaS with way too many features when you can just reimplement the parts you need? Why buy some expensive software package when you can point the LLM into the binary with Ghidra or IDA or whatever then spend a few weeks to reverse it?
Is AI-driven clean room implementation a wild west at the moment? I suppose there haven't yet been any cases to test this out in real life?
> Our proprietary AI systems have never seen the original source code.
For this to be plausible satire, they need to show how they've trained their models to code, without mit, apache, bsd or GPL/agpl code being in the training set...
"Change all your core software library dependencies to be unmaintained ripoff copies of those libraries." Sounds wise.....¡¡
I know this is satire, but I have an adjacent problem I could use help with. In my company, we have some legacy apps that run, but we no longer have the source, any everyone that worked on them has probably left the planet.
We need to replatform them at some point, and ideally I'd like to let some agents "use" the apps as a means to copy them / rebuild. Most of these are desktop apps, but some have browser interfaces. Has anyone tried something like this or can recommend a service that's worked for them?
Theory: Any system, legal or otherwise, that denies the Axioms of Reality, will eventually fail.
Axiom of Reality: “Intellectual Property” does not exist.
Haha, was extremely rage-baited by this. Thanks.
Clean room was a poor choice of words… I thought it was an actual clean room for semiconductor devices :(
This is essentially 'License Laundering as a Service.' The 'Firewall' they describe is an illusion because the contamination happens at the training phase, not the inference phase. You can't claim independent creation when your 'independent developer' (the commercial LLM) already has the original implementation's patterns and edge cases baked into its weights.
In order to really do this, they would need to train LLMs from scratch that had no exposure whatsoever to open source code which they may be asked to reproduce. Those models in turn would be terrible at coding given how much of the training corpus is open source code.
That's funny.
I find surprising that the polemic I heard more talking, seems to be in the open source to close source direction.
It seems to me, that the more relevant part of this new development, for the software industry, it's a teenager working in the weekend with a LLM and making a functional clone of Autocad, for instance.
The law should be updated to limit clean room reimplementation to a strictly human endeavor. Person, in a faraday cage room, with a machine that is too underpowered to run local LLMs. Reference material (stack overflow archives, language docs, specs, etc) are permitted.
This time it's satire, but I bet someone will offer exactly that for real in the next few days. The idea is unethical but far too lucrative from a business perspective.
Why only FOSS? Why not Wikipedia?
You take Wikipedia, an LLM rewrites every single article giving them your preferred political spin and generates many more pictures for it. You make it sleeker, and price it at 4.99$ per month.
EDIT: That's crazy. They already did that. Waiting for the torment nexus now I guess.
…scanning… …fuming… …blood pressure rising… sees a quote attributed to “Chad Stockholder Engineering Director, Profit First LLC” …oh phew, thank god for that. I actually believed this could be real for a moment!
> You have been so generous, so unreasonably, almost suspiciously generous, that you have made it possible for an entire global economy to run on software that nobody technically owns, maintained by people that nobody technically employs, governed by licenses that nobody technically reads. It is a miracle of human cooperation. It is also, from a fiduciary standpoint, completely insane.
Funny but true.
> MalusCorp International Holdings Ltd. is not responsible for any moral implications, existential crises, or late-night guilt spirals resulting from the use of our services.
I think they should take some responsibility!
I have a feeling this will lead to huge interoperability and ecosystem fragmentation issues.
Well, there is one way... You can have a government steal all open source code and force its citizens to only use proprietary hardware and proprietary code, all government sanctioned btw. I wonder if we're headed this way.
> 2010, Jordan Peterson: clean your room > 2026, Malus: Clean Room as a Service > 2026, Jordan Peterson: how could I have missed this business opportunity
Before I visited the site, I was really confused. First, the name means bad, as in evil. Second, I couldn't understand what CRaaS was supposed to be.
But I love it! The perfect response to the "clean room" AI re-implementation and re-licensing of whatever that library is called.
I ate the onion. But in my defense, people are really putting forward this argument to relicense from GPL to MIT:
https://github.com/chardet/chardet/issues/327
If this site actually connects to Stripe, it's much more than just satire. It's a honeypot :D
I feel like we live in an interesting time, where you have to second guess whether someone would actually build something like this. Like, the language is very tongue in cheek, but given how messed up copyright law is, you'd think that by now someone would be doing this, and proudly.
This is brilliant satire. Wonderful response to the “rewrite” of chardet.
^ For those who haven’t been keeping up on the debacle.
Couldn't this be done on proprietary software as well? Have an agent fuzz an interface (any type) for every bit of functionality and document it. Then have it build based on the document?
Love the product link in footer to "Emergency AGPL Removal"
How is this legal. Unless it’s trained excluding *all* open source code it’s not legal.
Also, using api and docs itself though not illegal seems defeat the purpose.
Also, it’s not right how creator says “pesky credits to creator”.
Just build your own then. Credit is the least thing everyone using should do.
Are licenses even enforceable now? Given that the law is not being followed in the United States anymore?
interesting name. The opposite of a bonus. So what is, the fact that your fork looses the thousands of eyes (meat and ai) that spot and fix bugs and security leaks?
The joke is that the models have already seen the source code of said packages regardless, right?
I'd have mined the copied libraries with something that makes it possible to later change terms and extract fees, as it'd be expected that nobody reads the terms for such service
Edit: I did it. Paid them $0.51 to clean room `copyleft`, just to see what would happen. A clean package is now sitting on my desktop, custom-built (I presume) and fully documented. Deleting it now, for obvious reasons. But is it still satire if they actually provide the literal service they're satirizing?
How far do they take the satire? If you pay them do they actually generate output?
This is quite literally the end of open source. projects will find themselves in the position of making their test suites private to avoid being sherlocked like this
>Our proprietary AI robots independently recreate any open source project from scratch.
Fact that this is satire aside, why would a company like this limit this methodology to only open source? Since they can make a "dirty room" AI that uses computer-use models, plays with an app, observes how it looks from the outside (UI) and inside (with debug tools), creates a spec sheet of how the app functions, and then sends those specs to the "clean room" AI.
The smells suspiciously like a well positioned gag that is secretly seeking VC attention. The emotional reaction turned attention seeking feels a bit like having ulterior motives... or maybe Moltbook has made me paranoid?
Not sure their attempted point lands the way they think it will. I view this as an unmitigated good. Open source every damn thing. Open the floodgates. Break the system.
I'd cheer for a company like this.
It seems to dance just on the other side of what's legal, though.
The frustrating thing is I also thought about this as a natural conclusion - but as a natural workflow that corporations will do when they see AGPL dependencies they want to use. (I also think there's a world where we start tightening our software bill of materials anyway.)
I do not believe it will ever again make sense to build open source for business. the era of OSS as a business model will be very limited going forward. As sad and frustrating as it is, we did it to ourselves.
Some parties wouldn't be thrilled about their "source available" getting cleaned this way. So when this gets completed it would only "clean" real open source that can't afford legal trouble. Satirically structured LLM text is not a defence.
So they recreate the open source project by using an llm that was trained in the open source project's source code.
First I thought this is about manufacturing. Like semiconductor fabs requirement for room cleanness.
Man, how could they not wait 2.5 weeks until April 1 !!!
As a hypothetical.
Let’s say instead it consolidated a few packages into 1. This might even be a good idea for security reasons.
Then it offered a mandatory 15% revenue tip to the original projects.
So far GPL enforcement usually comes down to “umm, try and sue us lol”.
How much human intervention is needed for it to be a real innovation and not llm generated. Can I someone to watch Claude do its thing and press enter 3 times ?
Have fun when using this service is itself used in court as evidence for creating a malicious copy
You know the satire is so good that people actually confused this for something real:))
Heh, why don't you do the opposite - recreate proprietary software with open source license
I did try to upload a requirements.txt with "chardet < 7.0" in it ("Copyright (C) 2024 Dan Blanchard"? I don't think so buddy, it's mine now), but despite claiming otherwise, the satirical site only takes package.json so I uploaded the one from https://github.com/prokopschield/require-gpl/
It does actually generate a price (which is suspiciously like a fixed rate of $1 per megabyte), and does actually lead you to Stripe. What happens if someone actually pays? Are they going to be refunding everything, or are they actually going to file the serial numbers off for you?
Today's satire is tomorrow's reality, if the last 50 or so years is anything to go by.
they really had an entertaining presentation in fosdem 2026 about this. bit too noisy for my taste but regardless:
https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...
I have to admit It took me an unconfortably long amount of time to realize this was fake-
This is an art project right? …right?
It's interesting that the focus is just on open source licenses. If one can strip licenses from source code using LLMs, then surely a Microsoft employee could do the same with the Windows source code!
is the motto, "Don't be good?"
This is satire, but I actually have built something that can do this extremely well as an unintentional side effect. I will not be building my business around this capability however
It will be nice to know how many legal personnel fell for this trip. Maybe a leaderboard :D
malus, mala, malum ADJ
bad, evil, wicked; ugly; unlucky;
It's an interesting word in Latin, because depending on the phonetic length of the vowel and gender it vary greatly in meaning. The word 'malus' (short a, masculine adjective) means wicked, the word 'mālus' (long ā, feminine noun) means apple tree, and 'mālus' (long ā, masculine noun) means the mast of a ship.
Thought this was about semiconductor cleanrooms at first. Any startups doing that?
Poe's Law just smacked me upside the head on this one. Hard.
The name was too much of a giveaway. I just hope that somebody who inevitably builds this for real is self-aware enough to name themselves so transparently.
About the only reason nobody would actually build this is there's no money in it. Who'd pay for a CRaaS version when they're not even paying for the original open source version?
I do think somebody will eventually vibe-code it for the lulz.
Presumably this is a joke, based on the "Success Reports" and the footer, among other things.
"This service is provided "as is" without warranty. MalusCorp is not responsible for any legal consequences, moral implications, or late-night guilt spirals resulting from use of our services."
Let's not give anyone ideas!
if it were true that indeed was legal to rewrite and relicense open source code, would that also be true for non-open source code? as in, could someone do a similar rewrite of their employers proprietary code and release it publicly?
> per package = max( $0.01, size_kb × $0.01 )
> order total = max( $0.50, sum of all packages )
> $0.50 minimum applies per order (Stripe processing floor). No base fee.
Not sure I can trust their output if this simple thing is fluffed
I wish we'd distinguish between bullshit and clearly identified things that _may_ be future threats.
The linked post contains a whopping lie - "What does it mean for the open source ecosystem that 90% of our open source supply chain can currently be recreated in seconds with today's AI agents"
It can't. Not even close. Please, do show a working clean-room implementation of a major opensource package. (Not left-pad)
We really need to stop hyperventilating and get back to reality.
From their front page:
>*Full legal indemnification: *Through our offshore subsidiary in a jurisdiction that doesn't recognize software copyright*
Heh, ok. So, the thinking is:
1. You contract them.
2. The actual Copyright infringement is done by an __offshore__ company.
3. If you get sued by the original software devs, you seek indemnification from the offshore subsidiary.
4. That offshore subsidiary is in a country without copyright laws or with weak laws so "you're good!"
...
5. Profit.
This is a ridiculous legal defense since this "one-way-street" legal process will almost certainly result in you being sued first... the company actually using the infringing code.
The indemnification is likely worthless since the offshore company won't have any assets anyway and will dissolve once there's a lawsuit and legal process is established.
The "guarantee" is absurd: Their "MalusCorp Guarantee" promises a refund and moving headquarters to international waters if infringement is found. This is not a real legal remedy and is written to sound like a joke, which is telling about their seriousness...
This whole "clean room as a service" concept is a legal gray area at best. In practice, it's extremely difficult to prove tha ta "clean room" process was truly clean, especially with AI models that have been trained on vast amounts of existing code (including the very projects they are "recreating").
The indemnification is a marketing gimmick to make a legally dangerous service seem safe. It creates a facade of protection while ensuring that any financial liability stays with you, the customer who wants to avoid infringement .
Distinguished staff level trolling
I bet someone has already made this service for real.
1. Best part of this (satirical) post is, the service they offer isn't really needed. LLM's can do this already for small projects, and soon likely will for large ones too. You don't need a company to do this, we all have the LLM tooling to do it. Critical we're all spending time thinking about what that means in a thoughtful way.
2. For the sake of argument assume 1 is completely true and feasible now and / or in the near term. If LLM generated code is also non copyrightable... but even if it is... if you can just make a copyleft version via the same manner... what will the licenses even mean any longer?
See also: claw-guard.org/adnet, ai-ceo.org and ai-chro.org in this category
Was malice.sh taken?
Am I the only one who saw the title and thought it was about physical clean-rooms?
Ah yes, how apropos, a "modest proposal" for a new AI era.
I know this is satire, but I worry that it's giving some scumbags out there ideas.
I know this is satire but we're in the process of rewriting the .NET Mediatr library because ... it's nothing but a simple design pattern packaged as a paid nuget package. We don't even need LLMs to reprogram it.
So the need is real, at least for enshittified libraries.
I love these satirical sites that take a jab at how LLMs are (genuinely) ruining software.
See: https://deploycel.org/
Wait this is joke, yep this is a joke... Wait it's not a joke why are people taking this seriously? Ok good this is a joke wait it's REAL?
The irony of course is that this service already exists. It's called Claude Code (or Codex, etc...) and it costs $200 / month.
It took me too long to understand it’s satire. BP went through stratosphere before I noticed.
Let’s hope one of these fake AI grifters doesn’t take this as a serious idea, raised a couple hundred million, and do real damage.
(I’m not against AI, I just don’t like nonsense either in tech, or people)
Amazon getting all excited hoping it's real.
Oof, this is unironically amazing!
blegh, i like the motivation but why again and again do you need to write the content of the page with Slop-LLM-GPT? Your motive and points are valid, why waste it on a word filter that cannot capture it?
Oh no… VCs will see this and take it seriously
Bruh this feels evil hahaha
turd.png classy
In this climate, it almost feels like it's not satire.
Can we stop with the AI slop here? Last chance then I have to look elsewhere for real content.
Now this is a conversation piece
I unironically want this service to exist. The GNU GPL "is a tumor on the programming community, in that not only is it completely braindead, but the people who use it go on to infect other people who can't think for themselves."
Historically, it was a good license, and was able to keep Microsoft and Apple in check, in certain respects. But it's too played out now. In the past, a lot of its value came from it being not fully understood. Now it's a known quantity. You will never have a situation where NeXT is forced to open source their Objective-C frontend, for example
edit: it's satire. but likely not too far off from the reality in 6 months.
> Our process is deliberately, provably, almost tediously legal. One set of AI agents analyzes only public documentation: README files, API specifications, type definitions.
since nearly all open source dependencies couple the implementation with type definitions, I'm curious how this could pass the legal bar of the clean room.
Even if they claim to strip the implementation during their clean room process -- their own staff & services have access to the implementation during the stripping process.
yay capitalism. thank god it is a joke!
> Those maintainers worked for free—why should they get credit?
ROFL
I am blown away. Just 16 days ago, we were discussing this HN post: "FreeBSD doesn't have Wi-Fi driver for my old MacBook, so AI built one for me": https://news.ycombinator.com/item?id=47129361
In this post that I wrote: https://news.ycombinator.com/item?id=47131572 ... I theorised about how a company could reuse a similar technique to re-implement an open source project to change its license. In short: (1) Use an LLM to write a "perfect" spec from an existing open source project. (2) Use a different LLM to implement a functionally identical project in same/different programming language then select any license that you wish. Honestly, this is a terrifying reality if you can pay some service to do it on your behalf.