It's time for open source to retire
malus.shIt’s an interesting legal theory and seems like it would work. However, I would not be comfortable until it is tested in court. LLM models have “seen” an awful lot of code and may not be able to legally do the implementation.
Author is
""" Mike Nolan
Chief Executive Officer MalusCorp International Holdings Ltd. """
Also worth linking to his talk at FOSDEM, on which this is based: https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...
Also on youtube: https://youtu.be/9qEtm2zx314
The state of the world is so depressing and I already believe this is satire but I'm only 99% sure. Can someone else confirm?
I haven't spent too much time on it, so there's a good chance that I'm wrong, but it doesn't seem to be satire. I think that it's merely depressing and predatory, or depressing and predatory because it's a cynical sales pitch - a conversion funnel - that conflates what could be deemed to be real risks (supply-chain attacks etc.) with major exaggerations. They probably worked with a PR agency to devise this approach and thought that is was a very clever way to capture the attention of this exact community - which it may very well happen if it spurs a heated discussion and people end up mentioning their brand name and visiting their site.
To be clear, engineers should not be required in the least to "maintain mental maps of which packages are safe and which will detonate their employer's IP strategy" simply because in the vast majority of cases they're not co-owners of that business or that strategy. That is overstated and intentionally misleading, I suspect. AGPL obligations depend on how software is combined and distributed or network-served, not on some magical "contamination" event from merely touching a package.
Rhetoric through and through, in my opinion.
It works. It is hooked up to Stripe. You can upload your package.json and receive a fully cleanroomed set of dependencies to use yourself. It is up to you to determine whether this is a compelling product or a warning to those who care about FOSS.
Would be nice if it could clean-room replace proprietary software too. Would require automating the procedure this person did:
https://reorchestrate.com/posts/your-binary-is-no-longer-saf... https://reorchestrate.com/posts/your-binary-is-no-longer-saf...
I do like this idea, more difficult to do without access to the original source code, and I think that this would be more "reverse engineering" rather than cleanrooming, as you don't have the same concerns about copyright violation if you're working from a binary.
I think the same copyright concerns apply when working with binaries, which is why clean-room reverse-engineering was invented in the first place. So that no disassembled/decompiled code could be copied into the newly created codebase.
https://en.wikipedia.org/wiki/Clean-room_design
It would be a combination of reverse engineering and clean rooming, assisted with FOSS tools and LLMs; run NSA Ghidra to decompile the binary, LLM-clean the output code, LLM-generate the clean-room spec, LLM-verify the clean-room spec is not copyright infringing, LLM-generate code from the clean-room spec.
It's a satire, if you google the authors it's even more clear.
oh you ARE the author.
ok
Is it satire if it actually works and you can pay real money for it?
It's time to retire Nolski! Happy Retirement
Good rage bait
No, I don't think I will.