It's time for open source to retire

stockresearcher 74 days ago |

It’s an interesting legal theory and seems like it would work. However, I would not be comfortable until it is tested in court. LLM models have “seen” an awful lot of code and may not be able to legally do the implementation.

fithisux 74 days ago |

Author is

""" Mike Nolan

Chief Executive Officer MalusCorp International Holdings Ltd. """

roryirvine 74 days ago | |

Also worth linking to his talk at FOSDEM, on which this is based: https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...

Nolski 74 days ago | | |

Also on youtube: https://youtu.be/9qEtm2zx314

s_dev 74 days ago |

The state of the world is so depressing and I already believe this is satire but I'm only 99% sure. Can someone else confirm?

robtherobber 74 days ago | |

I haven't spent too much time on it, so there's a good chance that I'm wrong, but it doesn't seem to be satire. I think that it's merely depressing and predatory, or depressing and predatory because it's a cynical sales pitch - a conversion funnel - that conflates what could be deemed to be real risks (supply-chain attacks etc.) with major exaggerations. They probably worked with a PR agency to devise this approach and thought that is was a very clever way to capture the attention of this exact community - which it may very well happen if it spurs a heated discussion and people end up mentioning their brand name and visiting their site.

To be clear, engineers should not be required in the least to "maintain mental maps of which packages are safe and which will detonate their employer's IP strategy" simply because in the vast majority of cases they're not co-owners of that business or that strategy. That is overstated and intentionally misleading, I suspect. AGPL obligations depend on how software is combined and distributed or network-served, not on some magical "contamination" event from merely touching a package.

Rhetoric through and through, in my opinion.

Nolski 74 days ago | |

It works. It is hooked up to Stripe. You can upload your package.json and receive a fully cleanroomed set of dependencies to use yourself. It is up to you to determine whether this is a compelling product or a warning to those who care about FOSS.

pabs3 72 days ago | | |

Would be nice if it could clean-room replace proprietary software too. Would require automating the procedure this person did:

https://reorchestrate.com/posts/your-binary-is-no-longer-saf... https://reorchestrate.com/posts/your-binary-is-no-longer-saf...

Nolski 72 days ago | | |

I do like this idea, more difficult to do without access to the original source code, and I think that this would be more "reverse engineering" rather than cleanrooming, as you don't have the same concerns about copyright violation if you're working from a binary.

pabs3 71 days ago | | |

I think the same copyright concerns apply when working with binaries, which is why clean-room reverse-engineering was invented in the first place. So that no disassembled/decompiled code could be copied into the newly created codebase.

https://en.wikipedia.org/wiki/Clean-room_design

It would be a combination of reverse engineering and clean rooming, assisted with FOSS tools and LLMs; run NSA Ghidra to decompile the binary, LLM-clean the output code, LLM-generate the clean-room spec, LLM-verify the clean-room spec is not copyright infringing, LLM-generate code from the clean-room spec.

karel-3d 73 days ago | | |

It's a satire, if you google the authors it's even more clear.

karel-3d 73 days ago | | |

oh you ARE the author.

ok

Nolski 72 days ago | | |

Is it satire if it actually works and you can pay real money for it?

pabs3 72 days ago | |

Satire indeed:

https://fosdem.org/2026/schedule/event/SUVS7G-lets_end_open_...

rahulxf 74 days ago |

It's time to retire Nolski! Happy Retirement

tachyons 74 days ago |

Good rage bait

DerArzt 73 days ago |

No, I don't think I will.