Playspoon

GPL Violation as a Service

· 3min
cover

https://malus.sh offers "Clean Room as a Service" - You upload an open source library and get a vibecoded replacement:

Our proprietary AI robots independently recreate any open source project from scratch. The result? Legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems.

At first I thought this was sarcasm. But apparently, it is not:

Some licenses require you to contribute improvements back. Your shareholders didn't invest in your company so you could help strangers.

The shareholders also didn't have to pay for the open source software you built your business on, but let's not dwell on minutae.

The other rationale for all of this is that because open source software doesn't come with support guarantees, so that's the reason software vulnerabilities happen.

This is the bargain at the heart of open source: you get the code for free, and in exchange, you accept that the person who wrote it owes you nothing. Not patches, not stability, not political neutrality, not even the courtesy of not deleting the entire package one afternoon because they felt like it. The community calls this a feature. Your shareholders might use a different term. Structural risk.

This is not a compelling argument. Closed source software doesn't automatically come with guaranteed maintenance periods, in fact most does not, especially in the age of SaaS the service can often be changed in scope or terminated at any time. This doesn't make proprietary software fair game to put into an LLM and tell it to rewrite it.

More importantly, this line of thinking works both ways: If it is okay to vibetranslate OSS into closed source software, then it's also okay to vibetranslate closed source software into open source. If open source licenses don't matter, closed source licenses don't matter.

It is a fragile claim to state that text translation via vector similarity in an LLM equals clean room reimplementation. It is also a fact that a lot of closed source software is based off of open source software in violation of the license. I saw this first hand when DJI took the "MultiWii" code and ported it to STM32, and released it as part of their "DJI Naza" flight controller. This was obvious when viewing the disassembled firmware, but the GPL violation was never prosecuted. DJI's marked cap was $15 billion in 2022 and they built their empire on what some might call a GPL violation.

And yes, I'm sure there's also open source software that was not really written as a clean room implementation of proprietary code. Maybe I'm old fashioned, but I prefer to play by the rules.

I'm still hoping that this turns out to be a sarcastic joke site. But just in case it is not:

Please don't use it.