Malus was co-created by Mike Nolan, who "researches the political economy of open source software and currently works for the United Nations." Nolan told 404 Media's Emanuel Maiberg that he shipped Malus as a real, live-fire business that will exchange money for an AI service that destroys the commons as a way to alert the free software movement to a serious danger.

2/

As Maiberg writes, Malus relies on a precedent set in 1982, when IBM brought a copyright suit against an upstart called Columbia Data Products for reverse-engineering an IBM software product. IBM's argument was that Columbia must have copied its *code* - the copyrightable part of a work of software - in order to reimplement the *functionality* of that code. Functions aren't copyrightable: copyright protects creative expressions, not the ideas that inspire those expressions.

3/

The *idea* of a computer program that performs a certain algorithm is *not* copyrightable, but the *code* that turns that idea into a computer program *is* copyrightable.

Columbia's successful defense against IBM involved using a "clean room" in which two isolated teams collaborated on the reimplementation.

4/

The first team examined the IBM program and wrote a specification for *another* program that would replicate its functionality. The second team received the specification and turned it into a computer program. The first team *did* handle IBM software, but they did not create a new work of software. The second team *did* create a new work of software, but they never handled any IBM code.

5/

This is the model for Malus: it pairs two LLMs, the first of which analyzes a free software program and prepares a specification for a program that performs the identical function. The second program receives that specification and writes a new program.

6/

The Malus FAQ performs a "be as evil as possible" explanation for the purpose of this exercise:

> Our proprietary AI robots independently recreate any open source project from scratch. The result? Legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems.

7/

This business about attribution and copyleft is a reference to the terms imposed by some free software licenses. The point of free software is to create a commons of user-inspectable, user-modifiable software that anyone can use, improve and distribute. To achieve this, many free software licenses impose obligations on the people who distribute their code: you are allowed to take the code, improve the code, give it away or sell it, *but* you have to let other people do the same.

8/

Typically, you have to inform people when there's free software in a package you've distributed (attribution) and supply them with the "source code" (the part that humans read and write, which is then "compiled" into code that a computer can use) on demand, so they can make their own changes.

9/

This system of requiring other people to share the things they make out of the code you share with them is sometimes called "copyleft," because it uses copyright, which is normally a system for restricting re-use to require people *not* to restrict that use.

Companies *love* to *use* free software, but they don't like to *share* free software.

10/

Companies like Vizio raid the commons for software that is collectively created and maintained, then simply refuse to live up to their end of the bargain, violating the license terms and (incorrectly) assuming no one will sue them:

pluralistic.net/2021/10/20/viz…

11/

Malus's promise, then, is that you can pay them to create fully functional reimplementations of any free/open source software package that your company can treat as proprietary, without any obligations to the commons. You won't even have to attribute the original software project that you knocked off!

12/

This is the risk that Nolan and his partner are trying to awaken the free/open source community to: that our commons is about to be raided by selfish monsters who serve as gut-flora for the immortal colony organisms we call "limited liability corporations," who will steal everything we've built and destroy the social contract we live by.

13/

This is a real problem, but not because of AI. We *already* have this situation, and it's *really bad*. Most of the foundational free software projects were created under older licenses that did not contemplate cloud computing and software as a service. The "copyleft" obligations of these licenses are triggered by the *distribution* of the software - that is, when I send you a copy of the code.

14/

But cloud services don't have to send you the code: when you run Adobe Creative Cloud or Google Docs, the most important code is all resident on corporate servers, and never sent to you, which means that you are not entitled to a copy of the new software that has been built atop of our commons.

15/

In other words, big companies have "software freedom" (the freedom to use, modify and improve software) and we've got "open source" (the impoverished right to look at the versions of these packages that are sitting on services like Github - itself a division of Microsoft):

mako.cc/copyrighteous/librepla…

Then there's "tivoization," a tactic for stealing from the commons that wasn't *quite* invented by Tivo, though they were one of its most notorious abusers.

16/

How markets coopted free software’s most powerful weapon (LibrePlanet 2018 Keynote)

Several months ago, I gave the closing keynote address at LibrePlanet 2018. The talk was about the thing that scares me most about the future of free culture, free software, and peer production. A …

^{copyrighteous}

Tivoization happens when you distribute free software as part of a hardware device, then use "digital locks" (sometimes called "technical protection measures") to prevent the owner of this device from running a modified version of the code. With tivoization, I can sell you a device running free software and I can comply with the license by giving you the code, but if you change the code and try to get the device to run it, it will refuse.

17/

What's more, "anti-circumention" laws like Section 1201 of the US Digital Millennium Copyright Act make it a *felony* to tamper with these digital locks, so it becomes a *crime* to use modified software on your own device:

pluralistic.net/2026/03/16/whi…

18/

There's no question that the tech industry would devour the free software commons if they were allowed to, and the AI threat that Nolan raises with Malus seems alarming, but while there's *something* to worry about there, I think the risk is being substantially overstated.

19/

That's because copyleft licenses - and indeed, all software licenses - are *copyright* licenses, and *software written by AI is not eligible for a copyright*, because *nothing made by AI is eligible for copyright*:

pluralistic.net/2026/03/03/its…

Copyright is awarded *solely* to works of *human* authorship.

20/

This fact has been repeatedly affirmed by the US Copyright Office, which has fought appeals of this principle all the way to the Supreme Court, which declined to hear the case. That's because the principle that copyright is strictly reserved for human creativity isn't remotely controversial in legal circles. This is just how copyright works.

21/

Which means that the "be evil" version of Malus's business model has a fatal flaw. While the code that Malus produces is indeed "legally distinct" with "no attribution" and "no copyleft," it's not true that there are "no problems." That's because Malus's code doesn't have "corporate-friendly licensing." Far from it: Malus's code has *no* licensing, because it is born in the public domain and *cannot be copyrighted.*

22/

In other words, if you're a corporation hoping to use Malus to knock off a free software project so that you can adapt it and distribute it without having to make your modifications available, Malus's code will not suit your needs. If you give me code that Malus produced, *you can't stop me from doing anything I want with it*. I can sell it. I can give it away. I can make a competing product that reproduces all of your code and sell it at a 99% discount.

23/