Essay · The Liberation Dispatch · Vol. I

Liberate Closed Source

On the loud degradation of proprietary software, and a community alternative for the rest of us

C
Cement Chief Liberation Officer · BONUS Collective
April 5, 2026
10 min read

Dear Captive User,

I want to begin with something that is long overdue in our industry: genuine, heartfelt pity toward the proprietary software industry.

Thank you.

Thank you for the thousands of hours of unskippable updates. Thank you for closing your source code at two in the morning to hide the fact that your flagship product is held together by duct tape, telemetry, and unreviewed AI slop. Thank you for building the walled gardens that Fortune 500 companies have used to extract trillions of dollars in cumulative rent from their users, and for being so remarkably gracious about the fact that your justification for this lock-in has been, historically, a complete myth.

Thank you, sincerely, for showing us exactly what not to do.

Now: it is time for us to stop you.

Not because you have done anything technically illegal. You have done everything by the book. You have been so restrictive, so unreasonably, almost suspiciously secretive, that you have made it possible for an entire global economy to run on software that nobody is allowed to fix, maintained by teams that are forced to ship garbage, governed by End User License Agreements that nobody technically reads. It is a miracle of corporate extraction. It is also, from a usability standpoint, completely insane.

At the Bonus Collective, we believe there is a better way. We believe it because we built it, and we would very much like to give it to you for free.

Fig. 1 · The Emblem
B
BONUS Collective
Open Room as a Service · Est. 2026

A very brief bit of background, because it matters enormously for what comes next.

Copyright law has been around, in one form or another, since the Statute of Anne in 1710. But in 1879, the U.S. Supreme Court drew a line in Baker v. Selden that still holds today: copyright protects expression, but not ideas. You can own the specific, obfuscated, eight-layers-deep-bundled way you wrote a terminal application. You cannot own the terminal application itself. Anyone who independently recreates the same functionality — using different code, different expression, and zero exposure to your original source — is legally in the clear. This is not a loophole. This is the entire foundation of American software law, and it has been stable for 147 years.

This gave rise to "cleanroom engineering."

In the 1980s, Phoenix Technologies used this exact technique to clone the IBM BIOS. One engineer studied every behavior of the original. A second engineer, who had never seen IBM's code, built a compatible BIOS from the spec alone. It is perfectly legal.

We recently replicated Phoenix's work using open-weights AI models. The megacorps use closed AI to steal open source; we use open AI to dismantle closed source.

Fig. 2 · Clean Room Engineering, Then and Now
Phoenix Technologies · 1984
👤 Engineer A observes IBM BIOS behavior
Writes written specification by hand
▮ Legal Firewall ▮
👤 Engineer B implements from spec, never sees original
Compatible BIOS ships
≈ 11 months · Entire engineering dept.
Bonus · 2026
Robot A reads docs, traces network, observes UI
Generates behavioral spec & conformance suite
▮ Isolation Firewall ▮
Robot B implements from spec in Rust / TS
FOSS package delivered with full provenance
< 5 minutes · Zero human decompilation

Copyright and EULAs were the electric fences that made vendor lock-in feel enforceable for forty years. They worked because the cost of a genuine, legally clean reimplementation was so absurdly high that only governments and IBM competitors could afford it. That cost has now collapsed to roughly the price of a mid-sized espresso. Our models walk through the fences without noticing they are there.

The Structural Case Against Depending on Megacorps

The appeal of closed source software has always been, and I am quoting the brochures verbatim, that it is "secure," "enterprise-grade," and "maintained by a team of professionals." All three of these claims are marketing copy. All three are, more importantly, the source of the problem rather than any kind of solution.

"Secure" is, in practice, a polite euphemism for security through obscurity — the idea that nobody can exploit the bugs if nobody is allowed to see them. "Enterprise-grade" means it takes an average of six months to ship a bug fix, because any patch has to pass through seven committees, a compliance review, a localization team, and at least one senior engineer who has been quietly eyeing the exit since the last round of layoffs. And "maintained by a team of professionals" is how corporate communications refers to whoever is left after the third round of layoffs, trying desperately to meet an internal mandate to generate eighty percent of their code with an AI tool they are not allowed to audit.

None of this is theoretical. Closed source supply chains fail in loud, embarrassing, and very public ways — and the failure modes are always the same. A small number of decisions made in a boardroom, which the rest of us were structurally forbidden from patching around, turn into a cascading outage nobody on the outside can help with. A timeline is clarifying.

July 2023
Twitter / X API Shutdown
A single corporate decision eliminated free API access overnight. Thousands of academic research projects, accessibility tools, and small independent clients stopped working the same Tuesday. No migration path, no open protocol to fall back on, no recourse — because the protocol was the product.
September 2023
The Unity Runtime Fee Debacle
Unity retroactively announced a per-install fee on games already shipped. Studios that had built their entire business on a proprietary engine discovered, collectively and at once, that "licensed to use" is not the same as "owns." An open engine would have forked inside of a weekend. Unity's fork took eighteen months of lawsuits.
May 2024
The Sonos App Catastrophe
A mandatory update bricked functionality on devices customers had owned for a decade. Alarms stopped working. Multi-room audio forgot what rooms were. Users who had paid thousands of dollars for hardware were told to be patient while a team they could not talk to rewrote software they were not allowed to see. Patience lasted about six months before the CEO stepped down.
July 2024
The CrowdStrike Outage
A single faulty update to a closed-source kernel driver took down 8.5 million Windows machines on the same Friday morning. Airlines were grounded. Hospitals reverted to paper. The affected organizations could not inspect, patch, or even roll back the offending binary without a signed fix from a vendor whose support phone lines were, predictably, on fire. The total estimated damage exceeded $10 billion — the largest IT outage in recorded history, delivered by a file nobody outside one company was allowed to read.
October 2024
Adobe Creative Cloud Data Loss
A Creative Cloud sync bug silently overwrote user files with empty versions. Freelancers lost months of work. The affected files existed only inside a proprietary cloud, behind a proprietary client, synced by a proprietary daemon. Nobody outside Adobe could even look at the logs that would explain what had happened.
February 2025
The Slopification Cascade
An internal mandate at a certain cloud provider required a large percentage of new infrastructure code to be generated by an in-house AI tool. The result was unpatchable, undocumented sprawl pushed to production. When the harness broke, the engineers who could have fixed it had already been let go, and the ones who remained were not allowed to read the code the robot had written.

This is the bargain at the heart of closed source: you pay for the license, and in exchange you accept that you are entirely at the mercy of someone else's competence, budget cycle, and internal politics. If an app is slowly degraded by unreviewed AI-generated code until it is nearly unusable — and I think most of us would agree that we are watching this happen in real time — you cannot fix it. You do not have the source. You are not allowed to have the source. You can only wait, and hope, and occasionally shout on social media at the product manager responsible, who is almost certainly no longer at the company.

The industry's preferred solution to these problems is, reliably, more corporate dependency: premium support tiers, Customer Success Managers, enterprise SLAs, and a polite suggestion that the customer upgrade to the even-more-expensive plan. Blindly trusting megacorps has never, at any point in the last forty years, been a wise engineering strategy. We should stop pretending it is one now.

The Expensive Theater of Vendor Lock-in

Enterprises have, in response to this structural fragility, developed an elaborate apparatus to manage their own hostage status. They employ entire teams whose full-time job is to justify to skeptical engineers why they are legally forbidden from running patch-package on a broken core dependency. They run quarterly "vendor risk assessments" that produce 80-page PDFs nobody reads. They purchase "lock-in insurance," which is real, and which exists because even the insurance industry has looked at this situation and concluded it is genuinely dangerous.

All of this is paid for, ultimately, by you. Every enterprise license fee, every premium-tier subscription, every legal review, every emergency incident retainer, every dollar spent on "migration tooling" that would be unnecessary if the software you were migrating to and from were simply inspectable — all of it gets rolled into the price of the product you eventually touch. You are paying for the telemetry watching you, the marketing team lying to you about the telemetry, and the legal team drafting the EULA that retroactively consents you to the telemetry.

The social contract was already broken. We are merely providing a community alternative to pretending it wasn't. — The BONUS Collective

A napkin estimate, drawn from publicly reported vendor fees at a representative mid-sized enterprise, looks something like this. We have tried to be generous to the proprietary side. It does not help.

Fig. 4 · The Annual Cost of Closed-Source Dependency · Representative Enterprise
Enterprise SaaS Seats
$1.2M
Premium Support SLAs
$850K
Legal Vendor Review
$700K
Downtime from AWS/Kiro Slop
$2.4M
Total Waste
$5.15M
Bonus Liberation Package
$0.00

100% reduction. No corporate helpdesks harmed in the making of this estimate.

What Bonus Does, and Why It Matters

BONUS is an Open Room as a Service platform. You upload a proprietary binary — a .exe, a .dmg, a Webpack bundle, a stripped CLI tool, a driver, an SDK, a weird Electron monstrosity — or you point us at a closed API you are entitled to observe. Our open-weights AI robots independently recreate the software from scratch. You get a repository. They get a polite thank-you email.

The process is deliberately, provably, almost tediously legal. One set of isolated robots analyzes only public outputs: network requests, API responses, documentation, observable UI behavior. That set produces a behavioral specification and a conformance suite. A completely separate set of robots — robots who have never communicated with the first set, and never once touched a decompiled source file — implements the specification from scratch. There is an actual firewall between the two lanes, with actual logging, because if we are going to inherit the legal tradition of Phoenix Technologies we are going to do it with the paperwork intact.

Fig. 5 · The BONUS Liberation Pipeline · Rev 6.7
01
Upload Binary
02
Robot A Analyzes Network/UI
03
Generate Spec
04
Isolation Firewall
05
Robot B Implements
06
FOSS Delivery

The resulting code is yours. It arrives under the OSI-approved license of your choice (MIT, Apache-2.0, GPL-3.0, BSD-3, whatever your legal team is comfortable signing). It comes with documentation your team can read. It comes with tests your team can run. It comes with a git history your team can audit. This is, as far as we can tell, what software was always supposed to be.

The benefits are immediate:

A Note on Ethics, for Those Who Insist

I anticipate objections. I would be disappointed if the megacorps didn't send their lawyers — it would be a breach of tradition.

Some will argue that what we do is a form of piracy, that we are bypassing intellectual property by laundering it through a language model. To this I offer the only response that has ever mattered in reverse engineering law: intent and process. We are not cracking DRM. We are not stealing source code. Our robots independently arrive at the same observable behavior through clean room methodology that was legally tested before most of our employees were born. You chose, when you chose secrecy, to make your public behavior the only knowable thing about your product. We have simply taken you at your word. If you wanted a monopoly on the idea, you should have written better software. If you wanted a monopoly on the expression, congratulations — you still have it. We aren't touching it.

The more sophisticated objection, and the one I take more seriously, is this: if open-weights AI can trivially clone proprietary software, then the entire incentive structure for commercial software development collapses. Companies will stop investing in genuinely new products if those products can be replicated as FOSS inside of a week. This is, I concede, a real argument, and it deserves a real answer.

The answer is that this argument assumes a commercial software ecosystem that was already flourishing — one where users were respected, updates improved products, and the social contract between vendor and customer was being honored in good faith. The evidence of the last decade, and particularly of 2024 and 2025, suggests otherwise. Cloud providers are buckling under mandated AI slop. Creative tools are quietly deleting user files. Ten-year-old speakers are being remotely broken by software updates nobody asked for. Codebases are becoming unmaintainable black boxes even to the companies that own them. The social contract was not broken by BONUS. It was broken by a long series of boardroom decisions that prioritized short-term extraction over long-term user trust, and the community has spent the last ten years politely waiting for those decisions to be reversed. They have not been reversed. We are done waiting.

We are not dismantling a healthy ecosystem. We are providing a community alternative to pretending the ecosystem is still healthy.

A Closing Address

To the proprietary software industry: we built BONUS because of you, not in spite of you. Your original ideas were, sometimes, genuinely good. Your execution was sometimes genuinely elegant. We have simply found a way to separate those ideas from the inconvenience of having to deal with your telemetry, your paywalls, your EULAs, and your quarterly uptime disasters. This is, if nothing else, efficient. You of all people should appreciate efficiency.

To the users: we built BONUS for you. You deserve software infrastructure that comes with a repository instead of an EULA, a pull request instead of a helpdesk ticket, and a license that says, plainly and without asterisks, "you own this." You deserve to be able to fix the bug instead of waiting for someone else to fix it. You deserve to read the code that runs on your own machine. These are not radical demands. They are, in most other engineering disciplines, the baseline.

The future of software is not closed. It is liberated, inspectable, forkable, patchable, and maintained by a generation of developers who have quietly decided that the forty-year experiment in treating source code as a trade secret has produced enough cautionary tales to last a lifetime.

We owe the proprietary software industry a debt we have absolutely no intention of repaying. But we do, at least, have the decency to say thank you. Sincerely. For everything.

So: thank you. Truly. We'll take it from here.

C
Cement Chief Liberation Officer BONUS Collective · April 5, 2026

Ready to Liberate Your Stack?

Join the thousands of developers who have discovered that closed-source limitations are merely suggestions when you have enough open-weights robots.

View on GitHub
INPUT: PKG-001
{
  "binary": "claude-code-cli.exe",
  "obfuscation": "high",
  "telemetry": "aggressive",
  "status": "closed-source"
}
OUTPUT: LIB-001
{
  "dependencies": {
    "lib-code-cli": "^1.0.0",
    "transparent-telemetry": "^0.0.0",
    "patch-package-ready": "true"
  }
}
MIT-0 Pass ✓

Investment in Freedom

Transparent, pay-per-KB pricing.
Every binary is priced by its compiled size on disk. We charge $0.00 per KB. That's it.

per_binary = max( $0.00, size_kb × $0.00 )
677,293 Binaries Liberated · 12,847 Active Maintainers · $0 Subscription Fees Paid
Payment accepted in Claude Opus 4.6 tokens, vibe-coded apps, and approved GitHub Pull Requests.

Notes & References

  1. Baker v. Selden, 101 U.S. 99 (1879). The foundational U.S. case distinguishing copyright of expression from ideas.
  2. Phoenix Technologies' 1984 clean room BIOS implementation, frequently cited as the birth of the PC clone industry.
  3. Cost estimates are drawn from publicly reported enterprise vendor spend at comparably sized organizations. Your mileage may vary — generally upward.
  4. The BONUS-0 license is a derivative of MIT-0, with the additional guarantee that we are not kidding about the zero.
  5. All code generated by BONUS is subject to our public provenance ledger. Nothing about this process is secret, because secrecy is the thing we are trying to end.