505
Ground control to Major Trial: When a $130M Aerospace Company Chooses to Endlessly Abuse OpenSource Free Trials Instead of Typing Git Pull, You Start to Question Gravity, or at Least Common Sense. (virtualize.sh)
submitted 3 days ago* (last edited 3 days ago) by Pro@programming.dev to c/technology@lemmy.world
36 comments fedilink hide all child comments

Let’s set the stage. Picture a semi-governmental company. Around $130 million in annual revenue. They build and operate very expensive things — in space. Hundreds of physical hosts. Nearly 4,000 VMs. Most of their IT stack, in fact, runs on our platform.

Are they paying customers?

No.

Are they using the fully open-source version, from source?

Also no.

Instead, they discovered our Xen Orchestra Appliance (XOA): a turnkey virtual machine, with Xen Orchestra pre-installed, regularly tested, easy to deploy and update (and yes, still running fully on-prem). A supported and stable experience, designed for teams that don’t want to git pull on master branch in production.

But they didn’t want to pay for it. So they came up with a creative workaround: abusing our 30-day trial (initially 15 days until recently), over and over again.

It all started back in April 2015 — yes, a full decade ago. At first, they used their corporate emails to request trials. One here, one there. Nothing suspicious. But over the years, the pattern grew. More emails. More trials. Enough that, when we looked back, we realized we could chart it. Literally. Here's what the "creative licensing strategy" has looked like over time:

As you can imagine, we ended up with what looked like the entire staff directory. Developers, sysadmins, managers… pretty sure we even had the janitor signed up for a trial at some point.

When those ran out, they switched to personal Outlook or Gmail addresses. Every time: starting with a new (real!) person with their… personal email, a new 30-day trial. And then go incrementally with it. johndoe01@outlook.com, then johndoe02@outlook.com… We're now well past johndoe60. Same company name, every time… which is impressive considering the field isn’t even required in order to register your account. Hard to say if it was a mistake, a flex, or just their way of making sure we didn’t miss who was milking the trials.

Yes, they’re that committed. Committed to not paying.

top 36 comments
sorted by: hot top controversial new old
[-] Bruncvik@lemmy.world 134 points 3 days ago

I work for a company with over 150k employees and 50B in annual revenues. My developers need a software tool, which was already identified as critical for our development. Instead of getting about 20 user licenses, each of which costs about $400 per year, and which would cover all our needs, the responsible manager, in his infinite wisdom, got one license, so that users register with it only when they need that tool. We even had a shared spreadsheet as a wait list. The software provider caught on after a few months, and cut us off. The manager got a good rating in his KPI for saving money with his initial decision, and the software provider was blamed for ending our license. Office politics as usual.

[-] OmegaLemmy@discuss.online 21 points 2 days ago

400 dollars for 20 users... They pay Microsoft probably 10 thousand for 200 licenses.....

[-] mlg@lemmy.world 28 points 2 days ago

[-] athairmor@lemmy.world 119 points 3 days ago

Don’t know why they don’t shut them out from the trials. It’s good business to fire customers that are costing you money.

[-] lepinkainen@lemmy.world 35 points 3 days ago

Send a lawyer’s cease and desist with a licensing bill to every email address they’ve used

[-] wetbeardhairs@lemmy.dbzer0.com 60 points 3 days ago

This is what lawyers are for. They knowingly conspired to break TOS over the span of a decade after being politely prompted to pay for the service they stole. I love FOSS but the service side is not free and should not be the whipping boy of for profit companies. Fight back FFS.

[-] INeedMana@lemmy.world 107 points 3 days ago

And if someone from That Company is reading this: you still have time to do the right thing. You’ve got the rocket science down. Now try ethics.

💋🤌

[-] yarr@feddit.nl 15 points 3 days ago

Explain how to mesh that with "the stock price must go up each quarter, no matter what"

[-] INeedMana@lemmy.world 24 points 3 days ago

Picture a semi-governmental company

Also, relying on 30-day license that has to be refreshed on monthly basis, now with personal emails, is a sev1 waiting to happen. Very unmaintainable

[-] yarr@feddit.nl 6 points 3 days ago

Easy, just have two of your staff do alternate 24/7 shifts, renewing just in time. As long as this costs less than the price of licencing the proper way, still a "win".

[-] INeedMana@lemmy.world 2 points 3 days ago

And as usual, that is not where the costs should be cut. Even with the current relegation of platform (I mean running mission-critical machines in cloud). I wouldn't trust that company to be their customer if I knew they operate like that

[-] yarr@feddit.nl 4 points 3 days ago

I wouldn’t trust that company to be their customer if I knew they operate like that

Hahaha, I suggest you never look behind the scenes at an F500 then. This would be one of the more sane things to happen in that environment.

[-] INeedMana@lemmy.world 1 points 2 days ago

I know. The world runs on duct-tape

[-] isaakengineer@programming.dev 1 points 3 days ago

spill the beans? and jokes aside I would be down to help you with a web site or pdf compile, if you got what you hintibg on, especially with recipts; or at least, former employee who can back up

[-] kami@lemmy.dbzer0.com 60 points 3 days ago

Name and shame.

[-] sp3ctr4l@lemmy.dbzer0.com 54 points 3 days ago* (last edited 3 days ago)

90% it is SpaceX.

Major NASA contractor, history of malfeasance, lawsuits, fake promises, and the head of it ran (untill quite recently) a government task force that illegally broke a whole bunch of IT shit, caused the largest series of cybersecurity breaches in history, committed a whole slew of brazenly illegal crimes... oh and the guy who runs it is notoriously incompetent at software development and managing software development.

Maybe 95%.

I struggle to think of a more 'semi-governmental' aerospace contractor, that also matches so well with all the described patterns.

Boeing or ULA or Lockheed are of course large aerospace contractors, but they're not run by a guy who literally directly bought the last election, and they are usually a bit more formal with their corporate/management/negotiation bs.

[-] errer@lemmy.world 50 points 3 days ago
[-] fullsquare@awful.systems 14 points 3 days ago

rocket lab is 4x too big (that's quarterly revenue, not annual)

[-] sp3ctr4l@lemmy.dbzer0.com 13 points 3 days ago

Ah!

I totally skipped over that revenue figure, that is much more of a precise way to nail it down.

I submit my 5% or 10% loss chance to you, whoops!

[-] Geodad@lemm.ee 54 points 3 days ago

Block their IP range.

[-] fullsquare@awful.systems 52 points 3 days ago

Maybe their idea is that publicly embarrassing oligarch boss of that company would be more effective in getting them to either use source code or buying a license

[-] Geodad@lemm.ee 15 points 3 days ago

Corporations are not people. They don't have feelings.

[-] Revan343@lemmy.ca 4 points 3 days ago

Then they would have needed to do something to publicly embarrass the company; so far they've only publicly embarrassed themselves

[-] YiddishMcSquidish@lemmy.today 2 points 3 days ago* (last edited 2 days ago)

Real talk. Open source FREE FUCKING TRIAL‽ Like it's the very least you could do is close that one obvious, glaring, foreseeable loophole. I mean if they had one half way decent developer, they could've just created their own version with an in house GUI.

[-] MNByChoice@midwest.social 11 points 3 days ago

When Docker Desktop and Anaconda went... Well, I don't know, the CEO started to get emails (politely) asking for money.

One could workshop some sales pitches and email the CEO.

Many CEOs at least hear about the unique emails they receive.

Will it have an impact? Yes. Will it positively impact your organization? Maybe.

[-] yarr@feddit.nl 9 points 3 days ago

As a small aside "Open Source Free Trials?" If it's open source, can't they just disable the trial part? I think (as usual) some essential nuance got destroyed converting this article to a ~~clickbait~~ ~~engaging~~ exciting headline.

To anyone that isn't aware of this: big companies don't give a fuck about anything except stock price going up. They will crush dreams every quarter to do this. They don't care.

If you don't like how a company is using your software and you're hoping they will have a conscience/heart... don't! Fix your license to make this use case illegal/impossible if it really matters to you.

Or, consider if Open Source is even the right license here (although I think the headline is a bit confused here)...

If you want this "fixed", tweak your license and/or send a cease and desist to that company and/or seek damages. Changing nothing and waiting for them to do the right thing, you're going to be waiting infinitely, because they will never do the right thing. They will do the thing that gets them the most revenue with the least spending. That's all you can count on.

[-] barsoap@lemm.ee 10 points 3 days ago

As a small aside “Open Source Free Trials?” If it’s open source, can’t they just disable the trial part?

Yes. There's a number of projects which distribute binaries which aren't as liberally licensed as the source they're built from. E.g. Ardour is another one. There's a demo version, subscriptions start as low as $1/month, $45 buys you the current major version and the next major version with all its updates, perpetual license. There's also the implicit understanding that if you don't pay up and want support, your bug reports better be developer-grade.

Basically it's a way to get artists who are used to either freeware or commercial offerings to donate. Also as far as DAWs go it's a fucking steal.

[-] mosiacmango@lemm.ee 6 points 3 days ago* (last edited 3 days ago)

Vates spun up xcp-ng off the xen hypervisor and created a great "vsphere" like management plane called xen orchestra. Its a fantastic hypervisor with vsan/built in backups/etc. With vmware self immoliating after selling to Broadcom, they are an ideal stand in for vmwares primary product. Their licensing costs are wildly reasonable, even before the vmware debacle.

They have gone from "a guy" to a 100 person company in the last few years while sticking by the FOSS ethic entirely. You can build the project from source, or even grab a few github scripts that build it for you. They have always been open and clear about letting you build it and use it however you like.

They know how to cut this abusive behaviour off. They are fully capable. They don't want to use those tools, legal or technical, because it goes against the spirit of FOSS, even if it's to stop someone else who is abusing the spirit of FOSS.

Being good people, they are using "name and shame" first, and are even so kind as to leave the "name" part out for now. I expect that they may make some changes down the line if the org, and maybe others playing this same game, dont play nicer.

[-] INeedMana@lemmy.world 2 points 2 days ago

They don’t want to use those tools, legal or technical, because it goes against the spirit of FOSS, even if it’s to stop someone else who is abusing the spirit of FOSS.

I'm not convinced. It all started from a license saying "if you want to distribute your version, you have to license it the same". One either plays by the rules or the modification doesn't see the light of day. And at the time of publication, it was rather radical stance
Freedom sometimes has to be enforced

This is not a story about a company denying free trial to another company because the latter is big. It's about the latter leeching resources from supporters who's money go towards the fleet that serves their 4k VM "trial"

It is against the spirit of FOSS

[-] mosiacmango@lemm.ee 1 points 1 day ago* (last edited 1 day ago)

Vates is pretty chill, as is clear in the article. I think your point is well said, but Vates likes the "vibe" of FOSS, and is willing to take a bit on the chin to keep that energy internally. A bit of "turn the other cheek." They also clearly enjoyed the whimsy and just straight panache of being ripped off in this manner for a while. Their company is doing well and growing rapidly from an excellent product, so I doubt the money mattered much.

Well, even Jesus started kicking ass at one point with the money lenders. It looks like they are getting there now.

[-] yarr@feddit.nl 2 points 3 days ago

They have always been open and clear about letting you build it and use it however you like.

I don't disagree with the want to license software like this. The downside then is a subset of "letting you build and use it any way you like" includes registering N trial accounts every 30 days. If this isn't actually spelled out as illegal under the license, some jerkbag will do it. I wish we didn't live in this world, but we do.

[-] owl@infosec.pub 5 points 3 days ago

Take your protein pills and type new email in.

[-] Borger 6 points 3 days ago

Disturbingly similar to my employer.

[-] raspberriesareyummy@lemmy.world 3 points 3 days ago

Is it against the terms of service / use? If not - fair play to them. It's stupid, but it's easy to fix by adjusting the terms & conditions, and when they are in violation, completely deny all services to their ip range.

[-] Netrunner@programming.dev 1 points 2 days ago* (last edited 2 days ago)

Or just blocking their range.

I wouldn't ask or change TOS first.

this post was submitted on 20 May 2025
505 points (100.0% liked)

Technology

70267 readers
3474 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws