Hacker Remix

Ground control to Major Trial

464 points by plam503711 12 hours ago | 178 comments

vessenes 12 hours ago

It’s probably time to channel larry ellison and shake these guys down. Or at least shake their pockets for loose change.

They are stealing from you. As you point out you go out of your way to help companies with your oss options: you’re way on the right side of principled and generous. this is abuse. Don’t put up with it.

Given the history, I’d suggest a short C&D recounting the 10 years(!) of theft, the measures they’ve gone to, and tell them they have 15 days to either stop or get licensed, or you will seek 10 years of back licensing, interest and penalties. I assure you that you will receive a call from someone. Especially if you have to turn the software off on day 16.

Anyway this seems substantial to me, but also there’s an ethical and philosophical question of responsibilities. Do you have more responsibility to your employees and shareholders or to this space company? Even if you’re crazy rich as a company, I propose as the CEO you owe a pretty strong duty to those stakeholders to try and recover stolen assets. You don’t have to be mad at random spaceco, but I propose you might think hard before walking away.

Quick edit: just to frame your head on this: If the company is in the US then this behavior likely falls under DMCA anti-circumvention laws. if it does, people would have criminal liability. Now, I believe the DMCA is terrible legislation; it lets corporations create criminal liability through license agreements. But, it is the law of the land here, and I would guess as soon as your attorney can lay this out, and their attorneys get an eye on it, you will find willing negotiation happening.

cogman10 11 hours ago

I agree. The company will almost immediately settle because this is a cut and dry theft that will cost them (literally) millions just in the recoup. More if a penalty can be applied.

This won't go to court, the actions are indefensible. The only argument will be how much they have to pay the OPs company.

Animats 4 hours ago

You can start by sending them a bill. Get legal advice on drafting it. Each month, a new bill, with the new charges for that month. After a few cycles, you start threatening to go to collection. It may take a while, but you'll collect eventually.

florbnit 12 hours ago

> We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.

Oh for the love of tech, do chase them. This absolutely has to be in void of the terms of your trial take them to court. If not, then at the very least name and shame the company, so some dumb manager orchestrating this silly theft will get fired and someone more mature can be rotated in.

plam503711 12 hours ago

I’m actually considering reaching out directly to the CEO and telling the full story. But honestly? There’s a good chance he’s fully aware — and totally fine with it. That’s part of what makes it so disappointing.

We’re not rushing into legal action — it’s not worth the energy for now — but publicly calling out the behavior felt necessary. It also sends a message to others in the ecosystem about the kind of nonsense OSS maintainers sometimes face.

And yes, while I’m still holding off on naming the company directly… I haven’t ruled it out.

1234letshaveatw 11 hours ago

I very much doubt the CEO is aware. It is much more likely that some person is doing this because that is what they have always done- they are coasting. Alternatively, it is some poor sap that is in over their head and just following some instructions the original jerk put together to keep things running.

The CEO will prob hand you off to some director who is going to be annoyed that they were made out to look foolish and that they now have a task that the CEO is going to want regular status updates on.

Edman274 11 hours ago

If you don't do anything legally threatening, then you make it that much harder for every single OSS vendor to make money, because the precedent is getting established that there is no penalty for breaking the rules.

When I was a teenager I would do super cut-rate work on computers for people, and my father did helpfully point out that undercharging for valuable work just makes it harder for people whose day job is to do the same work, because then they have to compete with a naive teenager. You're the kind hearted OSS / freemium vendor in this case. Threatening legal action costs nothing. Punishment is meant as a deterrent for antisocial behavior. Failing to even threaten them will result in less money going to people who deliver a public good.

ChrisMarshallNY 11 hours ago

> Threatening legal action costs nothing.

Not really. If you want it to have teeth, then it should come under a lawyer's letterhead, and that usually costs something (probably not much, for one letter).

threeseed 10 hours ago

> Threatening legal action costs nothing

It costs your reputation as a vendor which is permanent.

You don't threaten legal action against companies before calmly advising them of the situation.

krisoft 7 hours ago

> It costs your reputation as a vendor which is permanent.

You say that as if that is some bad thing. As a vendor you want to have a reputation for asking what you are fairly owed. The other option is to have a reputation for being a wet tissue anyone can walk through.

> You don't threaten legal action against companies before calmly advising them of the situation.

These are not incompatible with each other. Of course you calmly advise the company of the situation. 100%. You tell them that their 15 day trial period lapsed at <date> and that they continue using the <product> without proper license in place. You tell them where they can reach out to find the right licence for their needs. And you tell them that you intend to pursue them for damages if they remain out of compliance. All very calmly and professionally. Nobody is angry with anyone here. There is no bad blood. It is just a contracting oopsie!

threeseed 2 hours ago

> As a vendor you want to have a reputation for asking what you are fairly owed.

They've never asked the company.

Instead you want to jump straight to legal action which is insane.

Edman274 10 hours ago

There's no obligation to publicly reveal the threat of a lawsuit to a party that is abusing your license. In fact, if you don't reveal the existence of the lawsuit, the only way then that you'd gain that reputation is if the threatened party then publishes their threat, which they won't do if they straight up know that they're in the wrong, because then that damages their reputation. Why would a big company publish a blog about a small company suing them for blatantly violating their software license? They want that crap to go away. Get the money. Shaming a company doesn't make anyone any money unless they decide to voluntarily comply, which is what is being asked here. They're being asked to voluntarily do the right thing. If they were likely to voluntarily do the right thing, they would've done that first.

bambax 12 hours ago

> publicly calling out the behavior

> I’m still holding off on naming the company directly

Does not compute. Why not name them?

dspillett 11 hours ago

> Does not compute. Why not name them?

Legal risk. If the company decides to be a litigious prick about being named & shamed they might not win, but before losing they'll cost the product owner a pile of time and, at least temporarily, money.

Stating the errant company's industry and size gives us plenty of information to make an educated guess, without actually stating the name. I suspect that this action blocks any useful future relationship as much as direct naming would, so that risk has been taken, but I also assume that no such beneficial relationship was likely to happen anyway so doing this is worth it to get the publicity, both through the story and perhaps a little cheeky marketing down the road (“as used extensively by the famous company we won't name, but you can guess”).

One thing I would definitely do at this point, now the company knows they have been detected, is to try¹ make sure all support for that company is on the lowest priority possible. Absolute minimum response time 24 hours. 24 working hours, especially if the issue seems urgent to them. No responses beyond automated ones outside of normal business hours. Never try to guess: any missing information in a support query gets queried and the subsequent clarifying responses are subject to the same 24+ working hour latency. If anyone tries the “we are a big company, you should prioritise this” thing, respond with “With an email address like that? Yeah, nah.” or more directly “We know, a big company who knows it is massively in breach of our licence, and yet we are still generously responding to you at all.”.

------

[1] They may of course have/find crafty ways to get around this too, but if they are determined to avoid doing the right thing at least make them work to avoid doing the right thing!

Philpax 12 hours ago

Because as long as they don't name them, there's still a chance they'll pay up or self-host. As soon as they do name them, any chance of a meaningful business relationship will disappear.

hungryhobbit 6 hours ago

Did you read how much work these people put into not paying? I think that ship has sailed long ago.

threeseed 11 hours ago

Because this is almost always just the fault of some low level engineer trying to save some time rather than some systemic issue at the heart of the company.

The company will just apologise and the CEO will make sure to tell everyone they know never to deal with this vendor ever again. IT is a very small world and reputations last a long time.

chii 12 hours ago

by declaring, but not acting yet, the OP gives the company an out, and allow a potential payday to come. After all, everybody is after money. Any action which seems strange or wild, when considered from the POV of making money, would start to sense.

bmacho 8 hours ago

> We’re not rushing into legal action — it’s not worth the energy for now — but publicly calling out the behavior felt necessary.

Wth. Why go public instead of just .. emailing them, and asking for payment?

Kikawala 7 hours ago

They did reach out.

So we reached out.

They vaguely apologized and claimed they’d switch to using the source version instead.

Which — fine. Not ideal, but technically within the rules. What stung more was their complete disinterest in any kind of professional support — even when we simply brought up the idea of a volume discount (!). They shut it down immediately. Apparently, sending satellites into orbit is easier than entertaining the thought of paying for open source support.

And did they actually switch to the source?

Of course not.

They just kept going — now using personal Outlook addresses and incrementing the email handles like they were running a script.

FactolSarin 12 hours ago

I thought that was weird too. Surely this is a breach of whatever licensing they agreed to with the free trial. Are they allergic to getting paid for their work?

nand_gate 4 hours ago

We're not going to waste days chasing them when we could waste days writing a blog post to advertise our product.

Genius marketing, I guess Rocket Company is supposed to be exploiting the OSS community, but who built Xen ;)

Before you soapbox on the 'open source moral contract' consider repaying the OSS works you gladly derived.

fohdeesha 3 hours ago

....have you seen how much code and work vates has contributed upstream to xen? It's more than citrix at this point IIRC. Everything they do gets pushed back to upstream projects so I'm not sure what point you're trying to make

nand_gate 3 hours ago

No, I don't follow legacy hypervisors but fair enough perhaps my initial impression was off-base... still you can appreciate the irony of complaining about Rocket Company getting free stuff :/

josefx 11 hours ago

Tinfoil hat: The entire thing is just an ad.

"Our product is so great aerospace companies are literally stealing it, also have you seen our new 30 day trial? So back to that aerospace company and how cheaply it could use our software, just take a look at our current offerings..."

plam503711 11 hours ago

It is not, but yeah, we also have NASA as customers. However, we do not chase specifically aerospace companies. We are simply an open source alternative to VMware. So doing an ad explaining how to literally git pull the product without even talking to anyone or giving your email to our sales would be a weird strategy :D

o_m 12 hours ago

At my last job (a billion dollar company) someone had set up some kind of proxy where one free user account was used by ~100 employees. We wanted some more features they didn't offer so we looked at some of their competitors. I was in the meeting where we were going to decide to keep using what we had or use the better solution (in my opinion). Both were presented fairly except for the price. The plan was to continue the piracy, not paying what it should cost, or use the other service which would have been cheaper if done legally. I voiced my concern that if we are going to compare them we should at least compare them with their actual cost. No one shared my concern and they ended up with not switching a just continue pirating, even though money wasn't really an issue. The person who set this up wasn't in the company anymore, but I guess no one wanted to deal with this issue and decided it was easier to ignore it.

axus 11 hours ago

How much money did they save over 5-10 years through this illegal or unethical behavior?

If "Rocket Company" averaged 30 machines per month, max $1600 per month let's say $600k / year before discount. Maybe kept 3 million dollars over 10 years. I imagine the only way Vates will get paid for their service is if control is taken from the operational groups doing the actual work and "abstracted" to a centralized IT group.

elorm 7 hours ago

They run 4000 VMS as a stingy aerospace company so you can definitely assume less than a 100 physical machines.

Without further enterprise negotiations, it's 1800 per host/year. $180k max.

I don't blame Vates for refusing to chase down the company. They'll bring you way more pain as paying clients than the shameless theft they're perpetuating.

JoblessWonder 8 hours ago

FYI they said "hundreds of physical hosts" so it is significantly more than that.

ChrisMarshallNY 12 hours ago

> But at some point, this goes beyond saving a few bucks: it becomes performance art.

Love it. I appreciate the humor and good example behind that.

It's entirely likely the company is spending more money on staff time, than on the product.

I also cannot even imagine running mission-critical stuff on free trials (I have heard of it, before. I think Adobe was successfully sued, once, because someone created an image in their free trial, and then, couldn't open it, after the trial expired).

If I were one of that company's customers, I'd be fairly concerned.