It’s probably time to channel larry ellison and shake these guys down. Or at least shake their pockets for loose change.
They are stealing from you. As you point out you go out of your way to help companies with your oss options: you’re way on the right side of principled and generous. this is abuse. Don’t put up with it.
Given the history, I’d suggest a short C&D recounting the 10 years(!) of theft, the measures they’ve gone to, and tell them they have 15 days to either stop or get licensed, or you will seek 10 years of back licensing, interest and penalties. I assure you that you will receive a call from someone. Especially if you have to turn the software off on day 16.
Anyway this seems substantial to me, but also there’s an ethical and philosophical question of responsibilities. Do you have more responsibility to your employees and shareholders or to this space company? Even if you’re crazy rich as a company, I propose as the CEO you owe a pretty strong duty to those stakeholders to try and recover stolen assets. You don’t have to be mad at random spaceco, but I propose you might think hard before walking away.
Quick edit: just to frame your head on this: If the company is in the US then this behavior likely falls under DMCA anti-circumvention laws. if it does, people would have criminal liability. Now, I believe the DMCA is terrible legislation; it lets corporations create criminal liability through license agreements. But, it is the law of the land here, and I would guess as soon as your attorney can lay this out, and their attorneys get an eye on it, you will find willing negotiation happening.
> We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.
Oh for the love of tech, do chase them. This absolutely has to be in void of the terms of your trial take them to court. If not, then at the very least name and shame the company, so some dumb manager orchestrating this silly theft will get fired and someone more mature can be rotated in.
At my last job (a billion dollar company) someone had set up some kind of proxy where one free user account was used by ~100 employees. We wanted some more features they didn't offer so we looked at some of their competitors. I was in the meeting where we were going to decide to keep using what we had or use the better solution (in my opinion). Both were presented fairly except for the price. The plan was to continue the piracy, not paying what it should cost, or use the other service which would have been cheaper if done legally. I voiced my concern that if we are going to compare them we should at least compare them with their actual cost. No one shared my concern and they ended up with not switching a just continue pirating, even though money wasn't really an issue. The person who set this up wasn't in the company anymore, but I guess no one wanted to deal with this issue and decided it was easier to ignore it.
> But at some point, this goes beyond saving a few bucks: it becomes performance art.
Love it. I appreciate the humor and good example behind that.
It's entirely likely the company is spending more money on staff time, than on the product.
I also cannot even imagine running mission-critical stuff on free trials (I have heard of it, before. I think Adobe was successfully sued, once, because someone created an image in their free trial, and then, couldn't open it, after the trial expired).
If I were one of that company's customers, I'd be fairly concerned.
Tell them that their free trial is over and their company will no longer receive free trial keys. You can do that. It doesn't require a lawyer and it doesn't require threats. Just "We're glad you like our product! Unfortunately we can no longer support you with free trials." Be polite.
If they secretly keep getting free trials by pretending to be unaffiliated, then escalate to 1) blocking the fake ones when you discover them (very annoying to them, even if you don't get them all) and 2) as a very last resort, legal threats.
The goal is to get them onboarded as paying customers. Every other outcome is effectively a loss. You want to be polite but firm.
I think the most depressing thing is how unsurprising this is.
This is why free trials require credit cards upfront, as they're more difficult to fake, not because you're about to be stealth billed. It's thanks to people like this.
As CTO, I feel pretty strongly about this type of behavior and lie the blame squarely on the Aerospace Co’s CTO.
Being scrappy early on is part of the job, but when you are starting to generate revenue it’s time to convert your free tiers to starter tiers as you scale.
I’m sorry that there are people in our industry who choose to behave this way.
I had this happen on a consumer startup with referrals. Every month like clockwork one person would fake referrals to get a free moth, which involved jumping through non trivial hoops (re-installing all, creating content in the fake account, going back). all to save $5, and when we had a free plan with almost the exact same quality.
I think the thrill of beating a system and getting away with is as much a factor as anything. And I get it.
I used to work in IT in a large corporation back in the days. Amount of work necessary to procure software was so staggering, that any alternative "creative solution" would be much more preferable. And the worst thing is that the cheap software was the one that suffered most. The gazillion-dollar CISCO upgrade was no problem, it's already gazillion dollars. But to get $10 email shareware license one would spend many work-hours of many people, so who's gonna do it.
Assuming this telling is pretty accurate, I'm wondering what the thinking was on both ends.
On the freeloader end: Did they think they were within the rules? How far up was the approval to keep doing it this way? Did someone try to pay, but get blocked? Did someone tell their boss they did this all in-house, and now doesn't want to admit they outsourced and exposed the company? Did it go to the top, and a lawyer told them to put the company name and a real person each time, and that they were covered on good faith if they only did that?
On the provider end: Seeing this locked-in enterprise user for 10 years, how was a salesperson not all over that that slam-dunk sale? How did they let this go on for 10 years without tweaking their policy to stop the freeloader and any others who might emulate them? What did the business people say about this over the years when it came up? Was business so good it wasn't worth the time to convert the freeloader to a paying customer?
I have a theory this happens because for individual contributors, the effort to buy SaaS software in the era of "vendor risk assessment" is a nightmare. So you end up with grassroots avoidance of that process, at all costs, inside the company.
As a solo-founder I have experienced this on a massive scale over nearly 15 years. It's really strange how happy people are with unethical behavior, yet on my end it just doesn't feel right to cut off peoples systems. After multiple attempts to contact them, we will often disable their accounts. It is against the social contract. It is stealing. In many cases companies may have 15+ free trial accounts, the company itself absolutely dwarfs our 3-person company. The cost is beans for them. But they just don't care.
Dealing with this right now as a consultant. Also a 'semi-govt' company, with much more in annual revenue than in this article, running a highly critical production workload, and is having problems with a ESOL version Open Source software - that they are scared to touch/upgrade, and that is available in a fully up-to-date version, for purchase, with support etc., and indirectly asking us to support it, by essentially pawning off any and all changes related to said SW to me. Well, I recommended the upgrade path (to a current/supported and paid version) and I stopped making any changes to that component. They are still hemming an hawing, its unbelievable.
You could indirectly promote this unnamed reference customer with a dedicated marketing page. This blog post is already the seed of a case study. List the top ten unnamed companies who requested trials, by industry sector, sorted in descending order by count and years and VMs, with them at top. Presumably #2 - #10 have much smaller numbers.
Placed in a marketing context, this human attention could be converted to revenue from other customers. Fund a creative writing competition on VeryBigCo Procurement Anti-Patterns and Shadow IT. Prizes could be paid licenses. If you get enough entries, ask a business school to do a case study on the same subject, then organize a multi-vendor survey on the topic. Also, memes.
You may also need to update the ToS on the trial. At some point, a motivated salesperson could convert the account with a multi-year license that covers both past and future usage.
Totally tangent: What's a 30-day Rial? GenAI poster art with no spell checking I guess. Yet all of the pages of paper are spelled correctly. So now I'm wondering if there was a typo in the prompt used to create the art, or if the genAI is just unaware of the same text being used repeatedly while making a slight change in one place?
I can imagine the investors in this company would not be pleased with this kind of scrappy nonsense, especially given the industry.
> We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.
It's likely that the CEO is not aware(...hopefully); it's a good idea to reach out to them asap. Do try and point out what's going on.
If anything, the sooner you reach out, you'll be doing the business (and whoever is backing it) a favor: trust has been misplaced. Somebody chose a very unprofessional path with what (one can assume) is a very critical system.
If they're using it in prod then there are plenty of regulations that should force them to establish a real support relationship.
Sometimes this type of stuff happens for a prototype that an org is trying to get funded, but not for 10 years. I'd collect all of the org email addresses they used for the initial d/ls and contact them first- maybe one of the ones from ten years ago has gotten promoted to a point where they can establish a paid relationship or approve use of the open source version.
Isn't this a failure by the company to recognize free trial abuse sooner? and to not close the loophole immediately seems like even more of a weak behavior. Calling them out but not taking decisive action beyond claiming that they are acting immorally ultimately accomplishes nothing. Businesses are not beholden to your ideas about what is nice and fair, but whatever the rules and constraints are to your system. if you keep a practice like this that allows free trial abuse forever, why would they spend money?
It's pretty straightforward to me at least what needs to be done. Add 2fa sms authentication and restrict trials to one per phone number. It's less easier to get new phone numbers.
OP says the offending company is quasi governmental aerospace. Sounds like a defense contractor.
There will be a security officer at such a company. If I was that officer, I would be profoundly unhappy that employees, whose job (by the nature of the company) regularly takes them into classified waters, were freely giving their personal gmails to a third party overseas. I mean, you just broadened the attack surface on the employees by tying them to their presence in the Google ecosystem. Yikes.
I wonder if you can sue for breach of contract or something. Maybe not worth it... I would consider adding some actual limitations into the free trial rather than just time.
You cared enough to write a blog post so I think talking to a lawyer is worthwhile. Perhaps if you send them a legal letter threatening international action they will pony up. Writing the CEO will get you nowhere. Either way this is lame behavior and the public deserves to know the company so we can avoid doing business with them. But I understand not wanting to open yourself up for retaliation.
You realize that you just gave hacker news gave enough details to commit some satellite controlling backdoor into their system... It's not like some of us aren't going to be like: "Yeah, let's get 'em!" Not me. I'm the ethical type, but some people might think:
Step 1: Modify OSS repository to gain control of satellites
Step 2: ...
Step 3: Profit!
Entirely understandable why it wouldn't be named. And that the comments section would have some people guessing. I wonder if it isn't a company named after an insect, given the revenue and timeline of their operations seems to match with that graph, but the "semi-governmental" is throwing me off.
Time to disable the free trial for a month halfway into their trial and see how it goes. This is probably why most trials now request you to reach sales first (well, on top of obviously ensuring they have a way to send an offer).
This is a classic case of IP abuse, and it's tough to ignore. If the company has been using your work without a license for a decade, that’s a huge liability on their side. It might be time to remind them that open source is not free labor, and they can’t just brush off 10 years of unpaid work. At the very least, they should come to the table for a serious negotiation.
Change your terms slightly, to say that if you abuse the free trial say over 100 times, any user using the free trial agrees to a permanent irrevocable license to any of their IP
EDIT
Change your terms to require any usage off planet specifically prohibited by the free trial license
The most concerning part in this article is this: "To me, that’s a pretty blatant breach of the unwritten “moral contract” of Open Source."
It talks about the breach of some unwritten contract. But surely they should have a very written, real world contract to describe the terms of that 15 day trial. And this should be a breach of that. The fact that this is not mentioned, or even entertained as a notion is concerning.
Moral contracts are good for philosophy discussions. Real contracts are much better when you need to use instruments of law to get someone to something.
I’m reminded of the “business ethics” scene in Billy Madison[0]. This is what capitalism has wrought in the US: People for whom ethics are anathema, or arguably worse: a completely unexamined topic.
Complete assclown behavior throughout. It would be one thing if this had been going for for a month or two, maybe a quarter or two… but ten years?! They’re clearly fucking you over out of either malice and/or incompetence, and by allowing it to go on, you’re politely enabling them to do this bad behavior to someone else’s business.
If you feed stray dogs, you end up with a neighborhood full of dogshit everywhere you step. Bill them; if they don’t pay, talk to an attorney.
Dude, quit whining in a blog post and change your policy. Make it per-org instead of per-email. Heck, carve out an exception to block that particular org.
Unhappy with AI generated contributions, but perfectly happy to have a big AI generated image at the top of their page, complete with spelling mistakes
Ground control to Major Trial
(virtualize.sh)526 points by plam503711 16 May 2025 | 191 comments
Comments
They are stealing from you. As you point out you go out of your way to help companies with your oss options: you’re way on the right side of principled and generous. this is abuse. Don’t put up with it.
Given the history, I’d suggest a short C&D recounting the 10 years(!) of theft, the measures they’ve gone to, and tell them they have 15 days to either stop or get licensed, or you will seek 10 years of back licensing, interest and penalties. I assure you that you will receive a call from someone. Especially if you have to turn the software off on day 16.
Anyway this seems substantial to me, but also there’s an ethical and philosophical question of responsibilities. Do you have more responsibility to your employees and shareholders or to this space company? Even if you’re crazy rich as a company, I propose as the CEO you owe a pretty strong duty to those stakeholders to try and recover stolen assets. You don’t have to be mad at random spaceco, but I propose you might think hard before walking away.
Quick edit: just to frame your head on this: If the company is in the US then this behavior likely falls under DMCA anti-circumvention laws. if it does, people would have criminal liability. Now, I believe the DMCA is terrible legislation; it lets corporations create criminal liability through license agreements. But, it is the law of the land here, and I would guess as soon as your attorney can lay this out, and their attorneys get an eye on it, you will find willing negotiation happening.
Oh for the love of tech, do chase them. This absolutely has to be in void of the terms of your trial take them to court. If not, then at the very least name and shame the company, so some dumb manager orchestrating this silly theft will get fired and someone more mature can be rotated in.
Love it. I appreciate the humor and good example behind that.
It's entirely likely the company is spending more money on staff time, than on the product.
I also cannot even imagine running mission-critical stuff on free trials (I have heard of it, before. I think Adobe was successfully sued, once, because someone created an image in their free trial, and then, couldn't open it, after the trial expired).
If I were one of that company's customers, I'd be fairly concerned.
If they secretly keep getting free trials by pretending to be unaffiliated, then escalate to 1) blocking the fake ones when you discover them (very annoying to them, even if you don't get them all) and 2) as a very last resort, legal threats.
The goal is to get them onboarded as paying customers. Every other outcome is effectively a loss. You want to be polite but firm.
This is why free trials require credit cards upfront, as they're more difficult to fake, not because you're about to be stealth billed. It's thanks to people like this.
Being scrappy early on is part of the job, but when you are starting to generate revenue it’s time to convert your free tiers to starter tiers as you scale.
I’m sorry that there are people in our industry who choose to behave this way.
I think the thrill of beating a system and getting away with is as much a factor as anything. And I get it.
On the freeloader end: Did they think they were within the rules? How far up was the approval to keep doing it this way? Did someone try to pay, but get blocked? Did someone tell their boss they did this all in-house, and now doesn't want to admit they outsourced and exposed the company? Did it go to the top, and a lawyer told them to put the company name and a real person each time, and that they were covered on good faith if they only did that?
On the provider end: Seeing this locked-in enterprise user for 10 years, how was a salesperson not all over that that slam-dunk sale? How did they let this go on for 10 years without tweaking their policy to stop the freeloader and any others who might emulate them? What did the business people say about this over the years when it came up? Was business so good it wasn't worth the time to convert the freeloader to a paying customer?
https://www.nzherald.co.nz/business/companies/rocket-lab-rev...
Placed in a marketing context, this human attention could be converted to revenue from other customers. Fund a creative writing competition on VeryBigCo Procurement Anti-Patterns and Shadow IT. Prizes could be paid licenses. If you get enough entries, ask a business school to do a case study on the same subject, then organize a multi-vendor survey on the topic. Also, memes.
You may also need to update the ToS on the trial. At some point, a motivated salesperson could convert the account with a multi-year license that covers both past and future usage.
> We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.
It's likely that the CEO is not aware(...hopefully); it's a good idea to reach out to them asap. Do try and point out what's going on.
If anything, the sooner you reach out, you'll be doing the business (and whoever is backing it) a favor: trust has been misplaced. Somebody chose a very unprofessional path with what (one can assume) is a very critical system.
If they're using it in prod then there are plenty of regulations that should force them to establish a real support relationship.
Sometimes this type of stuff happens for a prototype that an org is trying to get funded, but not for 10 years. I'd collect all of the org email addresses they used for the initial d/ls and contact them first- maybe one of the ones from ten years ago has gotten promoted to a point where they can establish a paid relationship or approve use of the open source version.
There will be a security officer at such a company. If I was that officer, I would be profoundly unhappy that employees, whose job (by the nature of the company) regularly takes them into classified waters, were freely giving their personal gmails to a third party overseas. I mean, you just broadened the attack surface on the employees by tying them to their presence in the Google ecosystem. Yikes.
[0] https://github.com/TirrenoTechnologies/tirreno
(creator of tirreno)
Step 1: Modify OSS repository to gain control of satellites Step 2: ... Step 3: Profit!
How about creating a "Wall of Shame" page and name shaming such companies, until the get the message that they have the financial resources to pay?
Time to disable the free trial for a month halfway into their trial and see how it goes. This is probably why most trials now request you to reach sales first (well, on top of obviously ensuring they have a way to send an offer).
Why not do what most profit-conscious companies would do and just say "we notice unusual activity and.."
“Deceptive use against third party services by creating multiple email accounts to pretend to be multiple users of their service”
Because if you want to maintain a good reputation with people, you don’t facilitate people taking advantage of them.
There are a lot of private space companies but only a few fit the “semi-governmental” description. Lockheed is one of them.
Revenue numbers for 2024 fit also. For Terran Orbital that is. Obviously Lockheed does WAY more than that.
EDIT
Change your terms to require any usage off planet specifically prohibited by the free trial license
The worst they can do is not pay it.
Arr, the use of "pirouetting" is such ticklingly brilliant punnage, mematey.
It talks about the breach of some unwritten contract. But surely they should have a very written, real world contract to describe the terms of that 15 day trial. And this should be a breach of that. The fact that this is not mentioned, or even entertained as a notion is concerning.
Moral contracts are good for philosophy discussions. Real contracts are much better when you need to use instruments of law to get someone to something.
So, is the company SpaceX or what?
0: https://m.youtube.com/watch?v=xKGeHuln08A
If you feed stray dogs, you end up with a neighborhood full of dogshit everywhere you step. Bill them; if they don’t pay, talk to an attorney.
God bless those among us who steal the candy bowl at Halloween.
Job done.
Worst case, they just mysteriously stop using your product.