Let’s set the stage. Picture a semi-governmental company. Around $130 million in annual revenue. They build and operate very expensive things — in space. Hundreds of physical hosts. Nearly 4,000 VMs. Most of their IT stack, in fact, runs on our platform.
Are they paying customers?
No.
Are they using the fully open-source version, from source?
Also no.
Instead, they discovered our Xen Orchestra Appliance (XOA): a turnkey virtual machine, with Xen Orchestra pre-installed, regularly tested, easy to deploy and update (and yes, still running fully on-prem). A supported and stable experience, designed for teams that don’t want to git pull on master branch in production.
But they didn’t want to pay for it. So they came up with a creative workaround: abusing our 30-day trial (initially 15 days until recently), over and over again.
It all started back in April 2015 — yes, a full decade ago. At first, they used their corporate emails to request trials. One here, one there. Nothing suspicious. But over the years, the pattern grew. More emails. More trials. Enough that, when we looked back, we realized we could chart it. Literally. Here’s what the “creative licensing strategy” has looked like over time:
As you can imagine, we ended up with what looked like the entire staff directory. Developers, sysadmins, managers… pretty sure we even had the janitor signed up for a trial at some point.
When those ran out, they switched to personal Outlook or Gmail addresses. Every time: starting with a new (real!) person with their… personal email, a new 30-day trial. And then go incrementally with it. johndoe01@outlook.com, then johndoe02@outlook.com… We’re now well past johndoe60. Same company name, every time… which is impressive considering the field isn’t even required in order to register your account. Hard to say if it was a mistake, a flex, or just their way of making sure we didn’t miss who was milking the trials.
Yes, they’re that committed. Committed to not paying.
90% it is SpaceX.
Major NASA contractor, history of malfeasance, lawsuits, fake promises, and the head of it ran (untill quite recently) a government task force that illegally broke a whole bunch of IT shit, caused the largest series of cybersecurity breaches in history, committed a whole slew of brazenly illegal crimes… oh and the guy who runs it is notoriously incompetent at software development and managing software development.
Maybe 95%.
I struggle to think of a more ‘semi-governmental’ aerospace contractor, that also matches so well with all the described patterns.
Boeing or ULA or Lockheed are of course large aerospace contractors, but they’re not run by a guy who literally directly bought the last election, and they are usually a bit more formal with their corporate/management/negotiation bs.
$130m sounds way too low for SpaceX. I’m guessing Rocket Lab: https://www.businesswire.com/news/home/20250508522849/en/Rocket-Lab-Announces-First-Quarter-2025-Financial-Results-Posting-Quarterly-Revenue-of-%24123m-Representing-32-Year-on-Year-Growth
rocket lab is 4x too big (that’s quarterly revenue, not annual)
Ah!
I totally skipped over that revenue figure, that is much more of a precise way to nail it down.
I submit my 5% or 10% loss chance to you, whoops!