🚀 Of trials and tribulations
Open Source is beautiful. Messy, thankless, powerful — and occasionally just plain weird.
At Vates, we’ve already shared some of the pain points that come with maintaining open source projects (see: OSS maintainer fatigue). And more recently, the rise of AI-assisted fake contributions and “security reports” has added a whole new layer of entropy. (this blog post captures it perfectly.)
But today, we’re here for something a little more… grounded.
🧑🚀 The curious case of the infinite trial
Let’s set the stage. Picture a semi-governmental company. Around $130 million in annual revenue. They build and operate very expensive things — in space. Hundreds of physical hosts. Nearly 4,000 VMs. Most of their IT stack, in fact, runs on our platform.
🚀
You might say we’re mission critical. Fitting, since the XCP-ng logo is literally a rocket, and Xen Orchestra’s is a satellite. We didn’t expect someone to take that so literally.
Are they paying customers?
No.
Are they using the fully open-source version, from source?
Also no.
Instead, they discovered our Xen Orchestra Appliance (XOA): a turnkey virtual machine, with Xen Orchestra pre-installed, regularly tested, easy to deploy and update (and yes, still running fully on-prem). A supported and stable experience, designed for teams that don’t want to git pull on master branch in production.
But they didn’t want to pay for it. So they came up with a creative workaround: abusing our 30-day trial (initially 15 days until recently), over and over again.
It all started back in April 2015 — yes, a full decade ago. At first, they used their corporate emails to request trials. One here, one there. Nothing suspicious. But over the years, the pattern grew. More emails. More trials. Enough that, when we looked back, we realized we could chart it. Literally. Here’s what the “creative licensing strategy” has looked like over time:
As you can imagine, we ended up with what looked like the entire staff directory. Developers, sysadmins, managers… pretty sure we even had the janitor signed up for a trial at some point.
When those ran out, they switched to personal Outlook or Gmail addresses. Every time: starting with a new (real!) person with their… personal email, a new 30-day trial. And then go incrementally with it. johndoe01@outlook.com, then johndoe02@outlook.com… We’re now well past johndoe60. Same company name, every time… which is impressive considering the field isn’t even required in order to register your account. Hard to say if it was a mistake, a flex, or just their way of making sure we didn’t miss who was milking the trials.
Yes, they’re that committed. Committed to not paying.
🔍 A quick reminder on the options
For the record, we’re fine with free users. That’s the spirit of open source. You can follow our documentation, build from source, and enjoy all the features for free. No stability guarantee, no pro support, but everything is there.
The appliance version (XOA) — the one they keep trialing — is our supported, maintained, pre-packaged VM. It’s tested. It updates with a single click. It saves time and reduces risk. That’s what we sell. And that’s what they keep pirouetting around with their email dance.
To me, that’s a pretty blatant breach of the unwritten “moral contract” of Open Source. I touched on that in more detail here:
The moral contract
Balancing openness and revenue: navigating the moral contract in the evolving world of free software.
🧠 The real puzzle
We even helped them. In good faith. Like we often do with users evaluating our solution — we don’t waste time scrutinizing who’s asking; we just try to help. That’s the spirit of trials, after all. So yes, we answered their questions, offered guidance, and even spent nearly a full day supporting them during one of their early “we’re just testing, maybe planning to buy” moments. You know the tune.
But over the years, the pattern started to stand out. Familiar questions, familiar setups… and when we finally looked into it, the pieces clicked. A quick search through our records revealed over at least 60 separate accounts tied to the same organization.
So we reached out.
They vaguely apologized and claimed they’d switch to using the source version instead.
Which — fine. Not ideal, but technically within the rules. What stung more was their complete disinterest in any kind of professional support — even when we simply brought up the idea of a volume discount (!). They shut it down immediately. Apparently, sending satellites into orbit is easier than entertaining the thought of paying for open source support.
And did they actually switch to the source?
Of course not.
They just kept going — now using personal Outlook addresses and incrementing the email handles like they were running a script.
And here’s the kicker: if this was a typical SaaS platform with no way to self-host, maybe you’d understand the logic of trying to game the system. But you can self-host everything. For free. No limits. Just a slightly less comfy upgrade experience.
They chose to go out of their way — repeatedly — to fake trials rather than read a short doc and type a few commands.
What does that say about the value of our virtual appliance? Maybe more than any of our marketing 🤔
💭 What now?
We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.
Just to be sure you get it: they are using personal Outlook or Gmail accounts. Used to repeatedly request trials of a product that’s open source and free to self-host. For the last 10 years. All while voluntarily filling in their actual company name in the registration form. Was it a mistake? A subconscious cry for help? Or just an artistic commitment to trolling? We may never know.
What we do know: this kind of behavior chips away at what makes Open Source sustainable. When you’re operating a satellite fleet and running 4,000 VMs on our stack, maybe (just maybe?) it’s time to stop treating the trial system like a vending machine.
We’ll likely introduce smarter limits to prevent this kind of trial farming. Not to block honest users, but to make sure we can spend our energy where it actually matters: building great software, supporting real users, and keeping Open Source alive and well.
And if someone from That Company is reading this: you still have time to do the right thing. You’ve got the rocket science down. Now try ethics.
