←back to thread

Ground control to Major Trial

(virtualize.sh)
474 points plam503711 | 1 comments | 16 May 25 12:03 UTC | HN request time: 0s | source
Show context
florbnit ◴[16 May 25 12:21 UTC] No.44004552[source]
> We’re not going to waste days chasing them. But at some point, this goes beyond saving a few bucks: it becomes performance art.

Oh for the love of tech, do chase them. This absolutely has to be in void of the terms of your trial take them to court. If not, then at the very least name and shame the company, so some dumb manager orchestrating this silly theft will get fired and someone more mature can be rotated in.

replies(7): >>44004613 #>>44004622 #>>44004679 #>>44004709 #>>44005332 #>>44007040 #>>44009381 #
plam503711 ◴[16 May 25 12:29 UTC] No.44004613[source]
I’m actually considering reaching out directly to the CEO and telling the full story. But honestly? There’s a good chance he’s fully aware — and totally fine with it. That’s part of what makes it so disappointing.

We’re not rushing into legal action — it’s not worth the energy for now — but publicly calling out the behavior felt necessary. It also sends a message to others in the ecosystem about the kind of nonsense OSS maintainers sometimes face.

And yes, while I’m still holding off on naming the company directly… I haven’t ruled it out.

replies(11): >>44004717 #>>44004734 #>>44004740 #>>44004748 #>>44004836 #>>44004930 #>>44005036 #>>44005106 #>>44005234 #>>44007093 #>>44009913 #
bambax ◴[16 May 25 12:41 UTC] No.44004740[source]
> publicly calling out the behavior

> I’m still holding off on naming the company directly

Does not compute. Why not name them?

replies(6): >>44004759 #>>44004763 #>>44004769 #>>44004892 #>>44005131 #>>44005166 #
1. dspillett ◴[16 May 25 13:17 UTC] No.44005131{3}[source]
> Does not compute. Why not name them?

Legal risk. If the company decides to be a litigious prick about being named & shamed they might not win, but before losing they'll cost the product owner a pile of time and, at least temporarily, money.

Stating the errant company's industry and size gives us plenty of information to make an educated guess, without actually stating the name. I suspect that this action blocks any useful future relationship as much as direct naming would, so that risk has been taken, but I also assume that no such beneficial relationship was likely to happen anyway so doing this is worth it to get the publicity, both through the story and perhaps a little cheeky marketing down the road (“as used extensively by the famous company we won't name, but you can guess”).

One thing I would definitely do at this point, now the company knows they have been detected, is to try¹ make sure all support for that company is on the lowest priority possible. Absolute minimum response time 24 hours. 24 working hours, especially if the issue seems urgent to them. No responses beyond automated ones outside of normal business hours. Never try to guess: any missing information in a support query gets queried and the subsequent clarifying responses are subject to the same 24+ working hour latency. If anyone tries the “we are a big company, you should prioritise this” thing, respond with “With an email address like that? Yeah, nah.” or more directly “We know, a big company who knows it is massively in breach of our licence, and yet we are still generously responding to you at all.”.

------

[1] They may of course have/find crafty ways to get around this too, but if they are determined to avoid doing the right thing at least make them work to avoid doing the right thing!