Oracle demands $12K from network biz that doesn't use its software

Mistake, fishing expedition, or attempt to hold a company liable for its customers?

Merula Limited, a UK-based network service provider, recently received a bill from Oracle for $12,200 for using the company's proprietary VirtualBox Extension Pack, which provides extra capabilities for the free GPL-licensed VirtualBox hypervisor.

For Richard Palmer, director of the company, this was a perplexing demand. As he explained to The Register, "Merula does not operate or manage any computer using VirtualBox or any Oracle software."

Oracle provided the company with a range of IP addresses, more than 100, that it claimed had been using its proprietary VirtualBox Extension Pack in conjunction with VirtualBox installations.

It's claimed that Oracle's software phones home to report where it's being used, though the company may be repurposing VirtualBox telemetry for its audits. Or it may simply be checking the IP addresses associated with downloads of the software and contacting address registrants to seek payment.

According to Palmer, while the IP addresses cited fall within Merula's assignment range, they're not all those used by the biz, which runs a virtual network for several other companies that control their own IP addresses. So those it does control aren't part of its core or hosting environment; rather they're used by customers on broadband connections.

In short, Palmer believes Oracle is billing the wrong entity. Yet Oracle's message to the company suggests it wants to hold Merula accountable for the software used by its customers.

"Although your organization might be an ISP however if your use is outside of your customer base beyond 30 days, payments are due to Oracle," the confusingly worded billing demand says.

For the past three days, The Register has been seeking clarification from Oracle about whether this is actually the company's intention. It may just be that Merula was billed by mistake, but Palmer expressed doubt about that.

An Oracle spokesperson told The Register that a UK sales representative intends to get in touch with Merula to clear things up. Palmer, however, on Thursday said he hadn't heard anything further since the initial billing demand.

He said he wonders whether Oracle's demand might be a fishing expedition to get Merula to cough up customer data, similar to the scattershot legal demands that music companies in the past directed at ISPs to get the identities of subscribers sharing copyrighted music. Having that data would make it easier for Oracle to target payment demands.

And Palmer is not alone in that suspicion. In a phone interview with The Register, David Woodard, COO of House of Brick Technologies, a Nebraska-based IT consultancy, said normally when a company sends another a bill, there's usually some sort of agreement or contract between them.

"It seems like a fishing expedition," Woodard said. "Normally, when we see Oracle say these IP addresses have downloaded this software, we haven't seen it get to the point where they send them a bill."

Woodard said that while Oracle was within its rights to go after license violators, it ought to be sure it's invoicing the right people.

Palmer's experience appears not to be unique either. A recently deleted Reddit post, preserved presently in Google's web cache, contains a similar anecdote. Another Reddit post from a year ago tells the same story. And a Reddit post from earlier this month says as much.

Paul Berg, a software licensing consultant, expressed concern about Oracle's software license auditing practices in an email to The Register.

"When companies use their legal department as a profit center it is highly indicative that the products they claim they are incorporated to provide are no longer competitive in the marketplace," he said.

"They are not seeing a path for themselves to change that either, as evidenced by the fact they are more willing to damage their brand with a broad campaign of litigation against the small parties already using portions of their product, which are both their best potential new customers and unable to successfully defend themselves, rather than market to them and bring them into compliance." ®

Send us news

Oracle faces continued legal battle over alleged NetSuite software misrepresentations

Judge allows fraud case to continue after customer resubmits complaint

KDE Plasma 6.0 brings the same old charm and confusion

The big new version of the other desktop, complete with improved HDR and a spinning desktop cube

Lightweight Windows-like desktop LXQt makes leap to Qt 6 with version 2.0

Following in the same direction as the good ship KDE Plasma

GNOME 46 beta has more tweaks than a coffee shop

The future desktop of Ubuntu 24.04 and Fedora 40 is nearly ready

City council megaproject to spend millions for manual work Oracle system was meant to do

Train-wreck public sector project was forecast to save 'bankrupt' council money

City council megaproject mulls ditching Oracle after budget balloons to £131M

As bankrupt local authority slashes services and hikes taxes, consultants enjoy £1k-a-day while system still can't offer auditable accounts

Oracle Cerner system implementation risks future patient deaths, coroner warns

Doctors voiced concern over lack of Red-Amber-Green rating system, says report

City of London ditches Oracle for SAP in search of ERP enlightenment

Four years after first approaching market for new system, public body hopes to start working with SI

Toyota admits its engines are overrated – by its own power testing software

Japan's government slapped it for using the wrong code to produce too-powerful results

What is GitHub Copilot Enterprise? You and your org just might find out firsthand

Big biz invited to like and subscribe, without fear of litigation

Prompt engineering is a task best left to AI models

Machine-learning boffins find open source neural nets can optimize their own queries

BEAST AI needs just a minute of GPU time to make an LLM fly off the rails

Talk about gone in 60 seconds