Business

Oracle demands $12K from network biz that doesn't use its software

Mistake, fishing expedition, or attempt to hold a company liable for its customers?

105 Got Tips?

Merula Limited, a UK-based network service provider, recently received a bill from Oracle for $12,200 for using the company's proprietary VirtualBox Extension Pack, which provides extra capabilities for the free GPL-licensed VirtualBox hypervisor.

For Richard Palmer, director of the company, this was a perplexing demand. As he explained to The Register, "Merula does not operate or manage any computer using VirtualBox or any Oracle software."

Oracle provided the company with a range of IP addresses, more than 100, that it claimed had been using its proprietary VirtualBox Extension Pack in conjunction with VirtualBox installations.

It's claimed that Oracle's software phones home to report where it's being used, though the company may be repurposing VirtualBox telemetry for its audits. Or it may simply be checking the IP addresses associated with downloads of the software and contacting address registrants to seek payment.

According to Palmer, while the IP addresses cited fall within Merula's assignment range, they're not all those used by the biz, which runs a virtual network for several other companies that control their own IP addresses. So those it does control aren't part of its core or hosting environment; rather they're used by customers on broadband connections.

In short, Palmer believes Oracle is billing the wrong entity. Yet Oracle's message to the company suggests it wants to hold Merula accountable for the software used by its customers.

"Although your organization might be an ISP however if your use is outside of your customer base beyond 30 days, payments are due to Oracle," the confusingly worded billing demand says.

For the past three days, The Register has been seeking clarification from Oracle about whether this is actually the company's intention. It may just be that Merula was billed by mistake, but Palmer expressed doubt about that.

An Oracle spokesperson told The Register that a UK sales representative intends to get in touch with Merula to clear things up. Palmer, however, on Thursday said he hadn't heard anything further since the initial billing demand.

He said he wonders whether Oracle's demand might be a fishing expedition to get Merula to cough up customer data, similar to the scattershot legal demands that music companies in the past directed at ISPs to get the identities of subscribers sharing copyrighted music. Having that data would make it easier for Oracle to target payment demands.

And Palmer is not alone in that suspicion. In a phone interview with The Register, David Woodard, COO of House of Brick Technologies, a Nebraska-based IT consultancy, said normally when a company sends another a bill, there's usually some sort of agreement or contract between them.

"It seems like a fishing expedition," Woodard said. "Normally, when we see Oracle say these IP addresses have downloaded this software, we haven't seen it get to the point where they send them a bill."

Woodard said that while Oracle was within its rights to go after license violators, it ought to be sure it's invoicing the right people.

Palmer's experience appears not to be unique either. A recently deleted Reddit post, preserved presently in Google's web cache, contains a similar anecdote. Another Reddit post from a year ago tells the same story. And a Reddit post from earlier this month says as much.

Paul Berg, a software licensing consultant, expressed concern about Oracle's software license auditing practices in an email to The Register.

"When companies use their legal department as a profit center it is highly indicative that the products they claim they are incorporated to provide are no longer competitive in the marketplace," he said.

"They are not seeing a path for themselves to change that either, as evidenced by the fact they are more willing to damage their brand with a broad campaign of litigation against the small parties already using portions of their product, which are both their best potential new customers and unable to successfully defend themselves, rather than market to them and bring them into compliance." ®

Sign up to our NewsletterGet IT in your inbox daily

105 Comments

Keep Reading

Oracle opens second Indian cloud region in bid to keep pace in make-or-break market

Big Red's share continues to border on irrelevance compared to big dogs

Oracle staff say Larry Ellison's fundraiser for Trump is against 'company ethics' – Oracle, ethics... what dimension have we fallen into?

Ah, bless

Oracle teases prospect of playing nicely with open-source Java in update to WebLogic application server

'Low cost of ownership'? This must be an April Fools

Oracle OKs Oracle investors to sue Oracle: Put NetSuite suit before a judge – board panel

Investors peeved Larry Ellison owned 40% of the biz he paid billions in Big Red cash to buy

City of London Corporation explores options to escape Oracle's clutches

Tests market for SaaSy alternative to Oracle E-business, wants one system to rule HR, finance, payroll, property management...

Oracle leaves its heart in San Francisco – or it would do if, you know, Oracle had a heart

OpenWorld moving to Vegas, baby: SF now too expensive not to mention the filthy streets, open drug use...

Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google

Google-funded think tanks need to sit back and, er, have a think

Oracle makes some certifications and cloudy content free, in case you have time on your hands

Mum? Dad? What was lockdown like? It went by in a flash, junior, because we studied for a database certification

Oracle tempts users to run its cloud in their own data centres – for a mere '$6 million' commitment

Updated Not for your titchy workloads, Reg sources say

Oracle to take IT out of the equation for HR, ship prebuilt metrics, KPIs to analyse carbon-based lifeforms

You have been weighed, measured, you have been found wanting

Tech Resources

Ransomware Playbook

Ransomware is a unique security threat where most of the security team’s effort is spent on prevention and response because once ransomware is detected, it's too late.

Latency is the New Outage

More organizations are tying their future success to digital and online business.

SANS 2019 Threat Hunting Survey

Threat hunting is a proactive approach to identifying signs of an attack, as opposed to the reactive approach security operations centre analysts follow.

Dark Reading Report: The State of IT Operations & Cybersecurity Operations

This new study from Dark Reading finds that while these two groups are getting better at collaborating, several key roadblocks continue to undermine their success. Ready to understand what those roadblocks are and how to overcome them?