How to Deal With Stolen Code? 799
greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."
Wrong! (At least outside US) (Score:2, Interesting)
Re:Uhhhhh (Score:3, Interesting)
Re:It's common sense (Score:1, Interesting)
Re:Due dilligence and move on (Score:3, Interesting)
Then I'm glad I don't work for you (Score:2, Interesting)
I'd prefer an ethical behavior on the part of all of my employees; some do better jobs than others-- but ethics comes first. Our code is clean, was clean, will be clean, and adheres to the licensing and copyright strictures.
Dry-ripping/cutting&pasting code from any old website is beyond stupid, it's lax, possibly criminal, and well, you haven't vetted the code against standards and practices-- what if it blows up or creates a nice nugget of crap in otherwise vetted code.
I disagree with your practices. They put output over ethics, suggest unscrupulous use of code, violate standards practices, and create possible conflicts with other code. Swiping unknown code from a random website's bad practice.
Can forum "license" apply? (Score:2, Interesting)
I haven't checked for this sort of thing but if I was administrating one of these forums, I'd certainly have put something like this in the terms-of-use. After all, as many people have pointed out disallowing use of posted code runs counter to the purpose of the forum.
My question is whether a term like this in a use agreement can override the implicit copyright.
Re:Due dilligence and move on (Score:2, Interesting)
Bad idea, the comment is enough to acknowledge that the company (or an agent on its behalf) knew that the ownership of the code was legally questionable and could be used to remove any protection that the company could have to claim permission to distribute the code. If the copyright owner decides to sue, best case scenario hes able to sue the company successfully, worst case scenario hes able to sue the person who wrote the comment acknowledging the muddied ownership of the code.
Re:Uhhhhh (Score:3, Interesting)
On one hand, I have found that people who post code fragments online generally intend for people to copy and adapt their works. However, obviously you don't want to rely on this norm for protection, even if it was provided specifically as sample code.
The best option is to first make a good effort to contact the author of the code and express an interest in using the code. You may or may not want to discuss the whole situation with the author without feeling the situation out-- that might be an act of goodwill but it could also put your business more at risk. I would probably initially just state that you are interested in obtaining copyright permission to use this code in your application. See where that goes.
If you cannot contact the author I would suggest rewriting the code to be on the safe side.
Also note that there is a chance that you will get a response (like I have) stating something to the effect that "I don't know whether I even wrote the code anymore, but fwiw, go ahead." In that case, I would tend to avoid copying and pasting.
Re:Uhhhhh (Score:1, Interesting)
Re:You already know the answer (Score:5, Interesting)
Or, depending on how the project lead is viewed in the company, this could be the fastest promotion you'll ever get.
Before you talk to anyone about this, do some discrete research about who might be sympathetic to your situation, who the lead's enemies are and think about just how much politics you want to get involved in
OT: Burning money (Score:5, Interesting)
Re:Uhhhhh (Score:3, Interesting)
I consider myself a pretty good coder, but when I recently was tasked with writing a wrapper to run a shell command and capture stdout, stderr, and redirect a file into stdin. I wasn't sure where to really start...
This MSDN article (which I found via google) went a long way towards covering the topic:
http://support.microsoft.com/kb/190351 [microsoft.com]
And that sample code proved invaluable. It easily saved me several hours. Code like that is very domain specific, and unless you've spent a lot of time around pipes and create process win32, it doesn't matter how good you are at understanding basic coding, or even advanced coding.
I'd managed to write a basic version of what I wanted using ANSI C's popen but was running into popen's limitations (like the dos box window flashing open). From reading I knew that CreateProcess in the win32 api gave me the control I needed to suppress the window, and this example REALLY helped me out.
Re:Uhhhhh (Score:3, Interesting)
I doubt it. Fair use means convincing a court that the use you're making of the material is really fair. In many cases, that means writing something that's sufficiently different that the court believes you're not really competing directly with the original author -- for example, a book review that quotes a few lines from a book isn't likely to be used as a substitute for buying the original story. Quoting a few particularly telling lines can give a good idea of the book's topic and style, so doing so will generally be considered fair use. This case seems to be almost entirely different however -- it's not writing something new or original about that code, but simply using it as it was originally intended. Even when courts do look at the amount copied, they rarely look exclusively at just the raw amount involved -- they frequently look at both the percentage of the original that was copied, and the percentage that the copied material constitutes of the final work in which it is copied. If I copy 200 lines from War and Peace, it would generally be easier to justify than if the 200 lines being copied were virtually 100% of the original (which sounds like it might easily be the case here). Likewise, if I write a long book and copy one-liners from here and there as titles to chapters and such, it's easier to justify than if all I've done is paste in a single large quote from somewhere, and that's all I'm publishing.
Even though I doubt this would qualify as fair use, publishing exactly the same code under other circumstances might well be fair use. For example, if I was writing a book on coding style, and included all 200 lines of this snippet as an example, and wrote a line-by-line analysis of how it was written, that would almost certainly improve the chances of its being justified as fair use.
It is all about "intent." (Score:3, Interesting)
Summary (Score:4, Interesting)
Camp A people would fire someone for taking the time to worry about this because it happens all the time and you're never going to get caught, and the original author of the code probably meant it to be public anyway, even though its illegal.
Camp B people would fire someone for NOT taking the time to worry about this because its illegal, regardless of intent of the original author and if it came to light it would expose the company to bad press and possibly litigation.
Camp C people have no earthly clue how copyright law actually works and are speaking out of their collective asses. Sadly, these people would most likely reason along the same lines as Camp A out of ignorance rather than malice and simply behave the same way with the exception that they don't realize they're breaking the law.
The original poster can certainly decide what kind of person he is (probably B since he asked the question in the first place) and can probably make a guess about what kind of people his employers are (I'm guessing A, again since he had to ask). Then you have to decide what is more important, your job or your ethics. It is a slippery slope when you first start copying code. I had a friend who copied code once. Now he professionally eats babies. True story.
The fact is that all the commonsense notions about how copyright law works or should work don't take into account that copyright law is not written by individuals, but largely by companies like Disney and Warner Brothers (among others), companies that have a vested interest in maintaining control over a certain mouse and rabbit (among others), both of whom would now long since be in the public domain if not for the endless [wikipedia.org] succession [wikipedia.org] of copyright extensions lobbied for by said corporations. Originally (well, since 1909) copyright expired after 28 years, or 56 if you decided to renew it. And this was a copyright you had to explicitly register. In 1976, copyright became automatic and consisted of life plus 50 years after the authors death (or a static 75 years for 'work for hire'). In 1998 it became life + 70 and either 120 years after creation, or 95 years after publication, whichever is sooner. Its interesting to note the effect on Mickey Mouse. Created in 1928, MM would have left copyrighted status (though still been covered under trademark restrictions) in 1984. Because of the 1976 act, that was pushed to 2003. The 1998 act pushed that back to 2023 at the earliest. So look for another copyright law in 2018 or so.
Re:Uhhhhh (Score:2, Interesting)
Re:Uhhhhh (Score:4, Interesting)
If the author of the song threw it in *a lot* of public mass media, I would personally call that implicit permission to use the song. Otherwise, why make it so public?
"As to the legality of downloading it, if it is showing in your browser window, you have already downloaded it."
As to the legality of downloading it, if it going out your speakers, you have already downloaded it.
Incorrect title. Plagiarized code, not stolen... (Score:4, Interesting)
Was the bug within the copied code? Sometimes copyright isn't an issue with copied code. Its product quality.
The three instances of copied code I've found in our commercial product caused major headaches because the code got past QA and failed in the field. It didn't scale, had timing issues, etc.
In all three cases when I confronted the programmers they could not explain how "their" code worked. In all three cases I didn't have them fired. I made them fix it and apologize to the boss (who had to apologize to our customers).
As a result, I now have two decent programmers who write their own code. They ask for help when its needed instead of copying off of the internet.
Enjoy,
Re:Uhhhhh (Score:4, Interesting)
Remember the windows 2000 source code link. Most of the code in the TCP/IP stacks were from Novell. But did they have permission to use it? Who knows.
In this case though, I'd say public forum is public use. I've posted lots of code in forums as tutorials or tips. I'm not going to write a EULA or specify it must be GPL, LGPL, Mozilla Public License, EULA, BSD License, or make up my own. If I post it, and you find it useful, use it.
That said, if you have a really guilty conscience about it, they use the forum to contact the poster and see what he says. I'm sure he'll "say, yeah.. sure, whatever."
Re:OT: Burning money (Score:3, Interesting)
well, just because I am bored and want to have some fun with figures tonight:
56 Billion dollars U.S. is 3,000,666 cubic feet of paper weighing 1,120,000 lbs
(more than 500 feet long, 200 feet wide and 30 feet thick)
Assuming we build some kind of furnace capable of burning paper with perfect efficiency at one pound per minute(I know, I know...)** it would take almost 78 days to burn it all, releasing 8,000 BTU's every minute. Again assuming perfect efficiency from heat into electrical power, it would produce over 8434 Kw/h, enough to supply almost my entire energy budget for the year. Given 24 hr operation and no delays in firing up and shutting down, over 1800 people would have their electricity provided for the year.***
*American Billion 1,000,000,000 (1E9) not the international Billion 1,000,000,000,000 (1E12)
**perfect efficiency is of course impossible, and short of some heavy duty forced air and very high temps, a pound of paper takes a lot longer than 1 minute to burn.
**what a wonderfully wasteful application of money. 56 billion could buy an awful lot more electricity than that.
Re:Uhhhhh (Score:3, Interesting)
This happened so much we stopped doing out of house programming and went back to internal programmers. Yes we tried several different companies... I swear tow of them were the same company operating under different names. The code style, comments, etc were identical in style to the first company.
If you want your app to be sanitized and 100% your companies property, you MUST hire in house programmers and instruct them that they can not use any OSS, snippets, etc... Their bag of tricks they bring with them must ALSO be not used. Programmer X brings his bag of tricks and suddenly your app has some of the same code that 4 other companies have in their apps.
But there lies the problem. management wants unrealistic deadlines and 100% origional code. they cant have both so programmers slip in things they find to make the deadline. Maybe if management actually get's educated and understands that writing code takes far longer than they think then they can get what they ask for.
Re:Uhhhhh (Score:3, Interesting)
Re:Uhhhhh (Score:2, Interesting)
"Leaving It Be" isn't an option either. The OP found the problem in researching a bug. Since that needs to be fixed and since the forum post came up in his search it's possible that he'll need to use fixes from forum replies. It then becomes obvious that he perpetuated the original mistake (if there was one- as others have pointed out the code may have originated with the lead developer who posted to the forum as well as using some of his base code in the company project).
I think he has reason to be careful. It's not clear from the OP, greenrom, how old the code is. Even a few years ago there was much less attention paid to the ethics of using publicly posted code. Greenrom's management might very well be more concerned about this in today's climate than when the original decision was made.
I think he has reason to be concerned as well. One smell. Could there be two? Maybe there is a lot of code lifted by the lead developer. It's every associate's responsibility to act to protect the company. Not knowing that answer makes approaching the developer one-on-one a risky proposition. To protect himself the LD may well begin finding fault with greenrom's work in an effort to have him fired. Flank assaults like that are harder to fight than head-on attacks in some kind of audit or investigatory situation.
My action (given the brevity of information) and this is not legal or other type of advice, would be to email boss, Cc the lead, subject: need clarification for license. body: While researching for a bug fix I stumbled on code significantly similar to ours. Pls be aware that some fault may exist in at . ref: These code blocks are nearly identical.
Simple, factual and non-accusatory. No further explanation about what was being searched or the possible impact or anything else as that is a management problem. Also, managers tend to only read the first three sentences. btw- redundancy intended. Make sure the point is clear.
As to the poster who proclaimed some defect in the OP for having used the internet to help him fix the bug. That's just ridiculous. It's a HUGE time saver.