How to Deal With Stolen Code?

greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."

Uhhhhh

[blaster151]

> Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?

Of course it is. This kind of thing happens all the time.

Frankly, I'm glad you don't work for us. The fact that you would consider "rewriting" code that works well just because it was written by someone external to your company doesn't speak well for your sense of business priorities or usage of time.

> The original author didn't attach any particular license to the code.

I think that says it all.

Re:Uhhhhh

This kind of thing happens all the time.

So does downloading music.

The original author didn't attach any particular license to the code.

I think that says it all.

I don't see any particular license on the mp3 files either.

Re:Uhhhhh

[caerwyn]

Ahh... technically speaking, this could be very bad advice in the business arena. While I'm not a lawyer, AFAIK code is copyrighted at the act of creation, and simply by making it available for viewing the author is not automatically giving up those rights. While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.

Rewriting simply because it was written external to the company isn't a good thing. Rewriting because it was written external to the company and you're not certain of your company's license to legally make use of the code is an *entirely* different thing.

The author not attaching a particular license to the code is not a blanket license to do with as you will. The author may have intended that, but I don't believe it's true in the legal sense.

It might make more sense to go as you're suggesting, but given the mess that is current copyright law, a business ought to tread more carefully.

Re:Uhhhhh

[morgan_greywolf]

Um, no. If you want to be technical, if there's no license attached to the code, then you can't use it. Copyright happens on an original work from the time it's published. There are no notice requirements. Without a license, you don't have permission to use the work.

Now, in reality, the author posted it to a forum, probably with the intention of giving away the code. It would be entirely up to the author to sue and whether the author would sue or not -- well, I kinda doubt it.

But, if I were you, OP, I'd check with your company's legal department and/or an attorney. Asking questions like this on Slashdot is likely to result in you getting a lot of misinformation.

Re:Uhhhhh

[danlyke]

If there's a question on the license, then I think it's totally reasonable for ScuttleMonkey to go to his project lead and say "I'm uncomfortable that we don't have an explicit license for this code, we need to contact the original author and obtain a license or an acknowledgement of a release to the public domain".

I don't attach a license or explicit release to every piece of code I've posted to forums or newsgroups or what-have-you over the years, and I have had every expectation that many of those would get copied and pasted into applications without attribution. I'd prefer it if, when that stuff ended up inside an app, there were a note saying "here's the original source" because when I've stumbled across such code it's sometimes made it easier to figure out what it's supposed to be doing, but I don't expect it.

If ScuttleMonkey has an indication that the original license is not something that allows incorporation into the code, then it's totally reasonable to escalate this one over the lead's head early on, but it sounds like this was something picked up off a site like CodeProject.com, where it's completely reasonable to assume that the intent of the poster was that this code be incorporated and adapted without further license terms.

Re:Uhhhhh

[IceCreamGuy]

The guy is asking a question because he's apparently new to the business and wants some sage advice from people like you who know what they're doing. People aren't born with this information, the only way to get it is either to screw up or ask somebody, and he decided that it was a good idea to ask first. Frankly (if that is your real name), however, I wouldn't put much weight into your vague response even if it wasn't condescending and derisive.

Re:Uhhhhh

[Thyamine]

Yes, it's terrible to think that someone may consider ethical problems in a business situation. That perhaps he wants to do the right thing, needs some clarification, and doesn't want to get the company or himself in trouble.

Re:Uhhhhh

[SheldonYoung]

> Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?

Of course it is. This kind of thing happens all the time. So does fraud, burglery and worse but it doesn't mean it's legal.

Frankly, I'm glad you don't work for us. The fact that you would consider "rewriting" code that works well just because it was written by someone external to your company doesn't speak well for your sense of business priorities or usage of time. Nobody in their right mind would ever purchase your services or products again. They would not rewrite the code because it was created externally, they would rewrite it because legally and ethically they have not been given rights to use the code. I would not do business with anybody who would knowingly use code of dubious license.

> The original author didn't attach any particular license to the code.

I think that says it all. Yes, that means they have no license to the code and must ask for one. End of story.

Re:Uhhhhh

[mce]

>> The original author didn't attach any particular license to the code.
> I think that says it all.

Yes, but it does not say what you seem to imply. If the original author did not grant permission, you can not use the code (but you can implement the same algorithm yourself, at least as long as there is no patent preventing that). Note that the author does not have to include such a permission in every piece of code. It can be in an accompanying file, or it can even be in the Terms of Use of whatever bulletin board or website he used to publish it. But you have to check that.

Granted, as long as you do not distribute the source, nobody will spot a 200 line piece of code and this kind of copying indeed happens all the time, but that does not make it legal in the strict sense of the word. I once wanted to use a small library that is floating about out there without any license/copyright statement. As it would have been possible for our customers to spot the use, I checked with our legal department and they were very firm: if I could get the author to explicitly approve it, it was OK, otherwise not. He did not reply, so I had to scrap the idea.

Re:Uhhhhh

[TheWanderingHermit]

I'd also consider the possibility that you don't know the whole story. I found a version of some well known C code for Java and wanted to be sure, before I included it in a FOSS project, that even though it's based on a mathematical algorithm and that the code for that function in other languages has been published in many FOSS programs, that I could include the code in a FOSS project. In the long run, I tracked it down through several people and basically nobody cared what it was included in and I don't think anyone even wanted to bother to license it. In the long run I kept all the emails and notified the project owner. We did make mention of it in the comments, but didn't feel it appropriate to include any guess at licensing info.

It's possible the project head already has permission to use it or may even know the programmer who posted the code to the forum. There could be any number of legit reasons why nothing was said about it in the code comments. It's even possible that post was made my the project leader under a different name.

To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand.

Re:Uhhhhh

You don't know that the poster had permission to post the code in the first place.

Re:Uhhhhh

[king-manic]

To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand. Or he's a young programmer who is afraid he's the scapegoat.

Re:Uhhhhh

[duffbeer703]

The only issue is that if the author wrote the code at work, it's not his to give away.

Personally, I'd forget that that I found it.

Re:Uhhhhh

[show+me+altoids]

That's true, of course, but there is only so much you can do. Should the submitter do a search for all other code in the application and see if any of it is stolen? I do get your point, though, but this is such a common practice that I think most developers don't even think twice about doing it, which, I concede, doesn't make it automatically legal.

Re:Uhhhhh

[hedwards]

The forum rules terms may claim that, but the likelihood of them being able to defend that in court is a very different manner.

Chances are if they didn't pay to have the code snippets coded, or provide an incentive for doing so, that they wouldn't be able to claim the code as a work for hire.

They would also have to deal with the fact that in most cases the code snippets came from somewhere else. While from time to time the code might be written on the fly for a specific question, in many cases the code is going to come from a project of some sort. Without an explicit agreement to transfer the rights, the forum shouldn't have any claim to copyright on the various snippets.

More likely, the forum follows orthodoxy and states that the code and posts aren't their responsibility and that they have the right to host the posts. Which buys them some freedom from being sued for somebody else's content. Meaning that as long as they remove any infringing posts when given an appropriate take down notice, they aren't responsible for any infringement.

But IANAL so YMMV.

Re:Uhhhhh

[SnoopJeDi]

I don't see any particular license on the mp3 files either.

You don't see a license attached to a bootlegged DVD or game, either. Because the license was attached to the ORIGINAL material, and violated in the distribution of the mp3. As several people have brought up, there's a possibility that this code was taken from something that was licensed, and given away as implicitly free.

Regarding the OP, I'm siding with the "forget it and leave it be" camp. If you don't make a fuss, the only person that could get in potential trouble if it turned out to be rotten would be the guy who wrote it. There's no assumed responsibility on you to check everybody else's code for licensing issues, and nobody could prove that you'd made this discovery, so you could feign ignorance. Well, unless a vigilante Slashdotter tracks you down and brings the law down on you. You might want to consider hiding.

Unless you've got some ENORMOUS ethical battle to fight on this particular issue, ignore it. Or rewrite the code on your own time to keep the project on-schedule.

Re:Uhhhhh

[Jherico]

>His options for avoiding this are to either find another copy of the code which is listed under a license, contact the author and ask for a license, or to rewrite the code.

I've actually left out a lot of caveats here, and IANAL, but most of the caveats are things that only get settled after litigation, which is something you want to avoid. People have replied to me talking about things like 'works created for public use' or talking about how anything in comp.* on usenet is essentially meant to be used. Neither of these are actually strong legal arguments, nor would a judge accept 'well no one has sued anyone over use of code from this source before' as a valid defense. This kind of thinking is hopelessly naive. In point of fact, companies which have used source code under the GPL and failed to follow the terms of that license have run into hot water numerous times before and the GPL is a much less restrictive license than 'no license at all'. My point is that if the OP wants to be in the clear (i.e. no gray areas that might involve litigation down the road, even litigation his employer is likely to win) then he basically has the above listed options.

Re:Uhhhhh

[maxwell+demon]

// While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.
Well it could be a lot more likely now, if the original author reads \. I don't think reading \. will have any impact on any problems the code snippet may or may not cause :-)

Re:Uhhhhh

[Catskul]

You *never* know if someone has permission to distribute code, even if they sell it to you.

Re:Uhhhhh

[Anonymous+Brave+Guy]

You make a valid point, which is why the concept of due diligence exists. Exhibiting due diligence is one thing that tends to set the professionals apart from the amateurs. But any way you cut it, just grabbing a substantial, unattributed bit of code off a web site and using it in a commercial product doesn't sound much like performing due diligence, and the OP is right to be concerned.

To the OP: If I were in your position, for a start I wouldn't touch the code that already exists so it's very clear I didn't put it there or have anything to do with using someone else's copyrighted code. An informal approach drawing it to management's attention is probably a reasonable first action to try and restore compliance. If it's a larger company, they might have a dedicated compliance contact in the legal department you could approach if management is unresponsive. In any case, if the situation is not resolved quickly and appropriately, I would be planning on finding another job as soon as possible, since you really don't want to get caught up in any potential legal action, and it sounds like you're in the optimum position to become the fall guy.

Re:Uhhhhh

[Jherico]

I'm sorry, I misinterpreted what you meant by 'make a buck from cmdr taco' and assumed you were cutting and pasting auth code from the code for slashdot. In the corrected case, you can't sue someone for reproducing something if you knew the natural result of performing an action would be that the item would be reproduced (you know exactly what the post button does). In addition, if the code you are writing can't be substantially implemented in any other way, or more than 1 or 2 ways, then its not copyrightable. I can't copyright code that does some simple thing like deleting a file in java because its simply not possible to do it in more than a couple different ways. The same would apply to this auth snippet I imagine. Note that in a real world situation (one in which it wasn't patently clear that your goal in posting code was to enable litigation, and one in which it was a bit more ambiguous whether the code could only be implemented in X many ways), both of these situations are likely to leave you open to being sued by some asshat who wants to tie up your company in red tape, whether or not the law eventually comes down on your side. Its safer just to steer clear of such situations entirely, whenever reasonably possible.

Re:Uhhhhh

[JoelKatz]

I hope you don't take this wrong, but you're an *idiot*. I really hope nobody takes your advice.

It's entirely possible the guy wrote the code and also posted it to the forum, perhaps under another name. It's also possible he obtained permission to use the code.

But posting code publicly most certainly does not license other people to use or copy it and professional software development organizations take such things *very* seriously.

Re:Uhhhhh

[DragonWriter]

If you don't make a fuss, the only person that could get in potential trouble if it turned out to be rotten would be the guy who wrote it.

Actually, the company could be in potential trouble, and depending how critical the code is (and whether the one example is an isolated case or part of a pervasive trend), everyone who depends on the company for their livelihood could be negatively impacted.

Re:Uhhhhh

[HiThere]

I believe that you are a lawyer.

Your advice is, indeed, a legal way to proceed. It is also impossible for the poster. That's not one of his choices.

Were I him, I would not admit to having noticed anything. Possibly, depending on personality factors, I might get into a discussion with the other code about copyrights, laws, and ethics, but I would be very careful to not admit having noticed that he might have done anything improper.

You are talking here of a new hire. The low man on the totem pole. And this is a case where the proprietaries aren't entirely clear. (E.g., this person should definitely not attempt to acquire a commercial license, as he wouldn't have the right to comit his company to anything.)

FWIW, I consider there to be a fair chance that the example is from a standard text on algorithms. I certainly have no proof that this is true, but it might well be. If so, the PURPOSE of the book was to share how to do various things, say Shell sorts. (Probably not, as that's now commonly built into languages.)

That which you are suggesting is probably something that even the lead programmer wouldn't be able to get the department to do. Yes, it's the legal approach. And it's total impracticality is a small part of what's wrong with the legal approach, and why essentially nobody uses it.

Personally, my favored way of avoiding this problem is to use GPL software...but it doesn't totally get around the problems that the legal approach has saddled us with. We weren't told what license the issued product would be under, and it might BE under GPL. This wouldn't solve any of the problems in this case...this case where there shouldn't BE any problems.

Text published in a public forum without an attached license should BE public domain, with all liability resting on the person or entity who published it. (I'll grant that this would make the GPL a lot more like the BSD license, but in an ideal world those two would be identical in effect. It's the imperfections that cause me to adhere to the GPL.)

Re:Uhhhhh

[theshowmecanuck]

How many angels can sit on the head of a pin?

Just because you don't know the source of this expression doesn't mean it is offtopic.

Re:Uhhhhh

[Anonymous+Brave+Guy]

Holy hell, someone finds some useful code posted on a forum, uses it illegally , and you report them to management??

There, fixed that for you. No charge.

Re:Uhhhhh

A teaching assistant asks a question on how to teach a certain subject on a forum and some other TA at another university replies with an "Here is how I did it..." answer with his lecture slides and such. This doesn't automatically mean the original TA can automatically just lift the exact answer and use the material directly in his lectures.

I see your point, and that is exactly what you would argue in court. But the counter would be that the TA should have made his own material using the answer as a guidance. The judge can lean either way. It becomes even more dangerious if the TA didn't attribute the material he used to the source (even if the source is anonymous, you can still explain where/how you got it).

For code, if it is very generic, it is understandable that you lifted it right off as you can easily make the arguement that it is generic, and public domain. But for complex algorithms, you are seriously taking a risk. Either way, you must always attribute it to your source.

The issue is copyright law, which in the US, automatically reserves ALL rights to the creator at the time of creation. Fair use and such open up some rights (such as being able to read it), but most rights remain withheld on a case by case basis till granted. Programmers need to think these things before assuming, cause it will get them in hot water.

The safest route is to always ask for permission before using or reimplement from your understanding (more than just changing lables). And if you are posting, leaving a line like "You are free to what you want with this" or similar really helps. Also, you can ask the entity managing the forum system cause many times they get full rights to whatever users put up there.

Re:Uhhhhh

[Anonymous+Brave+Guy]

This discussion is pretty scary. Of those posts I've read, a clear majority seem to be blatantly misrepresenting the most basic principles of copyright law. Whether this is out of ignorance or malice I don't know, but in many cases, it has now been moderated informative and/or insightful. Attempting to describe possible ethical actions the OP could take at this point seems to meet more derision and laughter than acknowledgement and agreement. And apparently some of our mods think it's funny to break the law, but trolling to point this out.

Slashdot used to be better than this, but it seems almost impossible to have any reasoned, objective discussion about copyright-related issues here now. Go ahead and mod me to hell for saying it; I've got karma to burn, and it has to be said.

Re:Uhhhhh

[BasharTeg]

Posting code publicly, aka in the public domain, aka distributing it without a license, does not put the code in the public domain? That's news to me!

Re:Uhhhhh

[JoelKatz]

"Posting code publicly, aka in the public domain, aka distributing it without a license, does not put the code in the public domain? That's news to me!"

Then you've been under a rock for the past 35 years or so. A split second of common sense would show how crazy your claim is. Songs are played on the radio, which is precisely akin to a public post. So can I record them off the radio and sell copies?

Re:Uhhhhh

[Java+Pimp]

Slashdot used to be better than this, but it seems almost impossible to have any reasoned, objective discussion about copyright-related issues here now.

The sad part is 3 or 4 years ago, the Slashdot groupthink would be all in favor of sharing free information in public forums because information wanted to be free. That was the foundation of the internet and the origin of Usenet in the first place... i.e. a Users Network. But today, with copyrighted this and imaginary property that and patented other thing..., the consensus is no longer in support of the free exchange of information that was so dominant but rather the brainwashed "damnit you better adhere to the letter of the law or face serious consequences" groupthink.

Meanwhile, while this flame war is taking place here on slashdot, the users over at Usenet continue sharing information with each other freely as has been done for nearly 30 years now without concern and without thought of the cold chill of a copyright lawsuit crawling up their spine.

Re:Uhhhhh

[Anonymous+Brave+Guy]

Extreme groupthink isn't healthy in any direction, precisely because it tends to trample on any dissenting views, no matter how valid.

Information doesn't want to be free. Information doesn't want anything at all. It simply exists, and it can be shared by those who have it. (The argument that "you can't prevent it being shared, so sharing it must be OK" is unhelpful: you can't realistically prevent me committing many evil acts, but that doesn't mean society should condone my doing so by legalising them.)

Similarly, empty-headed support for any copyright law is unhelpful, because you start equating the current law with ethics, which is always a dangerous path to follow. The law should follow ethics, not the other way around.

However, in this discussion, the original question seems to relate to a real situation, and therefore what is called for is a real answer based on real laws as they stand today. Misrepresenting those laws, whether because you happen to disagree with them or because you simply don't know what you're talking about, doesn't help the OP to solve his problem, and that's why I object to many of the replies and moderations in this discussion.

Ask a lawyer, not Slashdot

[sconeu]

n/t.

It's common sense

[Fierythrasher]

When I was in grad school for programming my instructor taught us how to search for the code we needed on the web.

Moreover in my professional career as a programmer I ran into several stumbling blocks where I couldn't figure something out. I'd google for code, or use helper sites like Tek-Tips where people could either correct my code or provide me new code.

I'm paid for results, not for originality. If people provide code on the web as tutorial purposes or just as a friendly piece of help then I would be going against my job to not use it.

Moreover, I ask: If you bought a book on, say, ASP and it had sample code that did exactly what you wanted, would you then rewrite that code so it was not what was in the book? Of course you wouldn't!

Re:It's common sense

[Merk]

If you buy a book on ASP, generally the sample code in there has a license that allows everybody (or at least people who bought the book) to use the code in any way they want. The same can't be said for virtually any code you find out on the web. The default for any new work is for it to be copyrighted and with no license. Unless your use of the copyrighted material falls under Fair Use, you're not allowed to use it; copying the entirety of a code snippet for use in a commercial application is not Fair Use.

You'll probably never get in trouble for doing this, because probably most people (90%+) would say their posts are in the public domain if asked about it -- but until you've asked them, you have to assume that it's "look but don't touch".

Re:It's common sense

[maxwell+demon]

First of all, what's most important in an algorithm, and most code that is looked online up is not an algorithm but particular obscure library calls that can't possibly be copyrighted.

The algorithm cannot be copyrighted (it may be patented, though). It's the expression of the algorithm which is copyrighted. So if you take some code, understand the algorithm, and then implement the algorithm with your own code, it's not copyright violation. But if you take the code and copy/paste it into yours, it may be copyright violation.

Small potatoes

[crunzh]

If the author doesn't attach any license and it's "just" some code from a forum posting I don't see a problem with it. I have several times posted code samples in forums to help people, I would not mind that they where used in someones commercial program, if I minded I would have attached some for of license. If its posted on a forum to help somebody, the poster must know that it will be used.

Dunno; good question.

[w3woody]

Generally whenever I post code on an open forum in response to an answer, I assume the code will be used by other people and so I generally treat my own code as if I just put it into the public domain unless I've explicitly said otherwise.

However, that's not the law. I believe that the code an author publishes on an open forum is copyrighted by the author by default.

Me; I'd probably drop the guy a brief informal note asking permission to reuse the code and see what he does. More often than not if he's like me he'll probably say "sure, I don't mind."

But how do you know

[GIL_Dude]

How do you actually know that this happened? From what you posted it seems just as likely that the author of the code worked for your company and saw some question in a web forum, took some code that was the companies' property (developed on their time and their equipment) and posted it to the web forum to answer someone's question. Do you have any way to be sure that that isn't your own companies' code out there?

Don't sweat it

[GlobalEcho]

Don't sweat it. When I post code in a forum, I generally do so with the hope that other folks will find it useful, and the expectation that, if they do find it useful, they'll go ahead and copy it. If I want to make something available with a license and everything, I'll either put it on Sourceforge, or post a license in the comments. It's a safe bet the original author feels the same way.

Legally, it's not necessarily safe to copy long snippets from forums, but from practical and social points of view, I think this is much ado about nothing.

Re:Due dilligence and move on

[EvanED]

If there is no copyright claim by the original author then I don't see what the problem is. AFAIK that means it's in the public domain (I'd check the website's disclaimer or terms of use though)

You'd better take a refresher course in copyright law. The lack of a copyright notice means little; your creations are implicitly copyrighted.

I may agree with you elsewhere, but you are flat out wrong on that point.

Use it

[fhic]

I do this all the time. My feeling is that code snippets posted in a public forum are meant to be be used by others unless it says not to. Yes, I recognize that this is at least theoretically contrary to US copyright laws. But if you don't want someone to use it, why post it? To show your brilliant code?

Since this specific case apparently bothers you, I think you should try to contact the author through some back-channel and get an explicit okay to use it. But I bet more than likely your request will be ignored or you'll get a "why the fsck are you asking such a dumb thing?" That's generally how I reply when someone asks me about code I've posted.

Comment it with the URL

[BMonger]

Usually if it's a complicated section of code I'll include the URL in a comment above. If it's just a line or two I won't. Often times if it's from a forum I stay with that forum for a few weeks and try to contribute back in some way.

If the code explicitly has a license attached to it I follow that of course. But I've not had to do that yet. I don't pull code from other project bases unless it's a library or such (in which case I follow the license). Only code that is meant to be viewed and used (such as forums/tutorials).

Re:Due dilligence and move on

[Chuckstar]

I like the idea of commenting the code and moving on.

Note, though, that posting code on a forum with no copyright notice does not put it in the public domain. IIRC, the lack of copyright notice means that the first move of the copyright owner can not be to sue you, they must first notify you of the violation and give you a chance to fix it. In other words, the law takes into consideration that without a copyright notice you might accidentally copy something you shouldn't and allows for the violator to fix the problem once notified.

So the worst case is that the copyright owner makes your company change the code at some point in the future. If you put the recommended comment in, your company will know (i) its not your fault and (ii) you were heads-up enough to look into the issue a little further when you noticed it.

I wouldn't worry.

[jellomizer]

Technically it is a copywrite violation but so is most anything now adays.

If the person posted code on a forum then normally they do so expecting people to use it. Hense Posting it on a forum. Most forums go like this.

First Post
How do I do this?

There is a reply
Try this code.

They usually replay with two options
Sorry it didn't work or It worked thanks.

You are probably just out of college were even looking at someone elses code is considered a great moral sin against humanity, where just the though of this could bar you away from higher education forcing you to live your life without being able to obtain a higher degree. In business if it works they use it even if it is a copy and paist. If it was something more problematic like say Using the source from an other companies code who had a strong license on it... Or using GPL code for non GPL reasons then there would be some consern. But for posting giving help to some one who wants to know how to do something it is basicly a non-issue.

Hmm, Let's see...

[aminorex]

Gee, it's a dilemma: You could (1) talk to the guy about it, or (2) wave it over the global press under a pseudonym pretending that no one will guess who you are.

Let me think about this for a minute...

Use your head.

[SatanicPuppy]

Just for me personally, if I put some code I wrote out in a forum, I expect someone to use it other than myself. Someone asks a question, I throw out a chunk of code, we're done. I don't care where it ends up. Likewise if I find an example that someone has put on the web when I was searching for something to do that exact thing, I'll grab it and adapt it to my use on the principle that that's what it's there for.

Forums can be kind of a greyer area. I once had a guy who was maintaining a system I wrote put a decent chunk of my code in a forum; source code, mind you, not just a script. It was a whole program, and while I never sold that particular piece to do anything by itself, it was a part of a product I did make a decent bit of money on, and a pretty clear-cut breach of my IP for some joker to just post it (they'd signed a contract dealing with redistribution, so it was in writing).

I called them, they apologized, disciplined the guy, and hired me to do the change he'd been trying to do (he'd posted the code trying to get someone to tell him what it did), and paid me at a higher rate. I let it slide because it wasn't a big deal (non-critical code), and they dealt with it to my satisfaction.

If, at some later date, I'd found that code verbatim in someone else's system, I might have mentioned it to them, as an aside, but I wouldn't have tried to claim damages or make them remove it. At that point it is WAY too difficult to trace provenance, and hard to prove any sort of knowing violation. It had been released, I'd taken it up from the people who released it, it was done.

In short: If someone releases code with no license attached and you use it and it turns out later it was licensed you're going to have to deal with the consequences of that. If it turns out it wasn't licensed (or was BSD licensed) you're in the clear, even if it was a case like mine where the code was released by a party that wasn't authorized to release it.

The internet is a nice tool to keep from re-inventing the wheel, but if you take anything more than a little subroutine, you better know what rights you have with regards to it because it can seriously bite you in the ass.

An interesting question

[starseeker]

Not specific to this situation, but there almost certainly has to be a practical limit to how much code you need before something is under copyright.  For example, the single line

(+ 1 1)

could not be reasonably subject to copyright (IMHO, IANAL, etc.)  IIRC there is some rule about originality that this would not satisfy.  OK, what about:

;Code to print out "hello world"
(defun hello-world () (format t "hello world"))

Exceedingly simple, entirely trivial, and arguably not creative or original, but more gray than the first example.

What about:

;Code to add two numbers and multiply by a third number
(defun calc-with-three-numbers (a b c) (* (+ a b) c))

Still trivial, but you get the idea - at what point do we cross the line into copyrightable material?

Also, let's assume (for the sake of argument) the last example above is copyrightable.  If someone else independently working on the same problem does:

;(x+y)*z
(defun f1 (x y z) (* (+ x y) z))

Would that constitute a copyright violation of the above formula? They do precisely the same thing using exactly the same algorithm, but look very different.  Is the second in violation of copyright of the first?

In practice, some problems have an "optimal" solution that most skilled programmers will eventually converge on (if they are good at their jobs).  To my mind this might end with comments being (sometimes) copyrightable and code being defined as a mathematical algorithm, which (IMHO) is much closer to the true situation.  But I don't know what the legal definitions are for this issue - anybody know if Groklaw has dug up any related material?

You already know the answer

[Weaselmancer]

I'm new to the company, and the developer who copied the code is the project lead.

You married? Got any kids? A mortgage?

If the answer to any of the above is yes, then shut the hell up about it and get on with your day.

If the answer to all of the above is no and you're in the mood for an ethics experiment - mention it to someone. Have your resume ready first. You're about to learn what the business world is really like.

Re:You already know the answer

[slothman32]

No; you should always do ethical dilemmas.
I once read a comment on /. about someone saying their contract to their family was more important that that of the company they worked for.
I don't know the exact extent of the problem here but that would mean that anybody with a family could do unethical, maybe even illegal, things and use the excuse, "I have to do it to support my family." "They won't survive if I don't do the bad things my companies want because a McJob won't cut it."

The business world probably is like that. That doesn't mean you should be.

I wonder if this is a cognitive dissonance.
Ethical job and family support are both needed but can't be at the same time.
The remedy is to make one more important than the other.
The other then doesn't exist in this comparison.

It depends on the role it has in your app

[codeboost]

I guess it all depends on what the code does - if it's a collection of utility functions (like string manipulation) which anyone could write during a coffee break, then I guess you can forget about it and move on with your life.
If, on the other hand, the code is a complex algorithm which took months of research to develop AND is the main feature of your app - then I guess you should spend some time and try to figure out the license thing.

I guess one should be 'politically correct' up to a certain point - when the subject can, in theory, harm others. Beyond that it doesn't make sense and one should focus on more important aspects of reality, rather then examine everything under the microscope, even though there's very little to see there.

Code length

[DeadDecoy]

Normally, it's best to err on the side of caution write original code. In this case the code was 200 lines long. Now, I know length shouldn't be an issue, but how many different ways can/will you write your for-loops or AJAX code. The OP mentioned that the code was 200 lines long, which isn't very much. Even if the OP's group were to rewrite the code, it might not look very different from the original code (not counting stupid things like variable or function name changes). It's at these gray areas, that I, personally, tend to not care as much. Now, if it were an entire library of code, that would be different.

Re:Spilling the beans

[syousef]

Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.

Then you take a hit for looking incompetent. No one in their right mind wants to trust mission critical stuff to a guy that's proven they're sloppy. Playing "stupid" as you put it makes you look stupid. Plus it's gutless. Think about this: Who wants to promote someone that's gutless and stupid? No. With this kind of thing you either decide to front up with what you've found (and be discrete about it) or discuss it with no one (much less post on /.)

Also if you approach the company don't jump to any conclusions. Just present the facts. For all you know someone at your company asked permission from the author (and though unlikely since there was no attribution, you shouldn't presume the coder's guilt). If you're using a code repository correctly it shouldn't be hard to track down the developer that wrote the code and enquire about it. Make sure you report the problem to the correct person if your company has formal reporting guidelines, but do so informally if possible at first. How things proceed from there is up to your company as laid out by their policies.

I'm guessing that if you're asking on /. you don't feel compelled to become a whistleblower and sacrifice your career, but if you report up the chain a couple of levels and they do nothing you have to decide if it's worth doing just that. You have to pick your battles and live with the consequences of what decisions you make.

If the code's easy to replace (and most 200 line snippets posted on a forum are), there shouldn't be an issue getting someone to write the replacement without seeing the original, the work to do so is not a huge liability to the company. However if your company has publicly released the code in one of their products it could be a much bigger issue because it potentially exposes the company to liability.

Re:Spilling the beans

[Perl-Pusher]

God I'm glad I don't work with you. Here is a novel idea. Why not discuss it with the guy who your trying to screw? Voice your concerns and maybe, just maybe, he will contact the original author and get permission. He might even be the original author. That way you don't have to worry the guy finds out who stabbed him and come to your house and get revenge. At least be man enough to let your boss know what kind of person you really are.

Talk to the guy who copied it?

[merreborn]

Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification

Hopefully you're working for a decent guy, and you can just say "Hey, dude, I was researching this bug, and in the process, found this code on this forum. You think we should be worried about copyright issues?"

He may, like several slashdotters in this thread, be completely unaware of the fact that code is automatically copyrighted in the US.
He may have been aware, but just lazy, and say "Yeah, we should do something about that".
He may say "Who cares? No one will ever find out!". In that case, *then* you may consider going over his head and raising the issue with his superiors.

If he's a decent guy at all, he'll appreciate your coming to him politely with your concerns. But even if he's the type of vindictive halfwit likely to take offense at your discovery, he'd probably be hard pressed to come up with an excuse for taking action against you. And really, if you're working for someone like that, you should strongly consider looking for a new position elsewhere.

Re:You could ask politely

[arminw]

......Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline..........

Unless you are fortunate enough to figure out who REALLY wrote that code in the first place...... You might have 10,000th copy of it and no idea whom to ask for permission.

Guilty until proven innocent

[dFaust]

So let's be honest, this is a pretty common occurrence. Often times when people post code online in a forum, it's expected by the author that people will lift the code... in fact, that's why it's being posted to the forum! I understand that without an explicit license or authorization from the original author that this is not legal... good, fine, whatever - not trying to debate the legalities of it.

What bothers me here is that the original poster seems to be implying some act of malice on the part of his co-worker. Now, I don't know the full details of the situation, maybe there are valid reasons why he would feel that way. But he didn't even hint at that in his question to Slashdot but does mention his inclination to report him to managment. Really?? I mean... REALLY??? Could this not be an honest mistake stemming from a misunderstanding of the law? Perhaps the co-worker had private exchanges with the code author regarding using the code. Should portraying your co-worker as a criminal to management really even be considered as your first course of action?

I'll let others give their suggestions on how to deal with the situation, but the way the co-worker was portrayed here just rubbed me wrong. I've seen this same thing plenty of times, and it's never been anything but an innocent mistake... both on the part of the person copying and the person posting the code, because in my personal experiences the poster's intent was to make the code freely available but lacking knowledge of copyright law prevented them from expressly stating so in the forum. I'm guessing there's a good chance it can be resolved fairly easily without pissing anyone off or getting anyone fired.

Re:Then I'm glad I don't work for you

[TheWanderingHermit]

Then I'm glad I don't work for you

So am I. Almost every line of your post is an assumption based on -- well, nothing.

as is mentioned upthread, published works are owned by their authors by copyright in the USA

And where does it say for sure that 1) this company is in the US or that the forum is based in the US? And, again, as I pointed out, how does the OP know that even if it's not in the comments, that permission wasn't obtained elsewhere, in email, for example?

I'd prefer an ethical behavior on the part of all of my employees; some do better jobs than others-- but ethics comes first. Our code is clean, was clean, will be clean, and adheres to the licensing and copyright strictures.

I never said I didn't but you seem to assume so. I set the ethics for my company. There are MANY times when two or more people can have differing views on what is right. I built my company from the ground up, from when I couldn't even afford to buy the tech books I needed without asking relatives and friends for a loan. It's my business which means when views conflict, my ethics prevail. It's my decision that counts.

Dry-ripping/cutting&pasting code from any old website is beyond stupid, it's lax, possibly criminal, and well, you haven't vetted the code against standards and practices-- what if it blows up or creates a nice nugget of crap in otherwise vetted code.

Interesting assumption -- that you haven't vetted it against standards and practices. Depending on the language, a couple hundred lines of code by a third party can be just as easily debugged as if one wrote it himself. That the code comes from outside does not make it better or worse than if it was written by someone inside the company. Yet you assume it is bad and hasn't been debugged or vetted.

And what if this new programmer, the OP, writes replacement code that "blows up or creates a nice nugget of crap?"

I disagree with your practices.

An interesting judgement you make considering, from that first post of mine, the only practice I stated was that I'd rather have someone who works than looks for moral crusades. I've had potential programmers, for example, that felt I was immoral because the program we give our clients to run on their computers to connect to ours is closed source. I'm not going to hire someone who is going to make it a point of continually butting heads with me, thinking that his ethics should or have to rule over mine.

If you re-read my post, I didn't tell the guy what to do. I didn't tell him to shut up, I didn't tell him to go to management. I just brought up one point that was quite relevant. I didn't say what to do or not do.

They put output over ethics, suggest unscrupulous use of code, violate standards practices, and create possible conflicts with other code.

Again, quite an assumption. I am quite strict in how certain situations should be handled and could have "made it" much faster if I didn't make a point of working within ethical boundaries. I have competitors that I could have wiped out if I wanted to, but I haven't due to ethics. You make quite a strong judgement and make some strong statements about me with very little information.

And, again, all the issues you say are possible with someone else's code are just as possible with code written in house.

Thank you, though, for providing a good example of what I'm talking about: Someone who is so eager to find a chance to stand up for what he thinks is right (and a chance to go on an ethical crusade so he can take someone else down) that they're willing to jump in without thinking or examining the situation and start calling people immoral or unjust.

Question of Provenance

[SwashbucklingCowboy]

There is a question of provenance of the code. Just because you found it on some web site doesn't mean THEY didn't copy it from somewhere else and remove the copyright notices - it happens. It's also possible that both got if from a public domain source (there isn't that much code in the public domain, but there is some). However, I strongly suggest you report it to your superiors within the company. If they decide not to do anything about it then don't worry.

Copyright infringement is one of those things where ignorance is not bliss. The longer it goes on, the higher your company's potential liability.

Re:Um... what?

[ceoyoyo]

Reading the comments for this story it's almost hilarious how many people see no problem whatsoever with ripping off code and passing it off as your own. Ripping it off is wrong legally, but more important passing it off as your own is wrong ethically.

Re:Summary

[Jherico]

The intent of the author DOES NOT MATTER. Unless there is a license or the forum has an implicit license somewhere (which the author of the original code could not have missed), then the code is copyrighted and not usable under any license whatsoever, no matter what the author meant. I KNOW it doesn't make sense, but that's the way the law is. And even if you're somehow in some gray area, that's actually worse than an outright violation in most cases, because you're better off paying damages and fixing the problem than a year of litigation, stays preventing sales of your product and lawyers crawling up your ass with a microscope during discovery.

The vast misunderstanding of basic copyright law here reminds me of this exchange (used without permission and don't think the irony is lost on me)

JOSH
So, if we're lucky, foreign aid's going to be funded for another 90 days at 75 cents on the dollar. No one who's ever said they wanted bipartisanship has ever meant it. But the people are speaking. Because 68% think we give too much in foreign aid, and 59% think it should be cut.

WILL
You like that stat?

JOSH
I do.

WILL
Why?

JOSH
Because 9% think it's too high, and shouldn't be cut! 9% of respondents could not fully get their arms around the question. There should be another box you can check for, "I have utterly no idea what you're talking about. Please, God, don't ask for my input."

Then again, MOST ask slashdot discussions remind me of that exchange.

Re:Code posted on the web with no license is free.

[Jherico]

>200 lines of code from the Internet, posted by their author, are free. Period.

You would be hard pressed to be more wrong. All creative works are copyrighted and unless licensed are not free for anyone to use except under very specific conditions.

>Ever find a quarter on the ground? Somebody ever give you one? Did you require a deed to prove you had the right to the quarter?

That's an asinine comparison. A quarter isn't a creative work. Quarters are not covered under intellectual property law. The comparison you're looking for is finding a novel manuscript on the ground, picking it up, putting your name on it and selling it to a publisher.

context matters

[sentientbrendan]

If code is posted on a forum, whether or not it has a license attached to it may not matter. Many forums used by programmers require that posters give the right to use the example code posted, etc. Please check with forums FAQ before panicking.

You should probably just mention it to him and offer to rewrite it. It would be wise to not act in an accusatory manner when bringing it up. Remember that there are a lot of sources out there that are meant to be used as example code, and that if permission to copy is given it isn't "cheating" to do so.

bad advice on GPL

[sentientbrendan]

>Personally, my favored way of avoiding this problem is to use GPL software...
This *causes* legal problems, it doesn't solve them and is bad advice. How you can use GPL code in conjunction with your proprietary software is highly legally constrained. If you use GPL libraries, the GPL license then applies to your code. Supposedly LGPL gets around this, but not really due to ambiguities in the license (the license uses the ambiguous term "derives from" which has a different meaning when used with object oriented software). Note that glibc has a special exception, and that it is generally ok to use.

>We weren't told what license the issued product would be under, and it might BE under GPL.
It doesn't matter whether the software he is releasing is under GPL. You can't just apply the GPL to someone else's non GPL code without their permission. You'd not only be opening up your company to lawsuit, but probably everyone who uses your code.

The GPL is not a magic license that you can invoke and use other people's software however you want. It is a useful license in many situations, but it clearly does nothing to help the OP.

The public domain

[hadaso]

The problem with copyright law is that if you don't explicitly allow use of your content then no use is allowed (except "fair" use that is not well defined).

So if you want the content you post to be freely and legally usable by everyone you have to license it. You don't have to bother with all kinds of FOSS licenses as you can just declare that it is in the public domain, which means that you are still the copyright holder but you license your work to everyone to do whatever they want with it.

So the OP raises a valid point: that code represents a risk to the organization he works for. Perhaps a small risk, but if later it is discovered it might cost money to the organization. If this was code used in a FOSS project and someone posted a comment about it I believe the issue would be immediately addressed by either locating the source and verifying that it is reusable (and documenting the fact in the source0 or replacing it. A closed source project might react differently (such as by making sure the code is not exposed to the outside world so that infringement can not be detected) but it still would want to reduce the risks involved in using unlicensed content.

This aspect of copyright law was perhaps good at the time when the mere fact that a work is published indicated that someone made an effort and investment in publishing it. It is very inappropriate today because no real effort and practically no investment is needed to publish content, and people do post lots of content with the intention that everybody could use it freely. This should be changed and this change would be good for everybody, and especially for those who don't want their works freely distributed, because one of the arguments available now is that there is no way to tell content that is freely distributable from content that is not, and most of the unmarked content out there was meant to be freely distributable by the autheor, despite the author's failure to explicitly attach a license (including a license that puts the content in the public domain).

To quote my IP lawyer.....

[OmanLegend]

IANAL-However, Code that is not created by someone who has signed a work for hire agreement could create a title defect. My IP lawyer (who probably reads this site) says they're like cockroaches, and give investors nightmares, because it can create SERIOUS issues. Well, I mean, only serious issues if you like owning your company, being able to raise capital, not getting your pants sued off (sin pantolones es no beuno!)

Again- IANAL

Re:That's not called stolen

[techpawn]

Would it pass for college work?
Yeah, but there is a big difference between the college code and business code. What's written for review from a prof. and what's written for your customers to get their application on spec, on time, and under budget.

Its just not clear to me

[methuselah]

10 print "hello world"
20 goto 10

Who owns this code? I just wrote it out of my head because I am sure I read it in a book somewhere. I couldn't tell you which one it was so long ago. Some logic is just obvious. I could complicate the above code in order to "re-write" it but it, would still be the same thing. It seems to me that as long as you don't take something that you have found in its entirety and use as your own and distribute it there is some fair use there. Where that line is, is blurry. Is every sampled sound in some "popular" music that is used without explicit permission a violation of copyright? Then if i sample the sample of the sampled sound from that music and use a bit of that then, who's copyright did I violate? This whole discussion is terribly confusing...

What do your ASSUMPTIONS say about you?

[nick_davison]

The important thing to note is the original poster is an ASSUMING the worst:

• He is automatically assuming the original coder, who's now the lead he's meant to report to, acted with malice.
• He has absolutely no proof that the guy deliberately did anything wrong.
• He has absolutely no proof that they guy wasn't simply given the code by another coder on the project and has no idea it comes with a license.
• He has absolutely no proof that the guy hasn't already attained a license and it's in his desk drawer.
• He has absolutely no way of knowing if the original coder actually worked at that company and the code on the web is the derivative.

If he goes with his suggested options of an unapproved recode or reporting the issue to more senior management, without going to the lead first:

• He automatically demonstrates he's assumed the worst of his lead without even talking to him.
• He has no respect for the reporting structure of the organization.
• He's willing to waste senior management's time with things a more junior manager should have looked at first.
• He's willing to waste company time doing a recode that may prove to be totally unnecessary and he certainly hasn't checked the facts to find out either way.

The only real option in this situation is to send a brief, tactful email to the lead along the lines of, "Hey, I noted [this code] is similar to [this code]. Just confirming you're aware and have made whatever decision you feel appropriate in terms of licensing?" Then keep the email.

The lead may have a good reason, may not have had a good reason but takes an appropriate response (securing the license, recoding), or may choose to bury it.

ONLY when there's proof the lead's actions are deliberately sketchy does it become appropriate to consider jumping him in the chain and reporting, to ensure more senior management know they're being exposed to a liability.

Pretty much every other option demonstrates the new coder has serious issues with respecting the people he works with. He may or may not be right. If he isn't, he's pretty much destroyed himself in the organization. If he is, he still has to prove malice on the lead's part or he risks the lead saying, "Wow, I never knew. I wish he'd come to me instead of thinking he was above playing with the team."