How to Deal With Stolen Code?

greenrom writes "I work for a small company as a software developer. While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product. Even the comments were the same. It's obvious that a developer at our company found some useful code on the web and copied it. The original author didn't attach any particular license to the code. It's just 200 lines of code the author posted in a forum. Is it legitimate to use source code that's publicly available but doesn't fall under any particular license? If not, what's the best way to deal with this kind of situation? Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification."

I can help

I'm a lawyer. Please contact me about suing some people for lots of money.

Well...

No license == normal copyright rules apply. You can't do anything with it unless the author gives you permission (licenses do this). What you need to do is either 1) Replace the offending code or 2) Contact the author and find out what the terms on the code are / negotiate a deal.

It's common sense

[Fierythrasher]

When I was in grad school for programming my instructor taught us how to search for the code we needed on the web.

Moreover in my professional career as a programmer I ran into several stumbling blocks where I couldn't figure something out. I'd google for code, or use helper sites like Tek-Tips where people could either correct my code or provide me new code.

I'm paid for results, not for originality. If people provide code on the web as tutorial purposes or just as a friendly piece of help then I would be going against my job to not use it.

Moreover, I ask: If you bought a book on, say, ASP and it had sample code that did exactly what you wanted, would you then rewrite that code so it was not what was in the book? Of course you wouldn't!

Re:It's common sense

[Merk]

If you buy a book on ASP, generally the sample code in there has a license that allows everybody (or at least people who bought the book) to use the code in any way they want. The same can't be said for virtually any code you find out on the web. The default for any new work is for it to be copyrighted and with no license. Unless your use of the copyrighted material falls under Fair Use, you're not allowed to use it; copying the entirety of a code snippet for use in a commercial application is not Fair Use.

You'll probably never get in trouble for doing this, because probably most people (90%+) would say their posts are in the public domain if asked about it -- but until you've asked them, you have to assume that it's "look but don't touch".

Re:It's common sense

[Se7enLC]

Just because you bought a book that came with sample code doesn't mean you are allowed to use it:

Numerical Recipes (in C, C++, etc), has a restrictive license that only allows you to use the code for personal non-commercial uses. There doesn't seem to be any provision for using those samples in commercial products.

Re:It's common sense

[samkass]

You're saying there's an implicit copyright in every web post, then? So this post I'm typing now, if someone put it in a newsletter, I could then sue them for taking my post which is my copyright?

Yes! Now you're catching on! There *is* an implicit Copyright (at least in the United States) on *everything*. Unless the author has agreed to some other license, you need to ask their permission to reproduce it in its entirety (or any use that goes beyond "Fair Use"). Some sites have blanket licenses to everything posted on them that implicitly assigns copyrights of all contributions-- Wikipedia, for example. But if the site hasn't made such arrangements, and the author hasn't made such arrangements, and the "borrower" hasn't made such arrangements, Copyright has been violated.

As for books, some books grant a license for all sample code in the book to be used by the purchaser of the book in any way. Some don't (Numerical Recipies is the most commonly cited example-- it's an entire book of stuff you're not allowed to use. It's a very annoying book that way, needless to say).

It sounds like you seriously need to learn a little bit about Copyrights before you get yourself and your employer in serious trouble.

Small potatoes

[crunzh]

If the author doesn't attach any license and it's "just" some code from a forum posting I don't see a problem with it. I have several times posted code samples in forums to help people, I would not mind that they where used in someones commercial program, if I minded I would have attached some for of license. If its posted on a forum to help somebody, the poster must know that it will be used.

Dunno; good question.

[w3woody]

Generally whenever I post code on an open forum in response to an answer, I assume the code will be used by other people and so I generally treat my own code as if I just put it into the public domain unless I've explicitly said otherwise.

However, that's not the law. I believe that the code an author publishes on an open forum is copyrighted by the author by default.

Me; I'd probably drop the guy a brief informal note asking permission to reuse the code and see what he does. More often than not if he's like me he'll probably say "sure, I don't mind."

But how do you know

[GIL_Dude]

How do you actually know that this happened? From what you posted it seems just as likely that the author of the code worked for your company and saw some question in a web forum, took some code that was the companies' property (developed on their time and their equipment) and posted it to the web forum to answer someone's question. Do you have any way to be sure that that isn't your own companies' code out there?

Re:Uhhhhh

[show+me+altoids]

If the author of the code posted it in a forum, I would personally call that implicit permission to use the code. Otherwise, why even post it? To show off his great coding ability? Every programmer (myself included) does this all the time and I have never heard of "Forum police" going after them. As to the legality of downloading it, if it is showing in your browser window, you have already downloaded it.

Spilling the beans

[OctoberSky]

If you really want to spill the beans on this guy and get people to notice that he "stole" the code, then play stupid and show the forum to your boss and say "Look this guy took our code and posted it on this website" They will put one and one together and see that it was your office that actually copied it. Then it's in their hands and you we attempting to protect the company.

Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.

Re:Spilling the beans

[syousef]

Don't worry about the fact that the forum post was 4 months before you guys even started work on your project. In your haste to protect your companies IP you didn't realize you were the ones doing the copying.

Then you take a hit for looking incompetent. No one in their right mind wants to trust mission critical stuff to a guy that's proven they're sloppy. Playing "stupid" as you put it makes you look stupid. Plus it's gutless. Think about this: Who wants to promote someone that's gutless and stupid? No. With this kind of thing you either decide to front up with what you've found (and be discrete about it) or discuss it with no one (much less post on /.)

Also if you approach the company don't jump to any conclusions. Just present the facts. For all you know someone at your company asked permission from the author (and though unlikely since there was no attribution, you shouldn't presume the coder's guilt). If you're using a code repository correctly it shouldn't be hard to track down the developer that wrote the code and enquire about it. Make sure you report the problem to the correct person if your company has formal reporting guidelines, but do so informally if possible at first. How things proceed from there is up to your company as laid out by their policies.

I'm guessing that if you're asking on /. you don't feel compelled to become a whistleblower and sacrifice your career, but if you report up the chain a couple of levels and they do nothing you have to decide if it's worth doing just that. You have to pick your battles and live with the consequences of what decisions you make.

If the code's easy to replace (and most 200 line snippets posted on a forum are), there shouldn't be an issue getting someone to write the replacement without seeing the original, the work to do so is not a huge liability to the company. However if your company has publicly released the code in one of their products it could be a much bigger issue because it potentially exposes the company to liability.

Re:Spilling the beans

[Perl-Pusher]

God I'm glad I don't work with you. Here is a novel idea. Why not discuss it with the guy who your trying to screw? Voice your concerns and maybe, just maybe, he will contact the original author and get permission. He might even be the original author. That way you don't have to worry the guy finds out who stabbed him and come to your house and get revenge. At least be man enough to let your boss know what kind of person you really are.

Re:Due dilligence and move on

[Nevo]

If there is no copyright claim by the original author then I don't see what the problem is. AFAIK that means it's in the public domain....

You'd be wrong. (At least in the United States you would.)

From http://www.copyright.gov/circs/circ1.html: "Copyright protection subsists from the time the work is created in fixed form. The copyright in the work of authorship immediately becomes the property of the author who created the work" and "The use of a copyright notice is no longer required under U.S. law...."

Don't sweat it

[GlobalEcho]

Don't sweat it. When I post code in a forum, I generally do so with the hope that other folks will find it useful, and the expectation that, if they do find it useful, they'll go ahead and copy it. If I want to make something available with a license and everything, I'll either put it on Sourceforge, or post a license in the comments. It's a safe bet the original author feels the same way.

Legally, it's not necessarily safe to copy long snippets from forums, but from practical and social points of view, I think this is much ado about nothing.

Re:Uhhhhh

[caerwyn]

Ahh... technically speaking, this could be very bad advice in the business arena. While I'm not a lawyer, AFAIK code is copyrighted at the act of creation, and simply by making it available for viewing the author is not automatically giving up those rights. While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.

Rewriting simply because it was written external to the company isn't a good thing. Rewriting because it was written external to the company and you're not certain of your company's license to legally make use of the code is an *entirely* different thing.

The author not attaching a particular license to the code is not a blanket license to do with as you will. The author may have intended that, but I don't believe it's true in the legal sense.

It might make more sense to go as you're suggesting, but given the mess that is current copyright law, a business ought to tread more carefully.

Re:Uhhhhh

[morgan_greywolf]

Um, no. If you want to be technical, if there's no license attached to the code, then you can't use it. Copyright happens on an original work from the time it's published. There are no notice requirements. Without a license, you don't have permission to use the work.

Now, in reality, the author posted it to a forum, probably with the intention of giving away the code. It would be entirely up to the author to sue and whether the author would sue or not -- well, I kinda doubt it.

But, if I were you, OP, I'd check with your company's legal department and/or an attorney. Asking questions like this on Slashdot is likely to result in you getting a lot of misinformation.

Re:Uhhhhh

[danlyke]

If there's a question on the license, then I think it's totally reasonable for ScuttleMonkey to go to his project lead and say "I'm uncomfortable that we don't have an explicit license for this code, we need to contact the original author and obtain a license or an acknowledgement of a release to the public domain".

I don't attach a license or explicit release to every piece of code I've posted to forums or newsgroups or what-have-you over the years, and I have had every expectation that many of those would get copied and pasted into applications without attribution. I'd prefer it if, when that stuff ended up inside an app, there were a note saying "here's the original source" because when I've stumbled across such code it's sometimes made it easier to figure out what it's supposed to be doing, but I don't expect it.

If ScuttleMonkey has an indication that the original license is not something that allows incorporation into the code, then it's totally reasonable to escalate this one over the lead's head early on, but it sounds like this was something picked up off a site like CodeProject.com, where it's completely reasonable to assume that the intent of the poster was that this code be incorporated and adapted without further license terms.

Use it

[fhic]

I do this all the time. My feeling is that code snippets posted in a public forum are meant to be be used by others unless it says not to. Yes, I recognize that this is at least theoretically contrary to US copyright laws. But if you don't want someone to use it, why post it? To show your brilliant code?

Since this specific case apparently bothers you, I think you should try to contact the author through some back-channel and get an explicit okay to use it. But I bet more than likely your request will be ignored or you'll get a "why the fsck are you asking such a dumb thing?" That's generally how I reply when someone asks me about code I've posted.

Comment it with the URL

[BMonger]

Usually if it's a complicated section of code I'll include the URL in a comment above. If it's just a line or two I won't. Often times if it's from a forum I stay with that forum for a few weeks and try to contribute back in some way.

If the code explicitly has a license attached to it I follow that of course. But I've not had to do that yet. I don't pull code from other project bases unless it's a library or such (in which case I follow the license). Only code that is meant to be viewed and used (such as forums/tutorials).

Re:Uhhhhh

[IceCreamGuy]

The guy is asking a question because he's apparently new to the business and wants some sage advice from people like you who know what they're doing. People aren't born with this information, the only way to get it is either to screw up or ask somebody, and he decided that it was a good idea to ask first. Frankly (if that is your real name), however, I wouldn't put much weight into your vague response even if it wasn't condescending and derisive.

Re:Uhhhhh

[Selfbain]

Is your hairstyle distinctively pointy by any chance?

Appropriate Quote

[Rob+Riggs]

This just popped up at the bottom of this article's page:

Immature artists imitate, mature artists steal. -- Lionel Trilling

Re:Due dilligence and move on

[Chuckstar]

I like the idea of commenting the code and moving on.

Note, though, that posting code on a forum with no copyright notice does not put it in the public domain. IIRC, the lack of copyright notice means that the first move of the copyright owner can not be to sue you, they must first notify you of the violation and give you a chance to fix it. In other words, the law takes into consideration that without a copyright notice you might accidentally copy something you shouldn't and allows for the violator to fix the problem once notified.

So the worst case is that the copyright owner makes your company change the code at some point in the future. If you put the recommended comment in, your company will know (i) its not your fault and (ii) you were heads-up enough to look into the issue a little further when you noticed it.

I wouldn't worry.

[jellomizer]

Technically it is a copywrite violation but so is most anything now adays.

If the person posted code on a forum then normally they do so expecting people to use it. Hense Posting it on a forum. Most forums go like this.

First Post
How do I do this?

There is a reply
Try this code.

They usually replay with two options
Sorry it didn't work or It worked thanks.

You are probably just out of college were even looking at someone elses code is considered a great moral sin against humanity, where just the though of this could bar you away from higher education forcing you to live your life without being able to obtain a higher degree. In business if it works they use it even if it is a copy and paist. If it was something more problematic like say Using the source from an other companies code who had a strong license on it... Or using GPL code for non GPL reasons then there would be some consern. But for posting giving help to some one who wants to know how to do something it is basicly a non-issue.

Re:Uhhhhh

[Jherico]

>> Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?

>Of course it is. This kind of thing happens all the time.

This may be completely commonplace, but it is certainly not legal. Simply posting something in a public place does NOT put it in the public domain, and contrary to what many people in this forum are saying, failing to attach a copyright notification to something does NOT place it in the public domain either. Assuming the author posted the information after 1976 and is covered by american law, then the copyright act of 1976 provides for automatic copyright protections, unless there is some notification which explicitly puts it under a license which permits it use.

The original poster will probably never be called out if he leaves the situation as it stands he is still breaking the law. His options for avoiding this are to either find another copy of the code which is listed under a license, contact the author and ask for a license, or to rewrite the code.

You could ask politely

[davidwr]

To the original poster:

If your company want to be completely honest and above-board and legal, it must ask if it's okay to use the code. If the author says no or demand$ too much, you must not use it.

Unless you are fortunate enough to get a fast "sure, go ahead and use it" you will miss your deadline. Sometimes a little cash - maybe as little as the amount of man-hours it would take you to rewrite and test it - will be enough to expedite getting permission.

By the way, for all you know, the tech lead did ask permission, or the tech lead knows the code is already been dedicated to the public domain.

If it were me, I'd talk to the tech lead. If the tech lead doesn't have permission already and isn't willing to go to management and do The Right Thing (TM), I'd start circulating your resume and talk to management about it. When you do talk to management, present them with options that are likely to 1) be acceptable to management and 2) get the product out the door as soon as possible.

Re:Uhhhhh

[SheldonYoung]

> Is it legitimate to use source code that's publicly available but doesn't fall under any particular license?

Of course it is. This kind of thing happens all the time. So does fraud, burglery and worse but it doesn't mean it's legal.

Frankly, I'm glad you don't work for us. The fact that you would consider "rewriting" code that works well just because it was written by someone external to your company doesn't speak well for your sense of business priorities or usage of time. Nobody in their right mind would ever purchase your services or products again. They would not rewrite the code because it was created externally, they would rewrite it because legally and ethically they have not been given rights to use the code. I would not do business with anybody who would knowingly use code of dubious license.

> The original author didn't attach any particular license to the code.

I think that says it all. Yes, that means they have no license to the code and must ask for one. End of story.

Re:Uhhhhh

[mce]

>> The original author didn't attach any particular license to the code.
> I think that says it all.

Yes, but it does not say what you seem to imply. If the original author did not grant permission, you can not use the code (but you can implement the same algorithm yourself, at least as long as there is no patent preventing that). Note that the author does not have to include such a permission in every piece of code. It can be in an accompanying file, or it can even be in the Terms of Use of whatever bulletin board or website he used to publish it. But you have to check that.

Granted, as long as you do not distribute the source, nobody will spot a 200 line piece of code and this kind of copying indeed happens all the time, but that does not make it legal in the strict sense of the word. I once wanted to use a small library that is floating about out there without any license/copyright statement. As it would have been possible for our customers to spot the use, I checked with our legal department and they were very firm: if I could get the author to explicitly approve it, it was OK, otherwise not. He did not reply, so I had to scrap the idea.

Quick Points

[cleetus]

IAALBTINLA (I am a lawyer but this is *not* legal advice)

1. The original write owns the copyright to the code.
2. By posting it to the BB, he might have agreed to license it under whatever terms by which the board operates. This might mean you have some license to use it (either implied or actual).
3. The code copied by the developer might not be enough of the work as a whole to considered infringement.
4. One test for determining whether computer code infringes copyright, in the USA at least, is the classic, yet ambiguous "abstraction, filtration, comparison" test. (If the copying was complete with comments, then that's not so good for the copier, but if the code accomplishes a trivial function, then not so much.)
5. Speaking generally, it's important to be on the lookout for situations like this. For instance, if code is copied from an open-source project, then significant consequences can follow (c.f. the Asus story below this one.)
6. If you are concerned, talk with your company's legal counsel.

Re:Uhhhhh

[morgan_greywolf]

Note that short code segments have often been found to be uncopyrightable. It varies from jurisdiction to jurisdiction, but it's often difficult to claim copyright to less than ~ 10K LOC outside the USA. > 10,000 lines of code? You have to be kidding me. By that definition, there quite a few open source apps that aren't copyrightable.

Hmm, Let's see...

[aminorex]

Gee, it's a dilemma: You could (1) talk to the guy about it, or (2) wave it over the global press under a pseudonym pretending that no one will guess who you are.

Let me think about this for a minute...

Re:Uhhhhh

[TheWanderingHermit]

I'd also consider the possibility that you don't know the whole story. I found a version of some well known C code for Java and wanted to be sure, before I included it in a FOSS project, that even though it's based on a mathematical algorithm and that the code for that function in other languages has been published in many FOSS programs, that I could include the code in a FOSS project. In the long run, I tracked it down through several people and basically nobody cared what it was included in and I don't think anyone even wanted to bother to license it. In the long run I kept all the emails and notified the project owner. We did make mention of it in the comments, but didn't feel it appropriate to include any guess at licensing info.

It's possible the project head already has permission to use it or may even know the programmer who posted the code to the forum. There could be any number of legit reasons why nothing was said about it in the code comments. It's even possible that post was made my the project leader under a different name.

To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand.

IANAL

[Greyfox]

But I bet your company has one. Wait, I'm getting an idea... yes... yes... no, lost it. I'm sure it would have been the best legal advice ever posted on Slashdot, though...

Re:Uhhhhh

You don't know that the poster had permission to post the code in the first place.

Use your head.

[SatanicPuppy]

Just for me personally, if I put some code I wrote out in a forum, I expect someone to use it other than myself. Someone asks a question, I throw out a chunk of code, we're done. I don't care where it ends up. Likewise if I find an example that someone has put on the web when I was searching for something to do that exact thing, I'll grab it and adapt it to my use on the principle that that's what it's there for.

Forums can be kind of a greyer area. I once had a guy who was maintaining a system I wrote put a decent chunk of my code in a forum; source code, mind you, not just a script. It was a whole program, and while I never sold that particular piece to do anything by itself, it was a part of a product I did make a decent bit of money on, and a pretty clear-cut breach of my IP for some joker to just post it (they'd signed a contract dealing with redistribution, so it was in writing).

I called them, they apologized, disciplined the guy, and hired me to do the change he'd been trying to do (he'd posted the code trying to get someone to tell him what it did), and paid me at a higher rate. I let it slide because it wasn't a big deal (non-critical code), and they dealt with it to my satisfaction.

If, at some later date, I'd found that code verbatim in someone else's system, I might have mentioned it to them, as an aside, but I wouldn't have tried to claim damages or make them remove it. At that point it is WAY too difficult to trace provenance, and hard to prove any sort of knowing violation. It had been released, I'd taken it up from the people who released it, it was done.

In short: If someone releases code with no license attached and you use it and it turns out later it was licensed you're going to have to deal with the consequences of that. If it turns out it wasn't licensed (or was BSD licensed) you're in the clear, even if it was a case like mine where the code was released by a party that wasn't authorized to release it.

The internet is a nice tool to keep from re-inventing the wheel, but if you take anything more than a little subroutine, you better know what rights you have with regards to it because it can seriously bite you in the ass.

Re:Uhhhhh

[king-manic]

To me, this sounds like the OP is a quite young programmer who is looking for a chance to lead a moral crusade rather than get the job done. In my experience I avoid taking on employees like that because they seem more focused on making sure everyone else follows their ethics than in doing a good job on the task at hand. Or he's a young programmer who is afraid he's the scapegoat.

Re:Uhhhhh

[iamacat]

Thanks, I always did want to make a buck from Cmdr Taco. The following code is implicitly copyrighted by me and I am not giving slashdot any permission to reproduce it:

(BOOL)loginWithUsername: userName password: passwd {
    struct pam_conv pam_conv;
    pam_handle_t *pamh;
 
    pam_conv.conv = null_conv;
    pam_conv.appdata_ptr = (void *)[passwd UTF8String];
 
    int r = pam_start("sshd", [userName UTF8String], &pam_conv, &pamh);
    if (r != PAM_SUCCESS) {
        fputs("Unable to initialize PAM\n", stderr);
        return 1;
    }
    r = pam_authenticate(pamh, PAM_SILENT);
    pam_end(pamh, 0);
    return r == PAM_SUCCESS;
}

Re:Uhhhhh

[richie2000]

I thought that although a work is automatically copyrighted at creation, the copyright is lost if the author chooses to publish the work without registering the copyright. That is not correct. If you put patents (even own publication can be prior art) and trademarks (needs to be defended, or they can be lost) in a blender, you might wind up with that situation. Copyright? No way. In fact, in most Berne-signatory states, it's more or less impossible to get rid of a copyright completely without first dying and then waiting 70 years. In some countries, even that isn't enough.

You already know the answer

[Weaselmancer]

I'm new to the company, and the developer who copied the code is the project lead.

You married? Got any kids? A mortgage?

If the answer to any of the above is yes, then shut the hell up about it and get on with your day.

If the answer to all of the above is no and you're in the mood for an ethics experiment - mention it to someone. Have your resume ready first. You're about to learn what the business world is really like.

Re:You already know the answer

[petes_PoV]

You're about to learn what the business world is really like.

Or, depending on how the project lead is viewed in the company, this could be the fastest promotion you'll ever get.

Before you talk to anyone about this, do some discrete research about who might be sympathetic to your situation, who the lead's enemies are and think about just how much politics you want to get involved in

Re:You already know the answer

[slothman32]

No; you should always do ethical dilemmas.
I once read a comment on /. about someone saying their contract to their family was more important that that of the company they worked for.
I don't know the exact extent of the problem here but that would mean that anybody with a family could do unethical, maybe even illegal, things and use the excuse, "I have to do it to support my family." "They won't survive if I don't do the bad things my companies want because a McJob won't cut it."

The business world probably is like that. That doesn't mean you should be.

I wonder if this is a cognitive dissonance.
Ethical job and family support are both needed but can't be at the same time.
The remedy is to make one more important than the other.
The other then doesn't exist in this comparison.

Re:Uhhhhh

[duffbeer703]

The only issue is that if the author wrote the code at work, it's not his to give away.

Personally, I'd forget that that I found it.

Re:Uhhhhh

[show+me+altoids]

That's true, of course, but there is only so much you can do. Should the submitter do a search for all other code in the application and see if any of it is stolen? I do get your point, though, but this is such a common practice that I think most developers don't even think twice about doing it, which, I concede, doesn't make it automatically legal.

Talk to the guy who copied it?

[merreborn]

Since I'm now the only person working on this code, there's no practical way to report the situation confidentially. I'm new to the company, and the developer who copied the code is the project lead. Reporting him to management doesn't seem like a good career move. I could rewrite the copied code without reporting him, but since the product is very close to release it would be difficult to make a significant change without providing some justification

Hopefully you're working for a decent guy, and you can just say "Hey, dude, I was researching this bug, and in the process, found this code on this forum. You think we should be worried about copyright issues?"

He may, like several slashdotters in this thread, be completely unaware of the fact that code is automatically copyrighted in the US.
He may have been aware, but just lazy, and say "Yeah, we should do something about that".
He may say "Who cares? No one will ever find out!". In that case, *then* you may consider going over his head and raising the issue with his superiors.

If he's a decent guy at all, he'll appreciate your coming to him politely with your concerns. But even if he's the type of vindictive halfwit likely to take offense at your discovery, he'd probably be hard pressed to come up with an excuse for taking action against you. And really, if you're working for someone like that, you should strongly consider looking for a new position elsewhere.

Good to hear

[edwardpickman]

So Vista Service Pack 1 is about ready for release?

Re:Uhhhhh

[andphi]

If first dying and then waiting 70 years won't do it, will silver stakes or holy water?

Or should we just start making Xerox copies of the zombie survival guide?

Guilty until proven innocent

[dFaust]

So let's be honest, this is a pretty common occurrence. Often times when people post code online in a forum, it's expected by the author that people will lift the code... in fact, that's why it's being posted to the forum! I understand that without an explicit license or authorization from the original author that this is not legal... good, fine, whatever - not trying to debate the legalities of it.

What bothers me here is that the original poster seems to be implying some act of malice on the part of his co-worker. Now, I don't know the full details of the situation, maybe there are valid reasons why he would feel that way. But he didn't even hint at that in his question to Slashdot but does mention his inclination to report him to managment. Really?? I mean... REALLY??? Could this not be an honest mistake stemming from a misunderstanding of the law? Perhaps the co-worker had private exchanges with the code author regarding using the code. Should portraying your co-worker as a criminal to management really even be considered as your first course of action?

I'll let others give their suggestions on how to deal with the situation, but the way the co-worker was portrayed here just rubbed me wrong. I've seen this same thing plenty of times, and it's never been anything but an innocent mistake... both on the part of the person copying and the person posting the code, because in my personal experiences the poster's intent was to make the code freely available but lacking knowledge of copyright law prevented them from expressly stating so in the forum. I'm guessing there's a good chance it can be resolved fairly easily without pissing anyone off or getting anyone fired.

OT: Burning money

[Bloater]

Burning a $20 bill makes everybody (except you) richer. With a reduced money supply everybody else's dollar becomes more valuable. It takes a while to filter through to the labour market, but it does. That bill represent the wealth that you brought to everybody else so that one of them will give you something if you bring it to them. If you burn it instead, they still benefit from the work you did to earn that money, but now you won't be able to get them to give you stuff so they also get to keep the stuff and sell it to somebody else.

Re:Uhhhhh

[SnoopJeDi]

I don't see any particular license on the mp3 files either.

You don't see a license attached to a bootlegged DVD or game, either. Because the license was attached to the ORIGINAL material, and violated in the distribution of the mp3. As several people have brought up, there's a possibility that this code was taken from something that was licensed, and given away as implicitly free.

Regarding the OP, I'm siding with the "forget it and leave it be" camp. If you don't make a fuss, the only person that could get in potential trouble if it turned out to be rotten would be the guy who wrote it. There's no assumed responsibility on you to check everybody else's code for licensing issues, and nobody could prove that you'd made this discovery, so you could feign ignorance. Well, unless a vigilante Slashdotter tracks you down and brings the law down on you. You might want to consider hiding.

Unless you've got some ENORMOUS ethical battle to fight on this particular issue, ignore it. Or rewrite the code on your own time to keep the project on-schedule.

Re:Uhhhhh

[maxwell+demon]

// While it is highly unlikely that such a code snippet would cause problems down the road, it is not impossible that it could.
Well it could be a lot more likely now, if the original author reads \. I don't think reading \. will have any impact on any problems the code snippet may or may not cause :-)

Re:Uhhhhh

[Catskul]

You *never* know if someone has permission to distribute code, even if they sell it to you.

Question of Provenance

[SwashbucklingCowboy]

There is a question of provenance of the code. Just because you found it on some web site doesn't mean THEY didn't copy it from somewhere else and remove the copyright notices - it happens. It's also possible that both got if from a public domain source (there isn't that much code in the public domain, but there is some). However, I strongly suggest you report it to your superiors within the company. If they decide not to do anything about it then don't worry.

Copyright infringement is one of those things where ignorance is not bliss. The longer it goes on, the higher your company's potential liability.

Re:Uhhhhh

[Anonymous+Brave+Guy]

You make a valid point, which is why the concept of due diligence exists. Exhibiting due diligence is one thing that tends to set the professionals apart from the amateurs. But any way you cut it, just grabbing a substantial, unattributed bit of code off a web site and using it in a commercial product doesn't sound much like performing due diligence, and the OP is right to be concerned.

To the OP: If I were in your position, for a start I wouldn't touch the code that already exists so it's very clear I didn't put it there or have anything to do with using someone else's copyrighted code. An informal approach drawing it to management's attention is probably a reasonable first action to try and restore compliance. If it's a larger company, they might have a dedicated compliance contact in the legal department you could approach if management is unresponsive. In any case, if the situation is not resolved quickly and appropriately, I would be planning on finding another job as soon as possible, since you really don't want to get caught up in any potential legal action, and it sounds like you're in the optimum position to become the fall guy.

Summary

[Jherico]

Based on the replies to this, there appear to be three basic camps of thinking, which can be summarized by the extremes.

Camp A people would fire someone for taking the time to worry about this because it happens all the time and you're never going to get caught, and the original author of the code probably meant it to be public anyway, even though its illegal.

Camp B people would fire someone for NOT taking the time to worry about this because its illegal, regardless of intent of the original author and if it came to light it would expose the company to bad press and possibly litigation.

Camp C people have no earthly clue how copyright law actually works and are speaking out of their collective asses. Sadly, these people would most likely reason along the same lines as Camp A out of ignorance rather than malice and simply behave the same way with the exception that they don't realize they're breaking the law.

The original poster can certainly decide what kind of person he is (probably B since he asked the question in the first place) and can probably make a guess about what kind of people his employers are (I'm guessing A, again since he had to ask). Then you have to decide what is more important, your job or your ethics. It is a slippery slope when you first start copying code. I had a friend who copied code once. Now he professionally eats babies. True story.

The fact is that all the commonsense notions about how copyright law works or should work don't take into account that copyright law is not written by individuals, but largely by companies like Disney and Warner Brothers (among others), companies that have a vested interest in maintaining control over a certain mouse and rabbit (among others), both of whom would now long since be in the public domain if not for the endless succession of copyright extensions lobbied for by said corporations. Originally (well, since 1909) copyright expired after 28 years, or 56 if you decided to renew it. And this was a copyright you had to explicitly register. In 1976, copyright became automatic and consisted of life plus 50 years after the authors death (or a static 75 years for 'work for hire'). In 1998 it became life + 70 and either 120 years after creation, or 95 years after publication, whichever is sooner. Its interesting to note the effect on Mickey Mouse. Created in 1928, MM would have left copyrighted status (though still been covered under trademark restrictions) in 1984. Because of the 1976 act, that was pushed to 2003. The 1998 act pushed that back to 2023 at the earliest. So look for another copyright law in 2018 or so.

Re:Uhhhhh

[SQLGuru]

Here's the relevant paragraph from here: http://web.sourceforge.com/terms.php

With respect to text or data entered into and stored by publicly-accessible site features such as forums, comments and bug trackers ("SourceForge Public Content"), the submitting user retains ownership of such SourceForge Public Content; with respect to publicly-available statistical content which is generated by the site to monitor and display content activity, such content is owned by SourceForge. In each such case, the submitting user grants SourceForge the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license.

Layne

Re:Um... what?

[ceoyoyo]

Reading the comments for this story it's almost hilarious how many people see no problem whatsoever with ripping off code and passing it off as your own. Ripping it off is wrong legally, but more important passing it off as your own is wrong ethically.

Re:Uhhhhh

[msslc3]

I am a lawyer, and while this is not legal advice to anyone I would personally contact the poster and ask to buy a license to reuse the code in a commercial product. Sure you could rewrite the code but the time saved in not having to do that could be worth a reasonable price for a license. If you bought a license you could also ask for proof of authorship and ownership.

If you instead rewrite the code, you face the possible claim that your new code is a derivative work which is also covered by the original author's copyright. The "cleanroom" approach is sometimes used to avoid this. Have someone who has seen the original code spec the functions, and give the spec but not the original code to a programmer who has never seen the original. Document carefully what you have done and why. If the programmer who writes the code has no access to the original, he can't copy it. Then you only have to worry about software patents -- but that's a separate issue.

Re:Uhhhhh

[JoelKatz]

I hope you don't take this wrong, but you're an *idiot*. I really hope nobody takes your advice.

It's entirely possible the guy wrote the code and also posted it to the forum, perhaps under another name. It's also possible he obtained permission to use the code.

But posting code publicly most certainly does not license other people to use or copy it and professional software development organizations take such things *very* seriously.

Re:Uhhhhh

[andphi]

Step One: Get in Taxi
Step Two: Do not bite driver
Step Three: Tell Final Destination to Driver
Step Four: Do not nibble on driver
Step Four 1/2: Go to Bookstore
Step Five: Exit Vehicle after biting driver (Zombies don't pay)
Step Six: Find book in bookstore
Step Six 4/5: Take book without paying. See Step Five.
Step Seven: Bite other patrons as desired, being careful to avoid anyone with a knife or anyone standing in the Military History section. Such patrons may already know how to kill Zombies and should be avoided.
Step Eight: Shamble home, avoiding law enforcement officers and other armed humans.

Re:Uhhhhh

[HiThere]

I believe that you are a lawyer.

Your advice is, indeed, a legal way to proceed. It is also impossible for the poster. That's not one of his choices.

Were I him, I would not admit to having noticed anything. Possibly, depending on personality factors, I might get into a discussion with the other code about copyrights, laws, and ethics, but I would be very careful to not admit having noticed that he might have done anything improper.

You are talking here of a new hire. The low man on the totem pole. And this is a case where the proprietaries aren't entirely clear. (E.g., this person should definitely not attempt to acquire a commercial license, as he wouldn't have the right to comit his company to anything.)

FWIW, I consider there to be a fair chance that the example is from a standard text on algorithms. I certainly have no proof that this is true, but it might well be. If so, the PURPOSE of the book was to share how to do various things, say Shell sorts. (Probably not, as that's now commonly built into languages.)

That which you are suggesting is probably something that even the lead programmer wouldn't be able to get the department to do. Yes, it's the legal approach. And it's total impracticality is a small part of what's wrong with the legal approach, and why essentially nobody uses it.

Personally, my favored way of avoiding this problem is to use GPL software...but it doesn't totally get around the problems that the legal approach has saddled us with. We weren't told what license the issued product would be under, and it might BE under GPL. This wouldn't solve any of the problems in this case...this case where there shouldn't BE any problems.

Text published in a public forum without an attached license should BE public domain, with all liability resting on the person or entity who published it. (I'll grant that this would make the GPL a lot more like the BSD license, but in an ideal world those two would be identical in effect. It's the imperfections that cause me to adhere to the GPL.)

Re:Uhhhhh

[turbidostato]

"If the author of the code posted it in a forum, I would personally call that implicit permission to use the code.Otherwise, why even post it? "

If the author of the song threw it in *a lot* of public mass media, I would personally call that implicit permission to use the song. Otherwise, why make it so public?

"As to the legality of downloading it, if it is showing in your browser window, you have already downloaded it."

As to the legality of downloading it, if it going out your speakers, you have already downloaded it.

Regarding legality

[Schraegstrichpunkt]

The question to ask is, "If I were sued by the author of this code for copyright infringement, would I have sufficient evidence to defend myself in court?" If the answer is "no", then you shouldn't be distributing the code.

IANAL; YMMV.

Re:Uhhhhh

[theshowmecanuck]

How many angels can sit on the head of a pin?

Just because you don't know the source of this expression doesn't mean it is offtopic.

Reverse it.. act niave... and inform management...

[tempest69]

Explain that somehow the source code got onto the internet from your company.. Then let a higher up know, the some of their code got leaked.

Then let them figure out the truth, and get indignant with your boss.

A sleazy thing to do to a sleazy guy

Storm

p.s. The correct answer is to get your boss and his in a room, and explain the situation. And more than likely you'll be stuck re-coding it. And your boss will hate your guts, his boss will be cranky with both of you. But it would be the right way to handle the situation.

On Discworld at least

[jhantin]

In the city of Ankh-Morpork the head of the Guild of Lawyers is in fact a zombie; he was executed but simply refuses to die until his firm's invoices for his defense at trial are paid by his descendants. His partners are vampires. Makes one wonder...

Incorrect title. Plagiarized code, not stolen...

[NullProg]

While investigating a bug in one of our products, I found source code on a website that was nearly identical to code used in our product.

Was the bug within the copied code? Sometimes copyright isn't an issue with copied code. Its product quality.

The three instances of copied code I've found in our commercial product caused major headaches because the code got past QA and failed in the field. It didn't scale, had timing issues, etc.

In all three cases when I confronted the programmers they could not explain how "their" code worked. In all three cases I didn't have them fired. I made them fix it and apologize to the boss (who had to apologize to our customers).

As a result, I now have two decent programmers who write their own code. They ask for help when its needed instead of copying off of the internet.

Enjoy,

bad advice on GPL

[sentientbrendan]

>Personally, my favored way of avoiding this problem is to use GPL software...
This *causes* legal problems, it doesn't solve them and is bad advice. How you can use GPL code in conjunction with your proprietary software is highly legally constrained. If you use GPL libraries, the GPL license then applies to your code. Supposedly LGPL gets around this, but not really due to ambiguities in the license (the license uses the ambiguous term "derives from" which has a different meaning when used with object oriented software). Note that glibc has a special exception, and that it is generally ok to use.

>We weren't told what license the issued product would be under, and it might BE under GPL.
It doesn't matter whether the software he is releasing is under GPL. You can't just apply the GPL to someone else's non GPL code without their permission. You'd not only be opening up your company to lawsuit, but probably everyone who uses your code.

The GPL is not a magic license that you can invoke and use other people's software however you want. It is a useful license in many situations, but it clearly does nothing to help the OP.

Re:Uhhhhh

[DarkMantle]

Remember the windows 2000 source code link. Most of the code in the TCP/IP stacks were from Novell. But did they have permission to use it? Who knows.
In this case though, I'd say public forum is public use. I've posted lots of code in forums as tutorials or tips. I'm not going to write a EULA or specify it must be GPL, LGPL, Mozilla Public License, EULA, BSD License, or make up my own. If I post it, and you find it useful, use it.

That said, if you have a really guilty conscience about it, they use the forum to contact the poster and see what he says. I'm sure he'll "say, yeah.. sure, whatever."

The public domain

[hadaso]

The problem with copyright law is that if you don't explicitly allow use of your content then no use is allowed (except "fair" use that is not well defined).

So if you want the content you post to be freely and legally usable by everyone you have to license it. You don't have to bother with all kinds of FOSS licenses as you can just declare that it is in the public domain, which means that you are still the copyright holder but you license your work to everyone to do whatever they want with it.

So the OP raises a valid point: that code represents a risk to the organization he works for. Perhaps a small risk, but if later it is discovered it might cost money to the organization. If this was code used in a FOSS project and someone posted a comment about it I believe the issue would be immediately addressed by either locating the source and verifying that it is reusable (and documenting the fact in the source0 or replacing it. A closed source project might react differently (such as by making sure the code is not exposed to the outside world so that infringement can not be detected) but it still would want to reduce the risks involved in using unlicensed content.

This aspect of copyright law was perhaps good at the time when the mere fact that a work is published indicated that someone made an effort and investment in publishing it. It is very inappropriate today because no real effort and practically no investment is needed to publish content, and people do post lots of content with the intention that everybody could use it freely. This should be changed and this change would be good for everybody, and especially for those who don't want their works freely distributed, because one of the arguments available now is that there is no way to tell content that is freely distributable from content that is not, and most of the unmarked content out there was meant to be freely distributable by the autheor, despite the author's failure to explicitly attach a license (including a license that puts the content in the public domain).

Re:Uhhhhh

[JoelKatz]

"Posting code publicly, aka in the public domain, aka distributing it without a license, does not put the code in the public domain? That's news to me!"

Then you've been under a rock for the past 35 years or so. A split second of common sense would show how crazy your claim is. Songs are played on the radio, which is precisely akin to a public post. So can I record them off the radio and sell copies?

Re:Uhhhhh

[Java+Pimp]

Slashdot used to be better than this, but it seems almost impossible to have any reasoned, objective discussion about copyright-related issues here now.

The sad part is 3 or 4 years ago, the Slashdot groupthink would be all in favor of sharing free information in public forums because information wanted to be free. That was the foundation of the internet and the origin of Usenet in the first place... i.e. a Users Network. But today, with copyrighted this and imaginary property that and patented other thing..., the consensus is no longer in support of the free exchange of information that was so dominant but rather the brainwashed "damnit you better adhere to the letter of the law or face serious consequences" groupthink.

Meanwhile, while this flame war is taking place here on slashdot, the users over at Usenet continue sharing information with each other freely as has been done for nearly 30 years now without concern and without thought of the cold chill of a copyright lawsuit crawling up their spine.

Re:Uhhhhh

[Anonymous+Brave+Guy]

Extreme groupthink isn't healthy in any direction, precisely because it tends to trample on any dissenting views, no matter how valid.

Information doesn't want to be free. Information doesn't want anything at all. It simply exists, and it can be shared by those who have it. (The argument that "you can't prevent it being shared, so sharing it must be OK" is unhelpful: you can't realistically prevent me committing many evil acts, but that doesn't mean society should condone my doing so by legalising them.)

Similarly, empty-headed support for any copyright law is unhelpful, because you start equating the current law with ethics, which is always a dangerous path to follow. The law should follow ethics, not the other way around.

However, in this discussion, the original question seems to relate to a real situation, and therefore what is called for is a real answer based on real laws as they stand today. Misrepresenting those laws, whether because you happen to disagree with them or because you simply don't know what you're talking about, doesn't help the OP to solve his problem, and that's why I object to many of the replies and moderations in this discussion.