Slashdot Mirror

← Back to Stories (view on slashdot.org)

Use Code From Stack Overflow? You Must Provide Attribution (stackexchange.com)

Posted by Soulskill on from the all-devs-will-definitely-take-the-time-to-do-this-for-sure dept.

An anonymous reader writes: Have you ever used Stack Overflow to answer a question about some code you're working on? Most people who write code on a regular basis have done so, and this sometimes involves copying code snippets. Well, starting on March 1, copying code from Stack Overflow will require you to attribute that code. Code published by contributors to SO will be covered by the MIT license. Users copying that code don't have to include the full license in their code, as it usually requires, but they do have to provide a URL as a comment in their code, or some similar level of attribution. This change applies to other sites in the Stack Exchange network, as well.

The SO community is widely criticizing the change, citing problems with the decision-making process that led to it and complications that may arise from mandating attribution. Why did SO make the change in the first place? They say "it's always been a little ambiguous how CC-BY-SA covers code. This has led to uncertainty among conscientious developers as they've struggled to understand what (if anything) the license requires of them when grabbing a few lines of code from a post on Stack Exchange. Uncertainty is a drag on productivity, for you and for us, and we feel obligated to make code use more clear."

30 of 303 comments (clear)

  1. No. by Anonymous Coward · · Score: 5, Insightful

    If I offer you some code in an answer, that's for you. I'm not going to require you credit me or some site for the few fucking lines that would come through on stackoverflow.

    So instead of dealing with that bullshit, I just won't use stackoverflow again.

    Fuck them. Fuck their CoC. Fuck their SJW bullshit, too.

    1. Re: No. by Anonymous Coward · · Score: 5, Insightful

      Anyone intelligent enough to provide useful solutions already knows anything they post on something like stackexchange is public domain. If contributors wanted money and or attribution, they wouldn't have posted a solution to begin with.

      This is idiotic and overly complicated. I want to meet the "developers" concerned about the 'foggy' licensing terms for code/solution approaches posted on stack exchange.

      Goodbye stack exchange. You've shot yourself in the foot.

    2. Re: No. by SumDog · · Score: 3, Interesting

      I typically put

      #taken from http://stackoverfl......

      in my code anyway, just as a reminder of where it came from, but only if it's particularly complex. I don't always of course. This change is kinda retarded though. I don't want to be forced to do that every time.

  2. You should be anyways by Anonymous Coward · · Score: 5, Insightful

    You should be anyways, but not for the reasons that you might think.

    I always include a link in comments to the source of the borrowed code (or approach), because the relevant discussion will illuminate the how and why far better than a large block comment.

    1. Re:You should be anyways by thoromyr · · Score: 4, Insightful

      I think the problem is less with attribution -- as so many people are pointing out including a link is a basic part of code documentation -- and more with pretending to have authority to license the code that is posted.

      Consider a few situations:

      If someone posts public domain code, then SO is claiming that they can take the code out of the public domain. While a government can pass a law to do something that idiotic, SO lacks the authority.

      If someone posts proprietary code without permission, then SO is claiming the code is free to use as long as you provide attribution -- even though they have no authority to do so.

      The right thing for SO to do is encourage the obvious -- link because it is a basic form of documentation, but don't pretend to provide a license.

      They should take pains to point out they are not responsible for the posts of its users and provide a "take down" mechanism so that if code is misappropriated then the answer providing it can be marked as such. By using the link as documentation, someone maintaining code would have a chance to discover that proprietary code had been misappropriated and take appropriate action.

    2. Re:You should be anyways by vux984 · · Score: 5, Insightful

      I always include a link in comments to the source of the borrowed code (or approach), because the relevant discussion will illuminate the how and why far better than a large block comment.

      5, 10, or 15 years from now a 404 error illuminates nothing.

      If the snippet really needs/benefits from the explanation/discussion, I usually save the page / article to PDF, with url in the header, and include that in the project, and then reference that file in the comments.

      I've run into enough 404 errors over the years, where the site I originally referenced is gone, or reorganized (Microsoft for example) or have gone to a paywall model, or even cases where the article has been edited or altered; or taken down by the author so he could posted an updated one or any other reason.

      I don't object to the concept of linking to the live article, but I'm not willing to take the chance that it won't be there if i ever need it.

      I've never really considered whether the practice raises its own copyright issues. It probably does... so I guess it won't work where the source is being redistributed. Which is unfortunate really.

  3. What's the big fuss? by __aaclcg7560 · · Score: 5, Insightful

    I usually put the URL into a comment when I use a particular piece of code from Stack Overflow. More so for future reference than attribution.

  4. Practically speaking this amounts to guidelines by 91degrees · · Score: 5, Insightful

    Nobody will come after you if you use code from Stackoverflow without attribution. The code isn't worth enough and the ownership is not obvious enough.

    People and companies that have a policy of sticking to the spirit of a licence agreement as well as the letter will appreciate having some rules to know that what they're doing is acceptable.

    1. Re:Practically speaking this amounts to guidelines by LihTox · · Score: 4, Insightful

      It's going to be a problem, because of all the code that's already there. Merely republishing it under MIT will not negate the fact that tons of solutions were already available in the public domain, and cannot be removed from PD no matter what you do. Once PD, always PD.

      And what if I add to my submission "//This code is released into the public domain"? Does that invalidate the requirement? Are they going to delete my submission because of it?

  5. SO's own answer says "CC"...or not... by xxxJonBoyxxx · · Score: 4, Informative

    Here's an actual debate on this topic on SO:
    http://meta.stackexchange.com/...

    Accepted answer: Anything that you post to Stack Overflow will be under the terms of the Creative Commons license

    Top comments seems to be about using "Unlicense" (instead of "Public Domain") and to just avoid cut-paste (good luck with that if you're dealing with an offshore team). I pretty much use #2, renaming everything and usually swapping some of the decision logic to create something that looks original enough to pass a smell test when I cut/paste. It's work, but it's still significantly less work than writing it from scratch.

    1. Re:SO's own answer says "CC"...or not... by pjt33 · · Score: 3, Informative

      What the Slashdot summary doesn't say (and a lot of commenters on meta.stackexchange.com also didn't really take into account) is that this licensing change affects not only StackOverflow but the whole StackExchange network, including sites like Code Review and Programming Puzzles and Code Golf where people do post substantial blocks of code over which they wish to assert their moral rights.

  6. Re: Fuck 'em by Anonymous Coward · · Score: 5, Funny

    This. I'm moving all my queries to expertsexchange.

  7. This is about money. by Etherwalk · · Score: 3, Insightful

    This is about money and maybe ego. A combination of what some shortsighted idiot thinks of as free advertising and maybe some ego-hungry folk involved in the decision-making who feel the need to be cited.

    And it will start moving every major company away from stackoverflow. You can't be putting snippets of other people's code in your product with attribution because you're going to be making lawsuits and licensing that much more complicated. People who worry about those things will use stackoverflow less and less.

    Stackoverflow has a great network effect from all the users. But stuff like this will make anyone who brings another game to town look a lot more attractive.

  8. Re: Fuck 'em by Anonymous Coward · · Score: 3, Funny

    Hell no. You'd have to cut off my balls before I would do that.

  9. Re: Fuck 'em by Crowd+Computing · · Score: 4, Funny

    This. I'm moving all my queries to expertsexchange.

    Is this the site where you post all your gender identity issues?

  10. Re: Fuck 'em by Anonymous Coward · · Score: 5, Funny

    Hell no. You'd have to cut off my balls before I would do that.

    That would be amateursexchange.com.

  11. Seems to me... by sycodon · · Score: 3, Insightful

    ...that if they require this, it is edging towards some kind of implicit acceptance of responsibility for that code.

    If I use code from a forum, offered freely, and burn down my stuff, it's on me.
    If I use code from a paid source and it burns down my stuff, it's on them.
    If I use code from a forum, but I have to attribute that code in mine, then ???

    I would dismiss that conclusion right off the bat. But you give some lawyers even the slightest rationale, it's off to the courts you go.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Seems to me... by Anonymous Coward · · Score: 5, Informative

      From the MIT license (similar wordings can be found in other licenses)

      the software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. in no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

      I'm pretty sure no damn lawyer can get around this. No sane lawyer anyway.

  12. Citation is a form of professional respect by celest · · Score: 5, Insightful

    Perhaps it's because I'm an academic and my use of Stack Exchange relates to my research projects, but I'm having a hard time understanding why people would object to citing the source of a snippet of code. I have always cited and linked to the profiles people who were kind enough to help me with my code on Stack Exchange, not out of license obligation, but out of professional respect.

    In academia, citing the work of others is commonplace. It's super easy to insert a comment in your code with a link. Putting the licensing and legal interpretations aside for a moment, why wouldn't you just want to do this out of respect for another professional?

    Reply to This Share Flag as Inappropriate

  13. Licensing someone elses code without permission by BitZtream · · Score: 5, Insightful

    99.999999% of the code posted to StackOverflow didn't originate with the person who's posting it.

    Most of it is just someone spitting out what they learned from someone else, and in most of the situations, the most upvoted answer is the common sense and only real solution to the problem presented, thats why it gets voted to the highest/accepted as the answer.

    SO doesn't really have the right to force a license on the code posted there, they are pretending to worry about people using the code, but ignoring the broken part of the people posting the code.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  14. Attribution is needed in source only, not license by Lothsahn · · Score: 3, Informative

    This doesn't sound onerous to me at all. It doesn't require anything in public documentation, help pages, or otherwise like the MIT license. It simply requires a single URL in a code comment.

    This sounds perfectly fine to me--in general, I and my team already does this because it's helpful to know WHY we chose a course of action, especially when it was complicated enough to require SO's help.

    http://meta.stackexchange.com/...

    What is reasonable attribution?

    A URL as a comment in your code is reasonable attribution.

    There are certainly other forms of reasonable attribution, depending on use, and you are welcome to go above and beyond what’s required and include username, date, and anything else if you like.

    You are also welcome to use the MIT License as it is traditionally interpreted: by preserving the full license with relevant fields (copyright year and copyright holder) completed.

    --
    -=Lothsahn=-
  15. This is the least of the problems with SO. by Anonymous Coward · · Score: 5, Insightful

    Of all of the problems plaguing SO, this attribution crap is the least important of them.

    The awful moderation is by far the biggest problem. It's so frustrating to ask a perfectly good question, get some good answers to it, and then later on some micropenised moderator comes along and starts muddling with the questions and answers just to make himself feel like his micropenis isn't as small as it is.

    Moderation online just makes things worse. Doesn't matter if it's SO or Slashdot or Wikipedia. Most of the time it's just an outlet for people with microscopically small genitalia to try to feel bigger and more important than they really are. In reality, they're just freaks with shrunken genitalia who have no value at all.

    1. Re:This is the least of the problems with SO. by uncqual · · Score: 5, Insightful

      With so little detail, it's hard to say for sure, but it sounds like you were likely wrong.

      First, the fact that something is flushed from a register is NO guarantee that it will be visible to other processors at any particular time in the future. Sure, most architectures and implementations with most workloads will move it "fairly quickly" from caches to 'main' memory shared by all processors. But "fairly quickly" is undefined - one instruction? Two? 20? Seven clock cycles? Six?. Worse, once the register is actually flushed to main memory by the processor doing the write, there's no guarantee that other processors will see the updated value when accessing the physical address at any particular time in the future -- the 'stale' version of the data may be sitting in L1 or L2 cache for an arbitrary period of time (and this is usually even longer and more unpredictable and, in my experience, the more common source of concurrency problems in code written by amateurs who have never carefully read even the memory model section of even one hardware architecture spec).

      Second, C makes no guarantees about when a register (or even what a 'register' is - esp. on a particular architecture) is flushed to to the L1/L2/L? cache/memory. Particular implementations on particular architectures at particular optimization levels may do so when you expect -- but they also may do something quite different.

      When you're programming in a high level language, you should adhere to the rules of the high level language and not make assumptions about how the compiler, runtime, and underlying architecture work as you have no idea when a new version of compiler, a new version of runtime, or a new revision of hardware etc will be used with your code and invalidate your assumptions -- and that's not even considering porting to an alternative architecture in the future.

      The fact that an OS vendor coded something a particular way does not mean that it's a good idea for you to do it. They know what hardware their OS targets (including multiple architectures, each of which will likely have different implementations of key concurrency control primitives) and will patch their code if needed. As well, in the case of Microsoft, both the microprocessor vendors and (to a lesser extent) system builders test their implementations on Windows before alpha release so if there's a discrepancy, either the hardware will likely be changed or Microsoft will issue a bug fix for that hardware. Note that the underlying OS even almost certainly has all sorts of "hacks" in it to get around errata in specific steppings of Intel microprocessors. Depending on the OS, just stepping through the assembly code for a library or system call may be especially misleading unless you have verified that that's really the code that runs on EVERY implementation of the hardware/OS etc.

      Of course, if you know that your code would never need to run on another compiler, run-time, architecture, implementation of the architecture (including clock rates, memory speeds), or even stepping of a microprocessor and you understand all the layers well (perhaps implemented them yourself) have at it -- but, please, do us all a favor and just write your code in assembly so it's clearer to those who may follow you what you did rather than leave others trying to guess what you assumed about the underlying infrastructure.

      For the rest of us that know things change, when writing in a high level language, be professional and follow the specs and use available OS libraries for synchronization needs where available. I've had to implement my own in the long distant past (including to replace a horrible implementation of CriticalSections back in the early days of Windows NT), but those days are mostly in the distant rearview mirror now that most everything has been multicore for at least 15 years.

      If you're even thinking about 'registers' when considering correctness of concurrency when programming in a high level language, you are almost certainly doing something wrong.

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  16. SO has required attribution for 8 years by shog9 · · Score: 5, Informative

    Before you freak out, you should read the license that's been in place on Stack Overflow since it was founded.
    Guess what: it requires attribution.
    It's not totally clear how that's supposed to work when applied to code, but it's crystal clear about the requirement itself. The proposed MIT change is aimed at making this more obvious, but... If you aren't already giving credit where it's due, then that's on you - the license has always demanded that.
    You might wanna read up on the "share alike" bit too...
    P.S. I work for Stack Overflow.

  17. Re:God... by i+work+on+computers · · Score: 3, Interesting

      I'm not a lawyer myself, but I can say from experience that, when a lawyer finds a comment somewhere in the codebase that says "//these next two lines of code are MIT-licensed", steam shoots out of their ears and every developer in the company has to attend an all-day meeting about it.

    This is absolutely common for many large commercial companies. I have several such companies as clients and getting any FOSS approved is a major process. In fact, one client preferred to send a check to one open-source project for a license even though legally it grants them no benefit. The project's website even says that the project "is in the public domain and does not require a license." Companies with large bankrolls will glady shell out thousands of dollars for some peace of mind.

    http://www.hwaci.com/cgi-bin/l...

    As a rule, I never used code directly from SO to avoid any licensing questions for my clients.

  18. Re:Citation is a form of professional respect by Okian+Warrior · · Score: 3, Interesting

    Perhaps it's because I'm an academic and my use of Stack Exchange relates to my research projects, but I'm having a hard time understanding why people would object to citing the source of a snippet of code.

    I take the opposite position - I wonder why people even bother with attributions for little scraps of paper, half-formed ideas, and answers to questions.

    For one thing, if it's on StackExchange it's common knowledge. Do you cite Newton or Euler when you solve an integral in your paper?

    Secondy, StackExchange doesn't cite *their* scraps of code. That 6 lines of code that connect to the SQL server - it's just information from the manual that the reader could have gotten for themselves. Does StackExchange cite the manual?

    Thirdly, it generates fear and doubt in the minds of pointy-haired bosses, thinking that an external license reference will dilute the software value. Possibly require the company to publish the code for anyone else to copy. (Whether this is true is irrelevant - it's the perception of many people.)

    Fourthly, the attribution is extra administrivia and work that adds nothing to the code. It has to be ignored and skipped over by everyone who reads or maintains the code in the future, it goes into backups and changelogs. It's litter for programs.

    Fifthly, there's no possible way that value or esteem can attach to the writer. Having some sort of value or utility is the reason that rational beings do things, so why should anyone bother doing something that could not possibly reward the writer?

    Perhaps it's because I've read too many papers that are a thicket of cryptic citations referencing everyone else's work, but with very little to add. For example, see Crumbum and Whoodle (1985), but Finnaster and Welsch (1992) take a counter position that might throw more light on the subject.

    For a relatively complete overview of the theory and reasoning behind citations, see Finbum.

  19. Re: Fuck 'em by Anonymous Coward · · Score: 3, Insightful

    This. I'm moving all my queries to expertsexchange.

    Why? What will happen if you don't? Are the source code attribution police going to come by and arrest you? You know what I'm going to do in response to this? Nothing. Absolutely nothing. We Americans have become far too accustomed to doing what we're told like good little boys and girls. Whatever happened to ignoring or getting around stupid rules and laws? Our grandparents and their parents did it, why don't we? In America anyone can sue you or your company at any time for any reason. Being a perfect bootlicker isn't going to change that. The chances of costly consequences arising from failing to attribute a line of code from SO is so low as to be unworthy of even a minute wasted thinking about it.

  20. Re:The smell test. by vel-ex-tech · · Score: 5, Funny

    have you tried hand-coding a web app from scratch these days?

    That was my hobby project for last weekend. I had trouble getting the strong nuclear force to condense from electroweak, then I divided by zero and the whole thing gravitationally collapsed! It took me a few hours to get the dark matter out of the carpet. I'll give it another try this weekend. I'm not certain if I should keep going with 11 dimensions or try with 9, but my problem is probably a set of fundamental operations in the number theory I'm using that gives division by zero a logically consistent value. I'll try again with infinity as an asymptote instead of a value and let you know how it goes!

    "In order to make an apple pie from scratch, you must first invent the universe." --oblig

  21. Re:Unenforceable and stupid by CrashNBrn · · Score: 3, Interesting

    Maybe SO should require their own cadre of geniuses to attribute their submissions/answers - which themselves are scraped from W3C, wikipedia, etc. Or the questions that are "self-answered" - just so said person can answer a question...

  22. Re: Fuck 'em by PRMan · · Score: 5, Funny

    It's where he posts all his queeries.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...