|
Copying and pasting the solution verbatim can expose us to licensing / copyright issues. Using Stack Overflow answers verbatim at the very least requires attribution, in the worst case can leave us having to open-source stuff we don't want to open-source. I've been at a company which, upon acquisition, had its codebases run through a scanner which picked up on and highlighted all of the unattributed usages of code in this manner. If I can google this code and find a stack overflow answer, so can that software, which leads to fun things involving legal teams at some point in the future. It was an absolute ballache to go back and replace all of those copy-paste jobs. The developer needed to either provide attribution or look at the solution, understand how it works and then write a sufficiently-different solution, neither of which he had elected to do. I much prefer the latter.
|
# ? Jul 30, 2018 16:53 |
|
|
# ? Jun 5, 2024 18:53 |
|
That makes sense.
|
# ? Jul 30, 2018 16:55 |
|
I swore at one point that Stack Overflow was going to change things to the MIT license but that decision was reversed at some point? Maybe? Follow through to read why wikis are a terrible idea because I can't figure out what the hell happened.
|
# ? Jul 30, 2018 17:25 |
|
What are the practical implications of these licensing issues? Is there really any chance that the author of the Stack Overflow code will find out that you're using his work in your company's private codebase?
|
# ? Jul 30, 2018 19:42 |
|
The same implications for using any third party code in violation of its license terms. i.e. probably not much until it really bites you in the rear end or legal / compliance notices. That said, you shouldn't be knowingly doing so anyway despite that if you want to pursue a career in software development.
|
# ? Jul 30, 2018 19:49 |
|
Back at a previous job, I had a coworker incorporate a bunch of GPL code into a binary that we would have then distributed. I'm pretty sure my boss wanted to kill the project, because I got the task of reviewing the code for potential problems. I brought up the GPL code and said we would absolutely have to redistribute the source. The coworker who had been developing the project followed me back to my desk and angrily called me a hypocrite because of all the open-source tools we used every day for development. I tried to explain that we weren't distributing binaries based on that code and that made it a different issue, to no real effect. Eventually, I had to ask them to just please leave my desk area. We could have easily distributed that binary and had somebody catch us on it, because our version was only trivially different than the one on SourceForge or wherever. Thankfully, the dumb project only worked in IE using ActiveX and my boss used that fact and my testimony to kill the thing. I ran into that coworker around town last year and didn't think fast enough to give them a fake phone number when they asked!
|
# ? Jul 30, 2018 19:59 |
|
Being the coding horrors thread I just assumed you thought there was something wrong with the code and I didnt even think of legal issues. Of course, its plausible to say the licensing thing is a coding horror, it's just not where my mind went in the context.
|
# ? Jul 30, 2018 20:07 |
|
qsvui posted:What are the practical implications of these licensing issues? Is there really any chance that the author of the Stack Overflow code will find out that you're using his work in your company's private codebase? Even if that author will never care, if the company ever wants to enforce its intellectual property on other companies, they'll have to show that they're in compliance themselves.
|
# ? Jul 31, 2018 01:42 |
|
qsvui posted:What are the practical implications of these licensing issues? Is there really any chance that the author of the Stack Overflow code will find out that you're using his work in your company's private codebase? Your company's private codebase becomes involved in a service you sell to Some Big Company, Some Big Company makes it a condition of purchase that all the code is properly vetted to ensure they don't end up with legal complications, now the code being used without clear origin in your codebase but what appears to be identical code online risks losing the business.
|
# ? Jul 31, 2018 01:53 |
|
Pollyanna posted:Ah, another that believes in successful failure! My brethren! We have to do this with one of the vendors we interface with since they apparently are unable to change their code so it's upon us to return success when their system sends invalid data so that it doesn't trigger even worse behavior. So on our side it's labeled something along the lines of FAILED_SUCCESS. duz fucked around with this message at 02:11 on Jul 31, 2018 |
# ? Jul 31, 2018 02:08 |
|
Thermopyle posted:Being the coding horrors thread I just assumed you thought there was something wrong with the code and I didnt even think of legal issues. Well depending on the exact example, it's generally a red flag for a developer to be copying code from StackOverflow with absolutely no modifications. Usually it will make sense to refactor it slightly to fit your project, rename some variables so they make more sense in your specific implementation, etc. That's not to say it's wrong per se, just that it would raise an eyebrow with me during code review. putin is a cunt fucked around with this message at 02:37 on Jul 31, 2018 |
# ? Jul 31, 2018 02:34 |
|
Whenever I copy code from StackOverflow, I at least read and type it out again, so it feels less like plagiarism (to myself.)
|
# ? Jul 31, 2018 03:28 |
|
xtal posted:Whenever I copy code from StackOverflow, I at least read and type it out again, so it feels less like plagiarism (to myself.) Never hurts to get some typing practice in there.
|
# ? Jul 31, 2018 04:03 |
|
xtal posted:Whenever I copy code from StackOverflow, I at least read and type it out again, so it feels less like plagiarism (to myself.) I do this too. I find writing it out forces me to understand it better, and makes it more obvious where it can be adjusted to fit the situation more.
|
# ? Jul 31, 2018 04:47 |
|
How much code does it need to be copied to become a legal issue? Just today I copied 3 lines, since gently caress if I was able to figure out how to use boost::iostreams correctly. 3 lines was all I needed, pretty much without modifications (a var name) and I was on my merry way.
|
# ? Jul 31, 2018 05:33 |
|
TooMuchAbstraction posted:Bingo. Licenses on Stack Overflow code are IIRC down to whoever made the comment, and since most people aren't putting a "the above is all subject to GPLv2" or whatever in their comments, that means they retain full copyright rights (IANAL, TINLA). [citation needed]
|
# ? Jul 31, 2018 05:52 |
|
Volguus posted:How much code does it need to be copied to become a legal issue? Just today I copied 3 lines, since gently caress if I was able to figure out how to use boost::iostreams correctly. 3 lines was all I needed, pretty much without modifications (a var name) and I was on my merry way.
|
# ? Jul 31, 2018 06:20 |
|
brap posted:[citation needed] What's in doubt here?
|
# ? Jul 31, 2018 06:21 |
|
Volguus posted:How much code does it need to be copied to become a legal issue? Just today I copied 3 lines, since gently caress if I was able to figure out how to use boost::iostreams correctly. 3 lines was all I needed, pretty much without modifications (a var name) and I was on my merry way. There’s just one way to do that declaration correctly, right? That’s a big difference legally.
|
# ? Jul 31, 2018 06:25 |
|
hobbesmaster posted:There’s just one way to do that declaration correctly, right? That’s a big difference legally. Exactly. Like that linux-sco trial, I don't think that using a piece of code that can only be written in one way (in this case how to correctly zip an object via boost serialization and iostreams) can land one in trouble. Then again I'm not a lawyer.
|
# ? Jul 31, 2018 06:31 |
|
Volguus posted:How much code does it need to be copied to become a legal issue? Just today I copied 3 lines, since gently caress if I was able to figure out how to use boost::iostreams correctly. 3 lines was all I needed, pretty much without modifications (a var name) and I was on my merry way. IANAL, but far as I am aware the answer is basically "it depends". Technically, copyright isn't limited to direct copy-paste. If you solve the same problem in a way that is substantially similar to the code you read then what you did is automatically a derivative work unless you can prove that there is essentially only one way to solve the problem (in which case that one solution is in the public domain unless patented). See the AFC test. In the case of using boost::iostream, it's probably a safe bet that there's not a ton of freedom of expression about how to directly use it and any given 3 lines concerning it are in the public domain. Practically, no one will ever know if you copied 3 lines and there's no way to tell. That said, you should be very, very careful with more complex things. There are definitely people who take the GPL very seriously and routinely scan publicly available binaries for violations, for instance. If some paper presents some cool new tech you want to implement for your company, and they have a sample demo application, and that sample application is GPL:d, then reading through that sample before you do your own implementation is a legal liability that makes it harder for your lawyers to prove that you did not produce a derivative work.
|
# ? Jul 31, 2018 06:43 |
|
You're all making a huge assumption about the legal side of software though. You're assuming that stuff like copyright infringement, etc. operate on matters of fact in the US, and that by not copy-pasting code, etc, you're somehow not going to be OK if you get sued. In truth, the legal system in the US wrt software patents is Dragon Ball Z with words. I've spent like thousands of hours dealing with patent search and legal coming up with such brilliant finds as "hey, someone has a patent on a context menu having a right arrow indicating where your sub-menu is, change your design", or spending days in court trying to define what a slider menu is. Keep in mind that one of the big reasons Microsoft lost United States v. Microsoft is that there was an entire defense and jury filled with people who didn't understand what ActiveX and COM were and didn't care - I'm not trying to defend Microsoft here but if you read through that case after learning how all that stuff works, you will be angry. Anyway the stuff about the copy-paste from stack overflow vs. rewriting the code is basically just superstition imo, if they want to sue you, law finds a way - although to be honest, I would rewrite and attribute just to avoid any possible exposure to the law again, because gently caress, superstition is better than hopelessness.
|
# ? Jul 31, 2018 12:22 |
|
I'm in the UK so I'm sure stuff is different, however, the legal implications, particularly for proving intellectual property on an acquisition, is definitely a real thing that I've gone through. It turns out that people don't like the idea of buying a product if enough of it isn't actually provable to be yours to sell. We were under that threshold, but only because my superiors were actively cautioning against the practice. Setting the letter of the law aside for a moment, using someone else's work without attribution or otherwise in contravention of how the original author wishes it to be used is 100% unethical, and I want our team to be ethical in what they do. As such, I advise them that they should understand the code they read and try to write their own implementations where possible. I'm obviously not talking about one-liners that literally is 'what framework call do I use to do (x) thing', but more about whole functions that are just dumped in verbatim.
|
# ? Jul 31, 2018 12:53 |
|
Also operating under the presumption that the SO answer wasn't copied and pasted, from like mozilla.org or msdn's examples, someone's public repo, or even some source they have access too, but didn't write. I've seen x++ answers to questions where the solution was just copied from some part of AX. The whole thing is a dumb mess.
|
# ? Jul 31, 2018 12:57 |
|
As I sit here thinking about it I think I very rarely copy stuff from SO. I use it kind of like I use Wikipedia...as a springboard into understanding something.
|
# ? Jul 31, 2018 14:20 |
|
Thermopyle posted:As I sit here thinking about it I think I very rarely copy stuff from SO. Yeah, more of an issue than licensing, I think (which I was semi-joking about), is if the developer is copy-pasting code without even rewriting it, it's a sign that developer either didn't really understand the problem or, worse, didn't understand the solution.
|
# ? Jul 31, 2018 15:39 |
|
Naughty by Nature - O.P.P. except it's O.P.C. (Other People's Code)
|
# ? Jul 31, 2018 17:06 |
|
Bruegels Fuckbooks posted:I've spent like thousands of hours dealing with patent search and legal coming up with such brilliant finds as "hey, someone has a patent on a context menu having a right arrow indicating where your sub-menu is, change your design", or spending days in court trying to define what a slider menu is. good job with your treble damages
|
# ? Jul 31, 2018 22:22 |
|
The closest I got to a patent dustup was planning for consumer electronic device. There were two law firms involved, one who'd actually gone and read the patents in the space, another they'd summarized their findings to and could talk to us about it. The idea is you can plan out a product while avoiding the icebergs without tainting your eyes by actually looking at them. There's a gargantuan in that space, household name kind of thing, and they had IP covering a lot of aspects of the thing. Whenever you'd get to a really fine point of a question the two firms would start bouncing it back and forth and it would get into the philosophical/abstract quickly. "What is a switch even?" The answer that finally ended one particular rathole was "I dunno. Do you really wanna be in court 2 years from now arguing about a switch?"
|
# ? Jul 31, 2018 22:32 |
|
Suspicious Dish posted:good job with your treble damages maybe I'm just bitter because we just finished losing a software patent case that was complete bullshit and we did all the loving rituals and voodoo, it didn't matter, and i got personally reamed out about it today. Like no one could find prior art for a loving slider bar in an application.
|
# ? Aug 1, 2018 02:39 |
|
AstuteCat posted:Oh hey, a pull request from a team member fixing a bug, awesome.
|
# ? Aug 1, 2018 12:53 |
|
I've got a file with like 8 different tests in it. They all fail. When I remove 3 of them the rest of them pass. I can't figure out what state is persisting between test runs to cause these tests to cause the others to fail. Spend hours on it. Give up, rewrite the three tests from scratch without referring to the original tests. Everything passes now! Now I've got a nagging feeling that I've missed something.
|
# ? Aug 1, 2018 15:47 |
|
Bruegels Fuckbooks posted:You're all making a huge assumption about the legal side of software though. You're assuming that stuff like copyright infringement, etc. operate on matters of fact in the US, and that by not copy-pasting code, etc, you're somehow not going to be OK if you get sued. In truth, the legal system in the US wrt software patents is Dragon Ball Z with words. I've spent like thousands of hours dealing with patent search and legal coming up with such brilliant finds as "hey, someone has a patent on a context menu having a right arrow indicating where your sub-menu is, change your design", or spending days in court trying to define what a slider menu is. Keep in mind that one of the big reasons Microsoft lost United States v. Microsoft is that there was an entire defense and jury filled with people who didn't understand what ActiveX and COM were and didn't care - I'm not trying to defend Microsoft here but if you read through that case after learning how all that stuff works, you will be angry. Anyone can sue you for anyone reason, though. The point of not copy-pasting code is not to prevent yourself from getting sued; it's to prevent being told by a lawyer that you need to go back and change your code.
|
# ? Aug 1, 2018 20:56 |
|
Thermopyle posted:Now I've got a nagging feeling that I've missed something. writing_tests.txt At least it isn't my company where half of the checked in tests just auto pass with a todo to write later to appease branch policies. Also, my company has an effort to increase unit and integration test counts but never wants to schedule a meeting to teach the developers how to actually write tests. Coincidence?
|
# ? Aug 1, 2018 20:59 |
|
Thermopyle posted:I've got a file with like 8 different tests in it. Me: why is this test failing now? None of the test code or source code changed! Me 6 months prior: let's test this function with today's date and a date in the future like say 6 months from now
|
# ? Aug 1, 2018 21:20 |
|
Rubellavator posted:Me: why is this test failing now? None of the test code or source code changed! This but literally 10 years
|
# ? Aug 1, 2018 21:24 |
|
It shouldn't matter which dummy dates you put in your tests, because you should use a dummy for the current date as well.
|
# ? Aug 1, 2018 21:31 |
|
One of our tests needed a date in the past, so when we wrote it we just used yesterday. A year later it's failing because the validation is going "uh, are you sure you meant a date that long ago? I think you made a typo."LOOK I AM A TURTLE posted:It shouldn't matter which dummy dates you put in your tests, because you should use a dummy for the current date as well. Depending on the level of realism required (and on how diligent you are about plumbing in dependency injections), integration tests can't always easily mock the current time. However, they should absolutely be capable of calculating an appropriate time to use at runtime.
|
# ? Aug 1, 2018 22:39 |
|
PHP code:
ci server posted:all good here yo
|
# ? Aug 2, 2018 01:39 |
|
|
# ? Jun 5, 2024 18:53 |
|
itskage posted:
Ugh, this sucks balls when it happens. "Yeah it turns out we accidentally disabled an entire test suite and the CI server is either misconfigured or just flat out too stupid to distinguish between passing and skipped tests."
|
# ? Aug 2, 2018 02:54 |