I built Excel for Uber and they ditched it(basta.substack.com) |
I built Excel for Uber and they ditched it(basta.substack.com) |
This should be taught in classrooms.
Excel is the easiest way for business-oriented people to make numerical decisions, run incentive campaigns, segment riders and drivers, produce reports required by cities, counties, states, etc.
The data teams providing market intelligence to the various markets, of course, knew about servers. But they would not have the time or skill to setup something like this, and the business still had daily data needs. So the laptops it was, for a time.
The head of finance may have burned most of the opex budget and devops bandwidth on the Vertica and/or other DB service(s) they were using.
[0]https://www.forbes.com/sites/ywang/2016/09/27/ghost-drivers-...
how many people there were at that point, @bastawhiz?
y’all seriously believe that the only valid reason for an engineer or a programmer to exist is to “create *bUsiNess~ value”? i’m shaking my head.
this blog post is full of ideological blindness.
Learning how the Excel model worked and then reimplementing it would have been a better example of 'getting better at using your skills to create business value'.
However, while the ExtJS table widget had been treated by product management as pretty immutable "this is what ExtJS gives us, we can customise the colours and wording and that's it", the idea that we could customise the table widget started something amongst one of the PMs. And so we would get a constant stream of feature requests for the table widget to add stuff and enhance it and soon we were significantly more featureful than the ExtJS widget. It's still, to this day, the most featureful table widget I've seen in a web app. Everything Excel had in terms of resizing tables, sticky columns, scrolling behaviours, sorting, filtering, searching, etc., all saved in your config so it was synced across all your devices, as well as all the performance goodies like recycled rendering etc. The constant stream of feature requests meant there were dev team years invested in this table widget.
As a more mature engineer looking back, it's clear that at some point this had stopped being about customer value and more about one PM's obsession with getting excel like functionality in a in-browser reporting tool, but at the time we just kept building those features.
Now at this time, our company had acquired a sort of competitor of ours. This competitor had what was effectively the same product, but in a different market. And so the first merger of the functionality was basically to reskin both applications so they would pretend to be tabs in a unified application, and change some terminology, etc. They actually did happen to have a pretty similar tech stack to us, so some newer components were available in both applications.
But it became clear that our users were not happy with two applications pretending to be one. They wanted to know why this other market was not accessible by, say, a dropdown in the configuration, and not an entire application which worked in different parts from subtly differently to entirely differently.
So the discussion became about building a ground up unified interface for both of them. Of course, this ignited the discussion of "which table component do we use?". On the one hand, the acquired team were looking at our table, with it's fifty billion options and single handedly accounting for half the page weight of the minified JS of our application and did not want something so bloated. On the other hand, our team were looking at their table widget which was effectively "for row in data, for column in row, print td" and dreading having to rebuild all these features for product management again.
Ultimately the conflict was resolved by choosing to use an open grid that had less features than ours but more than theirs and telling the PM in question that table features were going to be prioritised much less heavily from then on unless there was a real user need for it.
Instead of doing some Excel Goal Seek or Solver or VBA macro, it's nice to let the excel "reactivity" handle it for you.
After enabling iterative calculation and manual calculation, every press of refresh runs a loop. Fun stuff.
Box had a collaborative note-taking product called Box Notes (based on Hackpad).
Slight correction: Box Notes was forked off etherpad-lite. Hackpad was a parallel fork of Etherpad.
[context: I was lead engineer on Box Notes till around 2014/2015. I left before the events @bastawhiz described]
nice read. made me nostalgic for the wild days of Uber-China hacking.
2) You stole Box code, used it at Uber, and then stole Uber code and posted it on github. I understand no one's using the code or missing that code, but you really did steal that code. It belongs to the company, not to you. I would be careful not to do that in the future, because technically that's a trade secret and people have gone to jail over that, like that programmer at Goldman Sachs (wrongfully) and ironically Levandowski who took Google code and tried to use it at Uber.
This is the story of literally every single large project I've done under a tight deadline in my career:
- Some non-technical department (usually sales) promises a customer something very big very soon, with no regard to how much time might actually be needed to build it. Fulfilling this promise "on time" is now your problem, Engineer.
- Months are spent frantically building said Thing, working overtime, burning out engineers, and bastardizing the previously clean codebase in the rush.
- The deadline is met, and no customer uses Thing for at least several months. Or the deadline is not met and customer waits for Thing as long as it takes, because they're not going to blow up a big contract or integrate with your competitor instead of waiting another month. They have too much invested and the deadline wasn't that important anyway. The third possibility, as it was in OP's case, is that Thing gets thrown away in its entirety due to some fateful turning of the organizational wheels.
I swear, almost as if by some karmic law of the cosmos, literally every frantic deadline turns out to be irrelevant in the end, and you should have saved your sanity and gone home at 5 every day for the last 6 months.
If this is life or death, then the first reflex should be to find ways to make things simpler to ship. I understand that the requester in this case was a head of finance, but sh*t, if you want something, try to compromise once in a while.
This is a great story, but at some point as an engineer in a gig-selling company, I would have asked myself if my job was really to re-build excel.
Ha! I massively identify with this. 'The market-wide median is off by £3.07' is a much harder but to crack than the 'worse' report that 'the median is twice the max and the min is null'.
https://learn.microsoft.com/en-us/sharepoint/dev/general-dev...
W
T
F
> Uber Sheets
Hee hee, this name is funny on a number of levels :)
You imagine correctly, to my knowledge. Western companies in China have to be 51% Chinese owned, on paper.
In reality, they own 100% (plus or minus diplomatic relationship issues), they just haven't asserted this right yet.
This is just my opinion: Uber could never have won in China, and Uber's management likely knew this, but the story of China was needed at the time to drive company valuation and allow the "hockey stick" dashed line of future growth to be plausible.
There are simply too many potential problems that could come up in this scenario and be the cause for catastrophic financial results in the end. And most of them wouldn't nessecarily be easily found via unit tests.
which of course leads to what some people are saying, did this have to be built? Sometimes I think our job is to optimize ourselves away.
Makes me wonder how many times this has been done haha.
This is so true. People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis. I was responding to an unrelated breach at an unnamed tech company back in mid-2000s time frame and had a side bar conversation that went like the following:
Them: "Yeah, we just opened a tech center in Xinjiang and ... wow, we've had quite the rash of lost ID badges there recently"
Me: "Have you considered that they're not 'lost', but rather 'sold' for profit?"
... silence ...
I don't know if executives are aware but just don't care, or if they're simply incompetent, but China has productized industrial espionage on a massive scale. GE Aviation was a victim more recently: https://www.cincinnati.com/story/news/2022/11/16/accused-chi...
I've watched key, core engineers and technical leaders work for US and European companies, develop their next generation products, then turn around and design and develop essentially the exact same thing for the Chinese market. They then build a company, in China, that makes essentially the same product, but for the Chinese Market, and with Chinese investors, etc.
Examples: Thoratec/Abbot Heartmate III & CH Biomedical
Auris/Verb/J&J Robotic & Digital Solutions & Renovo Surgical
The ironic thing, is that some of these companies after success in China are working to sell and be competitive in the US and Europe.
It's not even secret or under the table anymore, it's overt and largely accepted as the way it is in our industry. A brave new world.
The other factor, is that it is very very difficult for a foreign company to do business and protect their assets in China, so often the wise companies don't even try. They often just license their stuff for the Chinese market to a Chinese company. That way they at least have a chance of not having it all just stolen.
To be honest, the way you put ut, the story feels OK to me.
There are many truly bad examples, e.g. the arm china story, but engineers doing their thing is not one of them.
What alternative is there? The only protection there ever was for taking business secrets was patent enforcement, civil lawsuits or prison. If a foreign government won't cooperate on any of those things, what can you do?
The only answer humanity has ever come up with is something like a government intelligence agency, where everything is obfuscated by clearance levels and need to know compartmentalization, and any violations are handled criminally, with armies of full time counter espionage people. That just wouldn't work in the corporate world.
Just out of curiosity: can't these companies be sued by the IP holding company when they try to sell outside of China, and be forbidden to sell their products in US and Europe?
I still remember the agency I worked for getting in an industrial designer to create some beautiful cases for some iBeacon hardware we were building. They looked great.
We organise a Chinese company to do the injection moulding and are sent samples that look pretty good, so we decide to use them. Few weeks later we see OUR cases on Alibaba/Aliexpress.
The West/other countries aren't perfect either, but that's not what we're talking about here. _Everyone_ I know who has worked with Chinese manufacturing/businesses has a "they ripped us off" "they sold our hard work to someone else" "they provided lower grade x than was agreed".
And the counterarguments always come down to: "yeah but the West does X" or "you're just being racist".
Chinese companies, especially the ones that do business on Ali-X _LOVE_ this as they can get the IP and use it for $0 and then undercut the original producer of the equipment. Plenty of makers find that their designs on Tindie etc are ripped off and appear on Ali, too.
Snowden revealed, among other things, that the NSA did state espionage on Brazil's state oil company, Petrobras
https://www.nytimes.com/2013/09/09/world/americas/nsa-spied-...
https://www.theguardian.com/world/2013/sep/09/nsa-spying-bra...
https://g1.globo.com/fantastico/noticia/2013/09/nsa-document...
International relations are based on reciprocity. I sincerely think that if the US didn't think that industrial espionage would be a legitimate activity of intelligence agencies, they wouldn't practice it themselves.
Yes, agencies would be very excited for this sort of capability. Do they get it as a matter of course that easily? No. There are layers of accountability, legal authorities, and (warranted) push back from commercial entities.
https://www.nytimes.com/2017/03/03/technology/uber-greyball-...
https://www.theverge.com/2014/8/12/5994077/uber-cancellation...
See for example the case of DEAR systems, which is a cloud-based WMS that is particularly useful for intelligence as to how much (US) importers are paying for worldwide goods, and what is the cost of shipping from A to B.
It was bought by a chinese company not long ago. That's 1 example.
https://www.prnewswire.com/news-releases/cin7-acquires-dear-...
Except if you're arguing that western companies are bound by stronger ethics, in which case I'd like to see some evidence.
I wouldn't say people in the west are "better people in their hearts" but they absolutely follow more strict norms regarding honesty and theft. This is one of the main reasons why companies pay a premium for workers in the west when they could hire from other places.
One example: accounting scandals in the US are rare. I don't think anyone trusts accounting figures for public companies from India or china.
> in which case I'd like to see some evidence.
The alternative to trust is enforcement. The evidence you are looking for is the prevalence of the latter principle in systems that deal with things of value.
Though I cannot provide evidence for this offhand beyond anecdote and the corruption perception index.
As soon as they start playing along and seeing this stuff in an alarmist way, they'll turn the narrative and report on it constantly.
Since I also wear a security hat, when doing code reviews, architecture and devops stuff, it is surprising how much stuff regular developers never think about in regards to security.
Back in my day this was called "competition" and worked for the consumer, not against them. I find the espionage factor to be theatrical hogwash trotted out by the corporate types. We americans love competition, right? Stfu and compete.
> Sometimes that’s just how it is. The devops saying “Cattle, not pets” is apt here: code (and by proxy, the products built with that code) is cattle. It does a job for you, and when that job is no longer useful, the code is ready to be retired. If you treat the code like a pet for sentimental reasons, you’re working in direct opposition to the interests of the business.
A lot of code is fun to write. A lot of problems are fun to solve. But a business, especially a startup, needs to stay razor focused. My entire career is effectively to sit in meetings and tell young, passionate engineers not to build things. It’s a bit depressing, but it’s also vital.
A good engineer can solve any problem with clever code. A great engineer knows what problems aren’t really problems and probably an XLS download link updated daily would have been fine.
My idea was to take this code and spruce it up for Uber’s use case."
"My first reaction was to publish the code on Github."
I’m very surprised by this, isn’t the code property of Box, or Uber? The author does not mention their authorisation before releasing it under MIT license.
I can't believe it either, and I don't mean this in a good way.
Apache POI lets you run headless Excel. You import and interact with sheets programmatically in Java. We used this in my old workplace for exactly the same reason (functions, cell references, the whole thing), it worked great.
You found the ‘circ’ problem with a bit of luck. What about all of the other hidden little quirks of Excel that you would ultimately run into down the road? Are you really going to build and maintain a full blown Excel clone in JS? Is this really the objective of the frontend team?
It seems to me like a bit of googling and >90% of the work here could have been avoided. As an added bonus it would have been done by the backend team instead.
They eventually built a homegrown "Excel" clone as the UI for their model because "city teams only know how to use Excel".
I would have done it the other way around - connected Excel to the data output by the model so the "city teams" could continue to use real excel. I think most finance teams do something like this.
Yeah except:
“When you click in the cells of the spreadsheet you can see the formulas. You shouldn’t be able to do that.”
“You said to make it just like Excel.”
“People working for Didi apply for intern jobs at Uber China and then exfiltrate our data. We can’t let them see the formulas or they’ll just copy what we do!”
> Unless you're familiar with iterative calculations, you probably won't want to keep any circular references intact. If you do, you can enable iterative calculations, but you need to determine how many times the formula should recalculate. When you turn on iterative calculations without changing the values for maximum iterations or maximum change, Excel stops calculating after 100 iterations, or after all values in the circular reference change by less than 0.001 between iterations, whichever comes first. However, you can control the maximum number of iterations and the amount of acceptable change.
I created a whole programming language as an intern for <defense megacorp>. It was lazily evaluated and garbage collected. Unquoted MAC addresses were valid syntax, among other application-specific oddities. No bytecode or JIT shenanigans - the interpreter just pushed and popped stuff from a stack as it traversed the parse tree, and that was fast enough for what we were doing with it. The interpreter was written in pure ANSI C, and Valgrind was very happy with it. Maybe it has been totally forgotten, or maybe it became critical to their technical infrastructure. That code never left the airgapped lab where I wrote it, so I have no way of knowing. 3 years ago, as a recent college grad, that was by far the coolest piece of "actually useful software" I had ever written. It's still high on the list. Sometimes I wonder whatever happened to it.
This spoke to me.
However, as anyone that has looked at my code can attest, I tend to also want my code (and its functionality) to be very pretty. I'm generally writing code that I will be maintaining, so it needs to be something that I can look at, in a year, and understand.
I'm currently in the final phases of a project that I will never announce here, and don't plan on taking much credit for, but it really is da schizz. It's that way, because no one is paying for it, and no one will make money from it.
Money both spoils everything, and also makes it all happen.
A director asking for an exact spreadsheet to be the UI would have been par for the course, especially during the Uber China days. Heck, I personally loaded FX prices into Vertica from a spreadsheet emailed every month to the team. That process remained for more than a year as there just wasn't enough bandwidth to invert the control as automated ingestion.
Thanks for digging up these memories, @bastawhiz. I'd love to see more. :)
I worked on all this at Uber back then, and this comment warmed my heart a bit. Thank you.
I will never do that again. We didn't build a whole spreadsheet engine, but we did build a web UI that simply doesn't do as much as Excel. Excel is powerful. Sometimes it's a fine tool for the job. Our team was laid off before we could roll it out, but I remember the growing sinking feeling of "I would hate using this if I already had a bunch of habits built up in Excel"
It would have been less fun but way, way less risky to wire a headless Excel up to a javascript front-end.
I won't say there wasn't risk, but there was quite a bit of testing and a human always made the final call anyway (I never fully understood why we didn't eliminate humans from the processes altogether).
The question is, if you do some work, in your own time, on your own equipment, does your employer own it just because the employment contract says they do?
In California: if the work in any way relates to the employer's business, then yes, they own it. One way to guarantee that it relates to the employer's business is to bring it into the office and use it as part of your job. If your employer is Apple or Google or AWS or Microsoft, then probably anything you write would in some way relate to their business. Write spreadsheets by day, but games by night? All of those companies make games, or are in the games business.
I would love to hear a lawyer say, "Well, it doesn't matter what the employer does, it only matters what your job duties are, so writing games at night is fine if they don't pay you to work on games related things during they day." But I've never been told that by a lawyer, whether I paid them or otherwise.
Everywhere else in the USA: they probably own it. You could write software for washing machines, and write a video game, and if your contract says they own everything you write then they do. You signed it. There's no "but surely not!" defense.
I would expect this to be a library somewhere.
> import it to employers machines
How would you prove that you write the code long before getting hired by them?
Why anyone would run the legal risk of stealing IP from their old employer, to benefit not themselves, but to benefit their new employer... is beyond me.
> “Why can you see the formulas?”
> “You said to make it just like Excel.”
I can't keep up with the espionage story that followed but I had this conversation more than once in my professional career.
The first time I sat as a junior dev on a multi-month project replacing a excel spreadsheet for financial controlling of data centers that only one person who was going to retire understood with a web-based solution.
They were quite proud that they were going to get a "modern" solution.
Then they wanted me to make it like excel. What followed was evaluating every fricking excel JavaScript library out there at this time, going for one and started duct taping all the missing pieces.
They were pleased but the look was off. It wasn't excel. I slapped some styles on it coming quite close.
I was not prepared for what happened during the next presentation: They hated it because they wanted a modern web based solution (their words, not mine) and what they got was a poor excel knockoff running in their Internet Explorers. Tables are so 90s.
I remember the pain so vividly that I regard "just make it like excel" as some kind of forming meme for my career till today.
Not surprised he implemented a partial implementation of excel so quickly.
I'm disappointed in myself that I somehow got through most of the article without realizing who the author was (thanks Firefox reader mode); especially since the naming of Wesley and Crusher is too good. Of course it was Basta! Of course it was!
If I were hiring for an early stage startup, I know exactly which of you two I would want to hire.
> "Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day."
...
> "Apparently that was a thing. I remember being only half-surprised at the time. I hadn’t considered that our threat model might include employees leaking the computations used to produce the numbers in question."
...
> "My first reaction was to publish the code on Github."
Perhaps the author feels "only half-surprised" due to their own disregard for corporate legal ownership of code. The hypocrisy is strong here.
Spoiler alert: It turns out they were fulfilling a Babylonian prophecy the whole time. The whole development cycle was a complicated sacrifice to Marduk.
The problem with porting the code to JS is that a.) nothing is named, b.) there's no real way to organize the code you've written because you're going from a spatial way of organizing code to imperative script, and c.) the actual design of the spreadsheet wasn't known to any engineers (it was designed by a data scientist, or perhaps an analyst). The work of translating would have meant really understanding what the thing is so that it can be turned into functions and modules. It also would have still required getting Excel function equivalents, since there's not a 1:1 equivalence between Excel and what's available in the JS standard lib.
The circular reference thing would have definitely thrown me for a loop though.
The solution was not to recreate Excel in the browser, but ran the Excel file with its formulas and its data plus the input parameters from end users at the backend server. Apache POI was a nice Java library that could do everything on an Excel file. Once it finished the formula calculation, I just read the cells from the Excel file to extract the result data and generated the web pages to present the data and graphs.
One nice benefit was the analysts could update their work in the Excel file, uploaded it to the server, and got the new calculation reflected on the web pages right the way.
Like almost every spreadsheet before it: Lotus 1-2-3, Borland Quattro Pro, VP Planner ...
Spreadsheets iterating on circ references goes back to the 1980s.
The first spreadsheet application, VisiCalc, didn't track dependencies: it evaluated cells left to right, top to bottom, IIRC.
Microsoft had a product called Multiplan that competed with VisiCalc. Not sure if that did iteration.
I think it used to be a setting in some programs whether circular references are flagged as errors, or iterate. Maybe it's still that way in Excel?
http://web.archive.org/web/20130606222859/http://thomasstree...
Inspired by that, an even smaller one: https://jsfiddle.net/ondras/hYfN3/
The latter catches circular references rather than trying to calculate the fixpoint
You can't drive Excel from Python/Rust/etc (Microsoft just announced to great fanfare that Excel can call Python--which is the wrong way around). All the editable table widgets for the web seem to suck. Nobody seems to have a TUI which you can drive from an external program.
A poorly written spreadsheet with a driveable API seems like a component that has been built multiple times by lots of people yet seems to be unavailable.
Is there some solution that I'm missing?
How do you cause users to even discover that Python app, or feed an input to it? Of course the spreadsheet software is an obvious candidate for the primary UI.
This haphazard way of running compute jobs really stuck out to me. I can't imagine doing things this way (rather than having a central compute cluster running SLURM or similar) at a company bigger than, say, a dozen people - much less the scale of Uber. What's the rationale? Even if it's just a cluster of 3 or 4 machines in a rack shoved in the corner, isn't that better than ... laptops?
The lesson of what you build for a company as something that may be thrown away is a good one.
However, I believe the only way to actually have a sacred masterpiece is to own the company and make the company's mission to build that sacred masterpiece. For example, there are definitely business opportunity for converting excel sheets to online apps that are collaborative.
The core problem is alignment between the tech investment and the company's goal.
When I was 24, I was pretty much exactly this person. "Building a spreadsheet engine that runs in a browser. Sounds like so much fun!" And then I'd slog away at it for a month and get something working.
Now though, with age, I know I can't chug away coffee working late into the night. My back hurts when I have to sit too long. My wrists aren't being too kind to me these days either.
Now if someone asked me to build Excel I'd first laugh in their face. And if I don't see them smiling, I'd ask if they can afford any of these A,B,C...Z COTS products that are doing this that we can just buy. And if none of those work out, I'd look for how I can take something like ethercalc and repurpose it for our use case.
Looks like the older I get, rather than writing code, I seem to be getting more adept at how not to write it.
This was the single most impactful thing I learned in my early career. I was building out monitoring systems for an in-house service we hosted on site. My boss wanted to buy some small utility to keep tabs on some minor aspect of our environment. I was a bit offended -- I could have written that myself and here he was paying someone else to do it!
He asked: "How long would it take you to write and test this?" Me: "Probably a week. Maybe a bit less, maybe a bit more if I run into something tricky." Him: "Okay. This tool will cost us $500 to buy. What's your hourly pay rate for 40 hours?"
With this I achieved enlightenment. I've never again built something at work that I could buy cheaper.
This argument makes sense, but I worry that it’s a bit short-sighted. There are a lot of metrics that are hard to quantify where it might end up better: for one thing, I’ve found that integration costs and maintenance of integration of third-party systems are routinely underestimated: I’ve implemented “buy” for various systems where the work to integrate was essentially the work to build. The cost of learning a proprietary toolset rather than developing experience with open tools. The cost to the industry as a whole when something like AWS or React becomes the unreflective default choice.
I like your story of enlightenment though! I guess if you could genuinely build and maintain something cheaper, then why not.
> (from the above comment) - A good engineer can solve any problem with clever code. A great engineer knows what problems aren’t really problems and probably an XLS download link updated daily would have been fine.
I saw the bullet list further down the substack page and it's still not good enough for this level of requirements gathering. Those questions describe the scenario, but asking them would not have arrived at this simple solution. Checklist thinking is a crutch and just overcomplicates the problem. All the signals here were organizational and social, and not a matter of improving a process.
This should be obvious, but people who are not involved with implementation details can't answer questions about implementation details.
"Just make it like Excel" is a super low quality answer from someone who has a completely different set of objectives. The only way forward would have been to consult with someone closer to the actual users and counter-argue from there. What's missing here is the courage to recognize weak assumptions and deliberately avoid writing any code until enough details are pinned down to get to an agreement from all parties, not just say yes to the person "in charge".
The only contact we had with "actual users" was over WeChat because they were on the other side of the planet.
> What's missing here is the courage to recognize weak assumptions and deliberately avoid writing any code until enough details are pinned down to get to an agreement from all parties, not just say yes to the person "in charge".
Uber was pathologically bad in this sense. There was no time to get details pinned down. We had a product to ship in two weeks for non-technical stakeholders. If we didn't, the stated consequence was millions of dollars in losses to the business. Throwing up your hands until you get product clarity when you know you can solve the problem as-is is a great way to find yourself with a PIP.
I had a long conversation to convince someone not to go down that path in 2006, and I am sure someone’s going to do it in 2026.
Pausing to think: I wonder how someone else solved this exact problem is such a huge part of how you grow as a developer I wish schools would focus more on it.
And you can't really conclude they made a poor implementation choice on a report of completing it successfully (albeit too successfully even, too much of Excel implemented, and then fixed by removing that (how do you do that to your XLS download link?)) on time within a short deadline.
The takeaway is supposed to be 'don't get too attached to your code', which in some circumstances (not this one) might mean 'don't succumb to NIH syndrome, use an XLS download link', but that's not the whole.
"Cattle, not pets" may be a good way to run a business, but not your life.
If Uber wants a few thousand lines of JavaScript from over half a decade ago that didn't originate with them and that they used for less than a month, they can send me a letter.
You can't really do this. Depends on your employment contract but code you write for an employer is usually copyright to them
... My first reaction was to publish the code on Github ...
You can't really do that either.
This reminds me of some Hindu parable about people who let go of possessions and head out to become ascetics. So there is this wealthy man and wife and the wife is all upset because her brother keeps insinuating that he’s gonna go ascetic and cut loose. The husband tells her to stop her crying and don’t worry about it, he ain’t going to do it. The wife asks him: ‘but how can you be so sure?’ Because, the husband says, this is how you do it, and then and there he rips open his shirt, tells her “you’re my mother” and heads out to the woods.
Why would you wontonly open yourself to legal liability? You say “they’re free to come after you” but you really _really_ don’t want that. Ive seen that happen to friends and the stress almost killed them.
Example: "All Intellectual Property Rights with regard to Developed Materials will be exclusively vested in and owned by the Company." (with additional data protection and confidentiality clause protecting company property)
Why am I reminded of this meme?
https://amp.knowyourmeme.com/memes/what-are-you-gonna-do-sta...
Sure, they probably won't. But they might. And if they do, you'll lose immediately. Seems like a pretty high risk no reward scenario.
---
Edit:
Since I enjoyed OP's story, I thought I should clarify a bit.
I'm speaking broadly of how I remember (from the outside) Uber's fast-and-loose IP attitudes in the 2010s.
I don't think OP did anything of a similar sort. From comments here it sounds like they used some code they built in their free time that a previous employer didn't want.
At Uber it sounds like they asked and were permitted to post their no-longer-needed code to GitHub. It's got its own GH org and everything.
This whole chain is legally risky (I wouldn't do it and would strongly advise others not to do it).
I feel OPs actions are not Ethically Wrong, though. I wouldn't enjoy living in a world where OP gets sued for this, since it sounds like nobody at work wanted the work and it's not giving competitors an advantage. I won't claim the world isn't like that, though.
I really wish I could share OP's attitude and sense of ownership. I built something really cool (entirely in my free time) for a previous employer's hackathon. That code lives on some server they own now, possibly deleted. I deleted my copy after submitting it to the hackathon because I didn't want to risk anything. Company lawyers make just building things for fun feel so risky! It takes the soul out of our work.
I had a deadline and the only idea on the team for shipping a working product, and I shipped a working product on time.
Uber ran (runs?) their own data center. Getting a Windows machine/VM procured to actually run Excel would have taken an act of god. I was able to spin up a new front-end service in about thirty minutes. And I had some code that sort of kind of already worked, so I wasn't starting from scratch. Keep in mind that this system needed to be used by multiple people with different sets of data simultaneously.
> Are you really going to build and maintain a full blown Excel clone in JS? Is this really the objective of the frontend team?
If they'd have kept asking for more features and Excel parity, I suppose we would have considered it. But they didn't.
Certainly I don't expect many people would have chosen to do what I did. But the thing worked (and surprisingly well). If all you took away from the post is that it was a big complicated project, I'm afraid my writing has failed to convey the message it was attempting to convey.
I loved seeing the genuine joy our PMs had whenever they found an honest to goodness calc bug and could get it reproduced and fixed in The State Machine. It was also a delight to see the web app approach parity with the desktop client experience -- we got to listen to a wide swath of users and build out the stuff we thought would be most useful to the most folks. And I loved our group PM's insight about what the heck Excel could be good for versus purpose built BI tools, other web sheet apps, pure SQL, etc.
This is a very fun kind of product to create and it's awesome that you were able to ship it in a way people could use!
I've always enjoyed this article about building a spreadsheet in 100 lines of F#: https://tomasp.net/blog/2018/write-your-own-excel/ The expansion from that to the feature set needed here is manageable.
It was only a matter of time before users would’ve complained about features being missing/broken, especially since what they’re used to is Excel and this was meant to replace it.
At one of my former companies we had a small problem with whitelisting cloudflare IP's that don't typically change super duper often but definitely cannot be assumed to be static. My boss at that time decided the solution was this big initiative he called "whitelist maker" and assigned it to me. I don't remember what implementation details he wanted, but it was some insane rube-goldberg machine to basically pull down this list: https://www.cloudflare.com/ips-v4 and then put it into some terraform code.
I ended up quietly killing the project during a re-org and used the cloudflare provider, which conveniently provides the forementioned IPv4 list as a data source in 1 line of code. Done, 5 mins work. He had scheduled out an entire quarter and half of a team's resources for it.
*Seven year ago at Uber
How does this help you in the browser?
Basically what I've seen is new tech is designed and released here, owns the market for 10 or so years, by then one of these companies in question has started to get momentum I the Chinese market, then 15 or so years after they start to think about coming back to this market, and by then the IP protection has run out.
Yeah, sure, I'd guess that what China does is at least an order of magnitude worse, and sure, because they're less democratic, but also because they are much often behind - and let's not kid ourselves, in the situations the US feels it's behind, it's also using the widespread backdoors they have access to (Crypto AG, Cisco routers, Juniper Networks, Windows, Intel&Ryzen CPUs...)
The economic power of the USA was arguably built on it.
Then a step further from that, sure there are laws to prevent you from wholesale lifting corporate data and bringing them out as you leave, but as many laws it will be extremely difficult to detect and prove that happened in many low profile cases. That's why instead of just relying on the law you'll lock usb ports monitor network activity and get laptops returned when someone leaves.
It's kinda like preventing shop lifting, you know it will happen at some scale.
> US company / Chinese gov
How much leverage do you thing a Chinese company has to if a three letter US agency spies on them and pass the info to US companies ? And would you argue that scenario wouldn't happen if a specific Chinese company had a decisive advantage that could severly hurt US interests ?
Both for software products and manufacturing products, that's what is going on: exact copies of source code, assembly line configs, etc. Many folks write off selling to China for reasons like this. Initially that means underserving one big market for self-defense. Where it gets next-level painful and crazy is when cloners then take their derived works back to the international market to compete directly with the inventors. By then it has been tweaked, but the core is still the clone.
I think that's a very generous read of what I said the requirements for this product were.
With those expectations, sooner or later someone would have said "hey wait a minute, why isn't this like Excel? Excel knows how to do X, but this can't do X! I thought we talked about this, just make it like Excel!", repeat until you have a full blown Excel.
You had no good reason to tell us the origin of this other code, and could just as well have told us you threw it together a while back for shits and giggles. Or said nothing about it at all! But by writing out precisely why (in a very legally damning way) on your website, you’ve completely exposed yourself to litigation. You’re pointing the proverbial loaded gun at your face. And as far as consequences go, facing down a vindictive or irrational former employer in court is pretty close to that metaphor.
Also, two wrongs don’t make a right, and 1945 was 2-3 scientific revolutions ago
Perhaps that is an American cultural tradition that China is unlikely to respect.
When it can't possible serve that end (again, selling a set of utility methods that would take a dev a few hours to make from spec is impossible) people should discard it.
I work in accounting. You’re right, I trust the US more than India or China, but you’d be surprised at the liberties US companies make and how many individuals from India are auditing their work. Auditors (excluding partners and some senior managers) are just not equipped to deal with the technical accounting concepts and to challenge management. Remember, the company employs the auditors. You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
> You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
Only in the west would you get any push back at all. The auditor would feel some duty to bring up an issue even if it reflected poorly on the company and even their own managers.
I agree they likely wouldn't push an issue beyond its welcome, but this particular value is unheard of in many parts of the world.
By this token "other places" companies would also want to pay a premium to hire US workers outside of sheer competency. Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
> accounting scandals
Whait, what ? You're telling me that while the crypto bubble is bursting and they're going to prison for egregious fraud ?
Also, scandals being few in number would probably be a sign of overcorruption and systematic rot or the controlling structure. I'm not sure that's what we want.
Culture matters a lot. Korea is a high context society, and relationship building is extremely important. Its very difficult to migrate functions to other locations when the way to get things done is through building trust and relationships over long periods of time. That said, Samsung does have significant offices all over the world.
It's not a competency it's a network effect.
> Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
Samsung probably has great trust developed among its senior management.
Perhaps your will object: "But the publishers/Disney/etc are evil, greedy entities and I don't owe them anything." But I'm sure anyone who's stolen corporate secret elsewhere can come up with a similar justification in their head! After all, that may well be why they left the company in the first place.
Indeed. That library is often written off-the-clock by person X and imported on-the-clock by person Y.
Sometimes X === Y.
Commit it to a repo somewhere.
I have a 4 years 1 day old repo for code that was used in a job 4 years ago.
But I made sure to have a written agreement saying that the code I was bringing in was, within reasonable limits, still mine.
Clearly this doesn't include code that was produced during the job.
What big tech company makes it easy for you to take code written and deployed there while you were employed, and just open-source it?
I know there are big tech firms that own everything you do outside of work, but have a fairly easy process to allow you to release that as open-source.
But this is different, this is about code written for and deployed by the company itself, that isn't part of any corporate open-source strategy.
Seems like a risky strategy...
A PM here would have saved the company what, $5m per year?
Ha
Ha ha
Hahahahaha
For instance it’s hard to believe China bootstrapped BYD and GWM among others from green fields. They’ve been exfiltrating and transferring automotive technology for decades. Their products are often near duplicates of other brands - such as the fiat case:
https://www.carsguide.com.au/car-news/spot-the-difference-ca...
These aren’t cheap knock offs, they have a relatively high quality and with stolen R&D it’s easy to produce at a low cost - the cost can’t be explained by labor alone, as automakers outside China have access to similarly low cost labor.
Note, I don’t think China is incapable of making their own R&D at the same quality as anywhere else; they can. But they don’t when they don’t have to.
The next few decades will see a huge realignment as the decades of theft and forced transfer will begin to seriously pay off.
https://en.wikipedia.org/wiki/Industrial_espionage#France_an...
Actually, the above quote is not Trump and not on China. It's Ronald Raegan on Japan in 1985.
When a new economic threat rises, the US will use the same playbook- demonizing in media, accusations, turn the public against said country, ban products, increase tariffs from said country, turn to allies, etc.
I’m down with China as a competitor, but we have a strong division between state and industry and China does not. I don’t think a unipolar world is a good idea, and I’m glad for a resurgent China. But it’s absurd to put on blinders and believe forced technology transfer and industrial espionage isn’t a cornerstone of their success.
https://www.investopedia.com/forced-technology-transfer-ftt-...
https://www.csis.org/programs/strategic-technologies-program...
At several megacorps seeking access to Chinese markets we were forced to transfer crucial trade secrets in exchange for access. We did our best to render it as useless as possible, but it was still very key stuff. Over two decades the Chinese government erected barrier after barrier even after complying to the point that the market access failed and competitors based on our technology dominated the domestic Chinese economy.
I see your parallel comments where you vigorously decry these statements as some sort of nationalism and anti Chinese sentiment. This isn’t that - this is simple historical fact, and I have had first hand experience with it and know the game being played from personal experience. I assumed this was all common knowledge given how much press it’s gotten over the last twenty years, which makes me wonder why you’re grinding this contrarian axe so hard?
Edit: I would note that this is fundamentally different from counterfeiting. This is capturing R&D directly at the top end of technology and processes through extortion and outright theft. I don’t actually blame China or Chinese people, it’s just a cultural difference in what’s acceptable and a belief that the state and industry are separate, which China doesn’t agree with. But the lesson to be learned is China doesn’t play by our rules, and we need to adapt to the situation better.
Good, I was surprised at the claim that trump would say something so balanced.
What's "demonizing" about this? It doesn't even mention a specific country.
"accusations" are not a problem if they're true...
Didnt Huawei steal from Nortel?
There is ongoing maintenance cost that no one considers. I've never seen a project that gets built and just sails off for eternity with no maintenance or bugs. There will be times when the libraries or frameworks that built the underlying tool need upgrading. The requirements of the job might change even slightly and need a change in the code because custom tools are always built to only solve the narrow problem.
There is also the overhead of the fact that this junior developer will inevitably leave in 6 months and now someone who has never seen this project before has to pick it up to fix it, which means it will take even longer.
Plus that ignores the fact that if a developer tells you it will take 40 hours it will actually take 80-120 hours.
When you buy, the tools you buy are designed to be integrated with. They have support teams that will help you, and ongoing maintenance. Plus the tool is going to be more robust because it was built and used by many different companies with slightly different requirements. Plus someone else's developers will keep it up to date for you so you don't have to.
Internal tools are almost never worth it unless a pre-existing tool literally doesn't exist which happens when you are either solving insanely complex problems or insanely niche problems.
This makes me question if you're speaking theoretical, or actually have any practical experience.
I've been part of about a dozen "buy it" projects now, and so rarely they've been "designed to be integrated with. A lot of the time it's deeply legacy systems that have a half-hearted api slapped on top to check that box, but once you start using it you notice that everything you want to do somehow requires contacting the vendor first.
Which dovetails into an issue that, although vendors will give you the impression that their system is well tested and widely deployed, it all too often ends up being a lie. We've had quite a few instances where vendors have sold us what turned out to be something they were still building.
Until they change on a whim and force you to spend hours rebuilding your integration for negligible benefits. And then there’s the good old “change our vendors every five minutes because the last one wasn’t quite right”
Good engineering is building the stuff that adds commercial value to the business and buying the stuff that only adds support to the stuff that adds commercial value.
In this instance, monitoring falls into the latter category. It’s not a business differentiator.
Open tools also tend to have a longer life, because a community survives even as members come and go, but one boss decides that a product isn't sufficiently profitable or the company gets bought out by a competitor and now it's discontinued and you have to start over.
I've felt this way before, but I didn't realize that I haven't factored in the risks of actually building it. I was comparing real world integration effort with an estimate, influenced by my experience of integrating with a working product.
Common sense applies, but in general I'm terrible at giving estimates unless I've done something very similar before.
Did I just fall for a chat gpt generated nonsense fable?
What is going on here!
As for the mother part, in many Hindu traditions monks and voluntary celibates are encouraged to see all women the same as their mothers, to remove temptation. Now he's an ascetic ergo his ex-wife is like a mother to him.
The cryptic yet amusing tone is much like a Zen koan, not a Hindu parable.
It feels like there should be more to the lesson learned than, "people who have decided will act, people who haven't only talk," but I am not quite grasping it. Maybe the other part is, "and worrying about things you cannot change harms yourself," or something?
I could even imagine approving of a policy for the open sourcing / licensing of code, where any code that's used or previously used by the company in any way needs to go through an approvals process if anyone wants to open source it, while anything created but never used has a much simpler barrier such as manager agreeing in writing that it's unneeded code and therefore eligible for instant open sourcing under a specific license and specific terms of release.
> "But this is different, this is about code written for and deployed by the company itself"
Written for, yes, but seemingly never deployed (except to the extent that it could be demo'd and rejected). From the article:
> [After looking at a product owned by an unrelated team in the company, he single-handedly decided to make what he thought would be a good add-on or sibling to it] "I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day."
It's not impossible "nothing came of it" is a shortened version of "they said it seemed like an awesome tool but too far from the original scope to want to take on and commit to maintaining, and as they said there was no chance that decision would change my manager agreed to sign off on my releasing it under MIT license as is allowed for un-used code."
Fast forward a few years and I'm now at Stanford and then later UCSF. I email the tech transfer office about some code I'm planning on publishing, expecting a similar back and forth. It took all of two minutes to get back an email:
Are you planning on making money with this code? If so, let us know. If not, any open source license is fine with us.
It was a quite refreshing change to deal with institutions that knew what they were doing w.r.t. IP.
in other words: ownership of immaterial goods is mostly a scam
I'm not sure it would - although it disadvantages the companies compared to the current situation, it's not like they would choose to stop hiring devs to work for them - and that's just a legalisation of the currently unethical behaviour that you think is definitely a worse situation to have?
It's interesting to think about, at least!
Thanks anyway.
This would also especially favor large mega corporations as long as they are efficient enough (due to obvious reasons).
This is, of course, false.
Software written off the clock that does not compete with the employer is not only not the property of the employer, but any contract attempting to gain such ownership is unenforceable.
Many businesses even actively encourage their developers to contribute to open source projects.
Which likely means your "free time" code you decided to do to make your job easier now belongs to your employer since they asked you to write it (albeit indirectly in this situation).
Will anything come of it for trivial stuff? Probably not, but that doesn't mean it's ok.
Unless you have something in writing saying otherwise, best not to mix stuff like this because one day you might wind up on the wrong side of an army of lawyers.
Especially when you have problem A at work, then some time later write "generic code" that solves problem A, then some time later "import" the code to your dayjob to solve problem A. And double so if nobody else ever uses this generic code and you never use it for anything else.
As an industry we talk a lot about flexibility, particularly in scheduling and when we do our work, but you can't have it both ways. You can't be doing laundry and mowing the lawn and going grocery shopping in the middle of the work day because it helps you think or it helps your programming process, but then make the argument that because you wrote this code at 6 PM on a Sunday it's yours and not your employers, when you committed it to your employer's git repo Monday morning. Not with a straight face, at least.
I want to be clear, I'm all about getting shit done during the day. If I need to get a haircut at 2:30 PM, I will. But I'm also not pretending that my employer's code is mine or that I have any right to publish it.
I highly doubt that this is true, at least in the US. Can you cite case law?
You can write a contract granting ownership of all the songs a musician performs, or all the books a writer writes during a specified time period. Why shouldn't the same be true of programmers and code?
This is an even stronger case than anything being discussed in this thread. Oracle claimed to own code written by their own employees on their clock and still lost this case. Google won their claim of fair use.
That's exactly and explicitly what an MIT licensed open source project would fall under: fair use by the employer and nobody owns it despite the original author also happening to work for said employer. Authorship is distinct from ownership. As well, there's the notion of role vs identity. You can act under the role of an employee to fork a public repo for your employer's purposes, yet act under the role of the upstream author to have published something more generic in the past without knowledge of your employer's future use case. Your identity is irrelevant. The only thing that really matters is that the public repo does not contain code proprietary to any business. It's on the employer claiming the code is proprietary to prove it. Examples from the article would be those data science functions, the UI they wanted, etc.
Do people not realize why these licenses exist in the first place? What do you all think they were doing over there at MIT to draft up such a license?
By all means try stuff out with some hobby project but don't be an idiot and tell your employer you've reused 'their' code (or at least, code in their codebase) for other clients. Either get an agreement up front or keep it secret.
A contract that grants your employer copyright to code you wrote and used in their codebase is easily enforceable. An exception would be code you wrote before the contract, but in that case using the code without some kind of agreement up front is still dangerous.
If that code touched their work laptop (which it did since he showed it), it's now company property.
That code most likely belongs to Uber legally, but they probably don't care that much.
Which is, you know, hard to argue against if you wrote the code during your employment and copied it into the code base you were hired to work on.
The next day you download it onto your work laptop and use it to solve problem X. I don't think there's any reasonable interpretation where your company now owns it.
This is engineers deliberately taking tech to somewhere where they know IP laws won't be enforced.
It's not like I'm saying they can learn calculus here and then go to China and use calculus to design things.
It's that I'm saying they design a very specific thing, a very specific way, for hire, then go make that exact specific thing, that same specific way.
If it were in any other country but China, it wouldn't be allowed to happen.
Unless there is something explicitly stated in your contract banning you from taking the "know-how" in your brains and use it elsewhere (so long as you don't breach any patent) then it sounds there is nothing technically wrong.
I think it's a cultural thing as well, some sort of hustle culture, as the Chinese citizens that moved to NZ when I grew up loved to flout rules & laws around things like the property markets etc - one big problem was Chinese nationals buying up as much NZ baby formula & milk poweder as they could get, hiking the price & selling/sending it to China, so much that NZ experienced shortages for Kiwi mothers trying to feed their babies, so much so that supermarkets had to instate a X per person policy. When I worked in one during 1st year uni I would get literally screamed at in Mandarin by angry and aggressive Chinese nationals with trolleys full of baby formula.
And keep in mind that all of that started only because of the big scare where Chinese baby formula was found to have melamine in it (https://en.wikipedia.org/wiki/2008_Chinese_milk_scandal) killing 6 babies, affecting hundreds of thousands. All because Sanlu's execs wanted more $$$ so they cut their product.
I really doubt this unless all the inputs are commoditised. Industrial espionage usually fails because if you don’t have the know how to make the tools that make the tools it’s difficult to impossible to literally copy it. Not saying what you’re saying doesn’t happen, it does, all the time. But usually the engineering is substantially different if only because different things are cheap or expensive, or just unavailable.
> If it were in any other country but China, it wouldn't be allowed to happen.
Historically, the US, Japan, Korea, Taiwan all did it. No doubt Vietnam does it now too. Not like they have an excellent civil legal system. Joys of working in developing countries.
Smart and knowledgable people in a certain field, but who are slightly stuck, can be helped by a few tiny details. If someone can provide a specific manual or piece of documentation, or just a photo copy or image of some key detail then those smart and knowledgable people can pass the hurdle and continue.
IIRC the USA did plenty of that.
But I've never built the exact same castle, with the exact same Floorplan, with the exact same plans. That's what I'm highlighting that I've seen several times.
A cool aside, I love this song by Watsky called "cardboard castles". Having done this for 20 years (build "cardboard castles") I identify with it.
I worked at a large tech co with an assembly line in China and experienced this first hand. A routine scan of one of our calibration machines turned up a Trojan with a copy of all calibration software squirreled away. Fortunately nothing is network connected there, but it was obvious someone was planning to come back for it. The stash had our calibration software and the factory’s proprietary control software on it. Both companies sent security to watch the machine for 48 hours straight until a hard drive shredder could be procured to mutually assure each party no software would leak. It was nuts, but apparently common.
Just Google "Chinese protectionist" and then any industry. The Chinese government has been actively targeting everything from CNC machine tools to medical devices and semiconductors for decades. Some industries with more success than others. Anything they import, especially industrial equipment like textile looms, cnc machines, semiconductor equipment, etc. There are big, long term, well funded pushes to manufacture indigenous versions of just about everything. Airplanes, jet engines, computer chips, industrial equipment, on and on
A IP is not a 'natural' concept, most cultures do not have it. Better question might be how did IP become a cultural thing in the West?
the deal is: you can use our cheap labor force, but we can use your ideas
It's not long till the capital class claims ownership of your brain too. /s
If you remove uniforms from a soccer match, you can celebrate each individual player's goal. But the team that forgets they are (or should be) playing a team game will be obliterated.
(I'm not sure if it would be better or worse myself, I suspect it might not make much of a difference when everything balances out.)
There are two questions here:
1) Can the employee use the code at work?
2) Who owns the code?
In Oracle v. Google, not even actual ownership impeded fair use. Nobody really owns the code on a public repo, so there's your answer to #1. The employee can use the code they authored and published to the world without any issues.
Now for question 2...
> what we’re talking about
What you're talking about.
You're correct that Oracle v. Google does not give any clear answers on ownership. For that you have to rely on the license applied to the project. It's simple. If you publish a project under a permissive license and your project does not contain anything proprietary, nobody owns it. Employment contracts don't have anything to do with this situation.
But, what does it really mean to "own" code? What is owned? The concept or the literal sequence of chars? It seems to be the latter which Google showed is trivially sidestepped by rewriting the code behind an API. Thus ownership is pointless in software unless it's closed source and proprietary, which is the opposite of a fun little Excel clone, amateur video game, etc.
The only thing enforceable about an employment contract is the clause about terminating an employee for working on side projects on the company time and/or with company property such that it takes away from productivity towards their work. I don't think anyone is talking about that or would even think of doing that though.
Some contracts stipulate that anything you write while employed is owned by your employer. (I'm settled in that this is unethical, but it's reasonable to comply.)
But let's suppose there's no such stipulation.
You get an idea while at work. Everyone gets ideas. You take your brain home with you (I hope) and start developing that idea. You think it's generally useful and doesn't depend on any or reveal anything about a trade secret or other proprietary work, nor reveal anything about them.
Is it your choice to contribute that idea to your employer or to use it in an open source or some other unassociated project? Why or why not?
Is it OK if you never use it for any of your employer's projects?
If not, then is it OK to wait until after your employment to develop that idea on your own or for your next employer or even turn it into your really awesome startup that definitely won't fail? (I think all of you are willing to do the first, and most of you the second.) Why does that change the ethical quandary, or why doesn't it?
Alright, so your employer specifically asked for this solution and you wrote one on the clock but it was minimal, maybe you didn't have enough time to make a more elaborated one, and you write a better one and did one of the above with it. Is that OK?
I don't think this question is all that cut and dried.
That is different than solving common business problems at home, then when asked to solve them at work just copy/pasting those solutions and assuming you retain rights. Contributing that to your employer under that situation is no different than just working on salary - and you have not given the employer the option of rejecting those contributions.
But anyway, I focused mostly on ethics. The specific situation you describe is ethically dubious, I agree, but I'm interested in where the line is and it's just not as clear as some are suggesting.
Copyright law is its own can of worms and is not the same as what's ethical. But, it does govern risk and practicality.
It's hard for me to imagine how you could lose rights via copy pasting the code. Making a new release with a new license doesn't invalidate the rights you already had.
Publishing code sounds like a way to prove it already existed, and nothing more.
I think there's nothing wrong if you have a brilliant idea that happens to be useful to your employer to make some agreement that you work on it in your own time and grant the employer the use of the code. But you can't just do this unilaterally, and if you do don't expect the employer to take your side.
Just as you should have the right to decide what copyright to sell and what not the employer should have the right to assume they own the copyright to the code they paid for, unless stipulated otherwise.
I have. I got an extra $130k out of it.
It's a work of art. Even this comment is a violation of the agreement, since I don't own the copyright to anything I do apparently, either in or out of the scope of my employment, so therefore I can't give Y Combinator a license to display this comment.
I even talked to the company's legal team about the absurdity of the agreement & they were unwilling to budge.
The relevant portion of the agreement, for your reading amusement: https://pastebin.com/ZF9MEkfG
Whether these are enforceable or not doesn't matter because a lone developer is not going to go up against an army of corporate lawyers to find out.
I would argue those are exceptional cases. Outside of these prestige brands, you get a lot more leeway.
Completely false. Most people sign job contracts without thinking too hard. And side projects just aren’t important for the majority of programmers, so why would they care?
If I take that code and make a billion dollar business out of it, Box or Uber could then claim a share of it. That's the kind of things that companies do with the lawyers on retainer.
I then sue you for falsely claiming that you own it. You are particularly fucked because, thanks to this thread, you can't claim that you didn't know.
Even in California the "I wrote it on my own time" doesn't apply to software that relates to an employer's core business. In other places, like Washington State, you could be employed to write TPS reports and write a video game at home, and your employer would own that too.
IANAL but I have paid for advice on this very topic. I suggest you pay one too.
In other words, you can write generally useful components and utilities on your own time, network, and equipment; license them to your employer if everyone agrees; and either way you still own them. You just can’t write something directly related to or competitive with the products or processes that make your employer money.
The spreadsheet formulae and enhancements the author wrote during work hours at Uber, though, no. But even just their direct boss as an agent of their employer saying it’s ok to throw it on GitHub would probably cut them loose, especially since it’d be a derivative work with joint ownership.
All IMO of course, but that’s how I would have seen it in their shoes.
I’m nearly 100% certain we can look back at this comment in 20 years and find that absolutely nothing happened.
How did we get to this point as an industry and how do we change this destopia?
enjoyed the article, the bit about Excel circular ref linear regression was wild
Thanks for sharing a cool story.
I would have a hard time sleeping... like this would be like being in IT and knowing the backups were bullshit.
The later derivative that was actively used by and updated for the requirements of another employer during the coarse of work seems to more clearly their property as a derivative (but also murky because it is potentially an illegal derivative of the earlier work, if that was owned by the earlier employer.)
But even if you are unconvinced of that, work was clearly done on it on company time at Uber, where it was deployed as part of Uber China's business infrastructure. That work is absolutely owned by Uber (with maybe also some claim by Box). Not owned by OP.
It's funny there's this idea that a company _might_ be potentially injured over code they do not want or know they had being made open source by its actual author, even though many of those companies will gladly use open-source tooling without ever contributing anything back.
Perhaps more soundly, though, in California – where Uber is headquartered – IP/Copyright for code is a huge legal question that the state and federal Supreme Court has no clear answer to. Sure, you obviously can't secretly clone Uber's entire stack, slap a new company logo on it, and start up as a competitor. But if you, as an author, wrote some code for a company under an IP agreement, then no-longer worked at said company, and then later adapted and expanded upon that code (or even started over, with the knowledge of what you learned from others' work): are you, at the originator, not legally allowed to be inspired by your past work? That's not something you, me, or even the company could decide.
That said, I think OP is morally in the right here, and I wish I had the guts to do similar things.
Sharing code is a good thing. Helping one company innovate using code that another company chose to ignore is also a good thing.
You're making a huge assumption that this is what happened.
We are like ants to them, they can squash us at any time, but most of the time we are too small to worry about.
Misses the point, which is: the likelihood of being sued increases when you break contracts or appear to do so
> and then later adapted and expanded upon that code (or even started over, with the knowledge of what you learned from others' work)
These are extremely different scenarios. Starting with a copyrighted material and modifying it is not at all the same as reading material and starting over. The first is violating copyright, the second is a derivative work.
If I read everything correctly, what you describe doing is taking code owned by the first company and modifying it for the second company. That’s not at all a gray area. It’s a copyright violation. You the engineer sign away your rights to the code when you built it for company 1 while employed by them. Their employment contract for-sure states they own any work produced by you during your employment, and you agreed to this.
If the first project was done off of company time, posted publicly on a private account, you might have a claim to the rights.
I know you’ve dug your trench too deeply to change your mind at this point, but anyone reading your comments should know what you did was technically illegal and can get people in legal hot water.
> Their employment contract for-sure states they own any work produced by you during your employment, and you agreed to this.
There are many open legal questions as to where this line is drawn. Surely the line falls somewhere between "every character I've ever typed on a keyboard" and "the verbatim code". I personally don't think he's crossed it. IP ownership is much more complex than portrayed in HBO's Silicon Valley. That is my opinion.
Furthermore, when I worked at GitHub (now acquired by Microsoft, so I'm sure things have changed drastically) -- there were very lax IP ownership agreements in the employment contracts around code ownership, because the legal department was worried that if found in any way conflicting with California law it would render the entire IP claims null and void (which does have precedent in California).
The point is we don't know, and I think OP would know better than us if it was disallowed or not.
Edit: Updated “can actually own code” to “can’t actually own code”
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
emphasis mine
I'm sure you are right but I feel this is actually beneficial.
The interests that have captured China are likely different from the ones in the US, and much different from the inferior oligarchs that have captured my home country (Canada). I see their national interests having an unintended consequence; the creation of markets of scale for products that are not politically viable here.
We all know the stories of oil companies buying the rights to battery technologies and sitting on them. There is even a Wikipedia article about it [1] that I'll link to below. China is never going to have enough oil to export, and as such, Oil will always be a cost center for them.
Copyright maximalism and intellectual "property" is strangling all of us, and I don't want it to put us in an early grave as a race. I'm grateful that China is "stealing" this "property" and turning it into batteries, solar panels and other products that I can buy, and that it iterates on them rapidly - rather than being put in a box.
[1] https://en.wikipedia.org/wiki/Patent_encumbrance_of_large_au...
ChatGPT is the most recent example.
"Study hard and keep the rewards" is basically a dead concept.
The separation between state and corporation is a red herring. It's trivially easy for Bill Gates to reveal secrets to Bill Clinton behind closed doors.
Corporations are absolutely abmysal at keeping secrets. They are open-by-default and cannot legally stay in business with the level of security required to keep knowledge from leaking.
Why is this even a conversation....
Lmao
Poster: But the US does it too and has done it for far longer and more often.
Average HN reply: Omg, whataboutism.
I’d also note while we are on the topic of anti-China, and you’ve lobbed anti Chinese out there - I’ll wager almost (almost!) everyone here, myself especially, isn’t anti anything about China or Chinese people. But that doesn’t mean we are pro the communist party’s policies - and frankly so are very few Chinese. The fact that forced tech transfer and industrial espionage is embarrassing to the Chinese government and sullies all success is no one’s fault but the Chinese governments, and that’s where it begins and ends.
I’m no defender of the US government either, but that’s not even the topic here. I’ll be happy to engage on that topic in the relevant threads. That’s, after all, fair.
That’s the exact argument you will use to convince yourself of any of China’s successes stories. They can’t possibly innovate because they’re Chinese and not western. Therefore, they must have stolen the tech. This is how Raegan convinced the public in 1980s.
China has enormous success stories that don’t depend on pilfering or extorting, and a rich history for thousands of years. In fact I think the Chinese governments behavior in this respect is below the divinity of Chinese people and Chinese culture. This plays out in the recent domestic behavior of the Chinese government towards its own people. I even said I welcome a multipolar world with a resurgent china.
But if you think forced technology transfer and industrial espionage by the Chinese state to benefit the Chinese states industrial interests - which have become pervasive in China under Xi with most major Chinese ventures being forced to take state funding and control - you are deluded, or are trying to delude. I say this with all the force of someone who has experienced the fact of what’s happening directly - you can throw racism or nationalism around all you want, but there’s a cold reality that exists independent of such concepts and I - and many others in technology - have experienced it first hand. It’s calculating, cold, and very much real - and race and nationalism have very little to do with it. It’s political and it’s absolutely real.
Btw, you can’t sit in a BYD and not see the technology transfers and the espionage spoils. China could be successful on its own merit, but not with the Chinese communist party controlling industry and civil society. I just hope some day Chinese people will be free to be that competitor on equal footing with the world. What happens in China today is a disgrace to Chinese everywhere, who are some of the most brilliant and hard working people out there. Until that day I welcome them to work with me here, and we can make great things together.
You cannot watch older Japanese animations and not see the heavy inspiration from Disney, but the style used in their shows today is far evolved. You equally cannot sit in a Toyota and not see the western influence. Travelling to America was literally part of their game plan to improve their own technology though at first it was for investigating automatic looms [1]. I would be surprised if Toyota did not reverse engineer a western vehicle. Today however, I imagine you need no convincing that Toyota is simply the superior product compared to its western counterparts and can stand on its own two feet.
Your counter argument might be that it's different with China because the government is assisting in this. To that, I would point out the Meiji Restoration in Japan. Similarly, their government encouraged young scholars to learn abroad in order to pull Japan forwards technologically. Not only that, the government hired foreigners known as "O-yatoi Gaikokujin" and " the main goal in hiring the O-yatois was to obtain transfers of technology and advice on systems and cultural ways." [2].
That last one sounds a lot like a government-funded technology transfer to me. It's definitely not happening today in Japan, but at one point the government deemed it necessary.
I agree on the point about BYD. We would definitely see the result of a technology transfer in a BYD car. But how much of that can just be attributed to hiring talent from foreign companies? There are articles about Japanese engineers being headhunted by Chinese automakers [3]. This is common in developing countries. A lot of top positions/ executives are senior engineers coming in from abroad getting a significant title bump and pay increase (the pay increase is even greater if you consider the cost of living in the host country).
If you consider headhunting talent to not be competing on equal footing with the world, then that's a completely separate discussion. But I wish to provide more peace of mind for you that this problem is indeed transitory. To do that, I will direct your attention towards the rhetoric used against minorities.
People say that minorities are criminals, but we know that's not true. It's poor people who are desperate enough to perform those acts who will turn to crime. Minorities get over-represented due to society being biased against them causing them to be in more dire financial situations. Nobody takes pride in being a criminal. The moment they are financially stable, they stop - 2nd generation immigrants have extremely low rates of criminal activity.
Similarly, China is still a poor country. We might not think of it because we think of Shanghai and Shenzhen, but their GPD per capita is lower than Russia's, and their HDI is lower than Ukraine's. As China develops, they will find more effective ways to compete that don't tarnish their image, just like other countries have done on their path of development.
My goal is not to debunk you. There are definitely some instances of shady IP dealings in China, but there are some instances that are clean as you have also pointed out. What I do want to get across though is that these are the growing pains of a developing country that successful countries also went through in the past.
People probably had this conversation about Japan when Japan was developing. They do not have them today. So too will we no longer have these conversations about China in the future.
[1] https://www.toyota-global.com/company/history_of_toyota/75ye... [2] https://en.wikipedia.org/wiki/Foreign_government_advisors_in... [3] https://asia.nikkei.com/Business/Automobiles/Japanese-engine...
According to who? Sovereign states have their own laws, that's what makes them sovereign.
You claim that companies wouldn't have done business in China (in the times before our current Second Cold War) had they known about the lack of IP law enforcement there. I think companies who outsourced to China knew very well what was going on, and calculated that they'd still come out ahead.
> Sovereign states have their own laws, that's what makes them sovereign.
You're making a grossly misinformed claim here. Sovereign countries also participate outside their borders and are subject to the international agreements they participate in.
[1] https://en.m.wikipedia.org/wiki/Allegations_of_intellectual_...
It might nit be in the contract, but they definitely know whats going on, and they still take the deal
I mean if that's the case the so be it, but they should expect protectionism in response - US already bans export of certain technologies to China, if we embrace the differences in views on IP theft, how are Western countries meant to protect the IP they invested money in nowadays?
Or do we just give it away for free? Who pays to develop this free IP then?
But let's not forget the greater context here.
We are talking about a communist country with very top down, state architected enterprises and actions with the USA, which is certainly not those things.
The US isn't perfect, by any means, I'm not trying to say that. Context, that's what I'm trying to have us remember here.
Just because it was once legal when the world was far different doesn't justify actions today.
Fine. Don’t fight, I agree, that would be an unfair fight and a waste of time/money.
The US court system requires a “good faith” effort to settle the issue before it enters the legal system. A cease and desist for example— whatever it is, you’d have plenty of time to simply decide it’s not worth it and remove the code once they take notice.
As it is, this is all no harm, no foul.
1. I copied this to disk, and I've iterated on it. Derivative work. Company owns it.
2. I created a new original work from scratch, based on my experiencing doing it once or twice before. Independent work. Author owns it.
IANAL; ut's not quite that simple, but it's in the right general direction. If you need specific advice, talk to an actual lawyer tho.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
The employment agreement can give up this right for things not related to the company's core business, and I usually insist on that in my agreements. But that is not the default behavior.
It's hypocritical. Don't demonize China unless you're willing to demonize yourself.
Hell, don't demonize China unless you read their point of view too. I'm sure you're only getting one POV.
Er, no. Far more ink is spilled on the US being bad, or Western countries in general being bad, by people in the West. What you're saying is not true for HN, nor for the West in general.
We're not demonizing Chinese people, Chinese culture, Chinese land or Chinese industry, but the forceful alignment of those things to serve a single entity over any other concern.
The West, no matter how bad it can be, doesn't have _that_ problem. Elites come and go, grassroots revolutions have happened and will keep happening without major bloodshed.
Sure, but the hypocrisy is also in how things get reported. See for example:
https://www.reuters.com/investigates/special-report/us-china...
Which says:
> through incentives and pressure on consortium members.
No doubt this would be "bribes and threats" if it were done by a geopolitical opponent.
Second, posts critical of the US tend to get many less votes or flagged quickly, with people calling it whataboutism in posts about China or Russia. That leaves no space to properly discuss those things.
Finally, it’s good to have things in a realist context. It’s idealist thinking if we get upset when a geopolitical enemy does something which is commonplace in out own country and that if allies.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
The lack of him saying he went to the effort of having Box or Uber license their code MIT suggests it.
That was the intent, but not what actually happened.
Is intent to donate code enough to put it within your employment contract, when it's done outside work hours and would otherwise be outside the scope of employment?
The intent is a fact of what actually happened: which appears to be that it was written by an employee within the scope of employment to solve a business problem. Possibly outside of usual working hours, but if it’s by a salaried employee where doing work at home outside of usual working hours is itself a normal if not consistent part of employment, is probably not particularly significant.
That the employer later chose not to make use of it doesn’t change the circumstances of its creation; businesses often choose to not pursue use of exploratory work done by employees in the course of employment, that doesn’t surrender ownership of the work product.
And the version that was further developed within and in response to Uber business needs and actively used at Uber before the function for which it was used was terminated is an even clearer case (insofar as it is a distinct work from the original) of work-product (that it quite likely is also an unlicensed derivative work by Uber of proprietary Box code doesn’t mitigate that, though it puts Uber in the position of potentially being both a beneficiary and victim of IP violations.)
From a practical perspective, even if you think they don't own it, do you have the money to argue that in court if they decide that they do?
IANAL. If you are having issues like this, get legal advice from a lawyer. Not HN.
Schrodinger's executive - when things go well, it's because they meticulously planned every detail. When things go wrong, suddenly they know less about their business than my grandma does.
What is the cause of this habit of making up excuses for people that get massive compensation but never take any responsibility?
You are coming up with excuses like "well they couldn't possibly be aware of information that was widely avaliable in mass media since 2010 at least.
Would you accept this sort of excuse if someone was in charge of safekeeping your child and they took your kid for a walk through an area known for violence and murder?
My original comment that started this whole thread is similar. I'm not trying to communicate any kind of opinion on it. It's just an observation of things I've personally seen happen in the world. Others are putting their own opinions on if it's right or wrong. I'm not trying to say any of that, just share my honest observations on the world.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
I am also nearly 100% certain we can look back at this comment in 20 years and find nothing happened, but only because nobody will take this code and make a billion dollar business. If they did, I guarantee there would be a law suit.
That’s just factually false. You specifically wrote:
> Even in California the "I wrote it on my own time" doesn't apply to software that relates to an employer's ***core*** business.
You can’t complain about people being “wishful” or in “denial” when they are quoting you.
Maybe California law is silent in the topic, but Aeolus wasn’t the person who introduced that specific phrase.
Getting a judgement against an individual is vanishingly unlikely to result in any profits.
https://unicourt.com/case/pc-db5-better-holdco-inc-et-al-v-d...
Relatedness is relative but I'd argue against it here. They didn't have functionality like that, and they didn't want it.
> The fact that he "intended to donate it" demonstrates that it was related to the company's business.
...yes, that's my point. We're using that intent to make the decision that it's covered. That doesn't seem like a good way to decide whether it's covered.
If he just made a web spreadsheet and did nothing else, people would shrug.
Work for hire should always be very clear.
An imagined business problem.
If the code wasn't relevant to their actual business practices, that's quite relevant. They not only didn't want that code, they didn't want anything like it.
As for the modifications for Uber, that's not what I'm here to contest.
There are a massive number of examples of patent and copyright litigation stemming from work done for one employer, who rejected it, then the employee goes off and founds their own company and gets successfully sued.
Fairchild was unique in that they had claim to the IP that their employees wanted to use in new startups, yet they decided not to follow through and allowed the employees to start their own companies. They could’ve prosecuted but didn’t, and as a result we got Silicon Valley and the culture that surrounds it.
But it’s no guarantee that that your employer won’t pursue a copyright claim they are perfectly within their rights to do. Don’t assume your employer is Fairchild.
The range of circumstances in which it is morally acceptable are MUCH broader.
All that to say that in some circumstances taking source code is considered theft.
(Also, if it was theft this particular example would be theft in the same way that taking a book from someone's recycling bin would be theft: no one is worse off)
2. Suppose the OP neither took the file nor memorized the code, but had photographic memory and replayed the exact visual scenes during their creation of the utility functions and copied down the code from what they saw in their mind's eye. Would that be theft?
3. Suppose the OP was solving a seemingly novel problem and suddenly remembered how they solved the exact same problem when they were employed by company X. Are they obligated to banish this solution from their mind?
It is copyright infringement, yes. That's why clean room implementations are done by someone who hasn't seen the original source code,
https://en.m.wikipedia.org/wiki/Clean_room_design
For the other examples, it depends but I'm pretty sure a copyright infringement case for either of them wouldn't be immediately thrown out. IANAL but I do know that law is quite fuzzy.
Here is a better example; you trust the bank with your money, bank gets robbed. The criminals are gonna be criminals. But why is the bank vault made of cardboard, and why is the password ‘1234’? Imagine the same bank keeps getting robbed for 10 years, and they make no attempt to fix things.
Should the management still get their bonus? Should they be help to account? At some point you have to start asking if the bank management is in on the crime.