Strategies for learning and coding when I'm not allowed to contaminate open source?
I work for a company where the rule is basically (as far as I understand) that you cannot use any code unless (a) you write the code yourself, or (b) there is an explicit indemnity clause protecting your use of any or other code (for example, open source). I find this makes my encoding difficult.
For example, the coding examples in the books are largely used "as is". The Microsoft SDK Code Samples are used as is. Coding blogs use "as-is". There are several sample code sites (including SO) that are used at your own risk. No warranties are implied or implied in lawsuits regarding intellectual property, blah, blah, etc.
Basically, I limited myself to using Asp.Net and .Net Framework, and nothing else, and could not distract me from randomly choosing something that I had not created (ok ... this could be my anal interpretation of the rule ;-).
I find this difficult because most of the code learning, I think, is reading other code. Reading blogs with code, reading books with code, viewing code samples, using code from SDK samples, etc. Also, I would think it is safe to use code that people have shown to be a good solution or pattern for something and free to put up with others. I'm not going to think that I can code everything. I definitely have to stand on the tapered shoulders of others in order to reach certain heights.
Maybe I'm not very good at licensing either. From a companion's point of view (I suppose) they don't want to risk being the victim of an IP address violation.
My point is that you have to weigh the risks. Taking a snippet of code from a book is low risk. Including code from an open source library can be very risky. I'm talking about making decisions based on how much risk you're willing to take.
Anyone have any experience with a similar situation or similar? Is it a rare thing or is it common in some sectors? Are there others in the same position as me there?
Any insight or guidance would be appreciated! Thank!
Edit: Thanks for the answers! To clarify a few things: I am not an advocate of code theft. I'm talking about code that has some kind of public license that allows it to be used in a certain way. The key is that there is no compensation in public licenses when using the code. This means that you are using it at your own legal risk (and other risk). If someone is suing an open source project from which you used code, you may also be involved in a lawsuit because you are using the code even though it is publicly licensed.
In 2005, Microsoft used the compensation to compete with open source vendors, promising its partners that Microsoft would protect them from IP lawsuits. http://www.microsoft.com/presspass/press/2005/jun05/06-22PartnerIndemnificationPR.mspx
Thus, even though the risk of being sued for IP address infringement may be extremely low, it is a nonzero probability. Thus, I cannot use it. Even if it has a public license. :-(
source to share
By "compensation" I mean they mean the assurance that the code is free of copyrights or patents, or maybe trade secret encumbrances that they don't know about in advance, or someone who wants to compensate them, if something like this appears, I've never been in a company that worried about it, and I haven't heard of it before.
It's not clear what you really want here other than sympathy (and I have sympathy for people caught up in corporate stupidity). Seems like the policy is pretty harsh if you're worried about the example code in the books. This is bad policy and will get in your way, but I don't know what you can do about it. As opposed to posting Joel's blog post on how the whole thing is done like a grunt, it looks like you can't just start doing things intelligently without making a clear violation of corporate policy.
Not knowing your situation, my suggestion would be to look for another job. This will certainly stifle your professional growth, and a company with such a policy is unlikely to be smart.
(It would be nice if you could reassure them that there was no danger, but that's not true. People lied about copyright even though open source projects usually don't have a place, and only a fool would definitely state that big a piece of code did not infringe any US patents, even if it was written a year before the first software patents were obtained, that would only be a good reason for litigation, not an avoidance of litigation. GPL software is indeed better than BSD software, since it requires some downstream patent licensing, but it cannot deal with third party patents.Of course, if they are worried about being sued, writing their own software is not the solution.It could infringe on patents.)
source to share
"Probability of being guilty of IP address violation" is not really the right way to think about it. This is not a "risk".
Or
- You have a license and you can use the source. There is no risk. You have a license. There can be no claims.
Or
- You do not have a license and you are violating it. In fact, you will be sued. There is no risk here. You are violating someone's copyright (or worse).
Companies are not open source for a number of strange reasons. Liability risk is not one of them.
Things I've heard.
-
What if he has a virus?
-
What if it doesn't work as advertised?
-
What if he “knocks down” something? Who do we sue?
None of them are subject to "risk". They are "due diligence". And in general, they are easy to solve: choose products with a sufficient number of users that someone else will check the code before you; Open source QA is like one of your own people typed it. Except for one.
This brings us to the real reason. [Hint: This is not a "risk of action".]
There, no one can sue if you have not followed open source due diligence.
Most stores have no real configuration management or quality assurance policy (the kind that will act as best practice in court). Until they have these things, they won't dare think about adopting open source, for which you really need solid QA and configuration management.
source to share
I think your company is really worried about you directly copying large segments of code that might have licensing issues, presenting a legal problem to the company if they get caught using it. However, you can read blogs or other unlicensed code and find a solution that works for the specific problem you are working on. In this case, you are better off rewriting the code (that is, looking at the solution and reproducing it), rather than just copying the code and making changes to it. At my company, this is what they usually recommend using non-proprietary code.
Also, for small amounts of code (like a standard cache implementation) where everyone implements it the same way, your company is unlikely to be afraid of using external code every time if you are sure to test it thoroughly.
source to share
Can you rename the variables and how will they know? Do they check every line of code? Universities tell you not to copy code without reference all the time. Why don't you try to code something and use the pieces of code that you find on the Internet?
Typically, you will be using more from communities like Stack Overflow or Blogging than from open source projects.
Finally, since the code has no guarantees, its at your own risk. Well, this is the same case if you came up with the code yourself: its at your own risk.
Hope this helps ... and good luck.
source to share
Maybe I'm not very good at licensing either. From a companion's point of view (I suppose) they don't want to risk being the victim of an IP address violation.
My point is that you have to weigh the risks. Taking a snippet of code from a book is low risk. Including code from an open source library can be very risky. I'm talking about making decisions based on how much risk you're willing to take.
I'm not sure if I understood correctly. If you say a license violation is fine, when you don't get caught, I have to disagree with you.
You can learn by reading code without breaking laws or being fired. Just don't copy the code into your company's database if the license doesn't allow it.
source to share