EDIT: update here https://news.ycombinator.com/item?id=31092085
1. If you do a web search for "HackerRank DMCA" you will find similar examples of this that have happened in the past (with exactly the same text).
2. The text of the request is not in any way designed to enable a reasonable response. No detail is given about what the infringing content is so there is no way to comply.
3. It is also clear from this and previous cases that whatever process is used to identify potential targets for DMCA yields false positives and no reasonable judgement seems to be applied in whether or not to issue a takedown request.
I also think that GitHub's processes are faulty here:
1. We were given one business day to reply. I replied within 2hrs to say that the request was obviously spam and then sought legal advice. The repo (and website) were shut down before we could get legal advice. One day is nowhere near enough time. The request came in on Thursday night (UK time) and in the UK both Friday and Monday are public holidays this weekend. I don't even know what one "business day" means in this situation.
2. GitHub gives some guidance for how to submit a counter claim but none of the information is applicable to a case like this where so little information is given that is simultaneously impossible to comply with the request and impossible to dispute it. If GitHub makes it this easy to spam DMCA requests then they should also provide some guidance for how to deal with spam requests.
I wonder if the FSF or someone else can come up with a good template response to DMCA requests that just don't have enough information in them. If the request doesn't even explain how you could comply then it should be possible to respond to that in a blanket fashion.
Meanwhile, if we need to make a monetary contribution for your effort or anything more we could do to promote, what would be the best way to do it? If you'd like to send me an email to discuss further, I'm available at vivek at hackerrank
Thank you & sorry!
And here's the thing: if there's a match between the SymPy Docs and something you consider yours, the copying was quite likely in the reverse direction: the solution you claim copies something out of the SymPy documentation (which is legal, but it isn't yours).
> stop. Just stop. Don't send out any DMCA notices at all, not unless you encounter a case of infringement so blatant that it is obvious to all. And then make the decision yourself, don't contract it out.
Sounds great - did you make similar promises last time?
I'm looking at the page that was taken down and it seems to be largely full of pretty basic code snippets demonstrating how to use the Solvers module.
Your DMCA request includes the statements that say, in part, that Fair Use has been considered, that you own the copyright, and that the information in that statement is true and accurate.
Could you elaborate what on that page you consider to be your copyrighted content, and how you came to hold that copyright? Is it the code snippets, as per your comment? Did your company have an employee write that content?
When the DMCA takedown request was being drafted, did someone consider whether those snippets are even qualifies as an Original Work? I'm getting at whether they contain even a minimal level of creativity, as the US Supreme Court has said is a requirement for copyright.
1. Fire WorthIT Solutions (no RCA necessary, do not automate or outsource DMCA, even if it's human based automation)
2. Apologise to SymPy
3. Discuss internally the cost-vs-benefit (more than monetary) of embarking on copyright policing as part of your company's future strategy
4. Blog results of #3
All things considered, this company has done net negative impact to tech industry.
The point is to find another evaluation metric.
Did you give your guy an IDE that he would normally use? That your company normally uses? A real world problem to solve? Resources he would normally use? Resources people at your company use on a day to day basis?
White boarding or using codepen isnt remotely close to evaluation for the actual job, and neither are data structure brainteasers, curious what you and your candidate did.
You got one false positive and now want to use a system known for its false negatives.
I don't understand why people find this practice questionable, it saves time for both company and candidate.
But perhaps a different way of answering your question would be a more apt response?
Take this with a grain of salt, but in my experience of building organizations, it seems to me that in social systems, as opposed to engineering systems / code, the most powerful organizational forces are the second order and tertiary effects of the policies that are institutionally put in place. Not the first order effects.
The first order effect of using HR/LC easy questions might be that it weeds out people who really can't code in a language. And in that result, using HR and LC in your interview process, isn't a bad thing.
But the 2nd order effects of using HR/LC are often disastrous. Because once you start using HR/LC as your FizzBuzz question resource, you've made it easy for interviewers in your organization to start using HR/LC questions for more than just a FizzBuzz replacement. Maybe interviewers go to HR/LC for medium, hard questions. Maybe more?
HR/LC elevate what should be a small (though important!) part of the interview process, to one of the most important, hardest, and complex parts of the interview process. In most interviews I have witnessed in the last few years, this comes at the expense of other things that _should_ be more important parts of the interview process. And that's what is disasterous.
That's the issue with HackerRank and LeetCode. It is intentional from HR and LC's point of view. And is an unignorable, indeed one of the most important aspects of adopting a policy of using HR/LC in your organization.
However, I disagree that that makes HR or LC valuable or a positive in the interview process. Basic DS and Algo questions do not require the types, number, or complicated questions one finds in HR or LC. Such questions are easy to come up with and test, and should be a notable, but minor part of the interview process.
HR and LC take what should be a minor (though important!) part of the interview process, and blow them to huge proportions, and thereby distort and harm the very process they're supposed to be helping. They do this, in an attempt to present themselves as having a larger value add than they actually do.
2. No license is required to work as a software engineer.
3. It is up to each company to verify their candidates.
and you are mistaken that it's up to the company to decide what happens. as an industry of professionals, it is our decision.
As a professional software engineer, you are expected to be proficient at those skills to an extent in which you can demonstrate them in practice.
The burden of verifying you acquired the skills associated with your education falls on the employer.
Fizzbuzz is trivial and should not be a problem for any developer at any level. Writing a binary search function should not be a problem either.
But I agree that the industry's obsession with competitive programming has gone too far in some cases, especially in cases where the skills being tested are not relevant for the job.
In practice, many colleges fail to teach those skills.
And accreditions depend on governments which are sometimes corrupt or inept.
any university in western europe is pretty hard to graduate at without actually having these skills. so it is pointless to enforce coding interviews for those who graduated there. you can’t “buy” a degree there.
If you build software that sounds like a bad idea.
The most valuable companies in the world all converged into the same recruiting processes for a reason.
I appreciate the "fix-it-twice" attitude implied by the RCA promise (Root Cause Analysis for those who also had to look it up). Also, consider recognition and restitution for the unnecessary work you created for the NumFOCUS director, a NumFOCUS lawyer, and the SymPy maintainers.
A $25k donation to NumFOCUS would be a good start.
If you are willing to talk about what happened publicly, I'm starting a podcast/video series to discuss business and open-source. This would make an interesting conversation. Perhaps we can turn this into a positive to raise awareness and inspire better behavior in the industry? Ping me.
Most of which will go to director's salaries. What do these directors do apart from harassing conference members?
I thought about this situation and how your company could make this right. If you would be willing to help improve the SymPy project, I think it would be very well received. If you are interested, please let us know! See Travis Oliphant's reply, you could for example donate some money to NumFOCUS. We are very good with using money that people or companies donate to fund development and we can really boost SymPy forward big time with a generous donation.
Also they take pictures and videos of candidates while taking interviews. Without that permission they don’t allow the test.
They’re not part of the problem - they’re the problem.
At worst, you can try to exercise the controls in the EULA that your victims agreed to, but this sounds like abuse of the legal system.
guess what, it's still offline for DCMA.
I don't think anyone will actually go through the expenses to go to court over a code snippet on Github, unless they're particularly principled, wealthy, and retired and I think Hackerrank will definitely try to send their in their legal team.
By just filing a counter notice, you're also doxing yourself to people who clearly have no interest in following the law.
Github seems to have processed the DMCA counter notice but the content is still offline. From that I gather that Hackerrank filed a lawsuit or the counter notice was retracted somehow, or Github is violating the DMCA by keeping the content offline.
Not quite. The obligation of the service provider when they receive a counter-notice is to inform the person who filed the original notice, and give them 10-14 days to file a court order to block the content. If they don't get that court order in that time, the service provider must put the content back up or risk losing their DMCA safe harbor.
The solution would be to build some sort of cheat detector and punish only the candidate. Don't take down and lose the goodwill of the entire programming community by abusing draconian laws.
You might first investigate just how small the piece of code was on which nearly all of Oracle's case vs. Google rested.
I am sure however you have already assesed this and applied for the appropriate registration for these works that you are claiming to own the copywrite to? right?
A person driving 100 miles per hour down a residential street and crashing into something is an unintended consequence, but not unforeseen.
This may have been "unintended" but when you have a company file DMCA notices on your behalf without proper supervision (especially when they had filed DMCA notices like this against other open source libraries) it is not "unforeseen" for them to file a DMCA notice against a completely innocent project.
At the very minimum the open source library that was affected and their maintainers deserve monetary recompense for the time and stress that your actions have cost them.
Sorry, are you asserting that you hold copyright over solutions that other people write?
edit: Here's an example,
- "In so doing, the magistrate judge agreed with plaintiffs’ assertion that the solution manuals sold by defendant qualified as “derivative works” under the Copyright Act. As in Pavlica v. Behr and Addison-Wesley Publ’g Co. v. Brown, defendant’s manuals complemented plaintiffs’ 187 copyrighted textbooks, had no “independent economic value” and were “meaningless’ without the textbooks because they merely provided answers to questions posed in the textbooks."
https://www.courtlistener.com/docket/4345754/pearson-educati... (the ruling is available here, gratis)
The solutions to a particular textbook are entirely useless outside the context of the textbook, but the solution to "efficiently find a substring within a string" is useful in day-to-day programming. The takedown isn't aimed at the result of "convert 700m to feet", but "describe the process of converting between metres and feet", which is plain ridiculous.
Do you plan to contact GitHub and give them a legally binding agreement to indemnify them for any infringement of HackerRank's copyright in the material they took down (I'm sure there is no such infringement, but by agreeing you won't sue GitHub for restoring the content, you effectively retract the notice and give them no reason to wait the 10 days)?
I think a sincere apology should include steps to urgently minimise the ongoing damage to the existing victims, not just analyse what went wrong to prevent hurting other victims.
Leetcode for instance puts the solutions out there.
There are solutions to most questions on leetcode on GitHub as we speak.
I don’t get it. If your assessment is designed that knowing the solution ruins it then your assessing process is broken.
I’ve literally showed candidates the solution to leetcode questions and they still don’t get it. Trying to remove solutions seems like a poor use of effort imho.
How does any of these have anything to do with copyright infringement in the context of DMCA takedown? Do you even own the copyright to the alleged leaked solution?
literaly everything your assessing is programming 101. its not something that you can or should be asserting any copywrite on.
infact I would challange you to register the copywrites on your questions/answers and see exactly how far you get with that process before you even consider sending a single DMCA notice.
You’ve made a serious mistake somewhere in your reasoning. What you believe is the property of your relatively insignificant enterprise, the whole rest of the world knows damn well is not your property.
Besides, this is small potatoes. Why don’t you copyright Wikipedia, then DMCA WikiMedia, then put your copy behind a paywall.
Your company has issued a DMCA takedown notice for "plagiarized code snippets" against the library-in-questions own documentation? (The take down was issued against docs.sympy.org; linked directly within sympy's GIT repo README.md: https://github.com/sympy/sympy)
And this is an "initiative" your organization has undertaken? Have you thought this through?
Where should engineers who want to learn about sympy go to attain that knowledge?
Where did your team learn about and generate the assessment questions?
Where do you stop with this initiative? Would you issue takedown notices to MDN? Stack Overflow? What about VSCode Copilot?
Oooh boy I can't wait to begin publishing solutions to your company's assessments.
The risks from misrepresenting your copyright in these cases are not small. Diebold Election Systems paid $125,000 in a similar situation: https://www.eff.org/cases/online-policy-group-v-diebold
How can this be legal? Plagiarized is moreover a very conveniently vague word.
By this very vague definition the overwhelming majority of your own content has been seen on various parts of the internet way before you ever started your business.
There can't be a copyright on such a thing and I hope someone fights you in court, this is nothing short of bullying.
How can you shitbags take down SymPy and then show up on HN to actually make light of it with your crapola comments while it remains taken down.
For ch: char in solution.text:
If webpage.html.indexOf(ch) >= 0 then
I get it, I'm an automate-first type of person, too. But it appears your outfit has made a habit of doing this, and you're messing with innocent people for no good reason. Doing that in a `for` loop is irresponsible as hell, and frankly you deserve the bad press you're getting. I highly recommend you reconsider.
Legacy media companies do this kind of thing, too. I hope you're more interested in your reputation than they are.
So which is it? Plagiarized or solutions? Because unless your company actually owns the copyright for the code in question, you have no right to it.
If a Google assessment asks “how many manhole covers are there in New York” and someone decides to create a repo with “Manhole covers in New York: 23,000” there is no copyright claim.
Do HackerRank users affirmatively sign a non-disclosure agreement? I checked your terms and there is not an apparent non-disclosure agreement. If not, there isn’t any legal recourse if users decide to talk about or solve your problems off the platform.
Educational and not for profit use is often protected by Fair Use. I didn’t see the repo in question so I can’t comment on if the use of the material meets the Fair Use criteria.
However if people are sharing their answers to your questions in a repo, especially for educational or non-profit value, there isn’t much you can legally do about it. For example, If I take the GMAT and I discuss a question on Twitter, that’s allowed by Fair Use. If I offer to sell a PDF of the entire test, that would not be protected.
If someone said “hey HackerRank’s Ruby test asked a question about finding the smallest value in an array” and then they posted a solution. That’s absolutely not violating a HackerRack copyright. People even have the right to describe their experience on HackerRank in great detail.
From your own policy: “Content that You own and post on or through HackerRank belongs to You..”
So if someone wants to post their solution to a question, your own terms allow that. It’s their solution, it belongs to the user.
If someone else “plagiarizes” another user’s solution, HR doesn’t have standing for a DMCA takedown. The user that created the content does, but not HR.
However even if HackerRank did own the solutions, there is a high likelihood that Fair Use would be in effect.
I have a strong dislike of HackerRank type companies because it’s pretty rare that those ridiculously academic assessments predict real world performance. They are a screening tool for the lazy. A well designed, relevant code test relating to the work of the company or a solid technical interview is much more valuable in my experience. When I was interviewing with companies, I immediately passed on the job of HackerRank was part of the hiring process. I ended up at a FAANG for over 5 years, so it’s pretty clear that anti-HackerRank bias among potential employees like me have a detrimental effect on recruiting.
it's still offline for DCMA, since Dec '21
Your company does not own the basic algorithms that are the solutions to the tests on HackerRank.
EDIT: update here https://news.ycombinator.com/item?id=31092085