It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.
It’s pretty hard not to overlap with big tech companies. Everything has been touched internally.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
I'm not talking about this code in particular - I am talking about all code presumably written by individuals and posted on GitHub with a LICENSE file saying it's free software.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
I think it's reasonable to assume that it belongs wholy to Uber and that he was acting illegally to publish it on github. He even showed us the sofa in the Uber office where he wrote it. He told us his manager asked him to write the code and seemingly had no idea that he'd written a database engine. He told us that they were paranoid of industrial espionage at the time. There seems to be zero reason to suspect that Uber carved out a specific exception to the usual employment contract enabling him to work on and release this code as FOSS while at the company.
Yeah, you want to get rid of uncertainty, but it's here to stay. The whole legal system is not brought to its knees over the fact that no code on GitHub (gasp) is automatically guaranteed to be safe against copyright infringement.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
You seem to be using an absence of evidence as evidence of absence.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
Not when he wrote it for and showed it to box. Doesn’t matter how he “licensed” it. They would have had good legal standing to come after him. I can’t believe he wrote that on his blog. He should honestly take it down.
> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
You can be 99.999% sure unless the engineer went through a long painstaking process to get Box or Uber to open-source and then re-license the code to MIT, it was fully owned under traditional copyright by Box when it was originally authored.
Actually, it gets fairly complicated, because he created a derivate work at Uber with with what is likely Box's IP.
Sorta. He has a license (MIT), but no copyright statement. The license is an agreement between the copyright holder and the user. Normally he would have gotten the sign-off from his employer to release this, and this thing would be Copyright: Box, License: MIT. But there's no explicit copyright holder stated, which makes me think that he just uploaded and "licensed" code that he doesn't own.
The code is MIT licensed if and only if the copyright holder - not the author of the story but respectively Box or Uber - explicitly made it MIT licensed. Without a legally binding commitment from these companies, a "license.txt" at the repository can't make it MIT licensed, all it means that the author is lying about its license. He doesn't own the code (despite writing it) so his "permission" is worse than worthless (by being dangerously misleading) without an explicit blessing by the company - even an implicit "we probably don't care" doesn't cut it.
He could be authorised to open source the company code he wrote. Though, I wouldn’t bet it’s the case there. But Uber has a lot of Open-source projects so they are perhaps allowing engineers to decide themselves.
You can't just re-license intellectual property that someone owns the rights to. EVEN if you authored originally. It's likely Box and Uber own rights to different parts of the IP, under both employment law, and his employment contract.
