Best quote: "People working for Didi apply for intern jobs at Uber China and then exfiltrate our data. We can’t let them see the formulas or they’ll just copy what we do!”
This is so true. People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis. I was responding to an unrelated breach at an unnamed tech company back in mid-2000s time frame and had a side bar conversation that went like the following:
Them: "Yeah, we just opened a tech center in Xinjiang and ... wow, we've had quite the rash of lost ID badges there recently"
Me: "Have you considered that they're not 'lost', but rather 'sold' for profit?"
... silence ...
I don't know if executives are aware but just don't care, or if they're simply incompetent, but China has productized industrial espionage on a massive scale. GE Aviation was a victim more recently: https://www.cincinnati.com/story/news/2022/11/16/accused-chi...
I've watched key, core engineers and technical leaders work for US and European companies, develop their next generation products, then turn around and design and develop essentially the exact same thing for the Chinese market. They then build a company, in China, that makes essentially the same product, but for the Chinese Market, and with Chinese investors, etc.
Examples:
Thoratec/Abbot Heartmate III & CH Biomedical
Auris/Verb/J&J Robotic & Digital Solutions & Renovo Surgical
The ironic thing, is that some of these companies after success in China are working to sell and be competitive in the US and Europe.
It's not even secret or under the table anymore, it's overt and largely accepted as the way it is in our industry. A brave new world.
The other factor, is that it is very very difficult for a foreign company to do business and protect their assets in China, so often the wise companies don't even try. They often just license their stuff for the Chinese market to a Chinese company. That way they at least have a chance of not having it all just stolen.
This feels like the debate between tax evasion and tax avoidance. What the engineer did here going to an IP lawless place is more like tax avoidance. It has a bad smell but he legally exploited a loophole in the international IP system if I understood correctly. Sort of migrating to a tax haven to avoid taxes.
Unless there is something explicitly stated in your contract banning you from taking the "know-how" in your brains and use it elsewhere (so long as you don't breach any patent) then it sounds there is nothing technically wrong.
Which is why there are export bans on plenty of things to China, the US Gov (I'm not American) rightfully understands what's going on under the table and the easiest way to curb theft of high technology is an outright ban (Nvidia products, etc).
I think it's a cultural thing as well, some sort of hustle culture, as the Chinese citizens that moved to NZ when I grew up loved to flout rules & laws around things like the property markets etc - one big problem was Chinese nationals buying up as much NZ baby formula & milk poweder as they could get, hiking the price & selling/sending it to China, so much that NZ experienced shortages for Kiwi mothers trying to feed their babies, so much so that supermarkets had to instate a X per person policy. When I worked in one during 1st year uni I would get literally screamed at in Mandarin by angry and aggressive Chinese nationals with trolleys full of baby formula.
And keep in mind that all of that started only because of the big scare where Chinese baby formula was found to have melamine in it (https://en.wikipedia.org/wiki/2008_Chinese_milk_scandal) killing 6 babies, affecting hundreds of thousands. All because Sanlu's execs wanted more $$$ so they cut their product.
Am not a lawyer or even a tax expert, just was noting that for non-experts in these domains this scenario look similar (China is doing to IP what tax havens did for taxes).
> It's that I'm saying they design a very specific thing, a very specific way, for hire, then go make that exact specific thing, that same specific way.
I really doubt this unless all the inputs are commoditised. Industrial espionage usually fails because if you don’t have the know how to make the tools that make the tools it’s difficult to impossible to literally copy it. Not saying what you’re saying doesn’t happen, it does, all the time. But usually the engineering is substantially different if only because different things are cheap or expensive, or just unavailable.
> If it were in any other country but China, it wouldn't be allowed to happen.
Historically, the US, Japan, Korea, Taiwan all did it. No doubt Vietnam does it now too. Not like they have an excellent civil legal system. Joys of working in developing countries.
> if you don’t have the know how to make the tools that make the tools it’s difficult to impossible to literally copy it.
Smart and knowledgable people in a certain field, but who are slightly stuck, can be helped by a few tiny details. If someone can provide a specific manual or piece of documentation, or just a photo copy or image of some key detail then those smart and knowledgable people can pass the hurdle and continue.
Exactly, and now days you can buy most tools you would need on ebay. Need a huge cnc milling machine? Ebay, Need an injection molding machine? Packaging equipment, whatever. Even medical equipment
Even inside itself: filmmakers went to remote Los Angeles in the early 1900s because Thomas Edison, in NJ, held most of the patents on motion picture cameras and out west they were much more difficult to enforce.
What, should we let each country "have their turn" at morals, ethics and ideas from a hundred years ago or more?
I mean if that's the case the so be it, but they should expect protectionism in response - US already bans export of certain technologies to China, if we embrace the differences in views on IP theft, how are Western countries meant to protect the IP they invested money in nowadays?
Or do we just give it away for free? Who pays to develop this free IP then?
But was it state sponsored? My understanding is that it was mostly robber barrons doing their thing, which isn't really "The US", its more "People in the US".
I'll admit the failures of the US government just much as anyone, am and will always be a tough critic..
But let's not forget the greater context here.
We are talking about a communist country with very top down, state architected enterprises and actions with the USA, which is certainly not those things.
The US isn't perfect, by any means, I'm not trying to say that. Context, that's what I'm trying to have us remember here.
How is that context supposed to be relevant to the point? That China is doing a poorer job by trying to direct the process centrally rather than something more nimble?
I'm not trying to say anything in particular other than drawing conclusions by making comparisons the US from 100-200 years ago to China today isn't very relevant and therefore is not very useful.
My original comment that started this whole thread is similar. I'm not trying to communicate any kind of opinion on it. It's just an observation of things I've personally seen happen in the world. Others are putting their own opinions on if it's right or wrong. I'm not trying to say any of that, just share my honest observations on the world.
If you learn how to build a castel with a very specific era look and feel as an architect, would you not then be likely hired to build a similar castel elsewhere?
I Do this for a living, ave for 20 years. I've designed many "castles" with similar looks and feels, similar materials, they work similarly.
But I've never built the exact same castle, with the exact same Floorplan, with the exact same plans. That's what I'm highlighting that I've seen several times.
A cool aside, I love this song by Watsky called "cardboard castles". Having done this for 20 years (build "cardboard castles") I identify with it.
The espionage really is next level in China. It’s not just reconstructing software (that’s part of it) but stealing binaries (and source where they can) for everything along the way.
I worked at a large tech co with an assembly line in China and experienced this first hand. A routine scan of one of our calibration machines turned up a Trojan with a copy of all calibration software squirreled away. Fortunately nothing is network connected there, but it was obvious someone was planning to come back for it. The stash had our calibration software and the factory’s proprietary control software on it. Both companies sent security to watch the machine for 48 hours straight until a hard drive shredder could be procured to mutually assure each party no software would leak. It was nuts, but apparently common.
Just Google "Chinese protectionist" and then any industry. The Chinese government has been actively targeting everything from CNC machine tools to medical devices and semiconductors for decades. Some industries with more success than others. Anything they import, especially industrial equipment like textile looms, cnc machines, semiconductor equipment, etc. There are big, long term, well funded pushes to manufacture indigenous versions of just about everything. Airplanes, jet engines, computer chips, industrial equipment, on and on
Mainand Chinese culture owes itself more to Stalin than to Confucius. If you lived in USSR stories like this have certain warmth of deep cultural connect.
That's not "the deal". It's illegal. No one on either side agreed to do this and had that been part of the negotiation, the offended party would have walked away or else agreed to a higher sale price in exchange for technology transfer.
According to who? Sovereign states have their own laws, that's what makes them sovereign.
You claim that companies wouldn't have done business in China (in the times before our current Second Cold War) had they known about the lack of IP law enforcement there. I think companies who outsourced to China knew very well what was going on, and calculated that they'd still come out ahead.
I agree with this. The executives that made the decision to outsource and offshore understood that near term gains would come with long term consequences, they always do. Those executives did very well by those short term gains.
According to international trade law and China itself. [1] People are making absolutely wild, misinformed claims that don't belong here. Claiming executives knew what they were getting into is pure conjecture.
> Sovereign states have their own laws, that's what makes them sovereign.
You're making a grossly misinformed claim here. Sovereign countries also participate outside their borders and are subject to the international agreements they participate in.
> Claiming executives knew what they were getting into is pure conjecture.
Schrodinger's executive - when things go well, it's because they meticulously planned every detail. When things go wrong, suddenly they know less about their business than my grandma does.
What is the cause of this habit of making up excuses for people that get massive compensation but never take any responsibility?
Do you understand that the side of this argument you're representing is making excuses for internationally illegal theft as, "well they sure had it coming?"
The side you are representing was trusted with safekeeping this information. They purposefully placed it into the jurisdiction where it is frequently, systematically stolen. They clearly did this to save a few bucks. Quite reasonably, some people are asking, why do they face no accountability for this decision.
You are coming up with excuses like "well they couldn't possibly be aware of information that was widely avaliable in mass media since 2010 at least.
Would you accept this sort of excuse if someone was in charge of safekeeping your child and they took your kid for a walk through an area known for violence and murder?
I can no longer follow your argument, sorry. This is blatantly moving goalposts to excuse theft and defend what exactly? Are you suggesting industrial theft at a mass scale is excusable because they knew the risks? That is the definition of victim-blaming.
Shareholders are victims, executives are their agents that acted against shareholder’s long term interests.
Here is a better example; you trust the bank with your money, bank gets robbed. The criminals are gonna be criminals. But why is the bank vault made of cardboard, and why is the password ‘1234’? Imagine the same bank keeps getting robbed for 10 years, and they make no attempt to fix things.
Should the management still get their bonus? Should they be help to account? At some point you have to start asking if the bank management is in on the crime.
This is so obnoxiously wrong. You could add qualifications to your statement to be less wrong but your statement as is is stupid. When I'm banging my wife is it my duty to start banging on the walls and bellow at my sleeping kids to let them know what I'm up to?
It "feels OK", stripped of context, but nevertheless results in your industries slowly withering and getting taken over by their new Chinese competitors in what used to be their home market.
If you remove uniforms from a soccer match, you can celebrate each individual player's goal. But the team that forgets they are (or should be) playing a team game will be obliterated.
Everyone should've seen what happened to Cisco and thought better, but short sighted execs focused only on next quarter gladly opened the gates and accepted the horse.
Everyone did see it coming. Interviews of experts on TV, talked about at the coffee table at every industry in the west. But since the stockmarket demands constant growth we have to move production to china. And when the move is done, the CEO has a nice rep-sheet showing how much profits went up while he was working at the company and gets hired by the next one.
How is that related? Are you actually saying that the US was being unfair to Germany by stepping on their IP? Of all the criticisms of that program I’ve never heard “but won’t somebody think of the Germans” lol.
Also, two wrongs don’t make a right, and 1945 was 2-3 scientific revolutions ago
I mean its still pretty hypocritical - the US is happy to take in literal Nazi war criminals to stay as a super power, yet they start clutching pearls if a developing country tries and poach some talent with IP knowledge.
Not to say I subscribe to the notion of intellectual property, but I would expect military secrets to be treated differently than trade secrets for purposes of IP.
Perhaps that is an American cultural tradition that China is unlikely to respect.
>it's overt and largely accepted as the way it is in our industry. A brave new world.
What alternative is there? The only protection there ever was for taking business secrets was patent enforcement, civil lawsuits or prison. If a foreign government won't cooperate on any of those things, what can you do?
The only answer humanity has ever come up with is something like a government intelligence agency, where everything is obfuscated by clearance levels and need to know compartmentalization, and any violations are handled criminally, with armies of full time counter espionage people. That just wouldn't work in the corporate world.
> some of these companies after success in China are working to sell and be competitive in the US and Europe.
Just out of curiosity: can't these companies be sued by the IP holding company when they try to sell outside of China, and be forbidden to sell their products in US and Europe?
Yes, but by the time all that happens the patent protection is likely to have run out.
Basically what I've seen is new tech is designed and released here, owns the market for 10 or so years, by then one of these companies in question has started to get momentum I the Chinese market, then 15 or so years after they start to think about coming back to this market, and by then the IP protection has run out.
I got into this with another set of engineers on Reddit where I discovered there’s a subculture of engineers who don’t believe you can’t actually own code and apparently take a copy of their employers source code repository everytime they switch jobs.
Edit:
Updated “can actually own code” to “can’t actually own code”
FYI the edit might have made it more confusing, since there's a double negative now. "don't believe you can't actually own code" reads as "believe you can actually own code", which I'm not sure is what you were going for.
One thing I regret is not taking a copy of the code I wrote for another company, so many handy little utility functions I made that I then had to recreate. The transaction costs for b2b are far too high for any reasonable sale, so exfiltration is the utilitarian choice.
That’s still just theft if you’re not a contractor? Full time software employees are doing work for hire. There’s plenty of moral and ideological arguments about theft being morally acceptable in this situation but I was more marveling at the people who thought that taking source code from their company was legally not theft
There are situations where developers emailed/cloud uploaded/took hard drive of code they had been working on when he left the organization and were looking at prison sentences for theft...not copyright infringement. They didn't even give it to someone or reuse it somewhere. Just the fact of trying to keep it when they left as illegal.
All that to say that in some circumstances taking source code is considered theft.
in my country, copying source code is definitely theft and is contractually enforced. but reproducing similar concepts/architectures from memory happens often
Your jurisdiction may have a law called "IP theft" or it may not, either way the moral category of "theft" does nor apply.
(Also, if it was theft this particular example would be theft in the same way that taking a book from someone's recycling bin would be theft: no one is worse off)
1. Suppose the OP did not take the source code files, but memorized the source code and later recalled it from memory. Would that be theft?
2. Suppose the OP neither took the file nor memorized the code, but had photographic memory and replayed the exact visual scenes during their creation of the utility functions and copied down the code from what they saw in their mind's eye. Would that be theft?
3. Suppose the OP was solving a seemingly novel problem and suddenly remembered how they solved the exact same problem when they were employed by company X. Are they obligated to banish this solution from their mind?
For the other examples, it depends but I'm pretty sure a copyright infringement case for either of them wouldn't be immediately thrown out. IANAL but I do know that law is quite fuzzy.
It’s alarming because, in my experience, anything you write for an employer is intellectual property of the company. Unless he wrote that Box demo all on his own time and his own equipment completely outside of work, or Box has some abnormal contract with their employees, he can’t just slap an MIT license onto it and call it open source.
I worked with a few people who were successfully sued by our employer when those people left and brought a “spare time” project/tool with them and tried to publish it. It wasn’t even code we sold or ended up using internally, but was still IP of the company because they wrote it during business hours on a work machine.
Worse than that, many companies have clauses that indicate that any software you write (regardless of whether for the company or not), belongs to them. I don’t know if this would hold up in court, but it’s there in the contract.
It’s pretty hard not to overlap with big tech companies. Everything has been touched internally.
My understanding is the same though. Unfortunately whether a clause is legal or not may matter little - you’ll run out of cash for legal bills before they do. The best defense is probably just that most companies don’t care about your side projects.
Yes, but if we speculate as to the invalidity of the explicitly published license, we basically can't use any foss code on GitHub.
Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Did Uber or Box explicitly agree to release it under an foss license? Is it the author's personal individual copyright made on personal hardware outside of work location/time? Does it predate their employment? Nothing in the article linked indicates clearly that it was written for an employer.
If I am expected to research this for every foss library published on GitHub by someone who works for Big Tech, then we are all capital-f fucked.
It's easiest and sanest to assume that people are not lying.
> Any reasonable person can expect that the MIT license on this code is valid and authorized by the rightsholder.
Yep, that's the reasonable default position.
If however, the author of the code wrote a length article about how they'd developed this code while working for a company (not in their spare time), and you happen to read the article in question... then for that specific repo you might look at it differently.
The article in question doesn't clarify things regarding the Box derived code, nor whether they sought and received permission from Uber prior to publishing. Absent both of those, I'd personally not use code from this repo.
That's just me being risk-adverse here, as I don't personally have a use for the code. Others might make different choices. :)
"It's easiest and safest to assume that property is not stolen" is a parallel construction of your argument.
You can assume whatever you want but the cops may not be very impressed.
There are a lot of polite fictions in law, and this is one of them. If you had no reasonable way of knowing that a license was invalid (or property was stolen), the judge is probably going to be sympathetic, but the property will still get returned to its proper owner.
If you DID have a reasonable way to know that the status of the property was suspect (as in this case), they are likely to take a dim view of the situation.
I'm not talking about this code in particular - I am talking about all code presumably written by individuals and posted on GitHub with a LICENSE file saying it's free software.
It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
This case is no different.
Nothing in the author's linked story suggests this code is not MIT licensed as the repo claims. It is unreasonable to assume that the license file in the repo is false; nothing available to us supports this assumption.
I think it's reasonable to assume that it belongs wholy to Uber and that he was acting illegally to publish it on github. He even showed us the sofa in the Uber office where he wrote it. He told us his manager asked him to write the code and seemingly had no idea that he'd written a database engine. He told us that they were paranoid of industrial espionage at the time. There seems to be zero reason to suspect that Uber carved out a specific exception to the usual employment contract enabling him to work on and release this code as FOSS while at the company.
Yeah, you want to get rid of uncertainty, but it's here to stay. The whole legal system is not brought to its knees over the fact that no code on GitHub (gasp) is automatically guaranteed to be safe against copyright infringement.
> It is standard, reasonable person practice to use foss-labeled code on GitHub under the presumption that the license is not a lie.
Yes, absolutely: presumption, not certainty. (Nitpicking the phrasing: presumption that the copyright is not a lie, the issue does not even venture into licensing.)
You seem to be using an absence of evidence as evidence of absence.
There's nothing to explicitly suggest that either is the rightsholder; that is another assumption, which is directly counter to the fact that the person who wrote the code posted it alongside an MIT license.
Not when he wrote it for and showed it to box. Doesn’t matter how he “licensed” it. They would have had good legal standing to come after him. I can’t believe he wrote that on his blog. He should honestly take it down.
> I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
You can be 99.999% sure unless the engineer went through a long painstaking process to get Box or Uber to open-source and then re-license the code to MIT, it was fully owned under traditional copyright by Box when it was originally authored.
Actually, it gets fairly complicated, because he created a derivate work at Uber with with what is likely Box's IP.
Sorta. He has a license (MIT), but no copyright statement. The license is an agreement between the copyright holder and the user. Normally he would have gotten the sign-off from his employer to release this, and this thing would be Copyright: Box, License: MIT. But there's no explicit copyright holder stated, which makes me think that he just uploaded and "licensed" code that he doesn't own.
The code is MIT licensed if and only if the copyright holder - not the author of the story but respectively Box or Uber - explicitly made it MIT licensed. Without a legally binding commitment from these companies, a "license.txt" at the repository can't make it MIT licensed, all it means that the author is lying about its license. He doesn't own the code (despite writing it) so his "permission" is worse than worthless (by being dangerously misleading) without an explicit blessing by the company - even an implicit "we probably don't care" doesn't cut it.
He could be authorised to open source the company code he wrote. Though, I wouldn’t bet it’s the case there. But Uber has a lot of Open-source projects so they are perhaps allowing engineers to decide themselves.
You can't just re-license intellectual property that someone owns the rights to. EVEN if you authored originally. It's likely Box and Uber own rights to different parts of the IP, under both employment law, and his employment contract.
If we're being generous, the author may have had permission to do so. It's not inconceivable; the code was abandoned. If one of my reports had asked, I would have approved.
I think you might be surprised how easy this process is at some big tech companies. For me the bigger hurdle is getting past a privacy review, not the issue of the license.
What big tech company makes it easy for you to take code written and deployed there while you were employed, and just open-source it?
I know there are big tech firms that own everything you do outside of work, but have a fairly easy process to allow you to release that as open-source.
But this is different, this is about code written for and deployed by the company itself, that isn't part of any corporate open-source strategy.
“Corporate open source strategy” where I work is just having a form that engineers can fill out to request to open source things, and a committee on the other end of the form to sign off. It’s similar to the process for speaking at a conference or publishing on the company blog. Management sometimes steers in the direction of more or less public content, but specific releases are always individual initiative by engineers who want to develop their project in the open. Tech brand wants our name associated with high quality work.
I've only managed small businesses not large ones, but personally I'd be fine 9 times out of 10 with a developer who asked to open source a project they had built an mvp/poc of, but that never got approved to be used at all.
I could even imagine approving of a policy for the open sourcing / licensing of code, where any code that's used or previously used by the company in any way needs to go through an approvals process if anyone wants to open source it, while anything created but never used has a much simpler barrier such as manager agreeing in writing that it's unneeded code and therefore eligible for instant open sourcing under a specific license and specific terms of release.
> "But this is different, this is about code written for and deployed by the company itself"
Written for, yes, but seemingly never deployed (except to the extent that it could be demo'd and rejected). From the article:
> [After looking at a product owned by an unrelated team in the company, he single-handedly decided to make what he thought would be a good add-on or sibling to it] "I demoed Box Sums to the Box Notes team at some point, and they nitpicked the UI and implementation details (“What if two people type in the same cell at the same time? They’ll just overwrite each other.” ). Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day."
It's not impossible "nothing came of it" is a shortened version of "they said it seemed like an awesome tool but too far from the original scope to want to take on and commit to maintaining, and as they said there was no chance that decision would change my manager agreed to sign off on my releasing it under MIT license as is allowed for un-used code."
Story time. In a past life, I tried to open source code I wrote at work. My manager greenlit it, but obviously that wasn't enough. Next thing I know, I'm in a room with a lawyer trying to write a patent. In the end, no patent was filed, and the code was never open sourced. What a waste. Arguably, that was 15+ years ago, it would probably go down differently now...
I do academic research and write a ton of code to support this. In grad school (many years ago) at a Midwestern state school, I try to release some code under GPL and get blocked by the school's tech transfer department. It's a program that was designed to support the lab research we were doing (LIMS, ordering, etc). It wasn't much, but it very much made our lab run better. In the end, they licensed it out to a start up that flamed out. The entire process was messy, but all I really wanted was to release it with a GPL license and get on with my work. That office made my life quite difficult through grad school.
Fast forward a few years and I'm now at Stanford and then later UCSF. I email the tech transfer office about some code I'm planning on publishing, expecting a similar back and forth. It took all of two minutes to get back an email:
Are you planning on making money with this code? If so, let us know. If not, any open source license is fine with us.
It was a quite refreshing change to deal with institutions that knew what they were doing w.r.t. IP.
You might or might not; it's not like Google polls the shareholders to decide what source license to use for each project. Authority gets delegated and every company is different.
Actually that was the first thing I looked for in the comments, even before finishing the article and seeing he even published the finished code on his own repo (and not box or uber one), under his only name.
Indeed. Having warned against "If you treat the code like a pet for sentimental reasons, you’re working in direct opposition to the interests of the business." He does exactly that.
Who cares about copyright "ownership"? It's a means to an end, more innovation.
When it can't possible serve that end (again, selling a set of utility methods that would take a dev a few hours to make from spec is impossible) people should discard it.
i understand ownership, but software and code are so easy to copy, transfer and modify that it would be stupid not to do it. it's not like stealing a car. arrr
in other words: ownership of immaterial goods is mostly a scam
Would the world definitely be a worse place if the laws were amended to say "any software developer owns equal IP rights to the code they create as part of their jobs along with the company, so either party can do anything they want with it"?
I'm not sure it would - although it disadvantages the companies compared to the current situation, it's not like they would choose to stop hiring devs to work for them - and that's just a legalisation of the currently unethical behaviour that you think is definitely a worse situation to have?
It massively disadvantages the company. Why pay for software to be built that can just be taken by your software engineers, who form a new company and run a competing product?
Well if that were the situation for all companies, the answer to why pay is the same as it is now - even if it doesn't provide so much of a moat, they have a business need for certain code so they pay in order to have and run that code.
(I'm not sure if it would be better or worse myself, I suspect it might not make much of a difference when everything balances out.)
Why not? Why as a developer wouldn't I go to a VC and say "I have the source and rights to this premade product - fancy giving me some cash to take my team and run it?"
Yup, the Chinese government doesn't really care about infringement unless the IP is Chinese itself and being infringed upon by non-Chinese companies.
I still remember the agency I worked for getting in an industrial designer to create some beautiful cases for some iBeacon hardware we were building. They looked great.
We organise a Chinese company to do the injection moulding and are sent samples that look pretty good, so we decide to use them. Few weeks later we see OUR cases on Alibaba/Aliexpress.
The West/other countries aren't perfect either, but that's not what we're talking about here. _Everyone_ I know who has worked with Chinese manufacturing/businesses has a "they ripped us off" "they sold our hard work to someone else" "they provided lower grade x than was agreed".
And the counterarguments always come down to: "yeah but the West does X" or "you're just being racist".
Chinese companies, especially the ones that do business on Ali-X _LOVE_ this as they can get the IP and use it for $0 and then undercut the original producer of the equipment. Plenty of makers find that their designs on Tindie etc are ripped off and appear on Ali, too.
Well, not just corporate espionage, right? State espionage is going to be at every large US company too. To speak to the article, I can only imagine how excited an agency would be to get real-time updates on the Uber movements of a target.
International relations are based on reciprocity. I sincerely think that if the US didn't think that industrial espionage would be a legitimate activity of intelligence agencies, they wouldn't practice it themselves.
A crucial difference is the US spying is for state use, whereas in China the state is deeply intermixed with industry. State industrial espionage is used for commercial competitive advantage. This is a huge structural and cultural difference.
For instance it’s hard to believe China bootstrapped BYD and GWM among others from green fields. They’ve been exfiltrating and transferring automotive technology for decades. Their products are often near duplicates of other brands - such as the fiat case:
These aren’t cheap knock offs, they have a relatively high quality and with stolen R&D it’s easy to produce at a low cost - the cost can’t be explained by labor alone, as automakers outside China have access to similarly low cost labor.
Note, I don’t think China is incapable of making their own R&D at the same quality as anywhere else; they can. But they don’t when they don’t have to.
The next few decades will see a huge realignment as the decades of theft and forced transfer will begin to seriously pay off.
It's not just China. For example, there's been several accusations of the French state assisting in industrial espionage against the US, and France has acknowledged some of these cases as true
“When governments permit counterfeiting or copying of American products, it is stealing our future, and it is no longer free trade.” - US President Donald Trump, commenting on China.
Actually, the above quote is not Trump and not on China. It's Ronald Raegan on Japan in 1985.
When a new economic threat rises, the US will use the same playbook- demonizing in media, accusations, turn the public against said country, ban products, increase tariffs from said country, turn to allies, etc.
Except China has required technology transfer and has been actively committing state sponsored industrial espionage for decades. Surely this isn’t news?
I’m down with China as a competitor, but we have a strong division between state and industry and China does not. I don’t think a unipolar world is a good idea, and I’m glad for a resurgent China. But it’s absurd to put on blinders and believe forced technology transfer and industrial espionage isn’t a cornerstone of their success.
At several megacorps seeking access to Chinese markets we were forced to transfer crucial trade secrets in exchange for access. We did our best to render it as useless as possible, but it was still very key stuff. Over two decades the Chinese government erected barrier after barrier even after complying to the point that the market access failed and competitors based on our technology dominated the domestic Chinese economy.
I see your parallel comments where you vigorously decry these statements as some sort of nationalism and anti Chinese sentiment. This isn’t that - this is simple historical fact, and I have had first hand experience with it and know the game being played from personal experience. I assumed this was all common knowledge given how much press it’s gotten over the last twenty years, which makes me wonder why you’re grinding this contrarian axe so hard?
Edit: I would note that this is fundamentally different from counterfeiting. This is capturing R&D directly at the top end of technology and processes through extortion and outright theft. I don’t actually blame China or Chinese people, it’s just a cultural difference in what’s acceptable and a belief that the state and industry are separate, which China doesn’t agree with. But the lesson to be learned is China doesn’t play by our rules, and we need to adapt to the situation better.
> actively committing state sponsored industrial espionage for decades
I'm sure you are right but I feel this is actually beneficial.
The interests that have captured China are likely different from the ones in the US, and much different from the inferior oligarchs that have captured my home country (Canada). I see their national interests having an unintended consequence; the creation of markets of scale for products that are not politically viable here.
We all know the stories of oil companies buying the rights to battery technologies and sitting on them. There is even a Wikipedia article about it [1] that I'll link to below. China is never going to have enough oil to export, and as such, Oil will always be a cost center for them.
Copyright maximalism and intellectual "property" is strangling all of us, and I don't want it to put us in an early grave as a race. I'm grateful that China is "stealing" this "property" and turning it into batteries, solar panels and other products that I can buy, and that it iterates on them rapidly - rather than being put in a box.
I don't get it. Literally everyone is doing this concept. Everbody is snatching every last drop of data that isn't nailed down. Nobody asks for permission.
ChatGPT is the most recent example.
"Study hard and keep the rewards" is basically a dead concept.
The separation between state and corporation is a red herring. It's trivially easy for Bill Gates to reveal secrets to Bill Clinton behind closed doors.
Corporations are absolutely abmysal at keeping secrets. They are open-by-default and cannot legally stay in business with the level of security required to keep knowledge from leaking.
That is sort of the definition of the informal red herring fallacy whataboutism. It doesn’t mean the US hasn’t. It means it’s not related to China being wrong to use military power to bully countries. An awful lot of folks here agree it’s wrong for anyone to bully anyone in any context, especially nations bullying the people of another country. We are all, after all, people. But people citing a fallacy when a fallacy is used is fully appropriate, even if you really wish it wasn’t a fallacy.
I don't have a problem with the US bullying others. My problem is that people here on HN and in the west in general, demonizing China for doing the exact same thing when the US has done worse. They think it's ok to boycott Chinese products, but they won't boycott product from their own country. They will say that the Chinese government is evil, but is completely ok with the government of their own. They will say China has no right to bully Vietnam, but they will vote in politicians who advocate for war with just about anyone.
It's hypocritical. Don't demonize China unless you're willing to demonize yourself.
Hell, don't demonize China unless you read their point of view too. I'm sure you're only getting one POV.
> My problem is that people here on HN and in the west in general, demonizing China for doing the exact same thing when the US has done worse
Er, no. Far more ink is spilled on the US being bad, or Western countries in general being bad, by people in the West. What you're saying is not true for HN, nor for the West in general.
Because China's government is the CCP, which is the sole political party of China, which is headed by a dictator, whose endgame is to ultimately have all power concentrated into his hands, forever.
We're not demonizing Chinese people, Chinese culture, Chinese land or Chinese industry, but the forceful alignment of those things to serve a single entity over any other concern.
The West, no matter how bad it can be, doesn't have _that_ problem. Elites come and go, grassroots revolutions have happened and will keep happening without major bloodshed.
> through incentives and pressure on consortium members.
No doubt this would be "bribes and threats" if it were done by a geopolitical opponent.
Second, posts critical of the US tend to get many less votes or flagged quickly, with people calling it whataboutism in posts about China or Russia. That leaves no space to properly discuss those things.
Finally, it’s good to have things in a realist context. It’s idealist thinking if we get upset when a geopolitical enemy does something which is commonplace in out own country and that if allies.
And you use the “whataboutism” as your main argument for whenever someone isn’t anti-china. The world runs on reciprocity. Whataboutism is built into assumptions. It’s called fairness and it’s an intrinsic human trait.
Fallacious thinking is in fact an intrinsic human trait, but to equate fallacious thinking with fairness is a little creepy.
I’d also note while we are on the topic of anti-China, and you’ve lobbed anti Chinese out there - I’ll wager almost (almost!) everyone here, myself especially, isn’t anti anything about China or Chinese people. But that doesn’t mean we are pro the communist party’s policies - and frankly so are very few Chinese. The fact that forced tech transfer and industrial espionage is embarrassing to the Chinese government and sullies all success is no one’s fault but the Chinese governments, and that’s where it begins and ends.
I’m no defender of the US government either, but that’s not even the topic here. I’ll be happy to engage on that topic in the relevant threads. That’s, after all, fair.
What you’re doing is completely denouncing BYD’s accomplishments by saying they must have stolen the technology to get to where they are today.
That’s the exact argument you will use to convince yourself of any of China’s successes stories. They can’t possibly innovate because they’re Chinese and not western. Therefore, they must have stolen the tech. This is how Raegan convinced the public in 1980s.
China has enormous success stories that don’t depend on pilfering or extorting, and a rich history for thousands of years. In fact I think the Chinese governments behavior in this respect is below the divinity of Chinese people and Chinese culture. This plays out in the recent domestic behavior of the Chinese government towards its own people. I even said I welcome a multipolar world with a resurgent china.
But if you think forced technology transfer and industrial espionage by the Chinese state to benefit the Chinese states industrial interests - which have become pervasive in China under Xi with most major Chinese ventures being forced to take state funding and control - you are deluded, or are trying to delude. I say this with all the force of someone who has experienced the fact of what’s happening directly - you can throw racism or nationalism around all you want, but there’s a cold reality that exists independent of such concepts and I - and many others in technology - have experienced it first hand. It’s calculating, cold, and very much real - and race and nationalism have very little to do with it. It’s political and it’s absolutely real.
Btw, you can’t sit in a BYD and not see the technology transfers and the espionage spoils. China could be successful on its own merit, but not with the Chinese communist party controlling industry and civil society. I just hope some day Chinese people will be free to be that competitor on equal footing with the world. What happens in China today is a disgrace to Chinese everywhere, who are some of the most brilliant and hard working people out there. Until that day I welcome them to work with me here, and we can make great things together.
The way I see it, this problem will solve itself. People do not enjoy having to copy others. Historically, countries have done it to get to a comfortable state, then it stops once they're comfortable. The biggest example being Japan.
You cannot watch older Japanese animations and not see the heavy inspiration from Disney, but the style used in their shows today is far evolved. You equally cannot sit in a Toyota and not see the western influence. Travelling to America was literally part of their game plan to improve their own technology though at first it was for investigating automatic looms [1]. I would be surprised if Toyota did not reverse engineer a western vehicle. Today however, I imagine you need no convincing that Toyota is simply the superior product compared to its western counterparts and can stand on its own two feet.
Your counter argument might be that it's different with China because the government is assisting in this. To that, I would point out the Meiji Restoration in Japan. Similarly, their government encouraged young scholars to learn abroad in order to pull Japan forwards technologically. Not only that, the government hired foreigners known as "O-yatoi Gaikokujin" and " the main goal in hiring the O-yatois was to obtain transfers of technology and advice on systems and cultural ways." [2].
That last one sounds a lot like a government-funded technology transfer to me. It's definitely not happening today in Japan, but at one point the government deemed it necessary.
I agree on the point about BYD. We would definitely see the result of a technology transfer in a BYD car. But how much of that can just be attributed to hiring talent from foreign companies? There are articles about Japanese engineers being headhunted by Chinese automakers [3]. This is common in developing countries. A lot of top positions/ executives are senior engineers coming in from abroad getting a significant title bump and pay increase (the pay increase is even greater if you consider the cost of living in the host country).
If you consider headhunting talent to not be competing on equal footing with the world, then that's a completely separate discussion. But I wish to provide more peace of mind for you that this problem is indeed transitory. To do that, I will direct your attention towards the rhetoric used against minorities.
People say that minorities are criminals, but we know that's not true. It's poor people who are desperate enough to perform those acts who will turn to crime. Minorities get over-represented due to society being biased against them causing them to be in more dire financial situations. Nobody takes pride in being a criminal. The moment they are financially stable, they stop - 2nd generation immigrants have extremely low rates of criminal activity.
Similarly, China is still a poor country. We might not think of it because we think of Shanghai and Shenzhen, but their GPD per capita is lower than Russia's, and their HDI is lower than Ukraine's. As China develops, they will find more effective ways to compete that don't tarnish their image, just like other countries have done on their path of development.
My goal is not to debunk you. There are definitely some instances of shady IP dealings in China, but there are some instances that are clean as you have also pointed out. What I do want to get across though is that these are the growing pains of a developing country that successful countries also went through in the past.
People probably had this conversation about Japan when Japan was developing. They do not have them today. So too will we no longer have these conversations about China in the future.
Huawei is a giant. In phones they had bigger marketshare than Apple. Their chips are nearly on par with Qualcomm. It is naive to believe they are banned for security concerns.
Two things. First, this isn't the same thing; you're talking about embedding a resource in a company to read out real time telemetry from internal systems (information with a short shelf life), not stealing industrial trade secrets (information with a very long shelf life). Second, I can assure you that, even with our imperfect systems, there is actually a set of checks and balances in place to prevent rampant (note I said rampant) abuse of this kind.
Yes, agencies would be very excited for this sort of capability. Do they get it as a matter of course that easily? No. There are layers of accountability, legal authorities, and (warranted) push back from commercial entities.
The last bit strikes me as dubious, considering the Snowden revelations.
Yeah, sure, I'd guess that what China does is at least an order of magnitude worse, and sure, because they're less democratic, but also because they are much often behind - and let's not kid ourselves, in the situations the US feels it's behind, it's also using the widespread backdoors they have access to (Crypto AG, Cisco routers, Juniper Networks, Windows, Intel&Ryzen CPUs...)
Given Uber's efforts on Greyballing, booking fake Lyft rides, hiring Anthony Levandowski etc etc ... it's very on-brand for them to (1) fall into an espionage war with Didi (wonder where all their Vertica data came from?) and (2) have an engineer write about using code he lifted from a prior gig and then also self-published.
Its not only that, but when they can't beat them...they make them join: startups with valuable market intelligence get bought all the time by Chinese companies.
See for example the case of DEAR systems, which is a cloud-based WMS that is particularly useful for intelligence as to how much (US) importers are paying for worldwide goods, and what is the cost of shipping from A to B.
It was bought by a chinese company not long ago. That's 1 example.
They don't understand it, because what you're quoting as a behavior is pretty standard anywhere in the world. That's why companies protect their secrets from low rank employees.
Except if you're arguing that western companies are bound by stronger ethics, in which case I'd like to see some evidence.
I wouldn't say people in the west are "better people in their hearts" but they absolutely follow more strict norms regarding honesty and theft. This is one of the main reasons why companies pay a premium for workers in the west when they could hire from other places.
One example: accounting scandals in the US are rare. I don't think anyone trusts accounting figures for public companies from India or china.
> in which case I'd like to see some evidence.
The alternative to trust is enforcement. The evidence you are looking for is the prevalence of the latter principle in systems that deal with things of value.
>One example: accounting scandals in the US are rare. I don't think anyone trusts accounting figures for public companies from India or china.
I work in accounting. You’re right, I trust the US more than India or China, but you’d be surprised at the liberties US companies make and how many individuals from India are auditing their work. Auditors (excluding partners and some senior managers) are just not equipped to deal with the technical accounting concepts and to challenge management. Remember, the company employs the auditors. You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
> You certainly don’t want to ruin a $1MM contract for your firm but pressing too hard.
Only in the west would you get any push back at all. The auditor would feel some duty to bring up an issue even if it reflected poorly on the company and even their own managers.
I agree they likely wouldn't push an issue beyond its welcome, but this particular value is unheard of in many parts of the world.
> This is one of the main reasons why companies pay a premium for workers in the west when they could hire from other places.
By this token "other places" companies would also want to pay a premium to hire US workers outside of sheer competency. Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
> accounting scandals
Whait, what ? You're telling me that while the crypto bubble is bursting and they're going to prison for egregious fraud ?
Also, scandals being few in number would probably be a sign of overcorruption and systematic rot or the controlling structure. I'm not sure that's what we want.
> Yet we're not seeing Samsung massively moving institutional operations to US centers for instance.
Culture matters a lot. Korea is a high context society, and relationship building is extremely important. Its very difficult to migrate functions to other locations when the way to get things done is through building trust and relationships over long periods of time. That said, Samsung does have significant offices all over the world.
Counterpoint: scihub, libgen links are routinely shared on HN as a matter of course (likewise in academia). I've seen HN threads in which people unapologetically reminisce about torrenting movies/music.
Perhaps your will object: "But the publishers/Disney/etc are evil, greedy entities and I don't owe them anything." But I'm sure anyone who's stolen corporate secret elsewhere can come up with a similar justification in their head! After all, that may well be why they left the company in the first place.
If a low ranking employee in Cincinnati divulged corporate trade secrets, they'd be tried and convicted. If a low ranking employee in Shanghai did the same, what can the US company do? Not much. So it's a low risk activity, that is also actively encouraged and in many cases financed by the Chinese government. This is in no way intended to be disparaging of folks who are of Chinese descent, but rather a reflection of the reality of contemporary Chinese government politics and policies.
Would you get tried in the US for interning at a company and then go to a competitor with all your inside knowledge ? [edit: barring a paid non compete agreement]
Then a step further from that, sure there are laws to prevent you from wholesale lifting corporate data and bringing them out as you leave, but as many laws it will be extremely difficult to detect and prove that happened in many low profile cases. That's why instead of just relying on the law you'll lock usb ports monitor network activity and get laptops returned when someone leaves.
It's kinda like preventing shop lifting, you know it will happen at some scale.
> US company / Chinese gov
How much leverage do you thing a Chinese company has to if a three letter US agency spies on them and pass the info to US companies ? And would you argue that scenario wouldn't happen if a specific Chinese company had a decisive advantage that could severly hurt US interests ?
For the level of copying being discussed, the scenario to compare to is when Google waymo sued Uber for copying files for hundreds of millions of dollars. They were caught copying source files & design docs.
Both for software products and manufacturing products, that's what is going on: exact copies of source code, assembly line configs, etc. Many folks write off selling to China for reasons like this. Initially that means underserving one big market for self-defense. Where it gets next-level painful and crazy is when cloners then take their derived works back to the international market to compete directly with the inventors. By then it has been tweaked, but the core is still the clone.
And I was called a racist 25 years ago when I said, “like, our engineering school is, like, crawling with Chinese nationals.” We said like a lot on the 90s.
We're headed for a very protectionist and isolated world because some players couldn't play nice. To me, the only thing holding the floodgates in the west back is the media which is very "rainbows and butterflies" about everything.
As soon as they start playing along and seeing this stuff in an alarmist way, they'll turn the narrative and report on it constantly.
That’s because you were being a racist. Most people reserve the word “crawling” for insects and other small pests. Only racists apply it to an entire set of people.
Is it the phrasing you think is racist? I don't think pointing out the fact that the student body of a given school is, for example, 20% Chinese, is racist. It's merely a statement of fact.
What is with the constant need to deploy logical fallacies? Here, you’re deploying false equivalence - what some person said as a first-person out loud based on unknown evidence that compared people to animals of some sort that walk on all fours is completely different than a Wikipedia article that contains sourced objective comparative data and shares it in third-person. And why are these two things different?
Context.
Nothing exists without context, and analysis of a thing or an action or a situation without considering context is pointless and, frankly, bad analysis. In fact, it’s bad science. Understanding, recognizing, accounting for, and sometimes mitigating context is crucial to being an engineer, a software developer, a rocket scientist, et al.
So honestly, I don’t particularly care if it’s racist or not (it is, but not because P necessarily hates Chinese people, but because it reinforces ideas and beliefs that contribute to the systemic oppression of Chinese people in the US), I just think your argument is so flimsy a stiff breeze would tear it apart.
My constant need to deploy logical fallacies? Have you confused me with someone else? I've never talked with you before. And the sanctimonious bit about "bad science" and doing better doesn't make your post any more convincing. It comes across as virtue signaling and its pretty obnoxious.
Similar reports were widespread 20+ years ago, when I worked in aerospace. Bad faith partnerships, industrial espionage, and companies barred from competing after all useful information was extracted. It has gone on for decades and nobody will do anything about it. Executives and shareholders get dollar signs in their eyes over the thought of tapping into the Chinese market, and let themselves get burned over and over again.
Since I also wear a security hat, when doing code reviews, architecture and devops stuff, it is surprising how much stuff regular developers never think about in regards to security.
I didn’t say china can’t innovate… I said that the Chinese government actively encourages and finances at a large scale industrial and economic espionage activity.
It is not "same old rhetoric" if it is in fact true. There are many publicly known examples of Chinese Espionage, including fake "police" departments in SF coercing nationals and naturalized citizens alike to commit espionage.
You don't have to take our word - you have the internet at your disposal and can locate this information freely. You are simply choosing not to.
Wait what? So you think industrial espionage is to be accepted?
> the problem is the sheer amount of one sided propaganda that you and everyone here is receiving.
I mean, you're literally doing whatabboutism with this exact line
Look I get countries looking out for their own interests and fuck the facists the US has supported but that doesn't mean I'm just willing to bend over and let governments or companies steal my company's secrets because "everyone is doing it"
Further, to be real, with the current and historical governments for each nation, I'd still rather trust the US government having the tech advantage over the Chinese one. That is abso-fuxking-lutely not an endorsement of the US government nor their actions, but, I mean the US definitely walk the walk on liberal values out of the two
If you believe the US has done what China is currently doing, then I have a bridge to sell you...
There's no point in furthering this discussion if you are unwilling or incapable of acknowledging basic, publicly accessible facts about China's espionage campaign and worse. Hint, it's not simple industrial espionage...
Whataboutism is not going to make anyone side with your position while China grows increasingly belligerent towards it's neighbors and hostile towards European and North American nations.
You don’t have to be a Trump supporter. Both liberal and conservative media have been 100% anti-China since Trump came into power. Both sides use anti-China rhetorics to generate views and votes.
The consequences trickle down to the opinions and views of the average HN poster.
> People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis.
Back in my day this was called "competition" and worked for the consumer, not against them. I find the espionage factor to be theatrical hogwash trotted out by the corporate types. We americans love competition, right? Stfu and compete.
You're missing a huge part of this: The "competition" you think you're referring to had, you know, actual rules. Sending people to get jobs at a rival, and steal all of their internal documents and trade secrets, is illegal in most countries.
Perhaps we should reframe how intellectual property works to make secrecy no longer desirable and allow industries that rely on "trade secrets" to realign naturally.
Perhaps (well.. almost certainly) that would disincentivize any of the companies in these industry from innovating at all (if you can’t gain any edge by additional investment since anything you do will be stolen you might as well start stealing if that cheaper).
This would also especially favor large mega corporations as long as they are efficient enough (due to obvious reasons).
Most substantial technological innovation is either funded by government grants or is publicly funded in some other way in the first place. It's a myth that IP laws protect innovation, they protect profits of corporations that add very little to the process on their own.
well, the us only pretends to like free market politics. in reality rich dickwads like regulation just fine, namely in the form of protecting the value of their property.
What it would do is punish companies that do real R&D, and reward companies that have no actual talent in that area. So ultimately the field would stagnate because no one would invest in R&D.
It is legal. The us has no power over china's ip. the closest you're going to get to illegal is "violates a trade agreement", and what's the us gonna do, invade china? the cope levels here are extreme.
I'm a bit confused what that would look like. Sending Americans to China to steal their secrets wouldn't work because the Chinese wouldn't hire them for exactly this reason.
I read this article looking forward to the complex bespoke code to be ripped out and deleted - but the author clearly grew as an engineer in a way I didn’t expect:
> Sometimes that’s just how it is. The devops saying “Cattle, not pets” is apt here: code (and by proxy, the products built with that code) is cattle. It does a job for you, and when that job is no longer useful, the code is ready to be retired. If you treat the code like a pet for sentimental reasons, you’re working in direct opposition to the interests of the business.
A lot of code is fun to write. A lot of problems are fun to solve. But a business, especially a startup, needs to stay razor focused. My entire career is effectively to sit in meetings and tell young, passionate engineers not to build things. It’s a bit depressing, but it’s also vital.
A good engineer can solve any problem with clever code. A great engineer knows what problems aren’t really problems and probably an XLS download link updated daily would have been fine.
> My entire career is effectively to sit in meetings and tell young, passionate engineers not to build things. It’s a bit depressing, but it’s also vital.
This was the single most impactful thing I learned in my early career. I was building out monitoring systems for an in-house service we hosted on site. My boss wanted to buy some small utility to keep tabs on some minor aspect of our environment. I was a bit offended -- I could have written that myself and here he was paying someone else to do it!
He asked: "How long would it take you to write and test this?"
Me: "Probably a week. Maybe a bit less, maybe a bit more if I run into something tricky."
Him: "Okay. This tool will cost us $500 to buy. What's your hourly pay rate for 40 hours?"
With this I achieved enlightenment. I've never again built something at work that I could buy cheaper.
> This tool will cost us $500 to buy. What's your hourly pay rate for 40 hours
This argument makes sense, but I worry that it’s a bit short-sighted. There are a lot of metrics that are hard to quantify where it might end up better: for one thing, I’ve found that integration costs and maintenance of integration of third-party systems are routinely underestimated: I’ve implemented “buy” for various systems where the work to integrate was essentially the work to build. The cost of learning a proprietary toolset rather than developing experience with open tools. The cost to the industry as a whole when something like AWS or React becomes the unreflective default choice.
Its extremely short sighted. The cost is much more than (hourly wage x code hours).
There is ongoing maintenance cost that no one considers. I've never seen a project that gets built and just sails off for eternity with no maintenance or bugs. There will be times when the libraries or frameworks that built the underlying tool need upgrading. The requirements of the job might change even slightly and need a change in the code because custom tools are always built to only solve the narrow problem.
There is also the overhead of the fact that this junior developer will inevitably leave in 6 months and now someone who has never seen this project before has to pick it up to fix it, which means it will take even longer.
Plus that ignores the fact that if a developer tells you it will take 40 hours it will actually take 80-120 hours.
When you buy, the tools you buy are designed to be integrated with. They have support teams that will help you, and ongoing maintenance. Plus the tool is going to be more robust because it was built and used by many different companies with slightly different requirements. Plus someone else's developers will keep it up to date for you so you don't have to.
Internal tools are almost never worth it unless a pre-existing tool literally doesn't exist which happens when you are either solving insanely complex problems or insanely niche problems.
> When you buy, the tools you buy are designed to be integrated with[...]
This makes me question if you're speaking theoretical, or actually have any practical experience.
I've been part of about a dozen "buy it" projects now, and so rarely they've been "designed to be integrated with. A lot of the time it's deeply legacy systems that have a half-hearted api slapped on top to check that box, but once you start using it you notice that everything you want to do somehow requires contacting the vendor first.
Which dovetails into an issue that, although vendors will give you the impression that their system is well tested and widely deployed, it all too often ends up being a lie. We've had quite a few instances where vendors have sold us what turned out to be something they were still building.
> the tools you buy are designed to be integrated with.
Until they change on a whim and force you to spend hours rebuilding your integration for negligible benefits. And then there’s the good old “change our vendors every five minutes because the last one wasn’t quite right”
If your company isn’t making money from the product then whoever owns the copyright is irrelevant.
Good engineering is building the stuff that adds commercial value to the business and buying the stuff that only adds support to the stuff that adds commercial value.
In this instance, monitoring falls into the latter category. It’s not a business differentiator.
Is it any more shortsighted than using the "open tools" in the first place? There will be integration costs and maintenance of integration with open tools. You may not be able to pay anyone for support issues because those people may not provide the sort of customer support you expect when you pay someone.
The integration costs were part of the 40 hours. The trouble is you haven't avoided them by paying the money.
Open tools also tend to have a longer life, because a community survives even as members come and go, but one boss decides that a product isn't sufficiently profitable or the company gets bought out by a competitor and now it's discontinued and you have to start over.
And the open tools often end up with more transferable skills down the road: e.g. learning to deploy to AWS only helps with AWS; learning to deploy to k8s lets you be productive in a lot more situations.
> I’ve implemented “buy” for various systems where the work to integrate was essentially the work to build
I've felt this way before, but I didn't realize that I haven't factored in the risks of actually building it. I was comparing real world integration effort with an estimate, influenced by my experience of integrating with a working product.
Common sense applies, but in general I'm terrible at giving estimates unless I've done something very similar before.
Sure it’s shortsighted, but we’re all shortsighted, that’s the human condition. We can’t know all ends, which is why experience and judgement matter. The worst thing you could do is handwring over it though. Gather whatever data you can quickly leveraging the extent of your current expertise, make a call, implement and learn.
> (from the article) - Having Excel in the browser was a useful solution, but the problem wasn’t showing spreadsheets in the browser: the problem was getting a specific UI delivered to the right users quickly.
> (from the above comment) - A good engineer can solve any problem with clever code. A great engineer knows what problems aren’t really problems and probably an XLS download link updated daily would have been fine.
I saw the bullet list further down the substack page and it's still not good enough for this level of requirements gathering. Those questions describe the scenario, but asking them would not have arrived at this simple solution. Checklist thinking is a crutch and just overcomplicates the problem. All the signals here were organizational and social, and not a matter of improving a process.
This should be obvious, but people who are not involved with implementation details can't answer questions about implementation details.
"Just make it like Excel" is a super low quality answer from someone who has a completely different set of objectives. The only way forward would have been to consult with someone closer to the actual users and counter-argue from there. What's missing here is the courage to recognize weak assumptions and deliberately avoid writing any code until enough details are pinned down to get to an agreement from all parties, not just say yes to the person "in charge".
> "Just make it like Excel" is a super low quality answer from someone who has a completely different set of objectives. The only way forward would have been to consult with someone closer to the actual users and counter-argue from there.
The only contact we had with "actual users" was over WeChat because they were on the other side of the planet.
> What's missing here is the courage to recognize weak assumptions and deliberately avoid writing any code until enough details are pinned down to get to an agreement from all parties, not just say yes to the person "in charge".
Uber was pathologically bad in this sense. There was no time to get details pinned down. We had a product to ship in two weeks for non-technical stakeholders. If we didn't, the stated consequence was millions of dollars in losses to the business. Throwing up your hands until you get product clarity when you know you can solve the problem as-is is a great way to find yourself with a PIP.
Nah, that's why you have product managers. I would have talked to this stakeholder for an hour and realized the solution is not to build another excel.
You don't reject it you understand what the problem is and design the solution and explain it to them.
I'm sure this entire team didn't need to exist in the first place but that's what you get when you only have a business person and the Dev team they hire.
A PM here would have saved the company what, $5m per year?
The second team I was on at Uber fired (with a capital F) six (6) PMs in five months for pushing back on product requirements that came from the CFO. For whatever reason, engineering rolled up to the CTO and product for this team rolled up to finance. The solution for disagreement? Pips!
Exactly, in 2016 there was several off the shelf options for doing the exact same thing. It’s a perfect example of a young engineer feeling a huge accomplishment from reinventing the wheel, and then realizing the clever solution wasn’t actually worth anything like the effort required to create it.
I had a long conversation to convince someone not to go down that path in 2006, and I am sure someone’s going to do it in 2026.
Pausing to think: I wonder how someone else solved this exact problem is such a huge part of how you grow as a developer I wish schools would focus more on it.
I would say what you talk about is experience. To have an experience, you must go this path to realize what to not do. It feels like a catch 22 kind of thing.
Doing it well comes down to experience, but doing it at all comes down to asking which of your unconscious assumptions are hard requirements. Nobody is actually saying you have skills X, Y, Z, which you must use to solve this problem, which is a huge difference from how schools prepare people for the workforce.
Experience certainly helps, but last time I checked, schools are supposed to teach you how to use reference tools (reference manuals, company listings, search engines...), and how to use them well - a pretty fundamental skill of being an engineer ?
I'm not really sure what you're saying, or what the criticism is, if it is one - but shortly before the bit you quoted OP links the code on GitHub: https://github.com/WebSheets;
And you can't really conclude they made a poor implementation choice on a report of completing it successfully (albeit too successfully even, too much of Excel implemented, and then fixed by removing that (how do you do that to your XLS download link?)) on time within a short deadline.
The takeaway is supposed to be 'don't get too attached to your code', which in some circumstances (not this one) might mean 'don't succumb to NIH syndrome, use an XLS download link', but that's not the whole.
Any time I identify a fun and novel problem I get suspicious. Generally, programming should be mundane and you should be solving problems that have been solved thousands of times before. If something looks new it's more likely you haven't correctly identified the problem you're solving.
Short term yes, but long term, life's too short. Pursue FI, especially if you're a craftsman, so you can work on what brings you joy, without an expiration date.
"Cattle, not pets" may be a good way to run a business, but not your life.
A great engineer should be both good and great. I do a lot of ‘great’ stuff at work, but that won’t help me to get into my next gig unless I also code a lot and don’t lose my skill.
"Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day.
My idea was to take this code and spruce it up for Uber’s use case."
"My first reaction was to publish the code on Github."
I’m very surprised by this, isn’t the code property of Box, or Uber? The author does not mention their authorisation before releasing it under MIT license.
Author here. The code was originally written outside of work hours. I offered the code to Box and they didn't want it.
If Uber wants a few thousand lines of JavaScript from over half a decade ago that didn't originate with them and that they used for less than a month, they can send me a letter.
I mean, I asked at the time, and I did it. If either company wants to start a legal fight over a pile of code that neither of them wanted that's old enough to be in elementary school, they know how to reach me.
The problem is that you are claiming ownership of this code and by making it available on GitHub under an MIT license you are claiming that you have the right to do so.
If I take that code and make a billion dollar business out of it, Box or Uber could then claim a share of it. That's the kind of things that companies do with the lawyers on retainer.
I then sue you for falsely claiming that you own it. You are particularly fucked because, thanks to this thread, you can't claim that you didn't know.
Even in California the "I wrote it on my own time" doesn't apply to software that relates to an employer's core business. In other places, like Washington State, you could be employed to write TPS reports and write a video game at home, and your employer would own that too.
IANAL but I have paid for advice on this very topic. I suggest you pay one too.
Long time ago my employer at the time had this in-house deployment system written by a guy that worked there. It worked well and we used it well after he had moved on. He left suddenly and started a company based on the idea. Employer went to sue him and discovered the ‘all your code belongs to us’ form was missing from his permanent file so they didn’t pursue it. That company is called Chef.
A spreadsheet UI didn’t relate to Box’s core business because Box didn’t sell spreadsheet UIs. Box could have had the author’s hobby project been adopted as a feature but explicitly chose not to. The author clearly owned that bit if they did it on their own resources and own time.
In other words, you can write generally useful components and utilities on your own time, network, and equipment; license them to your employer if everyone agrees; and either way you still own them. You just can’t write something directly related to or competitive with the products or processes that make your employer money.
The spreadsheet formulae and enhancements the author wrote during work hours at Uber, though, no. But even just their direct boss as an agent of their employer saying it’s ok to throw it on GitHub would probably cut them loose, especially since it’d be a derivative work with joint ownership.
All IMO of course, but that’s how I would have seen it in their shoes.
Well, you are not a lawyer. OP specifically wrote the code to help Box with its business. That's cut and dry within the scope of an employment contract, under California law. This doesn't get a safe harbor exception.
> OP specifically wrote the code to help Box with its business.
That was the intent, but not what actually happened.
Is intent to donate code enough to put it within your employment contract, when it's done outside work hours and would otherwise be outside the scope of employment?
> That was the intent, but not what actually happened.
The intent is a fact of what actually happened: which appears to be that it was written by an employee within the scope of employment to solve a business problem. Possibly outside of usual working hours, but if it’s by a salaried employee where doing work at home outside of usual working hours is itself a normal if not consistent part of employment, is probably not particularly significant.
That the employer later chose not to make use of it doesn’t change the circumstances of its creation; businesses often choose to not pursue use of exploratory work done by employees in the course of employment, that doesn’t surrender ownership of the work product.
And the version that was further developed within and in response to Uber business needs and actively used at Uber before the function for which it was used was terminated is an even clearer case (insofar as it is a distinct work from the original) of work-product (that it quite likely is also an unlicensed derivative work by Uber of proprietary Box code doesn’t mitigate that, though it puts Uber in the position of potentially being both a beneficiary and victim of IP violations.)
> which appears to be that it was written by an employee within the scope of employment to solve a business problem.
An imagined business problem.
If the code wasn't relevant to their actual business practices, that's quite relevant. They not only didn't want that code, they didn't want anything like it.
As for the modifications for Uber, that's not what I'm here to contest.
No, it’s not relevant. Seriously, go consult a lawyer in this. I have. They’re very consistent on this point because there are tons of case law regarding it.
There are a massive number of examples of patent and copyright litigation stemming from work done for one employer, who rejected it, then the employee goes off and founds their own company and gets successfully sued.
Fairchild was unique in that they had claim to the IP that their employees wanted to use in new startups, yet they decided not to follow through and allowed the employees to start their own companies. They could’ve prosecuted but didn’t, and as a result we got Silicon Valley and the culture that surrounds it.
But it’s no guarantee that that your employer won’t pursue a copyright claim they are perfectly within their rights to do. Don’t assume your employer is Fairchild.
You misunderstand. When he wrote the code, which was related to the company's business, the company owned it. Even in California. He couldn't have "intent to donate the code" because he didn't own it in the first place. The fact that he "intended to donate it" demonstrates that it was related to the company's business.
From a practical perspective, even if you think they don't own it, do you have the money to argue that in court if they decide that they do?
IANAL. If you are having issues like this, get legal advice from a lawyer. Not HN.
Relatedness is relative but I'd argue against it here. They didn't have functionality like that, and they didn't want it.
> The fact that he "intended to donate it" demonstrates that it was related to the company's business.
...yes, that's my point. We're using that intent to make the decision that it's covered. That doesn't seem like a good way to decide whether it's covered.
If he just made a web spreadsheet and did nothing else, people would shrug.
I built a side business that makes five figures of MRR that started while I was at Box and continued through my tenure at Uber. It's still going. If anyone was going to sue anyone about anything, it wouldn't be my shitty spreadsheet library.
The author explains how analyzing and presenting data was worth millions of dollars. The author documents how a senior executive instructed him to write excel. It is clearly their core business. Also, and this comes back to the fantasy/denial/wishful-thinking aspect here, neither I nor the law says core business. That's a word that you added. If you did it as part of your job, then it is, by definition, part of their business.
I am also nearly 100% certain we can look back at this comment in 20 years and find nothing happened, but only because nobody will take this code and make a billion dollar business. If they did, I guarantee there would be a law suit.
Literally today I was in a fireside chat where the speaker told us the IP law department at a previous employer brought in a couple billions in revenue by suing for infringement.
Is there any other industry where workers are so beholden to their employers that they cannot simply create something of their own without fear of legal action?
How did we get to this point as an industry and how do we change this destopia?
Kinda the other way around. California has a law that states such contract clauses are unenforceable. I could show you that. Washington State does not.
I’d recommend you update the article on those two points, because because as it is now, the article makes it sound like you stole code from both Box and Uber.
I don’t think its relevant that the code is old. The code is owned by the entity that’s paid for it. I also found that party of the essay really surprising.
This seems like a reasonable amount of pragmatism. As with most things in contract law, it's not meaningfully illegal unless some claimant is actually going to enforce it. You give enough context in the post to alert at reader that they should be careful of using it.
I was also absolutely gob smacked at this. Will they care? Probably not. Are you putting yourself at the absolute mercy of them deciding not to care? Absolutely.
I would have a hard time sleeping... like this would be like being in IT and knowing the backups were bullshit.
“Work hours” are less clear for salaried workers who may or may not take work home: if it was written to solve a problem for the employer, reviewed with other workers at work, but ultimately not further pursued the status seems murky.
The later derivative that was actively used by and updated for the requirements of another employer during the coarse of work seems to more clearly their property as a derivative (but also murky because it is potentially an illegal derivative of the earlier work, if that was owned by the earlier employer.)
That's not what happened here though. For salaried workers everything you do that is related to your job is owned by your job. That's the default even if your contract doesn't state it. He may not have been directed by his boss to make the code for Box, but he did it with the intent of helping Box's business, as a salaried worker. That makes it Box's property.
But even if you are unconvinced of that, work was clearly done on it on company time at Uber, where it was deployed as part of Uber China's business infrastructure. That work is absolutely owned by Uber (with maybe also some claim by Box). Not owned by OP.
It depends on your employment agreement or contract. Most contracts I have seen say that any IP you develop related to what you're doing at work is the employers.
It only depends on your employment agreement in the other direction. Work done for hire is by default owned by your employer under federal law. For salaried employees it doesn't matter if it is done during working hours.
The employment agreement can give up this right for things not related to the company's core business, and I usually insist on that in my agreements. But that is not the default behavior.
I usually insist that personal and open source work done outside of the product areas I work on are not company owned. Otherwise if I work on financial software at a bank, and then at home I work on defi/blockchain based financial stuff, I could be setting up a liability for me or my users.
Now I understand what you are saying, and no. For a salaried employee it pretty much covers everything you do that is related to your job, with that “related to your job” being interpreted very loosely, or done with company equipment or on company time.
It’s pointless to worry about being sued by a large corporation. If they want to bankrupt you, they always can, regardless of whether you did anything wrong or not.
We are like ants to them, they can squash us at any time, but most of the time we are too small to worry about.
Cool -- if one of the companies wants to issue a takedown request, they're free to make the case for it.
It's funny there's this idea that a company _might_ be potentially injured over code they do not want or know they had being made open source by its actual author, even though many of those companies will gladly use open-source tooling without ever contributing anything back.
Perhaps more soundly, though, in California – where Uber is headquartered – IP/Copyright for code is a huge legal question that the state and federal Supreme Court has no clear answer to. Sure, you obviously can't secretly clone Uber's entire stack, slap a new company logo on it, and start up as a competitor. But if you, as an author, wrote some code for a company under an IP agreement, then no-longer worked at said company, and then later adapted and expanded upon that code (or even started over, with the knowledge of what you learned from others' work): are you, at the originator, not legally allowed to be inspired by your past work? That's not something you, me, or even the company could decide.
There are gray areas but I do not think you are in one.
> and then later adapted and expanded upon that code (or even started over, with the knowledge of what you learned from others' work)
These are extremely different scenarios. Starting with a copyrighted material and modifying it is not at all the same as reading material and starting over. The first is violating copyright, the second is a derivative work.
If I read everything correctly, what you describe doing is taking code owned by the first company and modifying it for the second company. That’s not at all a gray area. It’s a copyright violation. You the engineer sign away your rights to the code when you built it for company 1 while employed by them. Their employment contract for-sure states they own any work produced by you during your employment, and you agreed to this.
If the first project was done off of company time, posted publicly on a private account, you might have a claim to the rights.
I know you’ve dug your trench too deeply to change your mind at this point, but anyone reading your comments should know what you did was technically illegal and can get people in legal hot water.
I wrote the comment above, though I'm not the author of the code that you appear to think I am. But I am in agreement with him.
> Their employment contract for-sure states they own any work produced by you during your employment, and you agreed to this.
There are many open legal questions as to where this line is drawn. Surely the line falls somewhere between "every character I've ever typed on a keyboard" and "the verbatim code". I personally don't think he's crossed it. IP ownership is much more complex than portrayed in HBO's Silicon Valley. That is my opinion.
Furthermore, when I worked at GitHub (now acquired by Microsoft, so I'm sure things have changed drastically) -- there were very lax IP ownership agreements in the employment contracts around code ownership, because the legal department was worried that if found in any way conflicting with California law it would render the entire IP claims null and void (which does have precedent in California).
The point is we don't know, and I think OP would know better than us if it was disallowed or not.
Like many things in this area, the answer is usually "You'll find out if you want to go up against an army of lawyers". The last three companies I worked for all claimed ownership of any IP I create, on or off the job, using company's equipment or using my own equipment. One of them explicitly called it out during the interview: You will have to stop working on open source or publishing side projects when working here. Can they do that? Maybe, probably not. It doesn't matter because I do not plan to bankrupt myself fighting their lawyers.
Regardless of the fact that California is much, much more strict in what they allow, to the point where oftentimes a company’s lawyers won’t even try:
Fine. Don’t fight, I agree, that would be an unfair fight and a waste of time/money.
The US court system requires a “good faith” effort to settle the issue before it enters the legal system. A cease and desist for example— whatever it is, you’d have plenty of time to simply decide it’s not worth it and remove the code once they take notice.
IANAL: In California they cannot, unless it is related to the employer's business (so if the employer is Apple, Google or AWS, they probably can). In most states they can.
I'm not sure how we weigh up the morals here. If you've done something using a companies resources (laptop, desk, chair etc.) and they're paying you and the contract says they own it I don't see how you can have a moral high ground. Maybe there should be some way to allow these ownership concepts to expire so that society benefits overall but right now we don't have that.
At one point in the article there is a photograph of a chair in the uber hallway and a caption indicating that the couch in the picture (or one similar to it) was where most of the work was done for this project.
When property does not serve its purpose it is no longer morally binding, just legally. And that’s if you convince me proprietary code ownership has any moral standing at all. Sometimes, I follow the law not because it’s particularly the right thing to do but because I don’t want to get in any trouble.
Different person, but when I asked if I could publish code as open source (where appropriate), I was told that that’s fine, as long as I don’t associate it with the company in any way (e.g. non-company specific stuff is ok).
So come on man, let’s be honest here. I got serious sacred masterpiece vibes from this story.
This reminds me of some Hindu parable about people who let go of possessions and head out to become ascetics. So there is this wealthy man and wife and the wife is all upset because her brother keeps insinuating that he’s gonna go ascetic and cut loose. The husband tells her to stop her crying and don’t worry about it, he ain’t going to do it. The wife asks him: ‘but how can you be so sure?’ Because, the husband says, this is how you do it, and then and there he rips open his shirt, tells her “you’re my mother” and heads out to the woods.
It's almost as incomprehensible as a Zen koan. I think the husband is showing the difference between talking and doing by, well, doing it. A radical way to demonstrate it.
What an utterly bizarre story. What’s the point of it? Why is the wife upset about her brother? Why is the husband so sure the brother won’t do it? What’s the significance of his little performance at the end? Why is the wife the husband’s mother, what does that have to do with anything, considering the issue is with the wife’s brother? Why don’t we get to see what the wife’s reaction to the husband’s stunt is - is she convinced by his actions, or is she as baffled as i am?
Did I just fall for a chat gpt generated nonsense fable?
It's a simple twist ending. The twist is that the wife was worried her brother would become an ascetic - but the person she should have worried about, the person who was planning to and did become an ascetic, was her husband. The performance is his declaration of asceticism, and the "you're my mother" line is a stock part of it, essentially meaning I renounce sexual attraction when said to your (former) partner.
I put one (possibly wrong) interpretation in an earlier comment.
As for the mother part, in many Hindu traditions monks and voluntary celibates are encouraged to see all women the same as their mothers, to remove temptation. Now he's an ascetic ergo his ex-wife is like a mother to him.
The cryptic yet amusing tone is much like a Zen koan, not a Hindu parable.
I think the wife is upset because "going ascetic" means cutting off contact. The husband is sure he won't do it because the brother is talking about it instead of doing it, which he demonstrates.
It feels like there should be more to the lesson learned than, "people who have decided will act, people who haven't only talk," but I am not quite grasping it. Maybe the other part is, "and worrying about things you cannot change harms yourself," or something?
That’s really not how it works. Ostensibly by showing it to box, it was written for box, and they would be well within a standard of legal standing to make your life a living hell for taking it elsewhere. You should really be more careful with what you say.
Why would you wontonly open yourself to legal liability? You say “they’re free to come after you” but you really _really_ don’t want that. Ive seen that happen to friends and the stress almost killed them.
You know, you're totally correct that they're well within their right to do... something. But why? What damages could they collect? It would take far less cash to rewrite the library I made from scratch than it would to pay lawyers to write some scary letters. There's no trade secrets. It's not even a novel idea. It would be terribly expensive and embarrassing for either Box or Uber to try to juice this even if they were motivated to. Hell, I'm technically still an active contributor to one of the OSS projects Box uses and maintains—absolutely treacherous ignorance that doesn't make me lose a second of sleep.
It’s not really about trying to figure out why they would do it. Think about pointing a loaded gun at your face. No one else is around and your hands are nowhere near the trigger. Would it be a good idea to do it? Most people would say no, because _why risk it_?
You had no good reason to tell us the origin of this other code, and could just as well have told us you threw it together a while back for shits and giggles. Or said nothing about it at all! But by writing out precisely why (in a very legally damning way) on your website, you’ve completely exposed yourself to litigation. You’re pointing the proverbial loaded gun at your face. And as far as consequences go, facing down a vindictive or irrational former employer in court is pretty close to that metaphor.
Depends on the contract but the most I seen stipulate not working hour but context of the work. If it was made by instructions of the company for the company and you got remunerated for that then it is not yours to do whatever you please with it. Better check your contract in details.
Example: "All Intellectual Property Rights with regard to Developed Materials will be exclusively vested in and owned by the Company." (with additional data protection and confidentiality clause protecting company property)
Sergey Aleynikov (born 1970) is a former Goldman Sachs computer programmer. Between 2009 and 2016, he was prosecuted by NY Federal and State jurisdictions for the same conduct of allegedly copying proprietary computer source code from his employer, Goldman Sachs, before joining a competing firm.
Which would be a great solace to someone who just spent $10k or more like 2-3x that responding to a lawsuit. But that's also why I agree the odds of actually getting sued are near-zero.
Some companies, armed with floors of attorneys and retained outside counsel, do that sort of thing just for the message alone. It costs them next to nothing, relatively, ruins the defendant regardless of outcome, and makes it clear for others to not mess around with IP.
Oh, you’re missing a few qualifiers. They’re not concerned with laws applied to them, and other people’s property. But in all other cases they’re big believers in law and using it to protect their property.
Since I enjoyed OP's story, I thought I should clarify a bit.
I'm speaking broadly of how I remember (from the outside) Uber's fast-and-loose IP attitudes in the 2010s.
I don't think OP did anything of a similar sort. From comments here it sounds like they used some code they built in their free time that a previous employer didn't want.
At Uber it sounds like they asked and were permitted to post their no-longer-needed code to GitHub. It's got its own GH org and everything.
This whole chain is legally risky (I wouldn't do it and would strongly advise others not to do it).
I feel OPs actions are not Ethically Wrong, though. I wouldn't enjoy living in a world where OP gets sued for this, since it sounds like nobody at work wanted the work and it's not giving competitors an advantage. I won't claim the world isn't like that, though.
I really wish I could share OP's attitude and sense of ownership. I built something really cool (entirely in my free time) for a previous employer's hackathon. That code lives on some server they own now, possibly deleted. I deleted my copy after submitting it to the hackathon because I didn't want to risk anything. Company lawyers make just building things for fun feel so risky! It takes the soul out of our work.
> He simply couldn’t believe that I’d written a full spreadsheet engine that ran in the browser.
I can't believe it either, and I don't mean this in a good way.
Apache POI lets you run headless Excel. You import and interact with sheets programmatically in Java. We used this in my old workplace for exactly the same reason (functions, cell references, the whole thing), it worked great.
You found the ‘circ’ problem with a bit of luck. What about all of the other hidden little quirks of Excel that you would ultimately run into down the road? Are you really going to build and maintain a full blown Excel clone in JS? Is this really the objective of the frontend team?
It seems to me like a bit of googling and >90% of the work here could have been avoided. As an added bonus it would have been done by the backend team instead.
> It seems to me like a bit of googling and >90% of the work here could have been avoided.
I had a deadline and the only idea on the team for shipping a working product, and I shipped a working product on time.
Uber ran (runs?) their own data center. Getting a Windows machine/VM procured to actually run Excel would have taken an act of god. I was able to spin up a new front-end service in about thirty minutes. And I had some code that sort of kind of already worked, so I wasn't starting from scratch. Keep in mind that this system needed to be used by multiple people with different sets of data simultaneously.
> Are you really going to build and maintain a full blown Excel clone in JS? Is this really the objective of the frontend team?
If they'd have kept asking for more features and Excel parity, I suppose we would have considered it. But they didn't.
Certainly I don't expect many people would have chosen to do what I did. But the thing worked (and surprisingly well). If all you took away from the post is that it was a big complicated project, I'm afraid my writing has failed to convey the message it was attempting to convey.
A little over ten years ago I worked in the Excel Services team that makes the consumer-visible Excel Web App and also the SharePoint-integrated Excel Services product (server side processing accessible via API or web UI).
I loved seeing the genuine joy our PMs had whenever they found an honest to goodness calc bug and could get it reproduced and fixed in The State Machine. It was also a delight to see the web app approach parity with the desktop client experience -- we got to listen to a wide swath of users and build out the stuff we thought would be most useful to the most folks. And I loved our group PM's insight about what the heck Excel could be good for versus purpose built BI tools, other web sheet apps, pure SQL, etc.
This is a very fun kind of product to create and it's awesome that you were able to ship it in a way people could use!
To be fair, he wrote a spreadsheet engine that could run one particular spreadsheet. Admittedly a complex one, but it was a fixed set of functions that he needed to implement and not and endless tail of things that people expect Excel to do. I think I'd probably have argued more about the UI spec and down some Excel behind the scenes but it is a familiar UI if you've got lots of number inputs all over the place.
I've always enjoyed this article about building a spreadsheet in 100 lines of F#: https://tomasp.net/blog/2018/write-your-own-excel/ The expansion from that to the feature set needed here is manageable.
Project requirements are never fixed, they’re always evolving.
It was only a matter of time before users would’ve complained about features being missing/broken, especially since what they’re used to is Excel and this was meant to replace it.
> "The city teams only know how to use Excel, just make it like Excel."
With those expectations, sooner or later someone would have said "hey wait a minute, why isn't this like Excel? Excel knows how to do X, but this can't do X! I thought we talked about this, just make it like Excel!", repeat until you have a full blown Excel.
I think one of the biggest growth areas for junior engineers to reach mid-level and senior is recognizing when you're re-inventing the wheel. E.g. If you are given a programming task to do anything related to Excel or the Microsoft Office suite, it's worth googling it first, because some engineer somewhere was probably tasked with doing the same thing a decade ago and has written a blog post or made a GitHub repo for it.
It's not just junior engineers. Senior/management can fall into this trap as well.
At one of my former companies we had a small problem with whitelisting cloudflare IP's that don't typically change super duper often but definitely cannot be assumed to be static. My boss at that time decided the solution was this big initiative he called "whitelist maker" and assigned it to me. I don't remember what implementation details he wanted, but it was some insane rube-goldberg machine to basically pull down this list: https://www.cloudflare.com/ips-v4 and then put it into some terraform code.
I ended up quietly killing the project during a re-org and used the cloudflare provider, which conveniently provides the forementioned IPv4 list as a data source in 1 line of code. Done, 5 mins work. He had scheduled out an entire quarter and half of a team's resources for it.
That's true, it's misleading to say this is a mistake only junior engineers make. Perhaps the real lesson is in having the maturity to put your ego aside and reflect clearly on whether you are solving the right problem in a sustainable way before jumping into the how.
As a generalist sysadmin sometimes I wonder wtf is in the future for me but at least I can say I made sure our data guys have a really good compute node instead of a crashy laptop cluster and dollar store excel. Are you guys REALLY sure about the no-ops dream?
You make a small small backend-for-frontend that translates requests from the browser to calls to the Apache POI library and return the information to the browser, probably as some kind of json representation.
> Over the summer of 2016, we came up against a new twist on the project. We had a model that ran overnight to generate data for anticipated ridership in China. That data wasn’t useful on its own, but if you fed it into a tab on a special Excel spreadsheet, you’d get a little interactive Excel tool for choosing driver incentives. Our job was to take that spreadsheet and make it available as the interface for this model’s data.
They eventually built a homegrown "Excel" clone as the UI for their model because "city teams only know how to use Excel".
I would have done it the other way around - connected Excel to the data output by the model so the "city teams" could continue to use real excel. I think most finance teams do something like this.
Because the city teams were in China, we didn't have this luxury. Everything had to be behind Uber's beyondcorp equivalent, and there was no real way to auth folks from the Chinese mainland. Our only surface was the browser.
If you don't quite believe it, it's almost certainly less per annum then 2 months of a typical mid-level SRE's loaded cost, even in 2016. Bandwidth would have been not great, way under a gigabit, but it wouldn't matter in this case.
> I would have done it the other way around - connected Excel to the data output by the model so the "city teams" could continue to use real excel.
Yeah except:
“When you click in the cells of the spreadsheet you can see the formulas. You shouldn’t be able to do that.”
“You said to make it just like Excel.”
“People working for Didi apply for intern jobs at Uber China and then exfiltrate our data. We can’t let them see the formulas or they’ll just copy what we do!”
I’m building a solution that works like this - we directly connect spreadsheet models to company databases (even converting pivots/formulas to SQL). Would love to chat with anyone that might find this valuable: https://arcwise.app
> Unless you're familiar with iterative calculations, you probably won't want to keep any circular references intact. If you do, you can enable iterative calculations, but you need to determine how many times the formula should recalculate. When you turn on iterative calculations without changing the values for maximum iterations or maximum change, Excel stops calculating after 100 iterations, or after all values in the circular reference change by less than 0.001 between iterations, whichever comes first. However, you can control the maximum number of iterations and the amount of acceptable change.
I wonder if the author would view this situation differently had Uber/Box decided to claim the code as their own. It has to bring some catharsis to know that, even if the code never actually met its potential, at least the whole world can see and appreciate it.
I created a whole programming language as an intern for <defense megacorp>. It was lazily evaluated and garbage collected. Unquoted MAC addresses were valid syntax, among other application-specific oddities. No bytecode or JIT shenanigans - the interpreter just pushed and popped stuff from a stack as it traversed the parse tree, and that was fast enough for what we were doing with it. The interpreter was written in pure ANSI C, and Valgrind was very happy with it. Maybe it has been totally forgotten, or maybe it became critical to their technical infrastructure. That code never left the airgapped lab where I wrote it, so I have no way of knowing. 3 years ago, as a recent college grad, that was by far the coolest piece of "actually useful software" I had ever written. It's still high on the list. Sometimes I wonder whatever happened to it.
The part the author is missing is that Box and Uber have already claimed the code as their own. It will be in the employment contract. The author appears to be under the impression that asking a mid-level manager (or even a senior manager) "Hey, do you want this?" and that manager answering "No", is in any way legally binding on the company.
I've only ever agreed to those terms kicking and screaming. I wish there was a larger part of the community willing to advocate for a "love of the art" clause that would explicitly state that code I wrote on my own time is mine.
> It’s easy to treat a particularly clever or elegant piece of code as a masterpiece. It might very well be a beautiful trinket! But we engineers are not in the business of beautiful trinkets, we’re in the business of outcomes.
This spoke to me.
However, as anyone that has looked at my code can attest, I tend to also want my code (and its functionality) to be very pretty. I'm generally writing code that I will be maintaining, so it needs to be something that I can look at, in a year, and understand.
I'm currently in the final phases of a project that I will never announce here, and don't plan on taking much credit for, but it really is da schizz. It's that way, because no one is paying for it, and no one will make money from it.
Money both spoils everything, and also makes it all happen.
What a fantastic perspective from the former Uber BI team. I was on the Vertica team during this time period and the amount of effort was spent on incentives mind boggling. Millions a day lost on downtime, product features, or engineering bandwidth was a common theme.
A director asking for an exact spreadsheet to be the UI would have been par for the course, especially during the Uber China days. Heck, I personally loaded FX prices into Vertica from a spreadsheet emailed every month to the team. That process remained for more than a year as there just wasn't enough bandwidth to invert the control as automated ingestion.
Thanks for digging up these memories, @bastawhiz. I'd love to see more. :)
> To this day, I’ve never encountered an in-house application system as well-designed as Uber’s. You could go from start to Hello World running on a *.uberinternal.com subdomain in under 30 minutes with full CI/CD.
I worked on all this at Uber back then, and this comment warmed my heart a bit. Thank you.
I've worked on a project that was intended to replace Excel spreadsheets with a web front end. It was presented like we were moving our processes out of the stone age - as if we were replacing a pen-and-paper process that "doesn't scale", or whatever.
I will never do that again. We didn't build a whole spreadsheet engine, but we did build a web UI that simply doesn't do as much as Excel. Excel is powerful. Sometimes it's a fine tool for the job. Our team was laid off before we could roll it out, but I remember the growing sinking feeling of "I would hate using this if I already had a bunch of habits built up in Excel"
Excel is an ancient and complex beast. I get the appeal of building this project---it sounds fun---but trying to duplicate the Excel engine to the level of producing identical outputs is, frankly, bonkers. The author caught the one discrepancy they noticed, circular reference handling, but how many did they miss? How do they know different inputs won't cause it to deviate from Excel? I didn't get the sense from the blog post that this had extensive test coverage. Putting it into use for a business-critical financial calculation is a massive risk, but I guess that's how Uber rolls ¯\_(ツ)_/¯
It would have been less fun but way, way less risky to wire a headless Excel up to a javascript front-end.
No Windows, no Excel license, hundreds of concurrent users. How confident are you that each user is getting the calculations that they triggered and not someone else's? How are you deploying that spreadsheet? How are you version controlling the mutable parts of the system? How confident are you that the solution would be robust in the face of bad inputs and high load?
I won't say there wasn't risk, but there was quite a bit of testing and a human always made the final call anyway (I never fully understood why we didn't eliminate humans from the processes altogether).
IANAL but I've paid lawyers to answer this question in the US.
The question is, if you do some work, in your own time, on your own equipment, does your employer own it just because the employment contract says they do?
In California: if the work in any way relates to the employer's business, then yes, they own it. One way to guarantee that it relates to the employer's business is to bring it into the office and use it as part of your job. If your employer is Apple or Google or AWS or Microsoft, then probably anything you write would in some way relate to their business. Write spreadsheets by day, but games by night? All of those companies make games, or are in the games business.
I would love to hear a lawyer say, "Well, it doesn't matter what the employer does, it only matters what your job duties are, so writing games at night is fine if they don't pay you to work on games related things during they day." But I've never been told that by a lawyer, whether I paid them or otherwise.
Everywhere else in the USA: they probably own it. You could write software for washing machines, and write a video game, and if your contract says they own everything you write then they do. You signed it. There's no "but surely not!" defense.
Some of us will strategically write generic code on our own time and machines and import it to employers machines when needed and customize it. For instance, how many times do you really need to write a spring OAuth server that integrates with LDAP? Or the guts of a simple CRUD app?
Software written off the clock that does not compete with the employer is not only not the property of the employer, but any contract attempting to gain such ownership is unenforceable.
Many businesses even actively encourage their developers to contribute to open source projects.
Your employment agreement or contract likely has some clause saying you transfer ownership, rights, etc to the organization.
Which likely means your "free time" code you decided to do to make your job easier now belongs to your employer since they asked you to write it (albeit indirectly in this situation).
Will anything come of it for trivial stuff? Probably not, but that doesn't mean it's ok.
Unless you have something in writing saying otherwise, best not to mix stuff like this because one day you might wind up on the wrong side of an army of lawyers.
> Which likely means your "free time" code you decided to do to make your job easier now belongs to your employer since they asked you to write it (albeit indirectly in this situation).
Especially when you have problem A at work, then some time later write "generic code" that solves problem A, then some time later "import" the code to your dayjob to solve problem A. And double so if nobody else ever uses this generic code and you never use it for anything else.
As an industry we talk a lot about flexibility, particularly in scheduling and when we do our work, but you can't have it both ways. You can't be doing laundry and mowing the lawn and going grocery shopping in the middle of the work day because it helps you think or it helps your programming process, but then make the argument that because you wrote this code at 6 PM on a Sunday it's yours and not your employers, when you committed it to your employer's git repo Monday morning. Not with a straight face, at least.
I want to be clear, I'm all about getting shit done during the day. If I need to get a haircut at 2:30 PM, I will. But I'm also not pretending that my employer's code is mine or that I have any right to publish it.
Ethically, I'm not sure how to slice it. I'm operating on what you wrote here rather than this specific story.
Some contracts stipulate that anything you write while employed is owned by your employer. (I'm settled in that this is unethical, but it's reasonable to comply.)
But let's suppose there's no such stipulation.
You get an idea while at work. Everyone gets ideas. You take your brain home with you (I hope) and start developing that idea. You think it's generally useful and doesn't depend on any or reveal anything about a trade secret or other proprietary work, nor reveal anything about them.
Is it your choice to contribute that idea to your employer or to use it in an open source or some other unassociated project? Why or why not?
Is it OK if you never use it for any of your employer's projects?
If not, then is it OK to wait until after your employment to develop that idea on your own or for your next employer or even turn it into your really awesome startup that definitely won't fail? (I think all of you are willing to do the first, and most of you the second.) Why does that change the ethical quandary, or why doesn't it?
Alright, so your employer specifically asked for this solution and you wrote one on the clock but it was minimal, maybe you didn't have enough time to make a more elaborated one, and you write a better one and did one of the above with it. Is that OK?
I don't think this question is all that cut and dried.
There would be a difference between you publishing your code to a public repository, under a permissive license and then allowing your company to fork the codebase and do whatever with it. Under this situation, the author retains copyright, and the company has the option to decline use of the licensed code.
That is different than solving common business problems at home, then when asked to solve them at work just copy/pasting those solutions and assuming you retain rights. Contributing that to your employer under that situation is no different than just working on salary - and you have not given the employer the option of rejecting those contributions.
See, that requires some argument of who it's for. Legally, copyright is established the moment something is created. (Hope you have proof.) I don't think you'd be able to claim _damages_ by sneaking your copyrighted code into the company repository, but other than that, I really have no idea how this would play out in court. It seems very risky but it's not obvious. I'd be interested in reading about cases in this middle area, if there have been any.
But anyway, I focused mostly on ethics. The specific situation you describe is ethically dubious, I agree, but I'm interested in where the line is and it's just not as clear as some are suggesting.
Copyright law is its own can of worms and is not the same as what's ethical. But, it does govern risk and practicality.
It's hard for me to imagine how you could lose rights via copy pasting the code. Making a new release with a new license doesn't invalidate the rights you already had.
Publishing code sounds like a way to prove it already existed, and nothing more.
It's not cut and dried but precisely because of that it is not a situation you should create lightly.
I think there's nothing wrong if you have a brilliant idea that happens to be useful to your employer to make some agreement that you work on it in your own time and grant the employer the use of the code. But you can't just do this unilaterally, and if you do don't expect the employer to take your side.
Just as you should have the right to decide what copyright to sell and what not the employer should have the right to assume they own the copyright to the code they paid for, unless stipulated otherwise.
> any contract attempting to gain such ownership is unenforceable
I highly doubt that this is true, at least in the US. Can you cite case law?
You can write a contract granting ownership of all the songs a musician performs, or all the books a writer writes during a specified time period. Why shouldn't the same be true of programmers and code?
This is an even stronger case than anything being discussed in this thread. Oracle claimed to own code written by their own employees on their clock and still lost this case. Google won their claim of fair use.
That's exactly and explicitly what an MIT licensed open source project would fall under: fair use by the employer and nobody owns it despite the original author also happening to work for said employer. Authorship is distinct from ownership. As well, there's the notion of role vs identity. You can act under the role of an employee to fork a public repo for your employer's purposes, yet act under the role of the upstream author to have published something more generic in the past without knowledge of your employer's future use case. Your identity is irrelevant. The only thing that really matters is that the public repo does not contain code proprietary to any business. It's on the employer claiming the code is proprietary to prove it. Examples from the article would be those data science functions, the UI they wanted, etc.
Do people not realize why these licenses exist in the first place? What do you all think they were doing over there at MIT to draft up such a license?
This has nothing to do with what we’re talking about. Whether Oracle owns the copyright to that code is independent of whether Google’s use of it qualifies as fair use.
In Oracle v. Google, not even actual ownership impeded fair use. Nobody really owns the code on a public repo, so there's your answer to #1. The employee can use the code they authored and published to the world without any issues.
Now for question 2...
> what we’re talking about
What you're talking about.
You're correct that Oracle v. Google does not give any clear answers on ownership. For that you have to rely on the license applied to the project. It's simple. If you publish a project under a permissive license and your project does not contain anything proprietary, nobody owns it. Employment contracts don't have anything to do with this situation.
But, what does it really mean to "own" code? What is owned? The concept or the literal sequence of chars? It seems to be the latter which Google showed is trivially sidestepped by rewriting the code behind an API. Thus ownership is pointless in software unless it's closed source and proprietary, which is the opposite of a fun little Excel clone, amateur video game, etc.
The only thing enforceable about an employment contract is the clause about terminating an employee for working on side projects on the company time and/or with company property such that it takes away from productivity towards their work. I don't think anyone is talking about that or would even think of doing that though.
It's a work of art. Even this comment is a violation of the agreement, since I don't own the copyright to anything I do apparently, either in or out of the scope of my employment, so therefore I can't give Y Combinator a license to display this comment.
I even talked to the company's legal team about the absurdity of the agreement & they were unwilling to budge.
Many programmers sign this. I directly know that at least two FAANG employers (and probably all of them), have extremely broad copyright assignment clauses in their employment agreements that claim ownership of every software you create, on or off the clock, using company equipment or your own equipment. And many people work for these companies.
Whether these are enforceable or not doesn't matter because a lone developer is not going to go up against an army of corporate lawyers to find out.
Completely false. Most people sign job contracts without thinking too hard. And side projects just aren’t important for the majority of programmers, so why would they care?
Well sure, but how on earth are you going to claim it does not compete when you use that very code for the employer?
By all means try stuff out with some hobby project but don't be an idiot and tell your employer you've reused 'their' code (or at least, code in their codebase) for other clients. Either get an agreement up front or keep it secret.
A contract that grants your employer copyright to code you wrote and used in their codebase is easily enforceable. An exception would be code you wrote before the contract, but in that case using the code without some kind of agreement up front is still dangerous.
IANAL, but even in California, if it relates to the business of the employer then they own it, even if you do it on your own time, on your own equipment. By definition, if you use that code while performing your job duties, then the company owns it. If you are in Washington State, then your employment contract can (and therefore will) state that anything you write, they own, and this is legal and enforceable. Again, IANAL.
Even if it didn't touch any company resources the company just needs to be able to claim it was created within the scope of their employment or as part of the work they were hired to make.
Which is, you know, hard to argue against if you wrote the code during your employment and copied it into the code base you were hired to work on.
You write code on your personal computer outside of work hours, it belongs to you (barring truly terrible and likely unenforceable contracts). Let's say you put it up on github.
The next day you download it onto your work laptop and use it to solve problem X. I don't think there's any reasonable interpretation where your company now owns it.
Nope, it's extremely illegal. Unless the first employer gives you explicit written permission to.
Why anyone would run the legal risk of stealing IP from their old employer, to benefit not themselves, but to benefit their new employer... is beyond me.
> “The city teams only know how to use Excel, just make it like Excel.”
> “Why can you see the formulas?”
> “You said to make it just like Excel.”
I can't keep up with the espionage story that followed but I had this conversation more than once in my professional career.
The first time I sat as a junior dev on a multi-month project replacing a excel spreadsheet for financial controlling of data centers that only one person who was going to retire understood with a web-based solution.
They were quite proud that they were going to get a "modern" solution.
Then they wanted me to make it like excel. What followed was evaluating every fricking excel JavaScript library out there at this time, going for one and started duct taping all the missing pieces.
They were pleased but the look was off. It wasn't excel. I slapped some styles on it coming quite close.
I was not prepared for what happened during the next presentation: They hated it because they wanted a modern web based solution (their words, not mine) and what they got was a poor excel knockoff running in their Internet Explorers. Tables are so 90s.
I remember the pain so vividly that I regard "just make it like excel" as some kind of forming meme for my career till today.
I do not like working with people like this, because I don't want to be anywhere near the maintenance burden of a pile of hacks that technically can run a single Excel spreadsheet. I don't even want to be within earshot of people complaining about this. If I even thought about it for too long I'm sure I'd have a giant headache.
I worked with the author for maybe 3 years, I thought he was pretty awesome.
Not surprised he implemented a partial implementation of excel so quickly.
I'm disappointed in myself that I somehow got through most of the article without realizing who the author was (thanks Firefox reader mode); especially since the naming of Wesley and Crusher is too good. Of course it was Basta! Of course it was!
> "In 2015, I had built a prototype of a tool at Box. Box had a collaborative note-taking product called Box Notes (based on Hackpad). I had the idea to make a similar project for working with numbers: sometimes you didn’t need a full spreadsheet, you just needed a place to put together a handful of formulas, format it with some headings and text, and share it with other people. Sort of like an ipython notebook for spreadsheets. I called it Box Sums."
> "Nothing came of it, but I took the code and shoved it into my back pocket for a rainy day."
...
> "Apparently that was a thing. I remember being only half-surprised at the time. I hadn’t considered that our threat model might include employees leaking the computations used to produce the numbers in question."
...
> "My first reaction was to publish the code on Github."
Perhaps the author feels "only half-surprised" due to their own disregard for corporate legal ownership of code. The hypocrisy is strong here.
That's because everyone in this comment section is giving wisdom about how to deal with the emotional reality of being abstracted from the fruits of their own labor. "Don't get attached to your work" is dystopian.
I reflexively swiped left when the inevitable newsletter modal started to appear at the bottom, so didn’t finish reading the article, but would like to know what gave you the dystopian vibe?
Spoiler alert: It turns out they were fulfilling a Babylonian prophecy the whole time. The whole development cycle was a complicated sacrifice to Marduk.
Love the part about circular references. I gotta say though - I'm having a difficult time imagining how complex these fomulas are that reimplementing Excel's formula engine is easier than just porting the formulas into JS.
The good news is that formulajs had a huge number of those functions implemented in JS already. Almost all of the time was spent on the engine, which wasn't a huge amount of code.
The problem with porting the code to JS is that a.) nothing is named, b.) there's no real way to organize the code you've written because you're going from a spatial way of organizing code to imperative script, and c.) the actual design of the spreadsheet wasn't known to any engineers (it was designed by a data scientist, or perhaps an analyst). The work of translating would have meant really understanding what the thing is so that it can be turned into functions and modules. It also would have still required getting Excel function equivalents, since there's not a 1:1 equivalence between Excel and what's available in the JS standard lib.
I had a somewhat similar requirement in a past work. The Excel file had all the formulas and data, and the analysts only work with Excel files. The result of the calculation in Excel needed to be put on the web.
The solution was not to recreate Excel in the browser, but ran the Excel file with its formulas and its data plus the input parameters from end users at the backend server. Apache POI was a nice Java library that could do everything on an Excel file. Once it finished the formula calculation, I just read the cells from the Excel file to extract the result data and generated the web pages to present the data and graphs.
One nice benefit was the analysts could update their work in the Excel file, uploaded it to the server, and got the new calculation reflected on the web pages right the way.
Side question: Why the hell is it so stupidly difficult to display and edit tabular data from programming code?
You can't drive Excel from Python/Rust/etc (Microsoft just announced to great fanfare that Excel can call Python--which is the wrong way around). All the editable table widgets for the web seem to suck. Nobody seems to have a TUI which you can drive from an external program.
A poorly written spreadsheet with a driveable API seems like a component that has been built multiple times by lots of people yet seems to be unavailable.
> Microsoft just announced to great fanfare that Excel can call Python--which is the wrong way around
How do you cause users to even discover that Python app, or feed an input to it? Of course the spreadsheet software is an obvious candidate for the primary UI.
> So the data scientists have multiple laptops that they download the data to, then run the models overnight.
This haphazard way of running compute jobs really stuck out to me. I can't imagine doing things this way (rather than having a central compute cluster running SLURM or similar) at a company bigger than, say, a dozen people - much less the scale of Uber. What's the rationale? Even if it's just a cluster of 3 or 4 machines in a rack shoved in the corner, isn't that better than ... laptops?
It was easy to go to IT and say "get us a pile of laptops" and let the data scientists do their thing. It was hard to hire engineers to solve the problem (I was one of the engineers). They particular problem was far enough down the priority list that it took until 2016 to solve.
The lesson of what you build for a company as something that may be thrown away is a good one.
However, I believe the only way to actually have a sacred masterpiece is to own the company and make the company's mission to build that sacred masterpiece. For example, there are definitely business opportunity for converting excel sheets to online apps that are collaborative.
The core problem is alignment between the tech investment and the company's goal.
On reading this article, I realised that maybe the most noticeable change that experience brings to a developer is... laziness?
When I was 24, I was pretty much exactly this person. "Building a spreadsheet engine that runs in a browser. Sounds like so much fun!" And then I'd slog away at it for a month and get something working.
Now though, with age, I know I can't chug away coffee working late into the night. My back hurts when I have to sit too long. My wrists aren't being too kind to me these days either.
Now if someone asked me to build Excel I'd first laugh in their face. And if I don't see them smiling, I'd ask if they can afford any of these A,B,C...Z COTS products that are doing this that we can just buy. And if none of those work out, I'd look for how I can take something like ethercalc and repurpose it for our use case.
Looks like the older I get, rather than writing code, I seem to be getting more adept at how not to write it.
I'm confused about the circular reference thing. Like, was there a reason to do the linear regression that way? Is there a secret story in a story where next week, in a spinoff / sequel episode, the data scientist responsible will explain why they took the weird/surprising choices they did?
It's a common excel trick in finance. For example, let say you have $0. If you borrow $1,000,000 at 5% interest, by end of year you'll be short $50k. That means you actually needed to borrow $1,050,000. But the extra $50K causes more interest ($2,500)... so you needed to borrow $1,052,500, which causes more interest... and so on.
Instead of doing some Excel Goal Seek or Solver or VBA macro, it's nice to let the excel "reactivity" handle it for you.
ironically, I was backend at Uber 2014 - 2018 and used to ask a simple version of implementing an excel formula engine as my go-to coding interview question. Its got a nice mix of data-structures, algorithms, complexity, and implementation. Good candidates can get a reasonably efficient implementation handling cell references in an hour.
nice read. made me nostalgic for the wild days of Uber-China hacking.
1) This was the type of effort and level of coding that I saw when I was Uber during its heyday. I love it and I miss it every day.
2) You stole Box code, used it at Uber, and then stole Uber code and posted it on github. I understand no one's using the code or missing that code, but you really did steal that code. It belongs to the company, not to you. I would be careful not to do that in the future, because technically that's a trade secret and people have gone to jail over that, like that programmer at Goldman Sachs (wrongfully) and ironically Levandowski who took Google code and tried to use it at Uber.
I find it remarkable that they used laptops for this. Surely, a Dell server for $100k with good specs could have crushed a lot of these models. Could have just given them all Remote Desktop sessions too.
Hey I worked with Matt Basta at Uber, cool guy and great engineer. His interview question for me was about this exact thing - how one might build excel from scratch. Neat to see him here :)
The intended lesson of this article may be the "cattle, not pets" point made near the end, but I think there's another lesson hidden in it.
This is the story of literally every single large project I've done under a tight deadline in my career:
- Some non-technical department (usually sales) promises a customer something very big very soon, with no regard to how much time might actually be needed to build it. Fulfilling this promise "on time" is now your problem, Engineer.
- Months are spent frantically building said Thing, working overtime, burning out engineers, and bastardizing the previously clean codebase in the rush.
- The deadline is met, and no customer uses Thing for at least several months. Or the deadline is not met and customer waits for Thing as long as it takes, because they're not going to blow up a big contract or integrate with your competitor instead of waiting another month. They have too much invested and the deadline wasn't that important anyway. The third possibility, as it was in OP's case, is that Thing gets thrown away in its entirety due to some fateful turning of the organizational wheels.
I swear, almost as if by some karmic law of the cosmos, literally every frantic deadline turns out to be irrelevant in the end, and you should have saved your sanity and gone home at 5 every day for the last 6 months.
I wouldn’t try moving code written for one employer and using it another employer. Unfortunately for me my employers have been somewhat litigious; thankfully Uber doesn’t have that reputation.
> “Every day that we don’t have this tool as specced, we’re losing millions of dollars.” There was no budging on the spec.
If this is life or death, then the first reflex should be to find ways to make things simpler to ship. I understand that the requester in this case was a head of finance, but sh*t, if you want something, try to compromise once in a while.
This is a great story, but at some point as an engineer in a gig-selling company, I would have asked myself if my job was really to re-build excel.
> having answers that were very, very close is objectively worse than having numbers that are wildly wrong: very wrong numbers usually always mean a simply logic problem. Almost-correct numbers mean something more insidious.
Ha! I massively identify with this. 'The market-wide median is off by £3.07' is a much harder but to crack than the 'worse' report that 'the median is twice the max and the min is null'.
>You see, when formulas create a circular reference, Excel will run that computation up to a number of times. If, in those computations, the magnitude of the difference between the most recent and previous computed values for the cell falls below some pre-defined epsilon value (usually a very small number, like 0.00001), Excel will stop recomputing the cell and pretend like it finished successfully.
These are the times that, if you at least enjoy the process of coding, you should try to look at your work as a videogame. You enjoyed the game, you even got paid for it, and you beat the final boss, it doesn't matter that no one will ever see your final score.
That's a tremendous war story. I _love_ it! Doing a thing that's considered unreasonable. Knowing that total value is integral of instantaneous value over time (so short high-impact projects can easily outvalue long-lived projects).
Tangential, but regarding footnote 7 (efficiently recomputing cells, assuming no cycles), the correct algorithm for determining the order is topological sorting (https://en.wikipedia.org/wiki/Topological_sorting). Using a breadth-first search gives a good approximation in many cases, but there are pathological cases where it can produce an inefficient order.
> Uber Sheets
Hee hee, this name is funny on a number of levels :)
I’m really curious how Uber China was actually supposed to work. I once worked for a company that built server software and my understanding was that they were partnered with a Chinese company to sell into that market. We built a branded, localised installer for them. I’m not sure what the business arrangement was or what equity relationships (if any) there were between the companies. But I can’t imagine Uber would ever be allowed to have a fully owned Chinese subsidiary competing in that market?
> I can’t imagine Uber would ever be allowed to have a fully owned Chinese subsidiary competing in that market
You imagine correctly, to my knowledge. Western companies in China have to be 51% Chinese owned, on paper.
In reality, they own 100% (plus or minus diplomatic relationship issues), they just haven't asserted this right yet.
This is just my opinion: Uber could never have won in China, and Uber's management likely knew this, but the story of China was needed at the time to drive company valuation and allow the "hockey stick" dashed line of future growth to be plausible.
Reading this and having China cloud experience on my resume I wonder how many chinese data laws they may have violated, you have to really strictly segregate data when it comes to chinese users.
Another approach would be to use the Excel APIs. Both the classic desktop Excel and the web version has APIs to read/write cells and recompute. Rebuilding is more fun of course :-)
This just gave me chills. Never would I want to work on a tool like this from scratch, and alone for that matter, that was underpinning crucial financial planning for a giant operation like the one described in the article.
There are simply too many potential problems that could come up in this scenario and be the cause for catastrophic financial results in the end. And most of them wouldn't nessecarily be easily found via unit tests.
Too many eager geeks are pushing through with realization of things that are a raw (not even half cooked!) droppings of a clueless mind with authority, instead of just simply saying 'No!' - or giving alternatives at least. Driven by pride doing things that should not have been attempted the first place. Lots of waste, lots of waste, lots of half cooked thingies interacting into unreliable solutions.
My favorite line:
> On the other hand, we as engineers need to be real with ourselves. Every piece of code you write as an engineer is legacy code. Maybe not right now, but it will be.
which of course leads to what some people are saying, did this have to be built? Sometimes I think our job is to optimize ourselves away.
I just finished doing this. I built an Excel formula parser and interpreter, and then a transpiler into Python. I even had the experience of having the values off by "just a little" and there's so many things that can cause it, it's just whack-a-mole honestly.
Makes me wonder how many times this has been done haha.
Just a heads up for anyone who finds themselves with a similar requirement, there's a very robust set of office APIs available in .net. I would be surprised if you couldn't open and run a whole workbook with them though I have only used them for more tangential tasks.
Is interesting what people focus on when they read, ultimately I think one needs to ask oneself why you take some jobs. Is the money, the challenge or the purpose. I find that money and challenge has little to go for me if the purpose is skew.
Uber, at that time, was "scrappy". Every operating city was a different market with different rules, so Uber was akin to a franchiser that gave their market managers wide leeway to setup whatever business processes are needed to succeed in that market.
Excel is the easiest way for business-oriented people to make numerical decisions, run incentive campaigns, segment riders and drivers, produce reports required by cities, counties, states, etc.
The data teams providing market intelligence to the various markets, of course, knew about servers. But they would not have the time or skill to setup something like this, and the business still had daily data needs. So the laptops it was, for a time.
I love this article. It begins setting the scene with Uber's grand expectations for the chinese market and then shows just a small piece of the work Uber spent on Uber China. Meanwhile Uber China itself failed spectacularly, with factories of phones claiming the free rides money.[0] I don't think I've ever experienced dramatic irony in a blog before, certainly not a technical blog. The post itself is a masterpiece.
This was an amazing read. One of my favorite memories in college was building a spreadsheet in Java (some of the guts were there) in third semester CS.
"'Growing as an engineer' means becoming a better engineer, and becoming a better engineer (directly or indirectly) means getting better at using your skills to create business value."
Learning how the Excel model worked and then reimplementing it would have been a better example of 'getting better at using your skills to create business value'.
So a lot of my time as a more junior engineer was spent on a similar project that I've described as "rebuilding excel". In my case, it was in the form of a table widget. It was an inhouse widget for displaying tabular data. We were working on AngularJS 1, and had moved from a prior iteration of our application in ExtJS. Now ExtJS had a reasonably featureful table widget out of the box, and so when we were porting to AngularJS, it was considered important that we continued to have these UI features, but at the time (the Angular ecosystem was relatively immature at that time) there were not very many advanced table widgets available in open source, so we ended up building our on.
However, while the ExtJS table widget had been treated by product management as pretty immutable "this is what ExtJS gives us, we can customise the colours and wording and that's it", the idea that we could customise the table widget started something amongst one of the PMs. And so we would get a constant stream of feature requests for the table widget to add stuff and enhance it and soon we were significantly more featureful than the ExtJS widget. It's still, to this day, the most featureful table widget I've seen in a web app. Everything Excel had in terms of resizing tables, sticky columns, scrolling behaviours, sorting, filtering, searching, etc., all saved in your config so it was synced across all your devices, as well as all the performance goodies like recycled rendering etc. The constant stream of feature requests meant there were dev team years invested in this table widget.
As a more mature engineer looking back, it's clear that at some point this had stopped being about customer value and more about one PM's obsession with getting excel like functionality in a in-browser reporting tool, but at the time we just kept building those features.
Now at this time, our company had acquired a sort of competitor of ours. This competitor had what was effectively the same product, but in a different market. And so the first merger of the functionality was basically to reskin both applications so they would pretend to be tabs in a unified application, and change some terminology, etc. They actually did happen to have a pretty similar tech stack to us, so some newer components were available in both applications.
But it became clear that our users were not happy with two applications pretending to be one. They wanted to know why this other market was not accessible by, say, a dropdown in the configuration, and not an entire application which worked in different parts from subtly differently to entirely differently.
So the discussion became about building a ground up unified interface for both of them. Of course, this ignited the discussion of "which table component do we use?". On the one hand, the acquired team were looking at our table, with it's fifty billion options and single handedly accounting for half the page weight of the minified JS of our application and did not want something so bloated. On the other hand, our team were looking at their table widget which was effectively "for row in data, for column in row, print td" and dreading having to rebuild all these features for product management again.
Ultimately the conflict was resolved by choosing to use an open grid that had less features than ours but more than theirs and telling the PM in question that table features were going to be prioritised much less heavily from then on unless there was a real user need for it.
This is so true. People in the US just don't understand the level of economic and industrial espionage that happens in China on a daily basis. I was responding to an unrelated breach at an unnamed tech company back in mid-2000s time frame and had a side bar conversation that went like the following:
Them: "Yeah, we just opened a tech center in Xinjiang and ... wow, we've had quite the rash of lost ID badges there recently"
Me: "Have you considered that they're not 'lost', but rather 'sold' for profit?"
... silence ...
I don't know if executives are aware but just don't care, or if they're simply incompetent, but China has productized industrial espionage on a massive scale. GE Aviation was a victim more recently: https://www.cincinnati.com/story/news/2022/11/16/accused-chi...