73 comments

[ 0.48 ms ] story [ 165 ms ] thread
I initially thought this would utilize some sort of GitHub/GitLab/Bitbucket/etc-wide scan to compare code in public repos against that of those provided in answers on StackOverflow. I would still be curious to see that, but this is obviously more direct.
This makes me curious, how are stackoverflow questions licensed? Is there any harm in copy/pasting?
It depends on when it was posted: ttps://stackoverflow.com/help/licensing

>Content contributed before 2011-04-08 (UTC) is distributed under the terms of CC BY-SA 2.5.

>Content contributed from 2011-04-08 up to but not including 2018-05-02 (UTC) is distributed under the terms of CC BY-SA 3.0.

>Content contributed on or after 2018-05-02 (UTC) is distributed under the terms of CC BY-SA 4.0.

> Visually display or otherwise clearly indicate the author names

And there lays the intention to comply with the license dead in the water... SO displays the user name only, not the real name.

https://wiki.creativecommons.org/wiki/License_Versions#Attri...

As I understand it this means that if the user does not disclose his real name you don't have to show his real name either.

What if some weird looking username is actually the real name and we don't show it, or the username seems real but actually fake? (yeah, I'm a pest for lawyers)

Why didn't they just asked for "whatever string the author identified as".

From my reading they did

> If You Share the Licensed Material (including in modified form), You must:

> A. retain the following if it is supplied by the Licensor with the Licensed Material:

> i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);

https://creativecommons.org/licenses/by-sa/4.0/legalcode

The average snipit from stack overflow isn’t sufficiently unique to be covered by copyright anyway.
What am I missing? The picture "Copy Events by Post Score"[0] on that page plots, for posts with various point scores, how many times they were copied. But for 0 - 100 on the x-axis, this is a virtually clean, thin, solid curve, as if all posts with 45 points, say, were copied exactly 13 times, all posts with 46 points, 14 times etc. I don't get why the data points are all on a single curve. That's odd, right?!

[0] https://lh3.googleusercontent.com/hkdnDDP4Vx0XOMt_VWX09qKURy...

They don’t say, but presumably it’s an average at each X coordinate, and those scores have enough posts that the average converges nicely. As scores go up, each score doesn’t have as many posts and we don’t see the averages converging.
It does look a bit odd, but not that odd. (Caveat: I'm on mobile and lazy so I've not read the post, just looked at the linked graph.)

The plot "points" are blobs rather than actual points, so there's likely some grouping of data going on, e.g. 0-9 votes, 10-19 votes, etc, per blob. Then it just seems that low scores are more tightly correlated with low copying, and the correlation dissipates as the score increases. That doesn't seem too surprising, I guess?

>... we set up a system to react every time someone typed Command+C ...

So only people using Mac's then.

Ha my thoughts exactly, I hope they meant Super
This probably misses people who use drag-and-drop anyhow.
Stack overflow has contributed probably billions of dollars of uncredited economic value just by people doing this
Yeah but it's not StackOverlow answering questions.

I'd say people at work helped other people at work and they got out the same as they put in: win-win.

Let's not pretend this interested exchange is slavery. I credit all my colleagues who ask and answer questions.

This is a wonderful thing and one of the examples where the internet brought real value to the world. Sharing of well curated knowledge is the best use for the internet.
Here comes gating copy and paste behind a subscription. /s
Not copy paste but I definitely read all the solutions and incorporate the best one.
I wonder if they adjusted for, or should have adjusted for, the "triple copy just to be sure" action that some people perform. Maybe the triple copy also has a correlation with user age and reputation.
That's funny because I didn't even think about it, but I'm definitely a triple copier, just out of habit anymore. Interesting to know how many other people are now that you mention it.
I always do cut-paste at the source and then paste at the target.

If the source is editable, I see that it worked because it briefly vanished, lol

I do that too, but because I often use the shift+del / shift+insert shortcuts with my right hand. I find the proper "copy" shortcut: crtl+insert to be more awkward.
What is triple copy? Literally hitting ctrl-c three times? No idea that was a thing people did.
I picked up that habit back in the day when I was working with Citrix since back then the first Ctrl-c normally wouldn’t take. Still doing it to this day out of muscle memory.
I copy and paste from SO, but it's pretty rare that I can use the code as-is. Sometimes it's not even in the same language. My usual habit is to leave a link to the web page in a comment. Sometimes the link is more valuable than the code itself because a SO thread will include differing opinions and good explanations.
I do this too, also to insightful comments occasionally. I like how you can grab a short link to a specific answer.
I too, after coming back to a code snippet or logic, and struggling to understand why or how I used it, now everytime I get help from stack overflow, i put that answer's link in a comment just before the code or concept starts.
Question to the employers or managers: do you think that this is bad thing?
Most copied snippet is a basic operation when dealing with data. That's a testemant to how unintuitive Pandas is.
I'm waiting for the day where some snippet from StackOverflow makes in into a big project or multiple projects and is exploited by some huge bug...
I don't remember copy pasting, have no idea how it will work, even for python, my use case for stack overflow is examples that help me understand potential "solution" conceptually, for example, I might be missing understanding how to call specific function/method from library or something specific to api and error(s), that's about it.
TL&DR: 40,623,987 copies across 7,305,042 posts and comments between March 26th and April 9th
honest to god we have an internal app that's nothing more than a collection of cargo cult programming snippets from stack overflow and various AWS examples.

it's clear the author knew neither AWS or JavaScript and kept adding code snippets until the errors went away.

So it works? And there are no errors?
there are plenty of errors. it works only intermittently, produces megabytes of randomly generated files as a side effect and spurious messages to various internal pub/sub topics. users know to send a request and wait 30 seconds. if it doesn't respond, just resubmit the request.

it also has no build system or tests, just a script that copies the source to a build directory, zips it up and uses an example SAM template that creates quite a few unused resources, but as a side effect creating a useful lambda.

the lambda is behind an api gateway resource/method so a payload is sent to the lambda if the request path matches what's in the resource path part of the api. the lambda itself is an express app with a single route defined (which is the same as the api gateway resource path) - so the api gateway routes to the lambda if the path in matches the resource. then the express app looks at the path and dispatches based on the path (even though the only way you could have called this lambda was for the path to already match the path specified in the express app.)

because there's no build system, they didn't think to scrape dev dependencies out of the build directory, so we wind up uploading babel and a few other packages to the deploy environment.

we're inconsistant in whether we use SNS vs. SQS. and we frequently drop requests if we get a sudden spike in traffic because SNS is not a queue and sometimes it takes so long to scale up messages time out of the SNS topic.

but it "works" for some definition of the word.

I don't think that javascript should be permitted to know what text you've selected as displayed in your browser or that you've copied it to clipboard. Fundamental mismatch in the rights of the end user client device and person operating the browser vs. the httpd.

At least not without going through the same level of explicit permission popup that you would need for microphone or camera access in a modern browser.

What people copy to clipboard on their own client workstation device should be exclusively up to their local control.

Mostly I see this in websites that deploy some mostly-futile "special sauce" code to prevent things like right-click/save-as of images. And similar.

I’m not sure this changes a thing unless you also want a permission popup for tracking when text is even selected. And at that point you’re getting permission to be aware of basic DOM events.
The practical problem with this idea is that you would essentially need to remove the ability of JavaScript to track all human input (mouse movement, clicks, etc.) since that could already be used to figure out what they’re selecting. Sure, browsers could try to hide this info with clever rules like not reporting mouse movements while the mouse button is being held and text is being selected, but it would be pretty hard to get right (and would probably break a lot of sites that aren’t doing anything nefarious, like any rich text editor).
Your web browser is your operating system. It needs to have access to your peripherals and lower-level things like your clipboard and filesystem.
Sure it does, doesn't mean it needs to report back to a website what it's doing with it.
Is your position that Javascript shouldn't be able to see click and drag events?

That would make a lot of browser games, tools (e.g. broswer image editors) and certain browser drag and drop functionality (e.g. a custom video or audio scrub bar) not work. They would require permission popups.

If anyone uses Firefox, it is possible to disable websites from knowing about any clipboard-related events. Go to about:config, search for dom.event.clipboardevents.enabled and set it to false. Done.
Sorry to go off topic, but is there documentation for the settings in about:config? And why don't they have a better UI?

It's pretty sad that something as security sensitive as browser settings requires trusting random strangers on the internet or digging through source code to understand what's going on.

There's Mozilla wiki pages for many of the options in about:config. Check this out: http://kb.mozillazine.org/About:config_Entries

If Mozilla made a chrome UI for those settings, they'd be accused of adding bloat to Firefox, creating complex options that confuse users, and making Firefox harder to use than Chrome-based browsers. I've noticed that open source really can't win in that department, so power user settings are put out of sight and out of mind, or are eliminated completely.

> If Mozilla made a chrome UI for those settings, they'd be accused of adding bloat to Firefox, creating complex options that confuse users, and making Firefox harder to use than Chrome-based browsers.

Possibly, but does Mozilla actually care about accusations of bloat or poor usability?

Thank you! That's more documentation than I knew about before.

TBH, the I personally think the UI is fine, but it's annoying to have so many places to look for settings.

Chromium/Chrome have chrome://flags, which is basically the same UI, but all of the options have a few sentences explaining what they do.

I still miss Opera; they were the only browser developer who didn't take the "Users are stupid and easily confused" approach to browser development.

> I still miss Opera; they were the only browser developer who didn't take the "Users are stupid and easily confused" approach to browser development.

Old Opera was amazing, and incredibly fast. For a while there on pre-Android and early Android phones, Opera rendered the fastest out of all the mobile browsers.

Setting it to false causes issues in websites (like WhatsApp Web). You can't paste and send images in chats.
Back when I was a beginner, I'll admit I did this alot.

11 years later it's rare. I'm more interested in sites like stack overflow for much higher level information like what framework should I choose for project X.

I don’t copy and paste code from stackoverflow anymore. When I was a beginner I used to but now because of the complexity of things I work on the snippets don’t work as is and I just look at stackoverflow to find an approach and then look at the documentation to apply it to my problem.

The one I am guilty for copying and pasting is command line stuff. I know its dangerous and I try not to paste it directly into the terminal but some of the commands are so complicated and backspacing in the shell is annoying its just easier to copy and paste.

Use address bar as temporary editor / buffer. Ctrl-C, Ctrl-L, Ctrl-V, ctrl-left or ctrl-right to edit/confirm correctness, then ctrl a and ctl c
I'm glad I'm not the only person who uses the address bar as a temporary editor.
I use it to clear formatting before pasting into rich text editors like Word or Outlook. Wonder if I'm the only one.
I do the same, unless it contains sensitive data that I don't want to leak to Google. Then I just use Sublime. I wish ctrl+shift+v was more common to paste without formatting.
That's a dangerous habit to get into. Everything you type in the address bar is sent to Google (or your default search engine). If you "edit" to replace placeholders with credentials, you've just sent those credentials to Google.

This happens live, character-for-character, you don't need to press enter.

I share this sentiment minus the complexity part. I usually have documentation up as well and am looking to see what fits with what I envisioned beforehand.

It was surprising to see Pandas listed multiple times in top 10 tags since I feel like the documentation is pretty straight forward.

> and surprisingly, we see more copies being made on questions without accepted answers than we do on questions which are accepted.
What are the copyright implications? Do the terms of service allow copying? Is all code on Stack Overflow in public domain, or is it under some specific license?
Yes the terms use allows copying and remixing. As of now, it's Creative Commons Attribution - Share Alike.

https://stackoverflow.com/help/licensing

That "Share Alike" part in the license name means that your project needs to be using the same CC-BY-SA license as stackoverflow. That is unlikely to be the case, so copying code from stackoverflow is a license violation. On the other hand, you are unlikely to be sued for it, so few people care.

Considering how long stackoverflow has been using these terms, fully aware that everyone and their dog is copying code from stackoverflow all over, one might suspect that the stackoverflow people are intentionally trolling corporate lawyers here, in the best anarchist tradition...

I am on the upper rep band, and I typically copy from the question and paste into my answer.

It appears as though Stack Exchange accounted for that use case when showing User rep.

I assume the 0-rep users doing the copy and pasting are the same quality as programmers who post low quality "I'm in tech look at me" videos on social media.

It appears data scientists copy the most, which implies the one who automates others' work will get automated out sooner than we all think.

What data scientists should learn to stay relevant in the next 3-5 years?

Data Engineering or ML ops, it has same kind thing going on that data science had 5 years ago. Nowadays it feels that most DS is just glorified Data analysts.
With AWS sagemaker like services MLops is also getting easier. Yes data engineering still requires significant work. I personally think people with business and technical sense will remain relevant. business sense -> understand or identify right problems. Technical sense -> can find quick solutions, most of the time just with co-code or autoML tools
Off topic, but honestly believe this is one of the most damaging "developer memes". And it's not even funny.

We forget how many non technical people, managers, HR people etc read these things and take them at face value.

Massive increases in developer compensation in the last 10 years is evidence that - on net - developers aren't damaged.