I initially thought this would utilize some sort of GitHub/GitLab/Bitbucket/etc-wide scan to compare code in public repos against that of those provided in answers on StackOverflow. I would still be curious to see that, but this is obviously more direct.
What if some weird looking username is actually the real name and we don't show it, or the username seems real but actually fake? (yeah, I'm a pest for lawyers)
Why didn't they just asked for "whatever string the author identified as".
> If You Share the Licensed Material (including in modified form), You must:
> A. retain the following if it is supplied by the Licensor with the Licensed Material:
> i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);
What am I missing? The picture "Copy Events by Post Score"[0] on that page plots, for posts with various point scores, how many times they were copied. But for 0 - 100 on the x-axis, this is a virtually clean, thin, solid curve, as if all posts with 45 points, say, were copied exactly 13 times, all posts with 46 points, 14 times etc. I don't get why the data points are all on a single curve. That's odd, right?!
They don’t say, but presumably it’s an average at each X coordinate, and those scores have enough posts that the average converges nicely. As scores go up, each score doesn’t have as many posts and we don’t see the averages converging.
It does look a bit odd, but not that odd. (Caveat: I'm on mobile and lazy so I've not read the post, just looked at the linked graph.)
The plot "points" are blobs rather than actual points, so there's likely some grouping of data going on, e.g. 0-9 votes, 10-19 votes, etc, per blob. Then it just seems that low scores are more tightly correlated with low copying, and the correlation dissipates as the score increases. That doesn't seem too surprising, I guess?
This is a wonderful thing and one of the examples where the internet brought real value to the world. Sharing of well curated knowledge is the best use for the internet.
I wonder if they adjusted for, or should have adjusted for, the "triple copy just to be sure" action that some people perform. Maybe the triple copy also has a correlation with user age and reputation.
That's funny because I didn't even think about it, but I'm definitely a triple copier, just out of habit anymore. Interesting to know how many other people are now that you mention it.
I do that too, but because I often use the shift+del / shift+insert shortcuts with my right hand. I find the proper "copy" shortcut: crtl+insert to be more awkward.
I picked up that habit back in the day when I was working with Citrix since back then the first Ctrl-c normally wouldn’t take. Still doing it to this day out of muscle memory.
I copy and paste from SO, but it's pretty rare that I can use the code as-is. Sometimes it's not even in the same language. My usual habit is to leave a link to the web page in a comment. Sometimes the link is more valuable than the code itself because a SO thread will include differing opinions and good explanations.
I too, after coming back to a code snippet or logic, and struggling to understand why or how I used it, now everytime I get help from stack overflow, i put that answer's link in a comment just before the code or concept starts.
I wouldn't be surprised if that happens regularly. There's lots of insecure code on SO, either because it was written in an insecure way or best practices changed (like md5 hashing passwords).
I don't remember copy pasting, have no idea how it will work, even for python, my use case for stack overflow is examples that help me understand potential "solution" conceptually, for example, I might be missing understanding how to call specific function/method from library or something specific to api and error(s), that's about it.
honest to god we have an internal app that's nothing more than a collection of cargo cult programming snippets from stack overflow and various AWS examples.
it's clear the author knew neither AWS or JavaScript and kept adding code snippets until the errors went away.
there are plenty of errors. it works only intermittently, produces megabytes of randomly generated files as a side effect and spurious messages to various internal pub/sub topics. users know to send a request and wait 30 seconds. if it doesn't respond, just resubmit the request.
it also has no build system or tests, just a script that copies the source to a build directory, zips it up and uses an example SAM template that creates quite a few unused resources, but as a side effect creating a useful lambda.
the lambda is behind an api gateway resource/method so a payload is sent to the lambda if the request path matches what's in the resource path part of the api. the lambda itself is an express app with a single route defined (which is the same as the api gateway resource path) - so the api gateway routes to the lambda if the path in matches the resource. then the express app looks at the path and dispatches based on the path (even though the only way you could have called this lambda was for the path to already match the path specified in the express app.)
because there's no build system, they didn't think to scrape dev dependencies out of the build directory, so we wind up uploading babel and a few other packages to the deploy environment.
we're inconsistant in whether we use SNS vs. SQS. and we frequently drop requests if we get a sudden spike in traffic because SNS is not a queue and sometimes it takes so long to scale up messages time out of the SNS topic.
I don't think that javascript should be permitted to know what text you've selected as displayed in your browser or that you've copied it to clipboard. Fundamental mismatch in the rights of the end user client device and person operating the browser vs. the httpd.
At least not without going through the same level of explicit permission popup that you would need for microphone or camera access in a modern browser.
What people copy to clipboard on their own client workstation device should be exclusively up to their local control.
Mostly I see this in websites that deploy some mostly-futile "special sauce" code to prevent things like right-click/save-as of images. And similar.
I’m not sure this changes a thing unless you also want a permission popup for tracking when text is even selected. And at that point you’re getting permission to be aware of basic DOM events.
The practical problem with this idea is that you would essentially need to remove the ability of JavaScript to track all human input (mouse movement, clicks, etc.) since that could already be used to figure out what they’re selecting. Sure, browsers could try to hide this info with clever rules like not reporting mouse movements while the mouse button is being held and text is being selected, but it would be pretty hard to get right (and would probably break a lot of sites that aren’t doing anything nefarious, like any rich text editor).
Is your position that Javascript shouldn't be able to see click and drag events?
That would make a lot of browser games, tools (e.g. broswer image editors) and certain browser drag and drop functionality (e.g. a custom video or audio scrub bar) not work. They would require permission popups.
If anyone uses Firefox, it is possible to disable websites from knowing about any clipboard-related events. Go to about:config, search for dom.event.clipboardevents.enabled and set it to false. Done.
Sorry to go off topic, but is there documentation for the settings in about:config? And why don't they have a better UI?
It's pretty sad that something as security sensitive as browser settings requires trusting random strangers on the internet or digging through source code to understand what's going on.
If Mozilla made a chrome UI for those settings, they'd be accused of adding bloat to Firefox, creating complex options that confuse users, and making Firefox harder to use than Chrome-based browsers. I've noticed that open source really can't win in that department, so power user settings are put out of sight and out of mind, or are eliminated completely.
> If Mozilla made a chrome UI for those settings, they'd be accused of adding bloat to Firefox, creating complex options that confuse users, and making Firefox harder to use than Chrome-based browsers.
Possibly, but does Mozilla actually care about accusations of bloat or poor usability?
> I still miss Opera; they were the only browser developer who didn't take the "Users are stupid and easily confused" approach to browser development.
Old Opera was amazing, and incredibly fast. For a while there on pre-Android and early Android phones, Opera rendered the fastest out of all the mobile browsers.
Back when I was a beginner, I'll admit I did this alot.
11 years later it's rare. I'm more interested in sites like stack overflow for much higher level information like what framework should I choose for project X.
I don’t copy and paste code from stackoverflow anymore. When I was a beginner I used to but now because of the complexity of things I work on the snippets don’t work as is and I just look at stackoverflow to find an approach and then look at the documentation to apply it to my problem.
The one I am guilty for copying and pasting is command line stuff. I know its dangerous and I try not to paste it directly into the terminal but some of the commands are so complicated and backspacing in the shell is annoying its just easier to copy and paste.
I do the same, unless it contains sensitive data that I don't want to leak to Google. Then I just use Sublime. I wish ctrl+shift+v was more common to paste without formatting.
That's a dangerous habit to get into. Everything you type in the address bar is sent to Google (or your default search engine). If you "edit" to replace placeholders with credentials, you've just sent those credentials to Google.
This happens live, character-for-character, you don't need to press enter.
I share this sentiment minus the complexity part. I usually have documentation up as well and am looking to see what fits with what I envisioned beforehand.
It was surprising to see Pandas listed multiple times in top 10 tags since I feel like the documentation is pretty straight forward.
What are the copyright implications? Do the terms of service allow copying? Is all code on Stack Overflow in public domain, or is it under some specific license?
That "Share Alike" part in the license name means that your project needs to be using the same CC-BY-SA license as stackoverflow. That is unlikely to be the case, so copying code from stackoverflow is a license violation. On the other hand, you are unlikely to be sued for it, so few people care.
Considering how long stackoverflow has been using these terms, fully aware that everyone and their dog is copying code from stackoverflow all over, one might suspect that the stackoverflow people are intentionally trolling corporate lawyers here, in the best anarchist tradition...
I am on the upper rep band, and I typically copy from the question and paste into my answer.
It appears as though Stack Exchange accounted for that use case when showing User rep.
I assume the 0-rep users doing the copy and pasting are the same quality as programmers who post low quality "I'm in tech look at me" videos on social media.
Data Engineering or ML ops, it has same kind thing going on that data science had 5 years ago. Nowadays it feels that most DS is just glorified Data analysts.
With AWS sagemaker like services MLops is also getting easier. Yes data engineering still requires significant work.
I personally think people with business and technical sense will remain relevant.
business sense -> understand or identify right problems.
Technical sense -> can find quick solutions, most of the time just with co-code or autoML tools
73 comments
[ 0.48 ms ] story [ 165 ms ] thread>Content contributed before 2011-04-08 (UTC) is distributed under the terms of CC BY-SA 2.5.
>Content contributed from 2011-04-08 up to but not including 2018-05-02 (UTC) is distributed under the terms of CC BY-SA 3.0.
>Content contributed on or after 2018-05-02 (UTC) is distributed under the terms of CC BY-SA 4.0.
And there lays the intention to comply with the license dead in the water... SO displays the user name only, not the real name.
As I understand it this means that if the user does not disclose his real name you don't have to show his real name either.
Why didn't they just asked for "whatever string the author identified as".
> If You Share the Licensed Material (including in modified form), You must:
> A. retain the following if it is supplied by the Licensor with the Licensed Material:
> i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);
https://creativecommons.org/licenses/by-sa/4.0/legalcode
[0] https://lh3.googleusercontent.com/hkdnDDP4Vx0XOMt_VWX09qKURy...
The plot "points" are blobs rather than actual points, so there's likely some grouping of data going on, e.g. 0-9 votes, 10-19 votes, etc, per blob. Then it just seems that low scores are more tightly correlated with low copying, and the correlation dissipates as the score increases. That doesn't seem too surprising, I guess?
So only people using Mac's then.
I'd say people at work helped other people at work and they got out the same as they put in: win-win.
Let's not pretend this interested exchange is slavery. I credit all my colleagues who ask and answer questions.
If the source is editable, I see that it worked because it briefly vanished, lol
https://grahamcluley.com/take-care-copy-pasting-code-stack-o...
it's clear the author knew neither AWS or JavaScript and kept adding code snippets until the errors went away.
it also has no build system or tests, just a script that copies the source to a build directory, zips it up and uses an example SAM template that creates quite a few unused resources, but as a side effect creating a useful lambda.
the lambda is behind an api gateway resource/method so a payload is sent to the lambda if the request path matches what's in the resource path part of the api. the lambda itself is an express app with a single route defined (which is the same as the api gateway resource path) - so the api gateway routes to the lambda if the path in matches the resource. then the express app looks at the path and dispatches based on the path (even though the only way you could have called this lambda was for the path to already match the path specified in the express app.)
because there's no build system, they didn't think to scrape dev dependencies out of the build directory, so we wind up uploading babel and a few other packages to the deploy environment.
we're inconsistant in whether we use SNS vs. SQS. and we frequently drop requests if we get a sudden spike in traffic because SNS is not a queue and sometimes it takes so long to scale up messages time out of the SNS topic.
but it "works" for some definition of the word.
At least not without going through the same level of explicit permission popup that you would need for microphone or camera access in a modern browser.
What people copy to clipboard on their own client workstation device should be exclusively up to their local control.
Mostly I see this in websites that deploy some mostly-futile "special sauce" code to prevent things like right-click/save-as of images. And similar.
That would make a lot of browser games, tools (e.g. broswer image editors) and certain browser drag and drop functionality (e.g. a custom video or audio scrub bar) not work. They would require permission popups.
It's pretty sad that something as security sensitive as browser settings requires trusting random strangers on the internet or digging through source code to understand what's going on.
If Mozilla made a chrome UI for those settings, they'd be accused of adding bloat to Firefox, creating complex options that confuse users, and making Firefox harder to use than Chrome-based browsers. I've noticed that open source really can't win in that department, so power user settings are put out of sight and out of mind, or are eliminated completely.
Possibly, but does Mozilla actually care about accusations of bloat or poor usability?
TBH, the I personally think the UI is fine, but it's annoying to have so many places to look for settings.
Chromium/Chrome have chrome://flags, which is basically the same UI, but all of the options have a few sentences explaining what they do.
I still miss Opera; they were the only browser developer who didn't take the "Users are stupid and easily confused" approach to browser development.
Old Opera was amazing, and incredibly fast. For a while there on pre-Android and early Android phones, Opera rendered the fastest out of all the mobile browsers.
11 years later it's rare. I'm more interested in sites like stack overflow for much higher level information like what framework should I choose for project X.
The one I am guilty for copying and pasting is command line stuff. I know its dangerous and I try not to paste it directly into the terminal but some of the commands are so complicated and backspacing in the shell is annoying its just easier to copy and paste.
This happens live, character-for-character, you don't need to press enter.
It was surprising to see Pandas listed multiple times in top 10 tags since I feel like the documentation is pretty straight forward.
https://stackoverflow.com/help/licensing
Considering how long stackoverflow has been using these terms, fully aware that everyone and their dog is copying code from stackoverflow all over, one might suspect that the stackoverflow people are intentionally trolling corporate lawyers here, in the best anarchist tradition...
It appears as though Stack Exchange accounted for that use case when showing User rep.
I assume the 0-rep users doing the copy and pasting are the same quality as programmers who post low quality "I'm in tech look at me" videos on social media.
What data scientists should learn to stay relevant in the next 3-5 years?
We forget how many non technical people, managers, HR people etc read these things and take them at face value.