238 JSJ Intellectual Property and Software Forensics with Bob Zeidman

00:00 3963
Download MP3

TOPICS:03:08 The level of difficulty in determining code creators on the Internet04:28 How to determine if code has been copied10:00 What defines a trade secret12:11 The pending Oracle v Google lawsuit25:29 Nintendo v Atari27:38 The pros and cons of a patent29:59 Terrible patents33:48 Fighting patent infringement and dealing with “patent trolls”39:00 How a company tried to steal Bob Zeidman’s software44:13 How to know if you can use open source codes49:15 Using detective work to determine who copied whom52:55 Extreme examples of unethical behavior56:03 The state of patent laws


Cognitive Bias Cheat Sheet Blog PostBagels by P28 FoodsLet’s Encrypt Indigogo Generosity CampaignSuper Cartography Bros AlbumMicroConf 2017MindMup Mind Mapping ToolWords with Friends GameUpcoming Conferences via Devchat.tvGood IntentionsBook by Bob ZeidmanHorror Flick Book by Bob ZeidmanSilicon Valley Napkins


Charles:        Hey everybody and welcome to episode 238 of the JavaScript Jabber show, this week on our panel we have Jamison Dance.Jamison:       Hello friends.Charles:        Aimee Knight.Aimee:          Hello.Charles:        AJ O’Neal.AJ:                Yow, yow, yow coming at you live like always.Charles:        I’m Charles Max Wood from Devchat.tv and this week we have a special guest and that’s Bob Zeidman.Bob:              Hello everybody out there.Charles:        Do you wanna introduce yourself really quickly?Bob:              Sure, sure. I’m Bob Zeidman. One of the main things I do is consulting, engineering consulting, I’m an engineer. Engineering consulting on Intellectual Property litigation. Patents, copyrights, trade secrets. When there’s a fight going on between two companies, they’ll hire my team and myself to take set apart, reverse engineering, write it up, compare it to patents, copyrights, determine whether trade secrets exist and decide who is infringing on whom or who stole somebody else’s code.                     I’ve also developed some specialized tools that help with that analysis and I also have another company that does automatic software generation for embedded systems particularly the internet of things. The big focus there these days has been security especially after the attack that occurred last week, I think it was a week till Friday, where all by, the systems came down, the understanding is that a virus [0:09:52.3] got into a bunch of IOT devices and started doing a DDOS attack on one of the web hostings. I guess the DNS server, big DNS server. That’s the summary of some of the stuff I do.Charles:        Are you an attorney or do you work with attorneys?Bob:              It’s always the second question I get but it’s good you asked because some people just assume I’m an attorney. But I know, I probably know more attorneys than anyone ever should but I’m an engineer. But I’ve written about Intellectual Property. I think I can honestly say that I know more about Software Intellectual Property than the vast majority of attorneys do.Charles:        The thing that I find really interesting is that there’s all this information out there about Forensics and tracking down. All of the things you talk about doing. I‘m curious, it seems like it’ll be a little bit hard to figure out who’s doing what on the internet or who’s doing what in software?Bob:              Yes and no. What frustrated me when I first started doing this kind of work is, companies would sue each other about copying. Literally when I had the first case I was involved with, they have two professors from the University of Stockholm. One was a Computer Science professor and the other was the Computer Science department head. They basically each wrote a report that said, “I looked over the code and I have thirty years’ experience and this looks like it was copied to me because nobody would write it this way if it wasn’t copied.” Then the other expert would say, “Well, I got 40 years’ experience and it doesn’t look copied.” The judge in the jury would have to say, “Which of these guys seems smarter than me.”                     What I did is I actually created tools, I created a measure of software correlation. I wrote about it and I created a tool. It actually came out as some work I was doing on the side, this was never meant a company or a product but it just caught on. But it was a way of measuring software and you still need a human to review the results but what you can do is you can focus on the stuff that looks like it might have been copied and then a human can look at it, determine if it was really copied or not.Charles:        Interesting. How can you tell if something’s been copied?Bob:              It’s a good question because what I told you right now is really just part of the equation. I actually offered training online and people get confused. I wrote an article just earlier this year about it. What you should do is, you run the tools and tools will say, “Here’s a bunch of stuffs that looks copied.” But then you really need to have some human judgement and the human judgement involves, what are the chances that these two sections of code just happen to be the same.                     For example, I had a colleague of mine, first smart guy took the training and he’s at 40 hours on the final exam and he finally came to me, it’s not supposed to take that much time. But he said, “I just can’t determine who copied from whom.” I said, “Okay, you see these four lines of code in both program?” He said, “Yeah.” I said, “What are the chances that they would have the same four lines of code and then there wouldn’t be any difference that the variable names where the same, the consent names were the same.” But he said, “But it’s only four lines of code.” I said, “Okay, but he could’ve have them by chance but it’s pretty small right?” He said, “Yeah.” I said, “Now, what are the chances that they’re all in the same sequence?” Because they could be in any sequence and it would still work. Two people happen to write the same code in the same sequence, it’s pretty small but it’s not zero. I said, “Okay, and then look at this comment here, other than one words, the comments are exactly the same.” He said, “Yeah.” And I said, “It could happen but it’s pretty small.” And he said, “Yeah.” Then I said, “When you look at all these things together, what are the chances that all these things happened?”                     There’s a tiny, tiny chance that it happened by coincidence but that’s not a reasonable assumption. When you go to court, you have to say what’s reasonable and what’s not unless the stars align in a certain way, that wasn’t going to happen. The conclusion is that, it was copied.AJ:                I’ve got a question about that. I’ve copied four lines of code from [0:14:27.0] before and a lot of times, it’s a very simple algorithm where it’s like, well yeah, I could change the variable names like I could put it in alphabetical order but usually those kinds of snippets are the things where you’re copying from stack overflow or something. It’s like it’s a simple one way to do something.Bob:              That’s a good question. I think it’s a problem these days because people don’t understand, even Computer Science professors don’t understand what the line is, what the limit is. If you’re copying from a third party source, first of all, an open source, this open source code, then you typically don’t have to worry about that. You might have to worry about the open source license and that’s a different issue. If both parties copied from the same open source code or third party code, we actually have ways of eliminating that. We say that’s not copied in the sense that it’s not illegal copying. Again, there might be license issues that whether you were allowed to copy that code or whether you have to make the whole source of code public.                     But part of the problem is, let’s say you worked for a company and then you go start your own company, this is pretty common and you decide, you know I wrote this little sorting algorithm that nobody cares about but I wrote it in my last company and it’s only ten lines of codes so I’m going to copy it. The problem is, that’s not technically legal. What is legal, is that you say, “Oh, I remember it well.” These are other issues. But let’s say you can copyright law. You can say, “I remember that I’d had this great sorting routine so I’ll just free write it, it’s only ten lines of code.” It’s really worth it to rewrite it from scratch.                     Copyright infringement is only copyright infringement if it’s substantial. But the problem with software is that, almost anything is considered substantial because it performs a function. If you’re talking about a novel like, even borrow a line from, let’s say from Hamlet, if you borrowed the line, you walked into the room. Nobody’s going to care, nobody reads Hamlet because it has the line he walked into a room. But if you copy to be or not to be, that isn’t a question, then Shakespeare can sue you because that’s substantial.AJ:                It’s good that he’s dead.Bob:              The thing is, the software, since it all represents a function, it’s easy to show that you are doing something substantial because instead of taking months to write it, you only took a day by copying it and you didn’t have to debug it, you didn’t have to integrate it with the rest of the code. It becomes a gray area that I recommend not taking a chance.Charles:        I almost became an attorney, one of those court people that hate their jobs. I was looking into going into intellectual property and patent law and one of the other areas is trade secrets. What is that ten-line sorting algorithm is kind of the secret sauce of previous employer, isn’t that also protected?Bob:              It’s a great question because I hesitated when I was explaining and then specifically said copyright. The thing is, anything can be a trade secret, almost anything. Any company can declare almost anything as a trade secret, it doesn’t mean it is but I’ve seen lots of companies claim really weird stuff as trade secrets. If you rewrote the sorting algorithm from scratch but the previous company could sue you and say, “That’s our trade secret.” The good thing for you is, they have to show that one, they tried to keep it secret, they never told anybody about it, they didn’t publish it anywhere, they didn’t share it with any customers, they have to have to show that it’s valuable. That’s the harder part to do. They would have to show the people bought their program because of the sorting routine. If they go to court, that’s really hard to show for something like a sorting routine unless it’s a sorting program. Let’s say they sell out libraries.AJ:                Or if you’re Oracle.Bob:              For full disclosure, I worked for Oracle and the Oracle-Google case just to let you know by the bad guys. The good part for you is, it’s their burden to show that they kept it secret and that it was valuable to them. For most companies, it’d be hard to show that the sorting algorithm, people bought their program because they had a great sorting algorithm. You’d be in the clear but that doesn’t mean they wouldn’t sue you. That’s the problem, is that, when you do stuff like this, you could get sued then you got to fight it.Jamison:       You mentioned you worked for Oracle on their Google-Oracle case. Are you able to talk about that at all or is that get into dubious legal territory? I asked because I feel like almost everything I’ve read has been kind of from the Oracle’s evil, Google is right, they’re defending freedom perspective so I think it could be interesting to hear, the Oracle perspective but not from Oracle, I guess if that make sense.Bob:              I can probably talk a lot about it because I was supposed to testify but my part of the case, Google agreed that they weren’t going to fight it because what I did was hard for them to challenge and in the end it didn’t matter that much. I can talk to you about it if we get anything that’s sensitive, I’ll tell you.                     Let me start out by saying that I have a philosophy that I will work for any party that hires me. I don’t prejudge who’s right or who’s wrong but sometimes clients don’t hear the information they want to hear. I don’t work on that case very long. Given that, that didn’t happen with Oracle. I have some strong feeling about Oracle, I actually think that Oracle was in the right.Jamison:       I know this is a very complex issue but some people might be like Google Oracle, what is he even talking about.Bob:              You know that Oracle bought Sun, Sun invented Java and Sun licensed Java library. The Java language is free but if you’re using the libraries for commercial purposes, then you had to pay a license fee. If you’re using it for non-commercial purposes, that’s free and the language is free. People sometimes confuse the language. The lines get really blurry even when I was brought on to the case. There were all these discussions about what’s the library and what’s the language? That was part of the controversy too. But, if you used the libraries, you have to pay for them.Jamison:       Like the standard libraries like file.io type of stuff.Bob:              I’m going tell you what I recall. There were some libraries that ended up not being an issue because they were free. File.io I think might have been free but some of the others were not free.Jamison:       Okay, that make sense.Bob:              I think things that were absolutely necessary to write a simple program are generally free. Generally, not a hundred percent certain. But more complicated functions like sorting routines were not free. Google knew that they were not free. At trial, there was a lot of emails that came up that basically people at Google said, “Google tried to negotiate a license with Sun.” They couldn’t reach an agreement where Google would pay Sun for the libraries in order to create an address. They wanted to create android and they wanted to use the Java libraries. They couldn’t reach an agreement and there were emails from high level executives at Google that said, “Well, we can’t do it without a license.” And other people said, “Let’s do it anyway.” People were saying, “No, we can’t do that.” Other people said, “Yeah, we can.” They decided to do it. That’s one of the things you don’t hear so much.                     At Google, at least a number of people knew they were doing something they weren’t supposed to. They had tried to it the right way. What they did is, they created their own libraries and they kept all the APIs. People talk about the APIs because what happened was, they rewrote the code that implemented the APIs. If you want a sorting algorithm, I don’t know, bubble sort, they still call that bubble sort, they still had the same parameters with the same data types in the same orders, in a lot of cases and it return the same value but they implemented the code completely differently.                     In my opinion, the reason they did this, they basically rewrote the code, why not rewrite the APIs too and then there would’ve been no trouble at all. The reason they didn’t is basically Java had one of the largest number of users of any programming language in the world and they didn’t want to retrain people to use android. The advantage Google got is they leverage to all the years and all the marketing that Sun had done and Sun was later bought by Oracle. So that people could say, knew exactly how all the APIs work, they didn’t have to teach anybody anything knew. In my opinion, that’s where the problem was. They took advantage of the years that Sun had spent educating people.                     Here’s something that people don’t know. When I went to court the first time, the jury said that APIs are copyrightable and by the way, it wasn’t just a few APIs were talking about. I think it was 11,000 APIs that were identical or virtually identical in both android and Java. All of those 11,000 or 12,000, the jury actually said it’s copyrightable but maybe Google had a fair use. The law says that if you can show that it’s for the public good and there’s a bunch of criteria about what that means specifically, but if you could show it’s for the public good to copy something, then you can copy it even though it’s copyrightable. Typically, that applies to educational purposes. If you want to teach Java in school, you can copy anything you want as long as you’re using it to teach students.                     The jury in the case said that the APIs were copyrightable because they were creative, because you could’ve done it a whole bunch of different ways and Google decided to do it exactly the same way in most cases as Oracle did. But it might have been fair use, they weren’t sure. But the judge overturned their decision and said APIs are not copyrightable. Interesting thing was, Oracle then appealed that to a higher court and if you read the decision which I’m glad to send you or you can find that online. The higher court, I believe was a panel of three judges if I’m not mistaken, they came down on the first judge really hard and they said, “You basically got everything wrong about copyright.” They said there might be a fair use but there’s no question at all to the law specifically says that lines of code are copying and are copyrightable. APIs are lines of code which means unless it’s fair use, you’re not allowed to copy it. Everybody’s is, okay, for our following, any questions at this point?AJ:                I have some opinions about that. It’s like, okay, let’s say that I created a function that has the signature of three items and I rename them from I, in and x to j, m, and y.Bob:              Here’s the question. If you actually did rename them, then yeah, it’s copying. If you thought of it on your own and you came up with different names, then it’s not copying. I’ve written a textbook about this stuff and I’ve defined something you’ve probably heard of called a Clean Room. Clean room make sure that if something looks similar, it’s wasn’t copied, they just look similar.                     If Google really had wanted to avoid this question altogether, they could’ve set up a clean room where they redeveloped everything on their own. It was agreed between the two parties that they redeveloped all the, what they call an implementing code. All the code underneath the APIs. Google admitted that we just copied the APIs, they said, “We copied them because we want people to use them and we think that’s okay,” Basically, it’s not like they came up with the same kind of thing, they specifically said we copied them.                     It went back to the first judge for a new trial and the second trial was not whether it was copyrightable but whether it was fair use. Here’s the problem I have with Google’s argument here. They basically said so many people are using this that is for the public good that they continue to use it. That we’ve got millions of people developing for android and therefore, what we did was an advantage for the public. To me, that the equivalent of saying, “I stole your television but I set it up in the neighborhood so everybody could watch it, so it’s not theft.” But they won on that argument. It’s undergoing appeal but I’ve read at least one law professor’s paper and he said, “Fair use is such a gray area that it’s really hard to overturn any fair use arguments.” Most likely, Google has going to have won this on their fair use argument.Charles:        That’s Google and Oracle. I think it’s really interesting, the nuances here. Am I likely to run into a scenario like this? Not exactly like this but where I may take somebody’s code and they may have an issue with me copying their API or something like that.Bob:              I think potentially, you could but if you’re making under $10billion a year, probably, Oracle’s not going to care. Part of it though again is, I think if you look at why Google didn’t change the things that they copied, that they admitted copying, they didn’t change it because they wanted to leverage what Sun had been doing for years. I think that’s big issue. If you copy an API but changed it around, then I think it’s harder for anybody to make an argument that it harmed them. Or that you were leveraging somebody’s efforts. Technically, it may not be allowable but probably nobody’s going to come after you. If they did, the other thing you’ve got to think about is damages.                     In most cases, copying someone’s APIs, even if it’s found to be true that you copied them, very few programs are purchased because of their APIs. But, Java is one of the programs that people, that Oracle I think made a great argument because Google said, “We want people to know how to use this.” There was an email that came out that said, “We can’t afford to take time to train everybody in new APIs. We’ve got to use something that everybody knows already.” In my opinion, that should’ve really turned the case against Google, that one email should’ve done it but it didn’t.                     I just don’t know if that make sense. The thing is, it was the economic value. Most of the time is you copy APIs, there’s not a whole lot economic value in it. From a practical point of view, you might be doing something wrong, you might be able to call it fair use, my advice is, don’t copy. You can look at an API. Actually, copyright law says, it’s very clear, that you can reverse engineer things, you can study them, you can learn how they work, you can learn what their efficiencies are and why they work, that’s the whole point. You just can’t copy it.                     If you set up a clean room, which isn’t that difficult, you can have one person study something right up everything about it and then hand it through an interest, unbiased third party to hand it to another developer and say, “Here, develop this on your own.” The second developer won’t know what the code originally looked like, if it’s done correctly but they’ll know exactly why it worked, what its advantages were, what the optimizations were. That’s perfectly legal and Google could have done that, it’s not like they didn’t have the money to set up a clean room.Jamison:       That sounds like something out of the [0:32:41.7] the solution to this problem. It’s the same thing in my head. I get how there’s a legal distinction between them but I don’t understand how that legal distinction makes the world a better place.Bob:              In my opinion, what it does is, there was a case years ago called Nintendo v Atari, was a big case. Atari wanted to make game cartridges for the Nintendo game machine, this was in the 70s. Nintendo had a copyright and they said, “If you want to make game for our machine, you have to pay us.” They had a really tight control and they didn’t allow the freedom of expression for people to make their own games. Atari reversed engineered Nintendo’s game console, figured out what the interface was like and then gave that to some programmers and said, “Here, make cartridge that uses this interface.” That was perfectly legal because they didn’t copy anything.                     Before anybody says anything, Atari made some really stupid mistakes. If they had stopped there, they would’ve been okay. The whole point was, the judge said, “We want to encourage people to copy but we want to do it in a way that they’re copying ideas not actual code.” They said, “We want people to learn from other people’s ideas but don’t want them to literally copy what they’ve done.” The problem is, Atari actually ended up copying some of the code, they just got lazy and they said, “Hey, let’s just take this piece of code here and use it.” It killed the case for them plus they did some other things that were just kind of gray that the judge didn’t like. Ruled against Atari. But the whole idea of copying ideas and concepts is okay.                     I should add to that, it’s okay if you learned it independently. If you worked to the company and learned it, then it’s not okay. But if you reverse engineer something, reverse engineering is perfectly okay.Charles:        Is that what protect against then? I essentially engineered the way to do a specific thing and so I have a patent on that and then even if somebody else does reverse engineer it, if they reverse engineer it and figure out how to do it the same way I did, then that’s covered by the patent and they can’t copy me.Bob:              That’s exactly true but that’s why patent has a limited lifetime. People that argue about whether the lifetime is too long or too short. The one perspective there is, if you want to copy how something functions, the only way to do it is with the patent. You can do it with the trade secret but if somebody else figures it out, and they didn’t steal it from you, then they can do it, if you don’t have a patent. You figure out this great new machine for, a new way of lighting, turning electricity into light. You don’t tell anybody and somebody else happens to figure it out, there’s nothing you can do. But if you’ve got a patent, then for up to 20 years, nobody can do it even if they didn’t do anything wrong, they just also figured it out.                     One thing that people don’t think about is, before we had patents, when people invented something, they would keep it absolutely secret. They’d fight over it. It was important the big war is over great inventions. As soon as the inventors died, nobody knew how to create it anymore. Eventually, I think in the 1600’s maybe, I could have the date wrong but I think it’s 1600’s and people start government's. Well it actually goes back beyond that but technically patents themselves were I think around the 1600’s where basically, the government would say, “Okay, since people are dying with their inventions and were not making much progress, if you tell everybody how it works, we will enforce that nobody can copy it for certain amount of time.” I think if you look at economics, innovation took off that period of time when government started protecting inventions like that.Charles:        If we’re going to talk about patents then, software patents, I hear the collective groans of our listeners. When you hear about these patent trolls or in podcasting, there was a patent troll for podcasts where they said they invented podcast and we see three or four of those. What’s the deal there? What is there to patent about software?Bob:              I personally think there’s a lot to patent. I think there’s a lot of bad patents and I’ve seen them when we do work for companies. I’ll give you an example, this is a terrible example. I was once flown into Southern California and met up with a professor and a company that hired us to assert some patents against the big companies. He and I has spent the entire day looking at these patents. We’re hired by the client, we want to do the best job we can for the client but at the end of the day we said, “All of the stuff has been invented before.” This was actually a hardware patent but there’s a lot of software patents like this. We said, “All of these stuff has been invented before.” We’ve got documentation on it.                     You can interpret patents because it’s not always clear what they mean. You can find an interpretation, we tried to find an interpretation that was valid and we couldn’t do it. At the end of the day we said we just can’t do it and they thanked us and they paid us and I didn’t hear from the company until four years later when I read that they had successfully sued some very large hardware companies. That’s unfortunate because I think they had bad patents and they found someone who was willing to support them. They went to court and the jury or judge didn’t understand, probably the jury didn’t understand the technology and maybe the expert that they found looked really smart and they won a judgement.                     I’ve actually spent my career trying to stop that kind of things. Having said that there’s a lot of bad patents, I still think there’s a lot of good software patents and I think that the solution to that problem is to fix the patent office which doesn’t do a good job of understanding what the invention is and it’ll allow bad patents for stuff that everybody’s been doing for years and it’ll also disallow patents for really unique things that are being done at the patent office just doesn’t understand.Charles:        I had an internship when I was in college and it was writing patent applications and the amount of research that goes into those and things like that. It’s pretty crazy, if they come up with a new or noble way of doing something, then I definitely agree. They should be able to profit buy it for certain amount of time but by revealing it. We get the kind of advancement that you talked about where the state of the art is moved ahead because even though I can’t do whatever it is that the patent covers, I can look at it and go ahead to the next thing or the next few things because now I understand that principle behind the invention.                     It’s really fascinating to me when we see this in software. I know that you can also patent business processes so you can get a patent for that, you can get a patent for software algorithms and things like that. The actual codes are covered by copyright. Nobody’s going to go and look through the US patent trademark office and say, “Okay, I’m looking to make sure that there’s no patent for this thing before I do it.” They’re probably just going to do it especially in software and then you see somebody come along and actually sue them and then some cases, as you said, the patents solid and the case is solid and sometimes the patent is not solid. But how do you look at that case and go, “Okay, this is wrong and I’m going to stand up to it.” Or how do some of these companies actually decide, “You know what, this isn’t a good patent but we don’t actually have the resources to fight it.”Bob:              I think it’s a good question. I don’t exactly have a solution for it. I do know that somebody bringing a case. The term patent troll is thrown out a lot and I have a history, I can tell at some point about that but part of the problem with that is, it’s applied to any company that has patents that somebody doesn’t like. All these companies get [0:42:10.3] together. Some companies do bad stuff with their patents. The companies I really don’t like, although I think the solution is simple. I don’t want to say the podcast necessarily haven’t looked into it but the kind of thing where company goes and says and sues thousands of people for a thousand dollars each, saying you’re infringing our patent. That’s just a way of intimidating people into paying. I think everyone I know agrees that’s bad and should be stopped.                     The companies that try to license patents, they always try to license. The thing is, most big companies don’t want to license, they basically say, “We’re not going to pay you unless you sue us.” That’s not always the case but the lawsuits usually start out as a negotiation. When there’s a negotiation between big companies and one’s got a patent and maybe it’s an NBE, it doesn’t practice anything, I don’t like the term patent troll because it starts with an assumption that they’re doing something bad. They try to license but the big companies say no. If the patent’s no good, most of these companies will stop because it can cost them $10million just to sue somebody. Even if it’s a great patent, the $10million you’ve got a chance of losing and you lose your $10million.                     I think suing someone over patent infringing when it’s not as easy as some people think it is. It’s a hard calculation that I don’t know what the solution is. Thing is, you get big companies. Let me give an example, years ago, I worked in a very small industry that was probably about a $30million industry. The key player in the industry was about a $10million company and then there were bunch of like one or two million dollar companies. $10million basically decided to sue everybody for patents infringing because they knew that all the smaller companies will buckle. These were real companies. They weren’t trolls or I mean technically no trolls or NBEs. All those manufactured something. But the big company knew that if they sue everyone, they just give up and they ended up buying up all the little companies because they couldn’t look forward to fight the patents. Until the company I worked for, they realized that their insurance covered the patent litigation. They said, “Okay, come on and sue us because this is our insurance company, this is going to pay for it.” They got into a lawsuit in turns out the big company went under because they little company had this insurance policy. I don’t know what the solution is, I honestly don’t but I think there’s a lot of issues in business like this. People sue over all kinds of thing and I don’t think it should be isolated by itself. It’s part of a bigger issue with companies suing each other.The other thing I was going to say is I worked recently, about two years ago for a company that in the present was called a patent troll. It was really unfair because this was a company of really smart engineers who work for a large semiconductor company. They invented a gaming device, they left their employer, set up the company, patented to it, manufactured it, got in on shelves, sold in online but there was a giant company that I think I can say, it was Nintendo, who basically thought of the same thing around the same time. Nintendo of course got all the shelves base in all the stores. These guys couldn’t get on the shelves because nobody wanted their little company to put the product in their shelves. They continued selling it online and they eventually sued Nintendo for patent infringement and people called them a patent troll and these were definitely not a patent troll. These were four guys who invented something great, they even had negotiations with Nintendo.                     I’m not saying Nintendo stole the idea but they were trying to get Nintendo to buy the idea from them. Even through the litigation, they were still selling products online. This is not a company that never produced anything and these guys spent their lives savings trying to get through the litigation, they eventually got a settlement. I think they went back to their previous employer because after the settlement, they had really earned up the money they got. They burned it up because of the litigation.Charles:        The way that it works isn’t always the way that we wish it would work.Bob:              The other thing that happened to me, before I ever got involved in this kind of work, I developed some software that I sold to a medium sized company. I just mentioned a small one that that stayed in business because its insurance covered a patent case, a patent litigation against a bigger company. Without naming names although it’s available on the web I think and in my book. This company grew to a nice size and I also do a lot of consulting work designing hardware and software for them. I came up with this product and I started selling a software product, I started selling it to them and they needed it for one key industry that they were selling their product to it. It wouldn’t work without my software. They were happy to buy my software. They were bought by a much bigger company who wasn’t happy to buy my software. After few years, they basically tried to buy my software from me and we couldn’t reach deal. They said to me, “We’re going to make our own version.” Friends convinced me to patent this, I thought the software was not patentable, it isn’t obvious, it was something I thought of in a weekend but it took me months, if not a year to get this thing working. I said, “Well, I thought in this in one weekend, how difficult can that be.” But again, it took me at least six months to actually implement it.                     Friends convinced me to patent it which I’m very glad I did because when the big company, when we couldn’t reach a deal, they said, “We’re going to do it ourselves.” And I said, “But I’ve got a patent on it.” they said, “We don’t think your patent’s any good.” They dropped my product, my sales went to zero and they started selling their own product. I’ve been working with them for seven years. They knew exactly how everything worked. I went to a lawyer and I said, “What do I do?” He said, “Well, we could sue them but it’s going to cost you a $100,000 retainer fee just to get started plus we’re going to have to buy one of their machines to show that it infringes.” Their machine costs a minimum of $1million, there’s $1.1million just to get started.                     Obviously, I couldn’t afford that. What I did is, I was thinking was thinking about what to do when a friend of mine recommend that I sell my patents to an NBE. They “patent troll”. I talked to them and they bought my patents and they had enough money to go after the big company and I didn’t. I didn’t see them as a patent troll but I saw them as a patent white night. Here was a big company that basically knew I couldn’t go after them. They thought they could do it without any damage but when I sold my patent, I think things changed for them.Charles:        That is really, really interesting.Bob:              I should ask too, when I first developed a software and I went to them, I’ve been working with them on projects on and off for years and I had a really good relationship. I said, “Hey.” Because they came to me, they said, “We need a solution.” And I said, “Well, that happens to be a solution I’ve been working on.” I gave them a demo in my house, in my bedroom, I set up a little network and I set up my software and I showed the m how it worked. They basically said, “Oh, we’re working on the same thing. We should have ours done in a few months. I said, “You could buy the rights to everything I’ve got right here really cheap because to me, it was like extra money on the side.” They didn’t want to buy it because they were so certain they were going to have the same thing in a few months. Year later, they called me and said they hadn’t been able to get to the version working so they would like to buy mine. That’s was what convinced me to patent it because I realized that in a year, they hadn’t gotten theirs working, it must be more valuable than I really thought.Charles:        I want to change directions a little bit. I think the stories are really interesting and kind of illustrates to people maybe you should think about patenting or otherwise protecting your software. I think a lot of places that people really worry about their code and intellectual property and things like that are in the cases where they’re doing open source work. A lot of people use various licenses for different things. But how do you know whether or not something, because even open source, the code is copyrighted, how do you know whether or not you can actually use something and what the restrictions are there?Bob:              That’s a good point. In fact, some people don’t realize that open source works only because of the copyright laws. It is copyrighted and then anyone can decide to give a way and either rights under whatever conditions they think are reasonable. There are companies that will examine code to make sure you’ve met all the requirements but there’s a lot of requirement and they can do licenses, the DBLs get pretty complicated and there’s different versions of them. There are companies that can guide you through that. What I can tell you is that, I think things are changing a bit. But years ago, most major companies use open source code without following the license terms.                     Developers, a lot of times would say, “Hey, I need this code. Worry about the license later.” And they will just integrate it and nobody ever talked to the lawyers or talked the executives or worried about it. The other thing was, honestly, I think if people thought about it consciously, they said, “If the opens source community is making zero dollars off of this, and they sue us.” I don’t know if this was a conscious process but I know there’s somewhere in the process, “If the opens source community sues us, what’s our damages? It’s zero because they weren’t making money anyway. Okay, let them sue us then those spend money have lawyers and then their damages will be zero.”                     A few years ago that changed when somebody started money for the lawsuits and then you can win statutory damages which means there’s a minimum amount of damages you can win without showing that you’ve actually been damaged. I figured who was sued, BusyBox sued Cisco, the thing is BusyBox and Cisco. I think companies just started cleaning up their code before that everybody just copied and didn’t worry about, I shouldn’t say everybody but a lot of people did. I don’t know if that answers your question.Charles:        It does a little bit. I guess the question is, one, how do you decide which license you want to use on your software and the other is, how do you evaluate whether or not it’s software or a library you want to pull into your code now that you understand that if I’m using this without following the terms of the license, I could conceivably, actually get sued.Bob:              I think from a realistic point of view, you probably won’t get sued unless you’re making a lot of money because even the open source community doesn’t, I’m not saying that’s permission to copy but from practical point of view, you might want to consider that, if you’re doing it for a home project whether small company, you’re probably not going to get sued. Again, I’m not saying it’s okay to copy, it’s just a practical issue.                     For the other question, there is a company called Black Duck, are you guys familiar with Black Duck?Jamison:       No.Charles:        I’m not.Bob:              Let me backtrack a little bit. I’ve got a company that compares code, I mentioned that. We’re used in copyright litigation cases, software copyright litigations, our tool could code [0:54:46.4] to compare code and find out if it was copied with human intervention but it allows you to make it a detailed comparison. Black Duck has something similar but to be perfectly honest, this is not it to integrating them anyway. Their tool does not do as exhaust typical Javas jobs does, it dos but it’s not intended to. There’s a development tool that as you’re writing code, it can actually search the internet and find out if you’ve just cut and pasted open source code. If it does, it’ll pop up a flag that will tell you what the license requirement are or you can take a code based and have Black Duck go through it and they will tell you what are the license requirements are and where the different code came from.                     In that case, at that point, you go to a lawyer, this guys are very expensive, they’re not in house lawyers. But the lawyers who had an open source, when I talked to them is, they charge a lot but they will go through and talk to you and make sure you’ve met all the license requirements. It’s not an easy process. Did that kind of answered the question?Charles:        Yeah, I think so. I guess the other question is, how do you determine if something was copied. You talked a little bit about the structure, I guess the part of it that I don’t get it, how can you tell which one’s the original?Bob:              I’m glad you mentioned that, I was going to bring that up. There’s no quantitative way, but try to make everything quantitative. When you run codes to compare code, you’ve got a correlation square of zero to a hundred. You can use that as a basis. But for determining who copied, it’s more like real detective work. In the training course that I give, in the final exam, you’ve got to show who copied from whom. There’s clues that you could use through over the years but it varies from case to case but I can give you some examples.                     In one case, we’re running on a really tight schedule, the initial comparison. The law firm was in Washington, DC, I’m at here in Silicon Valley. A colleague of mine and I were finishing our comparison on the plane trip to Washington, DC to meet with the client in the law firm. We’re working from the defendant who said they hadn’t copied any code, it was big company and were accused of copying code. Everything looked good in our analysis, we’re doing it on the plane going over the results of the codes with comparison. Without wearing a good shape, I went to give the presentation at the law firm with the CEO of the company, the defendant there. We put up to two programs side by side and we said, “We found that there’s no copying and I’ll show you here’s an example of something we found and it’s very similar but we can explain all the similarities and I’ll explain them to you one by one.”                     I stood there looking at it for a minute and I said, “Oh, there’s something I didn’t see. Now that I’m looking at it closely I see and you have a problem because you did copy code.” And he said, “How do you know that?” And I said, “We’ve got a whole bunch of lines of codes that are pretty generic in both programs.” And they looked at them side by side. Our reasoning was, well they’re just generic lines of code, they were doing something simple, I don’t know what he was doing but something that any programmer would do and this is the most likely the way they would do it. Then I noticed something, in one program, every place there was a comment in one program, those are blank lines in the other program. What are the chances that two people will write code independently and happen to put an arbitrary blank lines in one program? Where there happen to be comments in the first program?                     What they told me is, the program with the comments was the original program and somebody had deleted all the comments and that was the copied program. In that case, there’s no rule for that so you just look at it. But nobody would leave blank lines there for no reason unless they were taking out comments.Charles:        That make sense.Bob:              You see things like that, that part is kind of fun because it’s like solving a puzzle that nobody has solved before. It gives you a really good feeling when you can do that kind of thing.Charles:        Yeah, that make sense. In that case you’re protecting somebody out there.Bob:              One issue that I’ve got is I know there are experts out there and consultants who will say whatever their clients wants them to say. I don’t do that and the people that work for me won’t do that. I’m very strict about that. I could have gone in and told the client that they were okay when they weren’t. I can give you some examples, I’ll just give you one example of the opposite extreme of some unethical behavior that goes on.                     But I once had a case for defendant who stole a plaintiff who said that somebody had copied their code. They had a license agreement with another company to use their code. When the license agreement run out, the other company appeared to still be using the code even though they didn’t have a license to it. My client was a small company, the plaintiff and the defendant was a really big company. The lawyer said, “We’ll examine the code and see we can find whether they’re still using it. Just go their website, download the code and see if you can determine whether they’re still using our client’s code.”                     I went to the website, downloaded an application and it consisted a whole bunch of file and one file was a bit for bit copy of my client’s code. I went to the attorney and said, “You don’t need me to do anything. This is the exact code, here it is, being used. It’s the binary. You’ve got a slam-dunk case.” He said, “Okay, thank you very much.” Something like six months later, he called me up and he said, “Okay, they found a report that says they’re not using the code.” We have to rebut it. How could they say that? It’s bit for bit compatible, it’s bit for bit identical. I read the expert’s report, the defendant hired an expert who said it was coincidence that these hundreds of thousands of bits happen to be the same. Unfortunately, that’s the kind of thing we run up against once in awhile.Jamison:       Seems like you can always pay someone money to tell you that you’re right.Bob:              Yeah, there’s a lot of pressure on experts working on these kinds of cases. There’s a lot of money at stake. It could be anywhere from a million dollars to a, in the Oracle Google case, it was eight billion dollars. You’re under a lot of pressure to give the attorneys and the client the answer they want and I think it takes a lot of determination to not give them the answer they want. I’d say, most lawyers that I’ve met are pretty ethical, are very ethical, most of the once I’ve met. There are exceptions to that but even being ethical, they would put a lot of pressure on you to say what they want by saying, “Can’t you see this way, is it possible you’re wrong, maybe explore this.” A lot of people give in to that pressure and just say, “Yeah, you’re right.” It’s hard to resist.Charles:        One thing that you gave to us in the notes that we got from you before the show was, you mentioned that the Congress in the Supreme Court are changing patent laws, do you want to talk just briefly about that? We only have a few minutes before we have to start wrapping up the show but I think it’s an interesting exploration into. Are patent laws are getting better or worse and why?Bob:              In my opinion, they’re getting weaker which some people are okay with, I’m not. The best example I can give you is, Congress passed the America Invents Act which were former patent laws. Previously, somebody mentioned business method patents. Actually, with the America Invents Act, they’d made it virtually impossible to get a business method patent. I’m not so sure that’s a bad thing, I think business method patents are the kind of thing that nobody’s convinced me they were good idea, they’re the kind of thing where you say, “Hey, if I give you money and you give me ten percent interest and give five percent to a charity and the other five percent goes to my friend and then when my friend gets married, he gives me half of it back and I’m just making something up. I’m going to patent that.” To me that’s not what patents were meant for.                     One possibly good thing about the America Invents Act is it’s, made those kind of business method patents for just people doing things is virtually impossible to get it anymore. But, the worst thing that’s happened in the recent years, the Supreme Court, every few years changes its mind on patents. Even if you think it’s going in a good direction, it means that every few years the law changes, cases change. You can be in the middle of the litigation where you think you’re going to win your case whether you're defendant or plaintiff. Suddenly, the Supreme Court passes a new law that changes everything and you have to go re-evaluate whether you’re going to win your case.Charles:        I’ve read the constitution. I have an issue with this Supreme Court passing laws at all.Bob:              I should say, technically they’re interpreting laws.Charles:        It’s the same thing, we’ll skip the politics.Bob:              One thing they’ve done, I think patent attorneys across the board are pretty upset with this, regardless of what you think. Some patent attorneys are okay with it but the majority, they’re more upset because there was a decision called Alice v. CLS Bank, it was called the Alice decision, that was the name of the company. The Supreme Court basically said, “Software patents are legal or enforceable. Software can be patented.” There’s no question that software can be patented. However, anything that consist of a series of steps on the computer is not patentable.                     I’m paraphrasing but basically, everybody is scratching their head and saying, “What do the Supreme Court mean by that?” It seems like they’re saying software’s patentable but software’s not patentable. It’s really thrown a monkey ranch. We have actually federal court judges who are basically saying, “I don’t know what the Supreme Court meant so here’s what I’m going to do and they’ll have to tell me if I did the right thing.”Charles:        Oh, man. My programs aren’t a series of steps, they're actually algorithms.Bob:              In that case you have no problem.AJ:                I use heuristics.Bob:              Heuristics, I don’t know. I think you can probably get patent for that too.AJ:                I thought I was just using another name for algorithm.Charles:        We got to start wrapping up but this has been really great conversation. We’re going to do what we call picks. They’re basically just things that we like that make our lives better and you’ll kind of make the gist because I’m going to make everybody else go first. Aimee, do you want to start us off with picks?Aimee:          Sure, yup. I know I’ve been quiet today. I have one pick, I think I saw this on hacker news but I thought it was pretty good and it goes along with something I picked a couple of weeks ago. Cognitive bias cheat sheet. It’s just something I’ve been interested in lately and trying to make sure that I don’t do this. It’s a good medium blog post and then there’s actually diagram and with all these different questions and things to consider. I’ll put a link to for that in the show notes.                     My other one, I have a food one. A friend of mine introduced me to these bagels that are like crazy healthy and like are really, really good. I know Jamison does like a protein so, Jamison listen. Maybe you want some of these but they’re from [1:08:11.7] foods, they’re so good. They have like 260 calories, 20 grams of protein, 5 grams of sugar, 20 grams of carbs. I’m blown away by how much of protein are in these things and they taste really good. That’s my food pick and that’s it for me this week.Charles:        Alright. AJ, what are your picks?AJ:                I’m going to pick Let’s Encrypt. Indiegogo has a new thing that’s basically go find me, it’s like a non-profit race type of thing. Let’s Encrypt is now on there and they're proud to report that they have raised HTTPs on the internet from being at 40% to 48%, I think that’s really cool. I’m also going to pick my company Daplie because we got our Wefunder going which is crowd equity campaign and already [1:09:16.0] for our product Cloud and I just want people to check it out if you’re interested in having a secure plugin play home server or your developer that likes the idea of being able to program at home but you don’t like the idea of having to set up DNS and IP addresses in the main names and all that. I’m trying to come up with a new music lately. I will pick one more thing, Cartography Bros is an album available on OverClocked ReMix I think it was where I found it. It’s some cool dubstep Mario ReMixes. Those are my picks.Charles:        Awesome. Jamison, what are your picks?Jamison:       I have zero pick. Today is a pickless day.Charles:        I’ve got a few things that I want to shout out about. The first one is, is that I’m very sad that I won’t be able to go to Micro Conf. this year. But if you’re an entrepreneur that’s looking it growing or start to get business, you should definitely check it out. It’s is Las Vegas, it’s in the beginning of April. We just planned a vacation at the same time. I’m going to Disneyland with my kids instead of going to Micro Conf., you know which I’d rather do. Anyway, Micro Conf. is awesome, go check that out.                     Another tool that I found that I really like is mindmup.com. It’s a mind mapping tool that will actually save your mind maps to Google Drive which is way awesome. If you’re doing some mind mapping and you want to put it in Google Drive with all your other documents, then definitely check that out.                     Finally, I’ve been playing a lot of words with friends with my family and friends and that’s been fun. I’m going to pick that as well. I guess I have an announcement and that is, that all of the conferences, remote conferences for next year including JavaScript or JS Remote Conf., I also have NoSQL Remote Conf. this year, if you’re interested in that. You can go check all of those at devchat.tv/conferences. I have them all at allremoteconfs.com before and I’ve just decided to move everything over. I’m moving that over this week, I’m moving all of the webinars stuff and cleaning that up so you can see the webinars I’m doing lately about how to find a job and all that stuff. Devchat.tv/conferences and Devchat.tv/webinars for the webinar stuffs. Bob, what are your picks?Bob:              I hope you don’t mind a couple of self-serving picks. One of them is my novels that you can get on Amazon/ Good Intentions which is about a world in the future, maybe not too distant where the government takes care of everything for you and everybody’s happy and you don’t have to think about anything. The second novel is Horror Flick which is about a movie that’s so bad that people die watching it. That counts my first pick, I hope.                     My second pick is my Silicon Valley napkin, in the 80s I invented this novelty item. You’ve heard companies getting started on the back of the napkin. These napkins have it all planned out for use, you just have to check a few boxes and then you become a Silicon Valley multimillionaire overnight and you can buy them online or you can visit them at the computer history museum in Mountain View, California, see them on display, the originals and buy your own at the gift shop there.                     Thank you very much for having me, by the way. I have really had a good time and I hope everybody thought so too.Charles:        Yeah, this is great. I really love [1:13:04.9] and everything too. Thanks for coming. We’ll go ahead and wrap this up and we’ll catch everyone next week.

Sign up for the Newsletter

Join our newsletter and get updates in your inbox. We won’t spam you and we respect your privacy.