They were mostly looking for GPL (nasty, naasssssty GPL!) code, but they also scanned for code that couldn't be accounted for in our "clean" repos. Not exactly sure how that worked (or even, if it worked at all. I think they brought smoke[0]).

[0] https://www.tell-a-tale.com/nasreddin-hodja-story-smoke-sell...

What does that mean? Why would scanning for gpl code be looked at badly? It presumably means a company is proactively abiding by gpl licensing. The only thing better would be to use gpl and share their source as well. But of course it's a legit choice to just not use any gpl'd code.

It's probably more common to just turn a blind eye to gpl code, so it's good to see companies making sure they're on the right side of it.

I'm not a fan of "viral" licenses, and agree that, if a company doesn't want to abide by the license, they should not include them, but I am also not a fan of trying to force others to force others, to force others, etc., ad nauseam.

I tend to use MIT, which isn't always everyone's cup of tea, but means that you can use my code, and it would be nice to be credited, but I won't cry myself to sleep, if you don't.

I apologize for my joke.

For work, I’ve definitely had to bury the fineprint MIT credits on some random help screen. It’s easy enough to do.

Re TFA: it’s kind of nice doing a bit of open source work on the job when you can reference or use random utility code later. There’s only so many times I want to write code for walking a dictionary in JavaScript or whatever.

As with anything, there are shades of gray and certainly more or less scrupulous ways to behave. Stealing GB’s of code is a bit much.

I work at a big tech company and if I tried something similar, I'm pretty sure it would be caught internally. Even if I managed to pull it off, all it could realistically give me is a foot in the door. Some sketchy hiring manager isn't going to be able to just sweep some $500,000 signing bonus under the rug and $100k isn't unheard of for regular engineers here anyways. As far as compensation and promotion opportunities afterwards it stands little chance of mattering for that either. For the first few months nothing I did was even used performance reviews and it's a peer driven process to rate/promote engineers.

Combined that means that even if I wanted to do this, and I found a corrupt hiring manager that wanted to play ball, I'd have to sit on that IP for a few months after being hired, slowly introduce it into the codebase, alter it in response to peer review and to fit the new code base's coding styles, etc. In the end, that would prove useful for a grand total of one peer review cycle and then it's sink or swim on my own merits from that point forward.

All that to say, yes Nvidia doesn't want this kind of thing as a company, but there are still individuals who potentially stand to benefit and there's a lot of opportunities for Nvidia to catch this before it's accidentally shown on screen to the competitor it was stolen from this far down the line. I don't know much about Nvidia's corporate structure but it kinda seems like they're trying to avoid finding out about it rather than trying to actually prevent it.

No company or manager I ever worked at, at both good and bad companies, would even think you'd be bringing stolen proprietary IP from your old job let alone allow something like this to happen under their nose with their knowledge.

They're far too afraid of IP lawsuits, as knowledge of the use of stolen IP can easily leak, and you then rating out that manager making them an accomplice, for anyone to allow for something like this to happen with their blessing. And plus, you never want to hire IP thieves, if they stole source code from their old job they'll steal from you as well.

>How was he hired?

Most likely Nvidia poached the guy on the premise he's gonna build form them something very similar to what he was working on at Valeo. The guy probably sold himself well to get the senior job at Nvidia but most likely knew he overpromised and would underdeliver, so to make his life easy at his new job, he took all the sourcecode and documents from his old job to use at is next job.

>How did he introduce the code into Nvidia's version control?

Well it's not like he was dumb enough to just dump in git all the stolen source code from Valeo with all the headers, variable names and copyright notices and nobody would notice. Most likely he kept the code on the laptop as an offline copy and only used it as inspiration for the code he wrote for Nvidia or maybe he even bluntly took Valeo's source code then pruned, redacted or renamed any and all references to Valeo and checked it in as Nvidia's project so nobody was the wiser that the code was not originally written by him.

Indeed. But the stupidity of committing a crime does not actually stop companies from doing so. Mainly because the penalties for it are never harsh enough.

Nvidia can get out of this fairly low cost then

Who knows

That's most likely the case here. FFS, the guy stole 6GB of proprietary data and police found the stolen design files pinned on his wall at home, so the guy was fully committed to his scammer role, and not just an accidental "oopsie I walked out with some proprietary IP by mistake, better discard it and keep this low key so nobody finds out".

By the looks of it, this guy, most likely a Bluecard(German equivalent of H1B) was just cheating and stealing his way up the career chain through the revolving door of the blue-chip automotive sector, until he got caught.

Companies both big and small, never ever encourage you to bring to work proprietary files and data from your previous workplaces, since that's a guaranteed lawsuit as these things always get out eventually.