Looking through some of these URLs through Google cache, a lot of these contain verbatim copies of the problem text. Fair enough, legally speaking, if you are the copyright holder.
However, in the DMCA itself HackerRank asks for the removal of entire repositories, claiming "the whole repository is infringing copyright as it contains the solution". This is a blatant lie, HackerRank is not an automatic copyright holder of any solutions to a problem they published.
I think the DMCA is incorrect but the copyright argument might be correct, as in, I imagine that the starting code was provided by HackerRank so they have the copyright. The solution is a whole different thing.
The hashes will sum to something. To do it, at least as far as I understand, you'd have to use https://git-scm.com/docs/git-filter-branch . This will create a divergent history and the new master branch or any other branches that exists will have to be forced pushed. As far as "but local copies of the repo will have the 'problem files' still" - Yes they would. All parties would have to be notified of the legal request.
I'm not a copyright expert but it seems like enforcing this is another step in the erosion of fair use. Something about transformative works. The problem was transformed into a solution.
On the other hand hackerrank's terms of service should have banned this activity. I would imagine it does. I'm not sure how much leverage that gets them legally though. I suppose once you intend to publish it you're no longer an authorized user, and then you're violating that https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act we see get applied harshly from time to time.
No, that's not how it works. (Finding a hash collission for an existing hash would be a preimage attack, and that's not possible for SHA1 with computing power available to humans.)
... Or even against MD5, IIRC, which is why you are still kind of able to use HMAC-MD5. You probably still shouldn’t, but I don’t know of any other symmetric authenticator that is as short and requires neither vast tables of constants nor 64-bit operations for an implementation. (For all the recent lightweight crypto work, the only cipher I can reasonably see myself implementing on an oldish ATMega without disgust is the NSA’s Speck, with all the accompanying caveats, and there isn’t a single hash of a comparable complexity at all.)
I never wrote shattered is a preimage attack. What I wrote is exactly correct. There are multiple preimage attacks, neither of which I referenced.
A first preimage is where one searches for h(m1)=h(m2). A second preimage attack is where, given m1, find m2 such that h(m1)=h(m2).
It's best not to give the incorrect impression when discussing something exact. As with any crypto, the construction is either valid or not, but it is actually the use of the construction that determines real world correctness.
For example, if SHA-1 is used over input where there is known data in specific positions, that is quite different to SHA-1 over unknown data. In pratice, the first is often the case.
Copying the question text verbatim certainly is copyright infringement (and I would guess unlikely to be fair use, but I'm not a lawyer). If you give the problem in your own words, it won't be, just like your solution isn't.
> A "derivative work" is a work based upon one or more preexisting works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which a work may be recast, transformed, or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a "derivative work".
That's not how copyright works. Simply rewording each question will still violate copyright when you're copying all of the questions. I couldn't just reword Harry Potter and republish all of the novels. Likewise, copying some small portion may fall under fair use.
I believe (and I’m not a legal expert here), that what the commenter is alluding to is the “moral rights” over a work. This is more common in the UK and Canada. When I worked for a Canadian company (I’m a U.S. American) part of our IP release for works-for-hire included a waiver/transfer of rights specifically for the “moral” or “authors” rights, which were explained as being the “spirit” or “whole” of works we created.
It’s a legal construct, but I was never satisfied with that explanation. The gist was that while we could transform things that we learned or did, we could not re-use the ideas that formed the functioning product in other works elsewhere, even by transformation.
Doesn’t the Berne convention specifically make moral rights inalienable? The whole point being that you may transfer redistribution rights, etc. to somebody else, but they still don’t get to (affirmatively) claim they wrote it (thus can’t even try to pressure you to allow it)? Am I misunderstanding or is the local (and likely original) definition of “moral rights” different from the one in the convention?
Seems to me that’s the simplest and most intuitive point of view. Can you imagine publishing a question and then owning the copyright to every answer to it someone writes!?
There is a difference between "Questions" and "test questions with a known specific solution". One could argue (I would not) that the solution to a test question is an integral part of the question and therefor if the one can be protected by copyright, so can the other".
While that would apply to simple maths questions — 16x16 is always 256 — I don’t see that applying to HackerRank programming challenges, where the challenges (last time I used it) are essentially “produce correct output from this mostly-secret input”, and they don’t even mind which language you use to do this, never mind what variable names you use.
Not in the least. Copyright applies to creative expressions, not functional expressions. My solution to your problem is my creative expression, not yours.
Both a question and an answer may or may not be subject to copyright. What GP is saying is that such rights, if any, are assigned to their respective authors.
I think (or at least hope) that copyright is limited to a specific expression of a specific solution. Anything more broad would be tantamount to a copyright on basic algorithms, I think.
And what happens when there are multiple different possibilities for the solution? As is the case here, the solution can be achieved in multiple ways. It would be bizarre for one to have copyright claim over all of them.
My initial reaction to your question was that I thought perhaps Hackerrank could claim copyright on any particular solution that had either been written by Hackerrank or where the copyright had been assigned to it.
With regard to the latter, I would guess, knowing how corporations work, that Hackerrank requires anyone taking a test to assign her rights, with respect to any solution given, to the company. (To be clear: I do not like that at all.)
In the US, the Copyright Act of 1976 extended copyright to unpublished works (Hackerrank presumably does not publish its own solutions, though it might well register them.) IANAL and AFAIK, I think there are fairly stringent requirements on fidelity for a work to be considered infringing, and there is also the matter of fair use, but in practice in this case, it is Github, not the courts, that Hackerrank has to persuade.
I would guess that publishing something that advertises itself as a solution to a Hackerrrank problem might fall under trademark infringement or some such law, and something stating the particular problem being being solved might be an infringement of a copyright on the problem as stated by Hackerrank.
> I would guess that publishing something that advertises itself as a solution to a Hackerrrank problem might fall under trademark infringement or some such law,
Trade secret, rather. In fact, given the questions are supposed to be unpublished, those would more properly fall under trade secret law as well (except that the DMCA doesn't apply to trade secrets or any other form of IP other than copyright).
I was dumbfounded to receive this message yesterday. I made this project over 3 years ago and I didn’t even know about hacker rank at that time. This project was made because I was seeking a contract job and they asked me to create a leaderboard in react which i did with no code copying whatsoever. I implemented it in react hooks which wasn’t natively built into react so I used preact which had the newest feature set. If anything did hackerrank use my work to seed their tests? I see that as the likelihood. Also it could be because I used the text copy from the contracting job that asked me to create a leaderboard in the readme. In truth it could be either but this has become yet another pitch fork into a very difficult time where I have no job or money to do anything.
By the way if anyone reading knows about an opportunity for a frontend engineer please let me know immediately. But my only request is that I don’t participate in coding exams.
My company is hiring frontend engineers (React/Typescript stack), but we do have a technical coding interview. What exactly do you mean by "coding exams"? We have a ~2 hour, synchronous technical challenge that all of our engineers go through (as well as screening questions before that point). No leetcode style problems, no take-home tests though.
Hackerrank also records videos and takes random screenshots of you when you are taking a tests.
Unfortunately recruiters don’t inform about this in advance so that one could know about the privacy policy. When you are taking the test you’ve to give those permissions.
I think those images can be seen by literally anyone at recruiting company (and then I guess at Hackerrank as well).
The JavaScript function Media devices.getUserMedia() will do this, and also includes screen sharing possibilities. It will ask the user for permission first but in a test situation, there's high pressure to accept those permissions or fail the test.
What if you don't have a webcam? Most desktop computers don't come with a webcam. If you were warned in advance, you could buy or borrow one, but not if it came as a surprise.
They don't allow you to take the test without the camera. I had to retake the test someother day for Amzn by borrowing laptop. If I remember right microphone should be turned on too.
Unless you could substitute a realistic facsimilie of yourself answering the question, you would probably simply be treated as if you had declined to take the test, or be suspected of attempting to cheat. No-one who uses Hackerrank is going to spend any time trying to figure out whether they should consider you as a viable candidate, they will just move on to the next.
> Unless you could substitute a realistic facsimilie of yourself answering the question
Sounds great. Maybe some harmless pre-recorded loop. Whatever it takes to defeat their surveillance. Also I bet someday someone will come up with some AI thing to generate that video feed...
They are giving you javascript which executes on your machine in a browser you control. You can override those APIs do do whatever you want. In my teens, this would probably have served up goatse. Now it's likely to get a picture of a stick figure labeled with my name. They might get upset about defeating the webcam. They probably won't hire you. Whether you can afford to stand up to surveillance as the norm depends on your personal views and financial situation.
That functionality alone, I don't find terrifying. It's what allows web-based video-conferencing with screen sharing. However, I'd consider this an abuse of it, you should not be pressured into giving consent to do that as part of a job application.
The same goes with the terrible online testing platforms that have grown in use during COVID. They're terrible, ineffective, and an invasion in privacy.
> However, I'd consider this an abuse of it, you should not be pressured into giving consent to do that as part of a job application.
Yes, I completely agree. I hate it when Javascript gains new features and capabilities. Everyone is so happy because they'll be able to create more cool stuff, nobody seems to consider how these capabilities will be abused.
Because it will be abused. Just like video game anti-cheating software used to periodically take and exfiltrate screenshots without the user's knowledge. Reading the privacy policies of those things was terrifying.
It's fine if I actually want them to use the camera. In this case, they're using their leverage to force me to allow access to the camera in order to spy on me for the benefit of third parties.
Blocking entire repo for FindSubstring.java sounds a bit hostile? Also if the repo lets say contain general question like FindSubsring can they dmca whole repo.
Literally claiming copyright on this description for "find substring": "Given s and x, we want to know the zero-based index of the first occurrence of x in s"
There's also a number of URLs in here which have "leetcode" and not "hackerrank" in them.
A sibling points out this golden nugget from the DMCA notice: "(the whole repository is infringing copyright as it contains the solution)" i.e. HackerRank is claiming that not only they own the copyright on "How to find the first occurrence of x in s?" but also every solution to that question, which is a completely ridiculous notion.
>>HackerRank is claiming that not only they own the copyright on "How to find the first occurrence of x in s?" but also every solution to that question, which is a completely ridiculous notion.
They are in hiring business not CS education business. Their business is not helping people learn things, but helping companies hire people.
If the solutions are available online, anybody can memorize them and ace tests, And they often do. If too many people do it, the whole point of test is defeated. The more solutions are available online, the more pointless the test becomes. Which actually says more about the testing methods themselves.
On the other hand, it's realistically impossible to keeping coming up with questions that can genuinely test a person's ability to come up with a novel algorithm for a problem. That's a CS PhD at least, if not a Fields medal category problem.
I get your point, but copyright was designed to stop people stealing an authors work. The DMCA was similarly designed to help in that regard even is the implementation is somewhat questionable.
Protecting a business model such as HackerRank's was not the intention of copyright or the DMCA. Your argument almost turns the entire idea of copyright on it's head.
As I read your comment I take away a point of view of:
The HackerRank business model is predicated on keeping other peoples copyrighted work out of the hands of potential users, therefore HackerRank should be entitled the copyright of these other people.
That is not a viewpoint I could support and I don't believe many, other than HackerRank could support it either.
I know, it's just so wrong. But this is the world- as is.
Just be glad, they haven't yet patented or copyrighted a tree, graph or a linked list yet.
Wrote a tree traversal program to solve some problem in your program? Sorry that connects to some problem they own, so now your solution belongs to them.
I just checked another link on archive.org that really just explains how to do linear interpolation of a missing array element from neighboring elements. This is insane. GH should really be considered a potential single point of failure now.
They claim find substring question as their own art? I was asked this in the early 2000s and i am sure i asked this question to candidates in the mids 2000s. Someone should find proof of any early example they asked a candidate and DMCA hacker ranks cloud provider.
My blog is on this list. It was very surprising waking up on Saturday to learn my entire blog would be deleted for this, and I had 7 hours to fix it. Ended up using a repo cleaner to remove the file and i wasn't even sure it would be up today bit today but seems like I made it.
I wrote the post 6 years ago when I was trying to break into a programming job. Turns out Hackerrank was worthless for that, and shifting my focus to OSS contributions was much more fruitful. Wrote a whole thread on twitter about it with more detail
I take this as - folks pushed their hackerrank practice to share on github, and hackerrank is trying to stop github copilot from auto-filling answers to the question. It goes to show how useless hackerrank and leetcode type sites are.
Also, if hackerank claims copywrite over answers, they can promptly go fuck themselves. Jokers.
I really do hate hackerrank. Their platform is the worst for interviews, always buggy, autoformat and autcomplete never works, just an overall PoS.
Update - reading the comments pissed me off even more. We as participants in the tech industry need to stop using hackerrank altogether, full stop, immediately. They're going after developers, their own target market, with threatening legal action - scumbag move.
"cheating" on HackerRank is trivially simple - just have a second computer that you can search for the answer on. Removing some of the github repos for this is really not going to solve that problem.
But that's not really cheating. HackerRank is used to test programmers during recruitment, and I don't know a single programmer that doesn't search for an answer when stumped with a difficult question. Hell, it's Best Practice - why waste time thinking up your own (probably flawed) answer to a problem when there's an entire internet full of working solutions? As any experienced programmer knows, "google-fu" is an essential skill for a commercial coder. They should be giving points for "minimum number of searches needed to find a solution" on HackerRank, instead of trying to stop solutions being available.
The problem here, really, is that using HackerRank as anything but an educational toy is universally stupid. But that would involve explaining difficult things to HR people, and that's a difficult problem that we can't search for an answer to.
This has already been the case for git repositories since day one. What makes github unique is the workflow management for teams of developers. I think one of the issues is that people default to the easiest choice of using github or gitlab rather than self hosting their own system [1].
It's the only way, IMO. I am someone who tends to drift every few years from manager to individual contributor. Here's my take:
As an engineer, I refuse to do tests and take home projects for interviews unless the company also offers to pay me for my time and the problem seems immediately relevant to the domain. There are few other fields one would ask to to perform your work product for them before hiring, and few that it would matter (being a chef is an example that comes to mind, but there are others I'm sure).
As a manager, solving gotcha problems is rarely indicative of someone who will perform good at a development job. Give me someone who shows understanding of my stack via experience and understanding my business. These efforts to screen at this level by untrained people tells me the hiring manager is too disconnected from his hiring process, or just too lazy. All I want my HR team to do is scan resumes for at least some relevant experience before passing them on to me, and I provide them with plenty of examples, both on and off stack sometimes, of what that might look like. If I was going to suggest a take home project or a quiz app like this, I would already have dedicated enough of my time into vetting that person that I'd probably just invite them for an interview instead and do a live coding exercise with them.
Hacker rank is such a Joke. I'd never use them, and everyone I know who had used it found out that hiring people who call themselves Hackers because they can answer a quiz, aren't Hackers and suck in the workplace.
,........,........,........,........
Don't use these scammer companies, get someone who knows what they're doing to do your interviews. Or waste your money, you can do that too.
As a fun trivia: Today I learned Hackerrank, HackerEarth & CodeChef all started as Indian startups. They probably account for more than half of traffic by coders taking competitive programming as hobby. SPOJ, Codeforces, UVA are probably more algorithm focused (read: harder/complex)
Indeed, but they DO care about THEIR imaginary property, and because of that they usually don't need to be forced to enter those trade agreements as you seem to believe.
Obviously. But that doesn't mean that you know where those other people are without some central place to communicate that, say a 'git hub'. There is a reason Github was served with these DMCA notices: it's a very effective choke point.
GitHub's takedown notice template says otherwise: "Have you searched for any forks of the allegedly infringing files or repositories? Each fork is a distinct repository and must be identified separately if you believe it is infringing and wish to have it taken down."
I know this is a silly hypothetical but say I forked it and then gutted the fork and built my own unrelated project in the repo. GitHub would delete my project that contains zero offending material?
This is only true if you use the fork button. You can easily create a new repo, clone the old repo, and push to the new repo. GitHub will not show a fork relationship between the two.
Even if the history is exactly the same, GitHub only tracks forks made through the fork button. A true git fork (eg anonymous clone, push to brand new repo, preserving all commit history) is not tracked.
No, but the github server is configured as remote for anything checked out from Github. And I don't know how the remote will handle a merge (push) from a repo with rewritten history.
I was under the impression that you could 'rewrite' history if you wanted by amending, squashing, and removing commits? Or does some of the artifacts still live on?
Until Git garbage collects, it's all still there (mostly). Sure there are some extraordinarily destructive things like `rm .git/` that you could do, but even if you point a new repo at remote it might not accept the merge (push).
I'm not really sure. Try it, then take a look at reflog and see what's still referenced. Check the size of the .git/ directory as well - is it smaller? There are some ways to rewrite history in git, but until git GCs I believe that they are mostly non-destructive.
I'm sure that you could rm the .git/ and overwrite it but keep it pointing at the same repo. I don't know what would happen on the remote, though, when you push.
You can easily publish a snapshot of a bare Git repository on IPFS[0], and there are front-ends like git-remote-ipfs[1] which integrate IPFS into the Git workflow. The difficulty is that this only gets you a single snapshot. Any change to the repository results in a different CID & URL, which you then need to somehow provide to everyone so that they can see the updates. (This is where IPNS would come in, except it's still a work-in-progress. PubSub for name resolution helps but it's not enabled by default yet.)
You are welcome to your opinion of course but Github has become a pretty essential part of the workflow for many projects, closed and open source both. That it is possible to work around that doesn't diminish that, it's just how people are currently using it. I would have preferred a much more decentralized solution, I always thought it was a mistake that the git core left room enough for the likes of Github to establish themselves as gateways to various projects.
Unfortunately that’s an incredibly weak argument, since the need for safe harbors is a direct consequence of previous oppressive, draconian (and IMHO anti-humanity) legislation.
I absolutely get why EFF is engaging with this from a practical perspective, but the longterm solution is to stop enacting insane and fascist legislation…
Most of them are simple modification of algorithm course like A star algorithm, DFS, BFS and they have gall to dmca repo. Idk how can HR is so spineless to report such DMCA. Companies shouldn't use such platform to write coding question.
The standard practice while designing these questions is to take what already exists(Classic DS/Algo questions, questions on other OJ sites) and then add puzzle aspects to them, or a slight variation in the solution that involves a 'small trick' to it.
Leetcode almost feels like the defacto question bank for people who want to do interview prep. People just take questions from there and add small variations to it.
At this point in time this is worse than judging math skills by checking a persons memorisation of multiplication tables. Only people who ace these tests are unproductive at their current jobs, and spend whole days memorising these things.
If you are hiring based on these tests. You are quite literally hiring wrongest possible people for the job. Nobody answering these questions are inventing novel algorithms for the questions asked.
This was 100% the case for a startup I worked for 4 years ago: we actually used hackerrank and asked 3 of their questions.
We realized that the people who better answered them were college kids /recent graduates who had specialised in algorithmic puzzle solving. They mainly programmed in C , but their code was way too far away of what you would like to see in a production environment.
The best people for us were the ones that had spent their free time checking different technologies and doing crazy projects (like reverse engineering something, or developing a small game)
This is so important and most people don't realize this. Ability to build things quickly, make tools, write/rewrite stuff. All this is so much more important than memory skills, or even for that matter novel algorithm design skills(even questions that demand novel algorithms are rare in most production environments).
That given, it's a shame that our interview skills are no where close to hiring people who can build anything at all.
The problem is a lot of these top companies have tons of money and time, to spend doing these things. They can even end up hiring the wrong people and it wouldn't matter all that much because they have lots of money, and every once in a while a genuine contributor slips in and makes up for everyone else.
Now everyone wants to do this, when they don't have the same conditions.
However, in the DMCA itself HackerRank asks for the removal of entire repositories, claiming "the whole repository is infringing copyright as it contains the solution". This is a blatant lie, HackerRank is not an automatic copyright holder of any solutions to a problem they published.