[jmnicolas]

What I always wondered with remote work is how do you prevent angry ex-employees to "share" their code-base with the rest of the world (dump it on The Pirate Bay) or with your competitors (in this case you may not even know that they did it).

Of course if they live in a first world country you can probably sue them (and hopefully it could refrain them from releasing your code) but if they come from countries where the law is an abstract concept there will be no brake to exacting their revenge.

[perlgeek]

That problem exists for local work in the same way, no? If you can 'git clone' onto a dev machine, you can also copy that git repo to a USB stick.

Efficient dev environments can't be totally locked down, because often people need to experiment with some parts of the environment (for example to reproduce bugs that only happen in some environments).

[jmnicolas]

Yes but unless the local employee anticipated to be fired, most of the times they won't have made copies of the work.

When you tell them they're fired you can block them from physically accessing their dev machine.

Of course if you work on an open source project this problem go away, every employee is mandated to release their code ;-)

[moron4hire]

As a general rule, when talking about risks, you want to evaluate the cross section of Likelihood vs. Impact. Sometimes, you ignore high-impact risks because the likelihood of them occurring is just so low that it doesn't make sense to do anything about it, especially if there isn't much you can do about it. Like, "a meteor could strike our office, killing everyone inside". There's just nothing you can do about it[1], and if it does happen, there won't be anyone left to pick up the pieces anyway.

So I think you're underestimating the likelihood of employees copying code (it doesn't take anticipating being fired), and overestimating the impact it would have (it really won't do a damn thing)[2].

Every job I've had, the project code has somehow ended up on my personal computer. It has been a combination of factors. Generally, it goes that I get sick and declare I'll work from home. Either the company had provided a laptop or they hadn't, in which case I would have to use my personal PC to work. If a laptop was provided, the hardware was slow, or the tools installed were not my favorites (or particularly bad), or issues with the VPN connection/antivirus/corporate spyware software made everything slow. So in almost all cases, I've ended up with everything copied anyway.

And when I left the jobs, I had immediately deleted it. But even if I hadn't, even if I had taken and used the code (illegally), it really wouldn't have impacted the company. It's not like I would have been able to approach the clients and gotten them to go with me: typically the client owns the code anyway, I wouldn't have needed to copy the code. It's not like I could have started a competitor all on my own off of the company's own code base. And finally, the vast majority of projects just aren't that novel: why would I potentially throw myself into a den of thieves and lawyers for what is probably a crufty POS that I could replace in a weekend of caffeine fueled mania?

[1] oh, except, you know, not forcing your team to be co-located.

[2] This leads me to believe you are probably more the businessy/MBA type, rather than the engineering type. It's usually the MBA type who is most fearful of someone stealing the IP. The engineers who actually make the IP rarely consider it a threat.

[jmnicolas]

> This leads me to believe you are probably more the businessy/MBA type, rather than the engineering type.

Sorry to disappoint I'm of the engineering type. I'm also of the paranoid type though ;-)