Since this program uploads code to the cloud, it would be worthy to clarify if it cleans out strings before upload or not. Because if it does not, it is a serious concern as it puts secret keys in code in awful risk.
They also run a background process that needs to be manually killed to be able to uninstall. It feels like a quarantine. This is an editor plugin, is there really no simpler way to provide uninstall capability?
To clarify, on Windows the uninstaller is just one step: double click Kite from the Programs & Features section of Control panel.
Unfortunately on Mac you have to quit Kite before it can be dragged to the trash. You can do that from the menubar icon or by killing "Kite Engine". (You don't need to quit Kite Helper to drag to the Trash.) See instructions here http://help.kite.com/article/6-how-do-i-uninstall-kite. We'll be improving this on Mac shortly.
Welp - after reading through these comments, seems like privacy and code upload are huge concerns.
Might be worth it for you guys to get ahead of this, and address these issues explicitly on the home page and during installation. It will lower short-term usage & install numbers, but probably won't hurt long-term retention and word of mouth sharing.
We've worked really hard to make sure we're clearly communicating what's happening (transparency), and adding fine grained controls. We have a very clear step during the install flow that talks about how Kite works, and we will prompt for whitelisting within each of the editor plugins that can work without the sidebar (Atom, ST3, PyCharm).
We also have a security page (https://kite.com/security) that points to our various resources related to this, including more details about our control mechanisms—including .kiteignore—and how we think about security (our four principles).
We also know that some companies need on-premise Kite to make this work. We're exploring that now with customers, and would love to chat with you if it's something you need. (https://kite.com/enterprise)
I know none of these are silver bullets. Thanks for your comment as we work with users to figure out how to make this work.
We hope you'll give Kite a spin when you can—we think it's pretty transformative—and we hope to be able to address all of your concerns soon! : )
I could not find a privacy policy anywhere on your site after a few minutes of looking. This could be my own ineptitude, but it'd be good if it were easier to find. Where is it?
Is uploading code really that much worse than having closed source in a private cloud GitHub repository or pushing your closed source Python code to a PaaS platform like pivotal or bluemix?
It's not so much the upload, but the fact that it will always be unclear (and dynamic) what this service will do with a particular LOC. You might store sensitive documents in Google Drive, but it is unlikely you will type something sensitive into Google Search. Because it is a smart autocomplete feature, there will always be lack of clarity of when they delete your files, if at all.
Github and PaaS do not have any direct benefit of storing my lines of code forever. There is no logical comprehension of doing so. If they are caught, they will lose customers forever. In a service like this, however, it can always be claimed that the storage was done in order to make the service smarter. Which would be true. But it would be dangerous.
It is also worthy to note that this is a live tool. With other services, one has a chance to clean their code before upload. With this, even playing around with an API with embedded keys in your code has already put you at risk.
> It is also worthy to note that this is a live tool. With other services, one has a chance to clean their code before upload. With this, even playing around with an API with embedded keys in your code has already put you at risk.
Kite address this below, they said they're working on adding:
"Fine-grained privacy controls modeled after the .gitignore file format means that you can selectively and precisely decide which files and folders Kite indexes"
1. On MacOS X it's quite impossible to kill the helper and engine processes, so you can remove Kite.app. Something is restarting them automatically, which is really frustrating.
2. It's completely unacceptable to upload code to the cloud.
As far as an uninstall procedure is concerned, the expectations of a MacOS X user do not involve looking up instructions on a web site. The user should be able to quite the app, drag it to the Trash and clean it.
In addition the instructions you posted on the web site do not work. There are two running processes shown in Activity Monitor: a KiteHelper and a KiteEngine. Killing them both does not work, they are resurrected by some process.
I had to manually rm -rf Kite.app, and reboot the machine to get rid of the pesky KiteHelper and KiteEngine processes. Totally unacceptable "uninstall" procedure.
Adam from Kite here. Thanks for all the feedback and encouragement around the launch today. We're excited to be opening up Kite for everyone to download today.
When we launched Kite here on hackernews almost a year ago we were blown away by the enthusiasm for our smart copilot vision. Over 65,000 of you signed up for Kite in the first 72 hours, and over the past year we've been working with many of you to deliver that vision. It's taken a momentous effort, but today we're ready to take off the wrapping paper and open up Kite to the world.
Here's what we've been working on:
* Deep editor integrations: to make Kite better for smaller screens and more integrated into the coding workflow. You no longer have to dedicate a sidebar of your screen to Kite; instead, recommendations from Kite replace your editor’s autocompletions and hover results.
* Fine-grained privacy controls modeled after the .gitignore file format means that you can selectively and precisely decide which files and folders Kite indexes.
* Next generation type inference engine that uses both static analysis and statistical inference over Github. Kite beats PyCharm and Jedi by 32% on a typical Django project, offering more completions when you need them.
* Ranked completions which put the most relevant completions at the top of the autocomplete box using techniques traditionally used in web search.
Does Kite still send all your code to Kite servers as you type? I remember that being an issue the last time someone talked about Kite on HN.
I'm find with an editor or sidekick that can search stack overflow or duckduckgo or google quickly with a hotkey-- maybe keep snippets you can tag and easily reference-- but sending all my code as I type to a web service is something I'm not willing to do and something most companies won't allow.
(Copied from above.) Totally legit concern. when we started working on this we realized if we wanted to index tens of thousands of libraries, we wouldn't be able to ship the entire index along with the client. Hence the cloud-based architecture. We've thought a lot about privacy and written up our thoughts here: kite.com/security. The short answer is: we don't index anything on your computer that you don't explicitly ask us to, and our plan is to earn trust the hard (i.e. only) way: transparency, published policies, and a track record of good decision making.
One of the big things we've worked on over the past few months is giving users fine grained control of which files are indexed by kite:
- Kite only indexes directories that you have explicitly enabled
- You can create a .kiteignore file (same semantics as .gitignore) to exclude specific files / patterns.
Would it be possible to allow a # nokite at the end of lines; these would then have any strings scrambled. This allows me to know immediately that things aren't being sent to Kite rather than have to do a few checks before I write something secret.
> when we started working on this we realized if we wanted to index tens of thousands of libraries, we wouldn't be able to ship the entire index along with the client.
Why not? that's a _tiny_ amount of data for a modern computer.
I think this answer (which you used in few places here) does not address concerns people raised all over:
1) kite is useless (or at least substantially less useful) if you explicitly disable files/directories.
Example:
Customer says: This fridge I bought, poisons my good. Company: If you don't put your food into fridge its not poisoned.
Yeah, but it also not frozen afterwards, which was the reason for the fridge!
And no files/directories/lines/whatever policy does solve that problem. Partially because of 2)
2) Human errors will kill this. Just google for number of problems around security tokens, sshkeys and other thing commited to github by mistake.
I can't speak to whether they still send up all code as it's typed, but I think, for now, they're addressing this concern by offering Kite Enterprise, https://kite.com/enterprise which allows you to run kite on your servers.
"* Fine-grained privacy controls modeled after the .gitignore file format means that you can selectively and precisely decide which files and folders Kite indexes."
Unfortunately, that means that a really simple app where a developer hardcoded something like an API key, and didn't put it in a separate file they told Kite to ignore, will get uploaded.
Any system that relies on people following best practices is doomed in the real world :(
My point is that it's a lot easier to happen accidentally when the upload happens automatically and without intervention. With git, you directly specify what files you're committing (with the .gitignore as an additional safety net) and when that commit happens. It's all manual.
If I'm testing an app and I want to hard code an API key for testing, and I'm using Github, it's not a problem. I have to explicitly commit that file. Now, I have to both remember that Kite uploads everything, and avoid using that workflow at all, and use the .kiteignore thing (which is another random dotfile in my repo, great).
Again, I go back to your whole issue with how an inexperienced user of Kite can easily shoot themselves in the foot. The same applies to Git: 'git add .' and push.
Yes, you are correct in that an inexperienced Git user can mess up, I won't deny that. My issue here is that Kite requires you to proactively place a .kiteignore, before even whitelisting a directory. It also doesn't alert you that it's about to start indexing the files in the directory tree or that you need to add a .kiteignore to protect sensitive files before you whitelist them. At a minimum they should be respecting the existing .gitignore, and realistically they just be scrubbing all strings before sending any data.
I can 'git add .' and commit my life away, but that requires much more intention and explicitness than clicking enable on a prompt and continuing your standard workflow (ie: a simple 'vi super_seceret_file.py')
This is tempting, particularly when learning new libraries, but it seems like it could be resolved with an offline database at some point instead of a hosted cloud service. This would probably improve performance a bit (in terms of responsiveness, rather than accuracy).
I can see where you might want to index all of my code to add to your store of information about how frequently various functions are used, because "more is better" in terms of training data, but there are plenty of open-source projects that could be polled instead. For my own code, why not simply analyze my existing projects on my own machine without sending it elsewhere?
It's pretty laughable that when one clicks through to the security page, the very first thing beyond the heading of "Security. Built in." is "Kite is Cloud Powered." as though that were a feature instead of a liability.
While directory whitelisting and a .kiteignore seem like decent ways to prevent code from leaking, it's only one small bug away from disclosing a company's proprietary secret sauce to unknowns entities.
I know this is your baby and all, but how high was your team (high as a kite?) when they thought sending every line of code to your server was a good idea?
Seriously, could just send the object type being "autocompleted"along with the other object types in the same file and gotten better results without the privacy backlash.
True, but Github and a PaaS platform tell you that your data is leaving your computer. It isn't something that happens in the background from a simple autocomplete application.
The other thing is that a proper 12-factor app separates secrets and keys into environment variables that are not committed to Github or your PaaS. They are added after a deployment which this "product" just scoops up. For reference, here's what a AWS key being leaked on Github leads to (https://www.theregister.co.uk/2015/01/06/dev_blunder_shows_g...). Now, imagine that project that is running in production having to be brought offline because this company leaks thousands of AWS keys that were used in development. It's dangerous, sloppy and stupid, three things I generally try not to mix.
How intertwined is the completion and the indexing? Could I .kiteignore * and then still use the functionality for completion and documentation on public code? Would it just send API calls based on the functions I am calling or something like that? I cannot send my code to you, nor will I be able to convince my company to pay for an enterprise version. I would pay for a personal version that has some sort of controls in place though.
Can you not have it just cache locally based on the requirements.txt or the import lines at the top of the file? Then all you know is what I am importing, and I would be fine with that. Anything more, and sorry, can't do it.
This looks truly useful and innovative, well done!
Two things come to mind, apologies if they're already addressed:
The sidebar jumping around in the corner of my eye sounds really distracting, I wonder if there's some way to manually tell it to "update" or some other UX trick to ameliorate that, because the concept is great.
I work in the healthcare sector, and I hope you guys do or will have the reams of datasec declarations and certifications needed for this to be usable in such a regulated context.
My first time hearing this. I would love to drop some coin if it improves my life, and I think a service like Kite was just waiting for someone to make it happen. I'll test out your demo version today to see if it helps
I just tried Kite on my Mac, and I was really not pleased with it. Uploading all of your code to the cloud is questionable at best when the code you're working on isn't necessarily your own. Having Kite running in the background without a way to disable or uninstall it feels like nothing short of malware. The lack of documentation for how to uninstall Kite from your machine or how to remove your data from their cloud is also pretty worrisome.
The CEO's response in that thread is very clear that they added an additional option to use Kite, and did not make Kite the default or replace the default.
I was a happy user of the python autocomplete package with Jedi for some time. Starting in November 2016 they introduced kite-specific code, shipping kite-installer as a dependency and also added tracking of your autocompletion behaviour (I suspect this is where they get their Kite vs. Jedi performance numbers from).
Only in February 2017 I noticed that the whole package had changed right under me because of an error traceback window caused by their metrics collection going wrong. I looked at the package settings and IIRC there was a checkmark set for the "Use Kite" option which I'm pretty sure I did not set myself.
The telemetry collection alone is a deal breaker for me. But I also don't like the sneaky way they practically took over the package without clear notice and consent. The package README still makes no mention of Kite and the package is running under the innocently looking 'autocomplete-python' GitHub org instead of their 'kiteco' org. To me it's a very fishy 'growth hacking' strategy.
It sends your code to the cloud. You have not addressed people's concerns who asked about keys embedded in source code, not entire files to ignore. The uninstall process looks and feels a lot like stopping a rogue process that keeps respawning. You've silently integrated with an unrelated project (autocomplete-python) to collect data.
I applaud the idea and UX in the video. I'd love to use a tool that does all that. That said, I completely condemn everything else about you. I strongly recommend anyone who has installed Kite to remove it from their computers immediately as it seems that the people behind it don't have the community's best interests in mind.
I mean, if something is running as a background service, then yes, you either need to manually stop the service or reboot. I guess I don't tend to think of anything running as a background service as malware, although I suppose opinions could differ on this. This could potentially be due to my using Linux as my primary OS though; on OS X, manually managing services is not as common from what I've seen.
Curious to try Kite, I started to integrate Kite plugin into PyCharm until I saw they keep our code in the cloud which enables Kite do what it does. I'm not sure how many of them would be ok with their code being stored in a private cloud!
Totally legit concern. when we started working on this we realized if we wanted to index tens of thousands of libraries, we wouldn't be able to ship the entire index along with the client. Hence the cloud-based architecture. We've thought a lot about privacy and written up our thoughts here: kite.com/security. The short answer is: we don't index anything on your computer that you don't explicitly ask us to, and our plan is to earn trust the hard (i.e. only) way: transparency, published policies, and a track record of good decision making.
I'm sorry but the true intention is to have recurring revenue and not have licensing issues with open-source software you're leveraging on your backend. It's fine to be a capitalist, and I'm looking forward to using and paying for kite once my language of choice is supported, but come on, just be honest that you need a source of income to create this amazing product and this model is the one that fits the bill best. Again, there's nothing wrong with that. I'll gladly give you 1TB of HD space, help seed the giant chunk of data, and pay a bit moreif that's what it takes.
It wouldn't be a viable business unless we thought we could add real value _and_ thought that we could capture some of that value. Yes, being on the cloud allows us to set up an attractive subscription model. But Kite won't succeed as a business unless it turns out to actually be a value-add over local solutions. That's what we're betting on.
At first blush, the "we wouldn't be able to ship the entire index along with the client" makes perfect sense. However, I have found that I can store the entirety of the raw Python 2.7 documentation to disk in under 15 MB. It's mostly text, so it compresses absurdly well (2mb, gzipped). And if it was just an index of all the functions with little to no markup, it would be even smaller (this doesn't even account for the fact that all of Python's documentation is typically already on disk, in the modules themselves).
So, given that these indices could be obtained as needed, I'm not sure I buy this argument anymore.
If we can justify the download of a 20mb for a set of plugins, I think that we can justify a 2mb download to document the entirety of a language's standard library.
As a few points of comparison, Atom's download is around 80MB, Docker 110MB, PyCharm is around 175mb, and a ctags file that covers over 8,000 source files (including boto2/3, aws-sdk-go, the python standard library (both 2.7 and 3.5), the go standard library) is about 6 MB compressed.
Right, but the python standard library docs are just a tiny tiny fraction of all the documentation in our index, and the documentation itself is just one corpus out of many.
To support your point, Eclipse has zero problem providing auto-completion with JavaDoc information using nothing but local class files. [0] It will also use source or JavaDoc archives to provide full documentation, if they are available.
[0] I know this, because it's a complete pain to use class files which have been stripped of debug data. Suddenly autocompletes look like "someFunction(String arg0, Thing arg1)" with no other supporting information.
EDIT: Just took a look, the indexes for a few workspaces I have are all under 50MB.
> Solving this 'problem' would lose Kite money, so I don't fault them for not attempting it.
I think it really boils down to: what happens when their servers are compromised; how much liability will Kite assume for the lost IP? My guess is: None.
They don't even have a discoverable privacy policy, just a blog post! Going into the purchase pipeline, there's no service contract, just a "sign up for an account and give us your CC".
How big is the index? Could you offer it as an option (even paid)? I imagine some would be happy using up a good few gigs and paying a bit more to not have to post their code to you.
also, "The short answer is: we don't index anything on your computer that you don't explicitly ask us to" you should say that on /security that's a pretty important point.
I read in last year's HN post that you collect user's terminal commands. Is that still true?
In the future you might want to consider a self-hosted version for enterprises that require by policy more security than your current offering. For $$$.
Yup, we released Kite Pro today (https://kite.com/pro); please consider purchasing it if you find Kite helpful :)
Over the last year we've focused on knocking out the core product experience. We're now going to focus more on Kite Enterprise (https://kite.com/enterprise); if on prem is of interest please get in touch.
As mentioned we are also exploring Kite Enterprise now that we've gotten the core product more
My largest concern is how frequently is my code sent to the cloud? Sometimes when building integrations, I hard code private keys just to get things working and then pull them out into config files that aren't checked into source control. Not knowing where that key might have gone would bother me.
Do you have a sanitizer that detects stuff that looks like crypto keys and censors it before upload? Offhand, sounds like it would be pretty easy to compute just using an appropriate entropy measure.
Why not set them as environment variables? Add a debug mode or whatever and then if set, pull from environment vars instead of config files. Not saying you should trust Kite to keep your code, but as a general practice might be a better idea.
I certainly would not. Thanks for pointing that out. Their landing page does not mention it at all.
There is a lot of publicly available source code which Kite can scrap and use. Expecting that users will be happily uploading their code into a private cloud is weird.
Yeah, as of today (and probably for the foreseeable future) you can't use Kite while you're not connected to the internet. But honestly most programmers I speak to already rely a _lot_ on looking up material online while coding. Kite won't break your dev environment if you're disconnected, it just won't add anything.
In my professional job I work with code that is private and copy righted by the company that's employing me and praying my salary, not to mention sometimes I edit files that contain sensitive or critical information like passwords and secret encryption/decryption keys.
Anything that sends all my code to the cloud is automatically disqualified.
That is a valid concern, and anyone downvoting this is so far down the hype machine that there's no saving them anymore.
Kite is a breach of privacy for 80% of professional software developers that work on a private codebase. You are sending your code directly to a third party, without even any ways for you to prevent that. At least asking on SO you can change your code so it isn't 100% obvious what you're doing.
The fact that this remote upload is mentioned nowhere on the landing page and can only be inferred from the Kite Enterprise very short description is a bit worrying.
However, starting a few Python projects myself soon, this looks like a great extension. I suppose the suggestion for VS Code has been made dozens of times already though.
I appreciate people trying to build "cool" products, but the downsides of this are so high that people should heavily consider never using it.
Uploading all of your code to the cloud is a massive liability. To top this, the people interested in "something magical that codes for me" are not the good developers, their users are very most likely beginners, bootcamp coders, junior engineers, etc...
I think they're abusing trust through obscurity, people have no idea that their code is being uploaded. Making this the default for a very common python-autocomplete in atom is even worse... see this: https://github.com/autocomplete-python/autocomplete-python/i...
> the people interested in "something magical that codes for me" are not the good developers
No matter how much I code, I'll always have to look at documentation. This is just faster documentation, I really don't see the problem from that perspective.
Maybe a little bit off-topic and controversial, but in my opinion auto-complete is overrated.
Doing software development is mostly reading code and documentation. Obviously one also writes code and for sure one can't memorize every function or package name, but searching for it isn't that much of a bottleneck? Some time ago I wrote Java using Eclipse (which had/has reasonable auto-complete), but when I switched to different languages, I also switched my IDE and mostly use plain text editors these days. There are auto-completion tools for text editors, but I just never invest the time to activate or configure them and AFAIK there aren't completion tools which work well across different languages.
Maybe I revisit them at some point, but at the moment I do not really miss auto-completion.
I think, in the future, ideally, you will be able to do a programming interview, using a tool like kite, in a language you don't know and feel comfortable.
So when I am learning a new language, I don't want to have to look up if the length of a vector is len(), length(), .len, .len(), .length() and so on. In fact, I don't want to do this for languages that I do "know".
This only works for languages that provide dot-like syntax. E.g. in Python (which is a little bit inconsistent in this regard) the equivalent would be "len()" and I am not sure how it should work there, as there is no context to infer the function/method.
I get your point though and there are cases where completion might be useful, but for me the context-switch to a search engine is just not that much of a hassle, but maybe I never enjoyed a good completion engine, so I might give it a try.
Jedi (I use it with Emacs and auto-complete) does a fairly good job for Python. While the `len` being a function screws things up a little, there are many places where you can still use autocompletion the way I described, specifically:
import module
module.<TAB>
and:
def meth(self, ...):
self.<TAB>
and even:
foo = Foo()
foo.<TAB>
It doesn't work for all possible cases, but as you said, you can always consult Google. It's just that I prefer not to leave my editor if I don't really have to.
OTOH, I work with a lot (10+) of different languages and find even the dumb, basic autocompletion (which only offers to autocomplete words already present in the file) helpful. As other commenters noted, writing aLongAndDescriptiveFunctionNameToCall from memory every time may be inconvenient for two reasons: a) was it aLongAndDescriptive... or aDescriptiveAndLong...? and b) writing this much text takes time, and the more letters you have to type the more probable a typo gets.
Anyway, I think you should give a try to a few different auto-completion plugins/systems and see for yourself. You should probably spend a little time to configure such a plugin so that it doesn't get in your way when it fails (ie. has no good completion to offer), but once you make it so the auto-complete may become really helpful to you. Or it may not, but I think it's worth checking out.
or use ctrl+shift+space in intellij and it will just show completions that return type maching the left side of equation :) or press it 2 times and it will look for all aCollection.. for the matching types ;) very powerfull
Why wait 5 years? Using a synonym database (or word vectors, if you want to get fancy) would already get you most of the way there. I am not aware of any IDE that specifically tries to give you the most likely alternative, but many absolutely do offer a way to quickly select a different method from a list.
But you need some user testing, and maybe some ML.
I mean, the machine needs to train enough to know that when the user types "string.len" they really mean "size(string)" and it can't just follow the alphabet anymore.
Allowing arbitrary syntax transformation would create an insanely large search space, but if you limit the possibilities to a few common cases (like string.len -> size(string) [attribute -> global function] or amount.add(increment) -> Number.plus(amount, increment) [instance method -> class method]) and cull the generated code heavily using a static checker, you might be able to do quite a lot.
Of course then you have to deal with the case where the suggestion is subtly wrong (e.g. amount.add(increment) was intended to mutate the amount, while Number.plus is a pure function) and the programmer might not spot it, if they were unfamiliar with the correct usage in the first place. Now we are firmly in research territory, I think.
1. Do it in the cloud somewhere. You probably want to do this anyway so you can learn from everyone.
2. Now you can't indefinitely keep everyone's code in the cloud (as kite is learning), so you take the most common use cases and privacy minded coders can download those to their desktop.
3. Of course languages are constantly evolving so the "cloud archive" will always be live and learning from everyone
By the way, you would "learn" a mapping when someone searches for "len, length, .len" and so on but they finally settle on "size" so you would have the input and the correctly labeled target from people's code. You do have to watch them programming in practice though.
For the subtle variations, it would hopefully give you a list of suggestions in order of usage.
> searching for it isn't that much of a bottleneck
When I left IDEs for a terminal-based dev setup (Vim + CLI), this was what I thought. I rapidly discovered how incredibly wrong that was.
A big factor, for me, was that autocomplete kept me from making typos. Even with a rapid feedback loop, those typos build up. Plus, the reduced cognitive overhead that comes from being able to bang out code faster also lets me stay much more focused.
Intelligent autocompletion is a nice-to-have that I don't think I really miss, but straight-up dumb autocompletion has been a huge boon for my productivity.
On the other hand, autocomplete leads to typos in the middle of a variable name being repeated again and again. Plus, practice of typo-free editing is beneficial also outside IDE, i.e. for chats/emails/commenting on HN.
> On the other hand, autocomplete leads to typos in the middle of a variable name being repeated again and again.
No. It's programmers' dyslexia which leads to typos being repeated again and again.
The problem is that many programmers don't read their own code, and even if they do they don't know how to read it critically/carefully. It's incredibly frustrating.
There are a lot of similarities between writing code and writing prose. Many programmers are unaware of this. Even today, many programmers write code for machines to execute, not for other people to read. I feel that it's deeply wrong approach and that "creative writing" course (or something equivalent) should be mandatory for programmers.
I think we need a large shift in how introducing spelling and grammar errors into the code is seen. Namely, it should be viewed exactly the same as introducing bugs - it's that damaging in the long run. Please don't do this. Please use spell checkers and please learn your orthography.
Even if you knew every function in every lib in your head, typing with autocompletion from some good IDE like IntelliJ will make you write code much much faster. And I do not talk about just function name completion (but include them too of course).
Typing just the first or few random letters of veryDescriptiveLongMethodName and completing it with space/tab will always be faster. Using stuff like templates, smart completion, emmet, refactoring tool, constructor/method generators will always be faster, if you know your tools well.
Snippets in Atom is the first time I've ever used any kind of autocomplete, and it seems to mostly just slow me down. If it finds a match on a thing that's at the end of a line, it'll replace what you just typed when you hit enter...changing it from what was actually intended to the snippet. And, even when it's not at the end of a line, I end up context switching a lot more to figure out what just happened and why my text changed.
I feel like with Java it makes a lot of sense to have smart completion, because you end up with incredibly deeply nested identifiers and such. A whole lot of typing. But, I don't code in Java, in the general case (aside from occasionally tinkering with Android APIs, with thoughts to some day making an app). For many more concise languages, it feels like a solution looking for a problem.
I could be wrong. This could be a thing that would provide clear value, if I were to put in the time to learn how to use it correctly. But, so far, I just feel vague frustration when I have the feature turned on.
That said, having docs available as you type is something I can see clear value in. I have to have API docs open 100% of the time when coding...having it jump to the right function as I'm typing it would be awesome. It seems like Kite does this, too, which is probably enough reason for me to use it. I've been poking at Python again lately (after many years away from it), because of Tensorflow and Keras, so I'll give this a go.
I wish they had a Linux version. I rarely work in Windows (though ConEmu and WSL has made it so I'm not terribly unproductive in Windows anymore, as I once was).
We actually almost delayed launch to get linux support in because it's very close to ready. Several of us internally develop on linux and have been using Kite on linux for a while.
I actually agree that under many languages/editors it's so difficult and finicky to set up autocomplete that it's not worth doing. We actually think that's a strength of the Kite model where we offload this stuff to the cloud and provide this stuff as a service.
This would rather vary with one's level of expertise. I remember when I was a beginner, I had to rely on the IDE that helped me get onto the speed. Sure there were tons of resources online, but a nick of continuity with the project may go a long way IMO.
Another point to consider is that even if you are a genius expert a lot, if not the majority of the code that people deal with has business specific models that you interact with.
It doesn't matter how well you know library X or the stdlib.
Some made up examples:
userRepository.findUsersWithPlan(planName);
customer.sendPaymentLateEmail(...);
Having powerful IDE assistance reduces the barrier between your thought and the computer.
When I think "send email to customer" I just want the shortest path to achieving that. I don't want to fiddle around or context switch.
Another advantage is that it can guide you into picking the correct option.
I have been burnt many times when looking things manually because you may find one option but not be aware that other options exist.
It's nice for the IDE to communicate to the human "now here's a list of valid things you can choose from".
I don't know if it succeeds at that, but it promises not (only) code completion. It promises documentation, code examples and answers to common questions as well, exactly the kind of stuff you as well say that you do more than actual coding.
I agree, providing context-sensitive example-based documentation would be great, but is also very hard to do without a full-blown parser for every language one supports.
> but searching for it isn't that much of a bottleneck?
If you look up from your text editor even a second, it will take several seconds to get back into context. So even if the page you want is already in your browser, and you just switch windows, you lose.
Also autocomplete has three purposes: prevents unnecessary typos, is faster than writing it out, and lets you find API/docs.
How long it takes to find a relevant piece of code in your code base obviously depends on what tools you have for searching your local code, how much code it is and how good the search is. How long it takes you to find something online depends on how good the docs are etc.
How much value autocomplete is also depends on the strength of the type system of course. For C or Javascript there isn't much autocomplete can do with the contextual information, but with Java there is a ton to be gained (Long method names are norm, and object-dot notation feels almost invented for autocomplete). So if I were using something with a functional flavor, or a weak or dynamic type system I'd probably have a different opinion. But for strongly typed OO (C++, Java, C#, ...) the value for autocomplete is enormous to me.
Without autocomplete you can always make longer descriptive type/variable names because the time taken to write a type name isn't proportional to the length, only to the unique prefix or unique camelcase signature of the type name. E.g. for a DefaultUIRenderer I could write DUIR-Tab and know I had the right type (Insert obligatory Java joke about ContextFactoryProviderFactoryDecoratorVisitor here). How much you gain on this depends on how good a typist you are obviously. I have an error rate of around 1/10 chars being backspace, and you might argue it's because I do auto complete, I don't know...
> There are auto-completion tools for text editors, but I just never invest the time to activate or configure them
Me neither. That's why I think any reasonable IDE should be either a) working out of the box. I.e. hope that you can find an editor/IDE that ships with batteries included, or b) that it's at most a matter of selecting one plugin from a menu to activate support for language X in the editor. If I have to start configuring something with a text file somewhere then someone failed, either the makers of the language or the editor or both. Even in "plain" editors like VS code or Sublime you can usually just get a plugin these days.
> AFAIK there aren't completion tools which work well across different languages.
There are efforts to do this, but the name escapes me - that is, an effort to remove N languages times M editors and make a standard for syntax highlighting, autocomplete etc. that makes at an M+N problem instead.
The best attempt to solve this M+N problem is https://github.com/Valloric/ycmd as far as I know. It handles only autocomplete, though; syntax highlighting is apparently not too painful to add.
We really wanted to knock out the core functionality of Kite for Python, and are now exploring on prem deployments of Kite. If this is an important feature for you we'd love to chat. (I'm adam@kite.com.)
Yeah, I'd love to try it. However, I'm at work and that's where I would be trying it - and I can't.
Aside from intellectual policy problems, in large codebases mistakes happen, including api keys being committed and pushed. You see it even in open source projects, and tools like gitrob[1] exist to exploit that.
You can see how both of those example issues are problematic, if even a snapshot of your codebase is being pushed off-site.
I think this is a crucially important feature for any large enterprise that has a codebase that is a significant effort of R&D resources.
Don't get me wrong, there are cloud services like github being used by medium to large shops, but the missing visibility into those decisions is that those choices are often regularly heavily vetted by security, legal, and engineering resources.
okay, so I am excited about this, don't mind some code in the cloud, but I am having trouble with a quick start.
Downloaded it, had trouble launching it (expired certificate).
Once I did launch it there are no instructions.
I went into the tray and went to settings. It was trying to map my WHOLE USER FOLDER.
I turned that off, and whitelisted a smaller folder for it to use. Set up a small test python file. Opened up a sublime file.
Can you include some instructions about how Kite is supposed to integrate with anything? I see this cool video but it is not obvious how I am supposed to get it to work for myself.
Hi inputcoffee, it sounds like you may have not been shown the install flow. Maybe try uninstalling Kite through the Control Panel, redownloading and installing again. (We had an Authenticode certificate issue that is now fixed.) If you don't see the Kite onboarding flow, email me at adam@kite.com and we'll figure out what's going on : )
Thanks for trying Kite. Would love you get you up and running!
How do I uninstall Kite on OSX? It seems you guys keep a Kite Helper and Kite Engine process up that's impossible to quit out of and prevents me from deleting the app.
Sorry about this - it's embarrassing. We've been snowed under getting Kite ready for launch and didn't want to touch the update mechanism right before launch. We _will_ get this fixed ASAP.
I disagree with your decision on what feature set was necessary to be launch ready. Not to put too fine a point on it but I think it's worth saying out loud that software that users can't quit out of is not ready for launch, especially if your docs clearly state that quitting the app is required for uninstallation.
Yeah I immediately tried to uninstall it after seeing it required a login and had no preview functionality, and then immediately ran into the persistent process problem. Any application that puts a service like that on my system without my consent is blacklisted for life to be honest, there's no excuse for something like that.
Later finding out it .. uploads your code to them.. it's really an insane thing, I think it's such a huge invasion of your machine and your privacy it should have been removed from the HN front page unless those facts were put immediate front and center.
Thank you for adding the instructions. I wanted to use Kite until I realized I had to upload my code. I think you guys need to mention that in your landing page's copy.
I don't even have JS disabled and it's not loading for me beyond a blank white screen. Uncaught TypeError of some sort, according to Chrome's JS console.
General reasons for using NoScript: security (js sandboxes are not flawless), privacy (brower fingerpring [1][2], Sniffly [3], ...), less CPU usage, less UI bloat (modal popups, blinking stuff, ...; although I have to manually whitelist some websites).
Great summary. I recommend uMatrix (https://github.com/gorhill/uMatrix) which has really good controls for toggling not just JavaScript but also cookies, XHR, frames, etc for origin and 3rd party/cross-domain requests with per-site settings. A lot of websites that need JavaScript will still work if you enable loading of scripts from the origin domain but leave things like Google Analytics, etc, from other domains blocked. uMatrix is also easier to use and has a much smaller footprint than ad blockers.
I also have javascript disabled, and selectively enable it for websites as required. For me it's less about security and more about disabling annoyances e.g. assisted scrolling and such.
On the security point, there are some answers out there relating to javascript in tor [0]. Basically it's not a risk per se, but it does increase your risk surface area.
Just installed it but realized that our code cannot be shared to the cloud with a 3rd party before I open it. So I am trying to delete/uninstall Kite. Been wrestling with com.kite.KiteHelper for the last half an hour and still couldn't get it off my laptop memory. Tried "killall", "kill -9" and force quit from Activity Monitor. It kept reviving. And yes, I've check out the help site and this article in particular, didn't help: http://help.kite.com/article/22-how-do-i-quit-kite
I'd be interested in trying Kite for JavaScript when it's ready. Most of my company's code base is open source and we do a lot of open source work so Kite could be a nice fit one day. Trying out Kite on our actual code base for a week would be a real litmus test for me.
We're comfortable with sending our closed-source code to GitHub and our secrets to Google Cloud and AWS so I can see a path towards being more comfortable with uploading code to Kite as well. Some guarantees around privacy and the ability to delete our code and derived data could help assuage concerns.
In the meantime, perhaps you could highlight that the code uploading is opt-in on a per-file or per-directory basis (though one issue with this is that our open-sourcing system allows for private subdirectories within public parent directories and we'd want finer control)? I'd feel good about having clarity around what's uploaded and what's kept local.
In any case this seems really cool for open-source projects to start with. I'd definitely give the JavaScript version a try. And do you think you could add a VS Code extension?
Is stack overflow ok with having their answers inside an IDE? This decreases the number of pageviews on SO for each installed client. Is that something you guys checked?
Has your cache/proxy fallen over? I'm getting a 404 for the base domain
404 Not Found
Code: NoSuchKey
Message: The specified key does not exist.
Key: index.html
RequestId: 759C55C7EA94F7D8
HostId: 2i2HH8A3vp5KFvhHhHeoQ+6AiFL/kjd5iByJy6Ouo/pbKwE2xaKP8Es4SU3//1/P7M/5KWJXQv8=
404 Not Found
Code: NoSuchKey
Message: The specified key does not exist.
Key: index.html
RequestId: 7928D2D3EE5313F6
HostId: 2iAqS6E1PciR/++frE0wVXo/jlBhK24kopo93WRvVieuepmCctk1v+m+yOAIZZz1q5qIA6HVH9w=
Congrats on the launch! As any early beta user on public code, I was really impressed by Kite and my only concern was ability to use it on private codebases ie, work code. Glad to see that you've addressed that.
Does the Sublime integration support packages installed in the current virtual environment (that might not be publicly available)?
Is it just on HN or are there very few people now who use Linux as their main dev machine? With some of the build quality of the new Dell Machines I would have assumed any dev tool would be Linux first, since almost everyone is using some form of 'nix on the servers.
I've never had much trouble installing the latest Ubuntu on any of XPS series(except the 'suspend' feature is weird).
EDIT: nvm i see from another comment that the Linux version is in testing. But still weird to see Mac devs outnumber Linux ones(or maybe they're just a vocal minority :-) )
Interesting project. If I look at one of your code examples/snippets, realize that's exactly what I need and copy it verbatim, where does that leave me, legally?
Great point. We need to address this. Right now the examples are written and owned by us (Kite), so you would technically be in uncertain legal territory (depending on whether fair use was applied per-example or per-page). We will change this to make it crystal clear that copying examples is allowed.
You can ask that on their website: enter your email address along with your operating system, language and editor, and it'll let you know when support for that combination is added.
On the pages for plugins (like Atom, Sublime, etc...) you might want a simple "how to install". Took me several minutes of confusion, to realize I should open up Atom and search for Kite from there. I kept thinking there should be a download link for the plugins, before remembering that's not how editor plugins get installed these days :)
Has anyone tried building something like this, but doing the analysis locally and just pulling from a documentation repository like Dash? I don't like the idea of uploading my code to their server, or using a proprietary tool, but I really want documentation lookups in my editor.
Dear Kite,
I really love this idea, but hell no I'm not using it yet. Here's why... I'll cut to the point here, so please forgive the bluntness as I mean no insult or accusation, just honest criticism, and I'm gonna try to cover a lot in as small a space as possible.
There's not even a mention on kite.com about how data is handled that I can find anywhere. What is the method of transport? What stands between skids and my code? The server my data goes to, is it shared VPS hardware waiting to get pwned by your neighbor, xtremecrackz.zyx or is it on private servers guarded by a three headed puppy named Κέρβερος, 13 ninja, and biometric security? Does the page even mention this is a cloud service somewhere? I see support for VS Code, but not MSVS proper, emacs but not specifically GNU/Linux yet; Mac support but not Linux in spite of at least $4M USD in seed and 3 years of development (source: crunchbase [1])? The Windows download page gives instructions for bypassing SmartScreen warnings meaning your code signing certificate has no reputation with Microsoft yet if I understand correctly. Frankly, I didn't think "Adam Smith" was even a real person until I checked it out. LOL, sorry bro but it sounds kinda generic to someone skeptical I guess. Maybe you assume trust since you travel in the circles you do, but we nutjobs like stuff in writing, and trust assumptions without verification are bad practice anyhow -.-
(on trust)
Your investor who may or may not provide the same or similar "Kite" software discussed in GCHQ leaks as a "correlates-anything" solution, Palantir Technologies, has been standing in the suspiciously shadowy center of a maelstrom in some circles. I like them supporting our warfighting - but not working against the people of the United States, or anyone's civilians for that matter, however that's an argument for the agencies they contracted with. I've watched my brothers bleed out defending the rights their software has helped undermine, I'm not sure how to feel about them at all right now. Do I want to give my code to their creepy software? No, not really, since I'd have to consider that if they got a contract they might, without even knowing the end use, build software to guide Terminators to hunt down and kill civilians who write bad code or wear plaid socks. Seriously though: eyebrow raised.
(advice)
I would add more clear information about how this all works. A link to security answers should come up before the footer IMO, given the nature of this product. Going out of my way to look for it, I guess it seems like security was an afterthought. I can appreciate your blog post about security [2] and the main security page which links to that article (merge these?), but they fail to answer almost all of my questions. They imply that the service isn't really ready for the spotlight, but do not explicitly say anywhere to safeguard sensitive stuff or not to trust everything just yet, but it seems softly implied to me.
(bigFoilHat)
This might sound far out to some, feel free to ignore or laugh, but if I were an evil puppet master, I'd have my cybersecurity and intelligence contractor who provides access to mission critical software or monetary capital for a startup attempt to leverage this relationship to gain information about code in the wild and specific targets' code using this service, perhaps to have software look for opportunities to steal parts of keys, suggest code changes to enable exploitation, forward copies of code from persons of interest to investigators. I might ask them to approach them as patriots in the interest of the GWOT and all things decent, to tacitly and deniably or perhaps even expressly cooperate with legally and morally grey-area surveillance operations. Perhaps if there is no cooperation or just to keep it quiet, I might suggest they infiltrate Kite.com and gain the ability to intercept data clandestinely by using their trust and rapport with company leadership. "Plz send all code to spies and disable security stuffz kthxbai" I can weaken my own PRNGs and send copies of my code for spooks to analyze by myself without assistance thanks. Again, I'm attempting to honestly characterize how it makes me feel, just sayin'. I simply have no way to even fool myself into thinking I can know what goes on with my data after it leaves my PC. How do I even build rules for my firewalls? What are the parent processes which need communication, on which ports, using what protocols? Which servers will it upload to? Can we blacklist certain destinations by region or other attributes? I think you need a more robust explanation on the site before us crazy people are satisfied.
(bigFoilHat Q)
HN: what say you, am I just being paranoid here in thinking that users' analyzed code may end up being displayed on an alphabet soup agency wiki somewhere along with download links for tools to suprisebuttsecks us being passed out to every malware hoarding contractor who accidentally skated past the SF-86? Maybe I'm just having a bad bout of Stallman Syndrome. One might argue "99.99% of users' code will be useless fluff and bizcruft, who cares if they copy my der.py code?" but finding that 0.01% relevant signal in the noise is exactly what Palantir does for customers, isn't it? So how can I flippantly dismiss the notion?
(Q) Do you sell, gift, trade, share, or otherwise disclose or make available knowingly any information about users' personal data or source code, even if anonymized or generalized in reports and detached from identifying information, to other parties? Can/will/do these parties include your investors? Does Palantir Technologies store, use, or have access to at any time, our source code or any information about it or ourselves?
That said, it sounds cool as phrack and I would love to see this in many languages and editors, but only if it can be trusted somehow. I'll be watching and investigating, thanks for sharing this on HN,
Haskell offers unreasonably featureful tooling like hoogle and codex but at the same time lacks basic editor integrations even in emacs which is supposed to be the premiere editor.
Getting a good setup is something I can't do twice. What fork of ghcimod do I need this week and how many CPUs will she be pegging?
This would be nice... however it does not work unless you upload your code. Code upload should be optional and only for enhanced functionality within your code base.
I have been using it on sublime. After adding kite is has started lagging, a lot. And that's when I have quite good configuration in my laptop. Hope you look into it
The built-in examples for method use are a really cool feature. I hate having to jump to MSDN, etc just to find an example snippet when the argument comments are unclear.
Yeah, I love the examples too. Where do they come from?
I think allowing users to submit code examples could dramatically increase the value. Maybe even microservices.
The ideal (and perhaps impossible) version would look at my code structure and suggest replacements for components from people who are better programmers than I am.
not sure if this has been thought of before but why don't you just have kite cloud index open source and public code, and then have a separate local index for the user's project code. That way, autocompletes/help/doc searches first the user's project index (local), and then search the kite cloud for public/opensource code index.
I just spent an awful amount of time trying to uninstall Kite.
There were two background processes: Kite Helper and Kite Engine Which showed up on Activity Monitor,and I could never get them to quit, each time I killed a process with the PID, a zombie would spawn up with a different PID.
Eventually I killed them both by removing the Kite packages from the Cache in library, emptying the trash and then restarting my machine.Phew!
Not to mention the slow autocomplete suggestions in Sublime Text 3. I think I'll just stick with my old setup.
They also run a background process that needs to be manually killed to be able to uninstall. It feels like a quarantine. This is an editor plugin, is there really no simpler way to provide uninstall capability?