
Show HN: Kite, copilot for programmers, available for Python - adamsmith
https://kite.com/#
======
arihant
Since this program uploads code to the cloud, it would be worthy to clarify if
it cleans out strings before upload or not. Because if it does not, it is a
serious concern as it puts secret keys in code in awful risk.

They also run a background process that needs to be manually killed to be able
to uninstall. It feels like a quarantine. This is an editor plugin, is there
really no simpler way to provide uninstall capability?

~~~
adamsmith
To clarify, on Windows the uninstaller is just one step: double click Kite
from the Programs & Features section of Control panel.

Unfortunately on Mac you have to quit Kite before it can be dragged to the
trash. You can do that from the menubar icon or by killing "Kite Engine". (You
don't need to quit Kite Helper to drag to the Trash.) See instructions here
[http://help.kite.com/article/6-how-do-i-uninstall-
kite](http://help.kite.com/article/6-how-do-i-uninstall-kite). We'll be
improving this on Mac shortly.

~~~
sebleon
Welp - after reading through these comments, seems like privacy and code
upload are huge concerns.

Might be worth it for you guys to get ahead of this, and address these issues
explicitly on the home page and during installation. It will lower short-term
usage & install numbers, but probably won't hurt long-term retention and word
of mouth sharing.

~~~
adamsmith
Thanks, we appreciate the constructive feedback!

We've worked really hard to make sure we're clearly communicating what's
happening (transparency), and adding fine grained controls. We have a very
clear step during the install flow that talks about how Kite works, and we
will prompt for whitelisting within each of the editor plugins that can work
without the sidebar (Atom, ST3, PyCharm).

We also have a security page
([https://kite.com/security](https://kite.com/security)) that points to our
various resources related to this, including more details about our control
mechanisms—including .kiteignore—and how we think about security (our four
principles).

We also know that some companies need on-premise Kite to make this work. We're
exploring that now with customers, and would love to chat with you if it's
something you need.
([https://kite.com/enterprise](https://kite.com/enterprise))

I know none of these are silver bullets. Thanks for your comment as we work
with users to figure out how to make this work.

We hope you'll give Kite a spin when you can—we think it's pretty
transformative—and we hope to be able to address all of your concerns soon! :
)

~~~
toomuchtodo
Instead of on-prem to start, you could probably get away with VM appliances
people could spin up in their own cloud provider or VPC.

I don't mind code being sent to a server, but it needs to be a server I
control.

~~~
adamsmith
Yes, absolutely. We plan to start with deploying to an AWS account the
customer owns. We're pretty excited about it as the first step!

------
adamsmith
Adam from Kite here. Thanks for all the feedback and encouragement around the
launch today. We're excited to be opening up Kite for everyone to download
today.

When we launched Kite here on hackernews almost a year ago we were blown away
by the enthusiasm for our smart copilot vision. Over 65,000 of you signed up
for Kite in the first 72 hours, and over the past year we've been working with
many of you to deliver that vision. It's taken a momentous effort, but today
we're ready to take off the wrapping paper and open up Kite to the world.

Here's what we've been working on:

* Deep editor integrations: to make Kite better for smaller screens and more integrated into the coding workflow. You no longer have to dedicate a sidebar of your screen to Kite; instead, recommendations from Kite replace your editor’s autocompletions and hover results.

* Fine-grained privacy controls modeled after the .gitignore file format means that you can selectively and precisely decide which files and folders Kite indexes.

* Next generation type inference engine that uses both static analysis and statistical inference over Github. Kite beats PyCharm and Jedi by 32% on a typical Django project, offering more completions when you need them.

* Ranked completions which put the most relevant completions at the top of the autocomplete box using techniques traditionally used in web search.

* Kite for Windows. (And Linux in testing!)

Check it out at kite.com.

~~~
djsumdog
Does Kite still send all your code to Kite servers as you type? I remember
that being an issue the last time someone talked about Kite on HN.

I'm find with an editor or sidekick that can search stack overflow or
duckduckgo or google quickly with a hotkey-- maybe keep snippets you can tag
and easily reference-- but sending all my code as I type to a web service is
something I'm not willing to do and something most companies won't allow.

~~~
alexflint
(Copied from above.) Totally legit concern. when we started working on this we
realized if we wanted to index tens of thousands of libraries, we wouldn't be
able to ship the entire index along with the client. Hence the cloud-based
architecture. We've thought a lot about privacy and written up our thoughts
here: kite.com/security. The short answer is: we don't index anything on your
computer that you don't explicitly ask us to, and our plan is to earn trust
the hard (i.e. only) way: transparency, published policies, and a track record
of good decision making.

One of the big things we've worked on over the past few months is giving users
fine grained control of which files are indexed by kite:

\- Kite only indexes directories that you have explicitly enabled

\- You can create a .kiteignore file (same semantics as .gitignore) to exclude
specific files / patterns.

~~~
andy_ppp
Would it be possible to allow a # nokite at the end of lines; these would then
have any strings scrambled. This allows me to know immediately that things
aren't being sent to Kite rather than have to do a few checks before I write
something secret.

~~~
sroussey
Actually, it should just remove strings if it does not already.

------
languagehacker
I just tried Kite on my Mac, and I was really not pleased with it. Uploading
all of your code to the cloud is questionable at best when the code you're
working on isn't necessarily your own. Having Kite running in the background
without a way to disable or uninstall it feels like nothing short of malware.
The lack of documentation for how to uninstall Kite from your machine or how
to remove your data from their cloud is also pretty worrisome.

~~~
stwe
The developers of Kite also replaced the functionality of a popular python
autocomplete Atom extension from using jedi to Kite without properly warning
the users: [https://github.com/autocomplete-python/autocomplete-
python/i...](https://github.com/autocomplete-python/autocomplete-
python/issues/285)

~~~
tedmiston
The CEO's response in that thread is very clear that they added an additional
option to use Kite, and did not make Kite the default or replace the default.

~~~
stwe
I was a happy user of the python autocomplete package with Jedi for some time.
Starting in November 2016 they introduced kite-specific code, shipping kite-
installer as a dependency and also added tracking of your autocompletion
behaviour (I suspect this is where they get their Kite vs. Jedi performance
numbers from).

Only in February 2017 I noticed that the whole package had changed right under
me because of an error traceback window caused by their metrics collection
going wrong. I looked at the package settings and IIRC there was a checkmark
set for the "Use Kite" option which I'm pretty sure I did not set myself.

The telemetry collection alone is a deal breaker for me. But I also don't like
the sneaky way they practically took over the package without clear notice and
consent. The package README still makes no mention of Kite and the package is
running under the innocently looking 'autocomplete-python' GitHub org instead
of their 'kiteco' org. To me it's a very fishy 'growth hacking' strategy.

------
rohit33
Curious to try Kite, I started to integrate Kite plugin into PyCharm until I
saw they keep our code in the cloud which enables Kite do what it does. I'm
not sure how many of them would be ok with their code being stored in a
private cloud!

~~~
alexflint
Totally legit concern. when we started working on this we realized if we
wanted to index tens of thousands of libraries, we wouldn't be able to ship
the entire index along with the client. Hence the cloud-based architecture.
We've thought a lot about privacy and written up our thoughts here:
kite.com/security. The short answer is: we don't index anything on your
computer that you don't explicitly ask us to, and our plan is to earn trust
the hard (i.e. only) way: transparency, published policies, and a track record
of good decision making.

~~~
falcolas
At first blush, the "we wouldn't be able to ship the entire index along with
the client" makes perfect sense. However, I have found that I can store the
entirety of the raw Python 2.7 documentation to disk in under 15 MB. It's
mostly text, so it compresses absurdly well (2mb, gzipped). And if it was just
an index of all the functions with little to no markup, it would be even
smaller (this doesn't even account for the fact that all of Python's
documentation is typically already on disk, in the modules themselves).

So, given that these indices could be obtained as needed, I'm not sure I buy
this argument anymore.

If we can justify the download of a 20mb for a set of plugins, I think that we
can justify a 2mb download to document the entirety of a language's standard
library.

As a few points of comparison, Atom's download is around 80MB, Docker 110MB,
PyCharm is around 175mb, and a ctags file that covers over 8,000 source files
(including boto2/3, aws-sdk-go, the python standard library (both 2.7 and
3.5), the go standard library) is about 6 MB compressed.

~~~
alexflint
Right, but the python standard library docs are just a tiny tiny fraction of
all the documentation in our index, and the documentation itself is just one
corpus out of many.

~~~
xkxx
So, how much megabytes (compressed) does it take to store all of your corpora?

------
hasenj
In my professional job I work with code that is private and copy righted by
the company that's employing me and praying my salary, not to mention
sometimes I edit files that contain sensitive or critical information like
passwords and secret encryption/decryption keys.

Anything that sends all my code​ to the cloud is automatically disqualified.

EDIT: thanks for the downvote btw.

~~~
pikzen
That is a valid concern, and anyone downvoting this is so far down the hype
machine that there's no saving them anymore.

Kite is a breach of privacy for 80% of professional software developers that
work on a private codebase. You are sending your code directly to a third
party, without even any ways for you to prevent that. At least asking on SO
you can change your code so it isn't 100% obvious what you're doing.

The fact that this remote upload is mentioned nowhere on the landing page and
can only be inferred from the Kite Enterprise very short description is a bit
worrying.

However, starting a few Python projects myself soon, this looks like a great
extension. I suppose the suggestion for VS Code has been made dozens of times
already though.

------
nichochar
I appreciate people trying to build "cool" products, but the downsides of this
are so high that people should heavily consider never using it.

Uploading all of your code to the cloud is a massive liability. To top this,
the people interested in "something magical that codes for me" are not the
good developers, their users are very most likely beginners, bootcamp coders,
junior engineers, etc...

I think they're abusing trust through obscurity, people have no idea that
their code is being uploaded. Making this the default for a very common
python-autocomplete in atom is even worse... see this:
[https://github.com/autocomplete-python/autocomplete-
python/i...](https://github.com/autocomplete-python/autocomplete-
python/issues/285)

~~~
azeirah
> the people interested in "something magical that codes for me" are not the
> good developers

No matter how much I code, I'll always have to look at documentation. This is
just faster documentation, I really don't see the problem from that
perspective.

------
zeptomu
Maybe a little bit off-topic and controversial, but in my opinion auto-
complete is overrated.

Doing software development is mostly reading code and documentation. Obviously
one also _writes_ code and for sure one can't memorize every function or
package name, but searching for it isn't that much of a bottleneck? Some time
ago I wrote Java using Eclipse (which had/has reasonable auto-complete), but
when I switched to different languages, I also switched my IDE and mostly use
plain text editors these days. There _are_ auto-completion tools for text
editors, but I just never invest the time to activate or configure them and
AFAIK there aren't completion tools which work well across different
languages.

Maybe I revisit them at some point, but at the moment I do not really miss
auto-completion.

~~~
erikb
I don't know if it succeeds at that, but it promises not (only) code
completion. It promises documentation, code examples and answers to common
questions as well, exactly the kind of stuff you as well say that you do more
than actual coding.

~~~
zeptomu
I agree, providing context-sensitive example-based documentation would be
great, but is also very hard to do without a full-blown parser for every
language one supports.

------
tekklloneer
I straight up cannot use Kite. The "code-to-cloud" functionality means that I
cannot use it at work. I would love to use it, but it's a non-starter.

~~~
adamsmith
We really wanted to knock out the core functionality of Kite for Python, and
are now exploring on prem deployments of Kite. If this is an important feature
for you we'd love to chat. (I'm adam@kite.com.)

~~~
tekklloneer
Yeah, I'd love to try it. However, I'm at work and that's where I would be
trying it - and I can't.

Aside from intellectual policy problems, in large codebases mistakes happen,
including api keys being committed and pushed. You see it even in open source
projects, and tools like gitrob[1] exist to exploit that.

You can see how both of those example issues are problematic, if even a
snapshot of your codebase is being pushed off-site.

I think this is a crucially important feature for any large enterprise that
has a codebase that is a significant effort of R&D resources.

Don't get me wrong, there are cloud services like github being used by medium
to large shops, but the missing visibility into those decisions is that those
choices are often regularly heavily vetted by security, legal, and engineering
resources.

1
[https://github.com/michenriksen/gitrob](https://github.com/michenriksen/gitrob)

~~~
tekklloneer
tldr ill get in trouble if i use kite at work :(

------
inputcoffee
Where are the Instructions?

okay, so I am excited about this, don't mind some code in the cloud, but I am
having trouble with a quick start.

Downloaded it, had trouble launching it (expired certificate).

Once I did launch it there are no instructions.

I went into the tray and went to settings. It was trying to map my WHOLE USER
FOLDER.

I turned that off, and whitelisted a smaller folder for it to use. Set up a
small test python file. Opened up a sublime file.

Can you include some instructions about how Kite is supposed to integrate with
anything? I see this cool video but it is not obvious how I am supposed to get
it to work for myself.

~~~
adamsmith
Hi inputcoffee, it sounds like you may have not been shown the install flow.
Maybe try uninstalling Kite through the Control Panel, redownloading and
installing again. (We had an Authenticode certificate issue that is now
fixed.) If you don't see the Kite onboarding flow, email me at adam@kite.com
and we'll figure out what's going on : )

Thanks for trying Kite. Would love you get you up and running!

~~~
inputcoffee
That worked. It is actually pretty easy once is works. Thanks.

------
atarian
How do I uninstall Kite on OSX? It seems you guys keep a Kite Helper and Kite
Engine process up that's impossible to quit out of and prevents me from
deleting the app.

~~~
alexflint
Sorry about this - it's embarrassing. We've been snowed under getting Kite
ready for launch and didn't want to touch the update mechanism right before
launch. We _will_ get this fixed ASAP.

In the mean time, check out [http://help.kite.com/article/6-how-do-i-
uninstall-kite](http://help.kite.com/article/6-how-do-i-uninstall-kite)

~~~
Msurrow
Yeah, that doesn't work for uninstalling. The helper and engine keeps
restarting when you quit them in step 2.

rm -rf /Applications/Kite.app then kill the engine and helper

Jesus, what a nice way to piss people off: 1. upload all code to cloud. 2. be
hard to get rid off.

~~~
vhold
Yeah I immediately tried to uninstall it after seeing it required a login and
had no preview functionality, and then immediately ran into the persistent
process problem. Any application that puts a service like that on my system
without my consent is blacklisted for life to be honest, there's no excuse for
something like that.

Later finding out it .. uploads your code to them.. it's really an insane
thing, I think it's such a huge invasion of your machine and your privacy it
should have been removed from the HN front page unless those facts were put
immediate front and center.

------
progval
Could you make your website not display a blank page if the browser has
Javascript disabled?

The content does not seem dynamic, so a simple HTML page should work.

~~~
andreashansen
Just out of curiosity, why do you have JavaScript disabled?

~~~
progval
General reasons for using NoScript: security (js sandboxes are not flawless),
privacy (brower fingerpring [1][2], Sniffly [3], ...), less CPU usage, less UI
bloat (modal popups, blinking stuff, ...; although I have to manually
whitelist some websites).

[1] [https://amiunique.org/](https://amiunique.org/) [2]
[https://github.com/ben174/hsts-cookie](https://github.com/ben174/hsts-cookie)
[3]
[https://github.com/diracdeltas/sniffly](https://github.com/diracdeltas/sniffly)

~~~
sedachv
Great summary. I recommend uMatrix
([https://github.com/gorhill/uMatrix](https://github.com/gorhill/uMatrix))
which has really good controls for toggling not just JavaScript but also
cookies, XHR, frames, etc for origin and 3rd party/cross-domain requests with
per-site settings. A lot of websites that need JavaScript will still work if
you enable loading of scripts from the origin domain but leave things like
Google Analytics, etc, from other domains blocked. uMatrix is also easier to
use and has a much smaller footprint than ad blockers.

------
devy
Just installed it but realized that our code cannot be shared to the cloud
with a 3rd party before I open it. So I am trying to delete/uninstall Kite.
Been wrestling with com.kite.KiteHelper for the last half an hour and still
couldn't get it off my laptop memory. Tried "killall", "kill -9" and force
quit from Activity Monitor. It kept reviving. And yes, I've check out the help
site and this article in particular, didn't help:
[http://help.kite.com/article/22-how-do-i-quit-
kite](http://help.kite.com/article/22-how-do-i-quit-kite)

Already disliking this software...

------
vitiral
Great, now uncle Sam knows everything I'm thinking while I program.

No thanks, I'd like to have SOME privacy. What I punch into my editor
shouldn't be public until I git push.

------
citruspi
Why are you encrypting my password (as opposed to hashing it)[0]?

[0]: [http://i.imgur.com/59VOotU.png](http://i.imgur.com/59VOotU.png)

~~~
alexflint
Oops! That message is a remnant of the distant past and does not correspond in
any way to what is actually happening under the hood.

~~~
jchung
In that case, what exactly is happening under the hood?

~~~
AtheistOfFail
Also, 55 character limit? What the fuck did I type in my Delorean this
morning?

~~~
axonic
nice and soft -.o

------
jameside
I'd be interested in trying Kite for JavaScript when it's ready. Most of my
company's code base is open source and we do a lot of open source work so Kite
could be a nice fit one day. Trying out Kite on our actual code base for a
week would be a real litmus test for me.

We're comfortable with sending our closed-source code to GitHub and our
secrets to Google Cloud and AWS so I can see a path towards being more
comfortable with uploading code to Kite as well. Some guarantees around
privacy and the ability to delete our code and derived data could help assuage
concerns.

In the meantime, perhaps you could highlight that the code uploading is opt-in
on a per-file or per-directory basis (though one issue with this is that our
open-sourcing system allows for private subdirectories within public parent
directories and we'd want finer control)? I'd feel good about having clarity
around what's uploaded and what's kept local.

In any case this seems really cool for open-source projects to start with. I'd
definitely give the JavaScript version a try. And do you think you could add a
VS Code extension?

------
bartkappenburg
Just an honest (legal) concern:

Is stack overflow ok with having their answers inside an IDE? This decreases
the number of pageviews on SO for each installed client. Is that something you
guys checked?

~~~
nostrademons
StackOverflow comments are Creative Commons, with the code licensed under MIT:

[http://stackoverflow.com/help/licensing](http://stackoverflow.com/help/licensing)

[https://meta.stackexchange.com/questions/272956/a-new-
code-l...](https://meta.stackexchange.com/questions/272956/a-new-code-license-
the-mit-this-time-with-attribution-required/272960)

Both are attribution-required.

------
AstralStorm
In the meantime, get your code grabbed by major companies writing search
engines.

Good luck with privacy.

Bonus points for accidental license violations.

------
jentulman
Has your cache/proxy fallen over? I'm getting a 404 for the base domain

404 Not Found

Code: NoSuchKey Message: The specified key does not exist. Key: index.html
RequestId: 759C55C7EA94F7D8 HostId:
2i2HH8A3vp5KFvhHhHeoQ+6AiFL/kjd5iByJy6Ouo/pbKwE2xaKP8Es4SU3//1/P7M/5KWJXQv8=

~~~
alexflint
Thanks - we're investigating. Seems to be working in most places but there may
be an edge node out of line.

~~~
lurker456
same here, from Sweden

404 Not Found Code: NoSuchKey Message: The specified key does not exist. Key:
index.html RequestId: 7928D2D3EE5313F6 HostId:
2iAqS6E1PciR/++frE0wVXo/jlBhK24kopo93WRvVieuepmCctk1v+m+yOAIZZz1q5qIA6HVH9w=

------
simplehuman
Why so much concern about the code ? GitHub, Travis all do the same...

------
welder
Useful HN Discussion from the original 1.0 launch:

[https://news.ycombinator.com/item?id=11497111](https://news.ycombinator.com/item?id=11497111)

------
tedmiston
Congrats on the launch! As any early beta user on public code, I was really
impressed by Kite and my only concern was ability to use it on private
codebases ie, work code. Glad to see that you've addressed that.

Does the Sublime integration support packages installed in the current virtual
environment (that might not be publicly available)?

Aside: The pricing page is broken on iOS.

------
chinathrow
Congrats on the launch.

Did you address the issue which came up multiple times last time when this was
on HN about cloud indexed code by default?

------
sidmitra
The Linux version isn't available still.

Is it just on HN or are there very few people now who use Linux as their main
dev machine? With some of the build quality of the new Dell Machines I would
have assumed any dev tool would be Linux first, since almost everyone is using
some form of 'nix on the servers.

I've never had much trouble installing the latest Ubuntu on any of XPS
series(except the 'suspend' feature is weird).

EDIT: nvm i see from another comment that the Linux version is in testing. But
still weird to see Mac devs outnumber Linux ones(or maybe they're just a vocal
minority :-) )

------
Philipp__
Looks really cool. Anyone tried to see how it integrates with Emacs?

------
madisonmay
How close are you to a linux release?

~~~
alexflint
Really, absurdly, ridiculously close. Like so close we almost delayed launch
so that we could get it in.

------
Sir_Substance
Interesting project. If I look at one of your code examples/snippets, realize
that's exactly what I need and copy it verbatim, where does that leave me,
legally?

~~~
alexflint
Great point. We need to address this. Right now the examples are written and
owned by us (Kite), so you would technically be in uncertain legal territory
(depending on whether fair use was applied per-example or per-page). We will
change this to make it crystal clear that copying examples is allowed.

~~~
Sir_Substance
Sounds good to me!

------
li4ick
No GNU/Linux support? Well, remind me when you do.

~~~
rwallace
You can ask that on their website: enter your email address along with your
operating system, language and editor, and it'll let you know when support for
that combination is added.

------
jd20
On the pages for plugins (like Atom, Sublime, etc...) you might want a simple
"how to install". Took me several minutes of confusion, to realize I should
open up Atom and search for Kite from there. I kept thinking there should be a
download link for the plugins, before remembering that's not how editor
plugins get installed these days :)

------
pkrefta
Are there any plans to support Vim/Neovim ?

~~~
taraku
Tarak from Kite here. Kite already supports vim/neovim on macOS with the Kite
Sidebar!

~~~
spditner
Seems to only hook MacVim and it's companion console version, but not the
system vim. Is there a .vimrc setting to ensure it's always activated?

------
theSoenke
This seems really great on the first look, but uploading the code is a real
issue. It is basically a keylogger

------
shultays

      Most Popular Articles
    

and the first one

    
    
      How do I uninstall Kite?
    

I guess I will pass

------
slang800
Has anyone tried building something like this, but doing the analysis locally
and just pulling from a documentation repository like Dash? I don't like the
idea of uploading my code to their server, or using a proprietary tool, but I
really want documentation lookups in my editor.

------
tweakz
More information here: [https://venturebeat.com/2017/03/28/kite-a-cloud-
powered-deve...](https://venturebeat.com/2017/03/28/kite-a-cloud-powered-
developer-environment-takes-flight-on-windows-and-mac/)

------
axonic
Dear Kite, I really love this idea, but _hell_ no I'm not using it yet. Here's
why... I'll cut to the point here, so please forgive the bluntness as I mean
no insult or accusation, just honest criticism, and I'm gonna try to cover a
lot in as small a space as possible.

There's not even a mention on kite.com about how data is handled that I can
find anywhere. What is the method of transport? What stands between skids and
my code? The server my data goes to, is it shared VPS hardware waiting to get
pwned by your neighbor, xtremecrackz.zyx or is it on private servers guarded
by a three headed puppy named Κέρβερος, 13 ninja, and biometric security? Does
the page even mention this _is_ a cloud service somewhere? I see support for
VS Code, but not MSVS proper, emacs but not specifically GNU/Linux yet; Mac
support but not Linux in spite of at least $4M USD in seed and 3 years of
development (source: crunchbase [1])? The Windows download page gives
instructions for bypassing SmartScreen warnings meaning your code signing
certificate has no reputation with Microsoft yet if I understand correctly.
Frankly, I didn't think "Adam Smith" was even a real person until I checked it
out. LOL, sorry bro but it sounds kinda generic to someone skeptical I guess.
Maybe you assume trust since you travel in the circles you do, but we nutjobs
like stuff in writing, and trust assumptions without verification are bad
practice anyhow -.-

(on trust) Your investor who may or may not provide the same or similar "Kite"
software discussed in GCHQ leaks as a "correlates-anything" solution, Palantir
Technologies, has been standing in the suspiciously shadowy center of a
maelstrom in some circles. I like them supporting our warfighting - but not
working against the people of the United States, or anyone's civilians for
that matter, however that's an argument for the agencies they contracted with.
I've watched my brothers bleed out defending the rights their software has
helped undermine, I'm not sure how to feel about them at all right now. Do I
want to give my code to their creepy software? No, not really, since I'd have
to consider that if they got a contract they might, without even knowing the
end use, build software to guide Terminators to hunt down and kill civilians
who write bad code or wear plaid socks. Seriously though: eyebrow raised.

(advice) I would add more clear information about how this all works. A link
to security answers should come up before the footer IMO, given the nature of
this product. Going out of my way to look for it, I guess it seems like
security was an afterthought. I can appreciate your blog post about security
[2] and the main security page which links to that article (merge these?), but
they fail to answer almost all of my questions. They imply that the service
isn't really ready for the spotlight, but do not explicitly say anywhere to
safeguard sensitive stuff or not to trust everything just yet, but it seems
softly implied to me.

(bigFoilHat) This might sound far out to some, feel free to ignore or laugh,
but if I were an evil puppet master, I'd have my cybersecurity and
intelligence contractor who provides access to mission critical software or
monetary capital for a startup attempt to leverage this relationship to gain
information about code in the wild and specific targets' code using this
service, perhaps to have software look for opportunities to steal parts of
keys, suggest code changes to enable exploitation, forward copies of code from
persons of interest to investigators. I might ask them to approach them as
patriots in the interest of the GWOT and all things decent, to tacitly and
deniably or perhaps even expressly cooperate with legally and morally grey-
area surveillance operations. Perhaps if there is no cooperation or just to
keep it quiet, I might suggest they infiltrate Kite.com and gain the ability
to intercept data clandestinely by using their trust and rapport with company
leadership. "Plz send all code to spies and disable security stuffz kthxbai" I
can weaken my own PRNGs and send copies of my code for spooks to analyze by
myself without assistance thanks. Again, I'm attempting to honestly
characterize how it makes me feel, just sayin'. I simply have no way to even
fool myself into thinking I can know what goes on with my data after it leaves
my PC. How do I even build rules for my firewalls? What are the parent
processes which need communication, on which ports, using what protocols?
Which servers will it upload to? Can we blacklist certain destinations by
region or other attributes? I think you need a more robust explanation on the
site before us crazy people are satisfied.

(bigFoilHat Q) HN: what say you, am I just being paranoid here in thinking
that users' analyzed code may end up being displayed on an alphabet soup
agency wiki somewhere along with download links for tools to suprisebuttsecks
us being passed out to every malware hoarding contractor who accidentally
skated past the SF-86? Maybe I'm just having a bad bout of Stallman Syndrome.
One might argue "99.99% of users' code will be useless fluff and bizcruft, who
cares if they copy my der.py code?" but finding that 0.01% relevant signal in
the noise is exactly what Palantir does for customers, isn't it? So how can I
flippantly dismiss the notion?

(Q) Do you sell, gift, trade, share, or otherwise disclose or make available
knowingly any information about users' personal data or source code, even if
anonymized or generalized in reports and detached from identifying
information, to other parties? Can/will/do these parties include your
investors? Does Palantir Technologies store, use, or have access to at any
time, our source code or any information about it or ourselves?

That said, it sounds cool as phrack and I would love to see this in many
languages and editors, but only if it can be trusted somehow. I'll be watching
and investigating, thanks for sharing this on HN,

-Ax

[1] [https://www.crunchbase.com/organization/kite-
com/](https://www.crunchbase.com/organization/kite-com/) [2]
[https://kite.com/blog/thoughts-on-security](https://kite.com/blog/thoughts-
on-security)

Please correct anything I am mistaken about, I admit I could be completely off
the mark here.

------
michaelmior
> it has twice the documentation coverage of any other tool.

Curious how they could possibly quantify that.

------
ezekg
Looks awesome. Congrats on the launch! I'd pay for a Ruby/Rails version of
this.

~~~
alexflint
Great to hear - we'll be there soon :)

------
js8
I wish I had something like that for Haskell.. it could work by expected
return type.

~~~
m-j-fox
Haskell offers unreasonably featureful tooling like hoogle and codex but at
the same time lacks basic editor integrations even in emacs which is supposed
to be the premiere editor.

Getting a good setup is something I can't do twice. What fork of ghcimod do I
need this week and how many CPUs will she be pegging?

------
Scaevolus
Does this have anything to do with Kythe, "a pluggable, (mostly) language-
agnostic ecosystem for building tools that work with code"?

[https://kythe.io/](https://kythe.io/)

------
turtlebits
The documentation font for me is way too small, any way to make it bigger? You
can see my IDE font size on the left.

[http://imgur.com/a/4B2GB](http://imgur.com/a/4B2GB)

------
bryanapperson
This would be nice... however it does not work unless you upload your code.
Code upload should be optional and only for enhanced functionality within your
code base.

------
nikhil13
I have been using it on sublime. After adding kite is has started lagging, a
lot. And that's when I have quite good configuration in my laptop. Hope you
look into it

------
partycoder
This program uploads your code to a central server.

Please flag this submission.

------
stevemk14ebr
Do C and C++ and ill pay

------
ayuvar
The built-in examples for method use are a really cool feature. I hate having
to jump to MSDN, etc just to find an example snippet when the argument
comments are unclear.

~~~
jtraffic
Yeah, I love the examples too. Where do they come from?

I think allowing users to submit code examples could dramatically increase the
value. Maybe even microservices.

The ideal (and perhaps impossible) version would look at my code structure and
suggest replacements for components from people who are better programmers
than I am.

------
craigds
I'd love to try this out, it looks amazing. But it's just not acceptable to
send all the code to the cloud.

I'd love to use a self-hosted version though.

------
AdamTheAnalyst
Upload all my code to your cloud first.... erm, hell no - uninstalled.
Enterprise wont use this at all, way to big of a risk.

------
hollander
Little Flocker and Little Snitch nightmare, this is.

------
nuggien
not sure if this has been thought of before but why don't you just have kite
cloud index open source and public code, and then have a separate local index
for the user's project code. That way, autocompletes/help/doc searches first
the user's project index (local), and then search the kite cloud for
public/opensource code index.

------
invokesus
Not working behind a http-proxy. Dealbreaker for me.

------
partycoder
Dash (Mac OS X), Velocity (Windows) and Zeal (Windows/Linux) do something
similar. There are plugins for various editors.

------
CopyZero
This looks great. Any plans to support notepad++?

------
jnordwick
I love the ideas in the search, and would definitely buy, except...

I work in finance, and source code in the cloud could get me some prison time.

------
falsedan
> _Your connection is not secure_

SEC_ERROR_UNKNOWN_ISSUER

~~~
falsedan
Ah, it's being blocked by work's OpenDNS malware detection…

~~~
falsedan
[https://domain.opendns.com/kite.com](https://domain.opendns.com/kite.com)
doesn't show any unusual categories, we might be pulling security blacklists
from another source.

~~~
falsedan
Yeah, we special-cased it because we're not comfortable with company IP being
shipped offsite and potentially shared with other programmers.

~~~
brianorwhatever
sounds like someone at your work is doing their job well

------
replete
Looks awesome but there is no way in hell I'm uploading my code to your cloud.
Instantly violates NDAs.

------
gigatexal
The website isn't intuitive on mobile. Do you have to do something special to
get the Java client?

------
bcherny
Awesome work! Any chance you can add TypeScript to the "Vote for a Language"
menu?

------
jMyles
Does the cloud connectivity requirement mean that kite cannot be used offline?

------
saikouzen
just a blank page for me:
[https://drive.google.com/open?id=0B_fqMwJbAXzURzRTWlNhN25INW...](https://drive.google.com/open?id=0B_fqMwJbAXzURzRTWlNhN25INWc)

------
plazma
This makes me learn python. Any plans for javascript and Vim plugin?

------
otto_ortega
I hope they add support for Php7 soon. Seems like a very useful add-on.

------
peternicky
What is the timeline for rolling out JavaScript support?

------
fuzzythinker
Is support of 10.9.x (Mavericks) on the roadmap?

------
gigatexal
Been waiting for this! Stoked to try it out.

------
xxcode
Whats wrong with a Google search?

------
alexnewman
Seems down

------
nikolay
The sidebar is way too obtrusive!

------
karsinkk
I just spent an awful amount of time trying to uninstall Kite. There were two
background processes: Kite Helper and Kite Engine Which showed up on Activity
Monitor,and I could never get them to quit, each time I killed a process with
the PID, a zombie would spawn up with a different PID. Eventually I killed
them both by removing the Kite packages from the Cache in library, emptying
the trash and then restarting my machine.Phew! Not to mention the slow
autocomplete suggestions in Sublime Text 3. I think I'll just stick with my
old setup.

