
Kite Responds to the Minimap and Autocomplete Issues - adamsmith
https://kite.com/blog/responding-to-minimap-autocomplete-issues
======
ivanbakel
An apology that starts with 4 paragraphs of self-congratulation is not a real
apology at all. Nothing of the article reads as being genuinely regretful of
the strategies taken - it's just sorry for being caught.

>Unfortunately, while trying to make programmers’ lives a little less
complicated, we instead made them more complicated.

Barely an admission of guilt, and even that can't get past without patting
themselves on the back for the noble cause they 're profitably working
towards. Yes, Kite, your pay-for service clearly has my best interests in
mind. I forgive you for being too stupid to grasp your superior approach. How
about actually finding fault with hijacking projects for advertising in the
first place?

~~~
fooey
Buying a popular addon with the express purpose of subverting its original
intent for commercial monetization seems like it should be against Atom's TOS

This instance is razor thin close to being malware

What's to stop the next enterprising company from intentionally uploading all
your code to their servers? Modifying your code? Or holding your code hostage?
Atom has git support backed in, so how likely is it an addon could inject code
and commit it without you ever seeing that it happened.

Atom's automagic update approach to addons can't survive this kind of
exploitation. If I have to re-vet every addon every time there's an update,
their entire ecosystem just turned to shit.

Do we need virus scanners for Atom packages now? An addon that scans repos to
see if the primary contributor suddenly changed?

~~~
codezero
Picking nits I think you mean adware not malware. I think it's worth making
the distinction.

~~~
emsy
Giving ad networks tracking information of your editor usage and possibly
access to the code you're working (which they didn't do, but the original
statement was 'close to being malware') on is beyond mere adware.

~~~
codezero
Adware always had telemetry. But I get your point. Let's call it spyware then
if we think companies might use our source as a consequence. I find it highly
unlikely but admit it is possible.

------
mrkgnao
The clear dark pattern here should also have been addressed: Kite is listed
with all its shiny features, whereas the alternative simply gets called
inaccurate and incomplete. Local analysis does have some clear advantages over
Kite, even excluding important privacy concerns. What if you're offline or are
in an area with poor network coverage?

[https://kite.com/static/media/autocomplete-python-
flow.690d3...](https://kite.com/static/media/autocomplete-python-
flow.690d3185.png)

The use of dark patterns is more of a policy/"culture" thing that people won't
exactly "knock" (although there was a comment on the HN thread last week about
this) or demand the removal of, but it does speak to how Kite is willing to
operate, not just pre-minimap fiasco, but going forward too.

Edit:

The link to the PR in the post isn't the point here, it's the propensity to
write misleading copy targeted at thousands of devs who had never heard of
Kite that went unaddressed. Open source is extremely trust-based (how hard was
it to believe that a text editor plugin of all things was doing funny
things?), and Kite needs to talk about whether it will continue to behave as a
potential bad actor.

Right now, all the post contains is an apology for a PR fiasco that occurred
due to something akin to a miscalculation, not a deliberate onboarding
strategy.

~~~
bencoder
[https://github.com/kiteco/kite-
installer/pull/50](https://github.com/kiteco/kite-installer/pull/50) was
linked from the post, but it's not merged

------
avaer
> Let’s be clear: the absolute last thing we wanted was for someone’s code to
> get synced to our servers without their knowledge.

I don't buy it. The UX was dark-patterned to enable this very thing, and this
reads like damage control when it's clear it wouldn't fly under the radar.

If it were the last thing Kite wanted, there would be a big warning that this
option uploads your code to their servers. Or some mention of the upload at
all. Or it wouldn't be the foundation of Kite's business.

~~~
zokier
> Or some mention of the upload at all

The image they show in the post shows that they were fairly clearly saying
"Where enabled, your code is sent to our cloud":

[https://kite.com/static/media/autocomplete-python-
flow.690d3...](https://kite.com/static/media/autocomplete-python-
flow.690d3185.png)

Sure, it is not exactly hilighted there, but I wouldn't say that they were
trying to hide that either.

~~~
orclev
As a third party to this debacle, all I have to go on is the comments people
have made, but a few of them have asserted that that language was added later
on and some initial versions of this change either outright lacked that
warning, or else used styling tricks to make it difficult to notice. I lack
the time and/or motivation to go digging through the commit history for that
plugin, but maybe someone more enterprising could do so and verify if that
warning was always present and presented in such a visible fashion.

~~~
Rantenki
It's been in there for quite some time, and there have been a variety of
commits that carried some variation of the same "we analyze your code in the
cloud" message:

[https://github.com/kiteco/kite-
installer/commit/c52c5daa672c...](https://github.com/kiteco/kite-
installer/commit/c52c5daa672c5887b312e99c7d8cdd390174c9f8)

Taking over the minmap autocompletion projects and adding these features still
feels a bit sleazy, but the installer was honest about how it worked.

------
tradesmanhelix
> Staying Open: Kite Responds To The Minimap and Autocomplete Issues

I have two problems with that title:

1) Implies that you were open in the past, which Kite really wasn't, and 2)
"Issues" is an understatement and borderline misleading. A more accurate term
might be "debacle".

> Kite has been knocked around in social media (and the actual media)

"Knocked around" \- sounds like victim language to me. You weren't knocked
around - you were:

1) Caught red-handed, 2) Called on the carpet for your deceptive and bad
business practices, and 3) Lost reputation and standing because of the choices
_you_ made.

If anything, it was you, Kite, who "knocked around" millions of minimap users
by your irresponsible and unethical actions. In fact, reading the Github issue
thread, it looks like your actions may have cost Atom some users.

Shame on you guys. The backlash wasn't anything that Kite's actions didn't
warrant.

> How did we get ourselves here? We started Kite with the idea that machine
> learning....

Please don't attempt to turn your apology into an advertisement for your
business. Maybe that's not what you intended, but that's how it reads to me.
I'd feel better about this blog post if it talked less about how awesome Kite
is and more about how awesome the open source community that held you
accountable is.

\-------------

While I appreciate that Kite is (somewhat) owning up to its mistakes, I'm
concerned that, had there not been such a vocal community backlash, Kite would
never have self-corrected this move.

I think hiring a Community Manager is a step in the right direction for Kite.
Hopefully, he/she will work with the open source community to tell anyone else
who tries to pull these types of shenanigans to, "Go fly a kite." [1]

[1]
[http://idioms.thefreedictionary.com/Go+fly+a+kite](http://idioms.thefreedictionary.com/Go+fly+a+kite)!

------
muglug
> As we considered our options, we had a novel idea: buy an open source
> plugin, reward the author for their work, and expose new users to Kite.

That’s the root of the issue. Someone built a well, and offered its water for
free to the community. Theirs was a good-faith effort that you subverted when
then you paid the maintainer to help you turn people who came to the well into
customers.

I don’t understand how you didn’t see that as problematic from the outset – at
the very least, you could have first created an open API (akin to LSP) where
others could add their own Kite-like service. That would have respected the
spirit of open sourcing.

------
jdiaz5513
At companies like my former employer, developers were given the power and
responsibility to vet their own tools. Despite somewhat strict compliance
needs we were able to allow junior developers to customize their own IDEs and
plugins, since personalization is crucial for productivity. One of those
compliance needs was, crucially, that _source code in its full form must not
leave the developer's machine except en route to the git repo._

We were comfortable with this posture because the Atom/Sublime/VSCode plugin
ecosystem has largely been dominated by honest OSS projects, especially the
most popular ones. Thanks, Kite, for ruining that for everyone. I will now
personally vet every plugin that my junior devs install from here out thanks
to your example.

~~~
conradk
We've seen it happen before though:
[http://www.infoworld.com/article/2929732/open-source-
softwar...](http://www.infoworld.com/article/2929732/open-source-
software/sourceforge-commits-reputational-suicide.html)

This problem applies not only to editor plugins but all sorts of things
nowadays: npm packages for Node.js devs in particular seem like a great way to
get viruses, given how hundreds of dependencies get pulled in, sometimes to
save 2 or 3 lines of code. Here is an example in the Node package for Postmark
(an email service provider) which had a dependency for literally 4 lines of
code:
[https://github.com/wildbit/postmark.js/pull/14/files](https://github.com/wildbit/postmark.js/pull/14/files)

As developers, we need to be willing to reinvent the wheel when needed,
instead of blindly installing dozens of 3rd party packages. And we should vet
things we install no matter what.

~~~
thisacctforreal
to be fair with that specific example, they changed from a purpose-built
function, to a shell call including (albeit extremely simple) text parsing.

I'd generally prefer not to have the git(1) incantation hanging around in an
unrelated function.

~~~
conradk
The dependency "git-rev" uses a shell-call too, so this PR doesn't change much
apart from removing the dependency itself.

Here's the original code from the "git-rev" package:
[https://github.com/tblobaum/git-
rev/blob/master/index.js](https://github.com/tblobaum/git-
rev/blob/master/index.js)

------
phreack
The main problem here is one of trust. If you're going to share your code with
a third party like Kite, even without getting into the possible legal issues
involved, you have to be damn sure you trust the company. Kite's culture has
already shown to be deceptive, and these actions are really not drastic enough
to imply they're committed to change.

------
hendzen
Guys it's not OK to just hijack open source projects. You need to make (or
fork) new plugins specifically for kite, not hire a bunch of developers of
popular autocomplete plugins and have them shadily change their plugin to use
Kite as a completion engine.

~~~
holtalanm
they didn't. they just had them add _support_ for Kite. It was up to the user
to enable it. I'm failing to see the issue here. I mean, yes, their UIs needed
work, but they admitted to that mistake and have since fixed it (according to
the article).

Your comment makes me think this is more of an open-source lynch mob rather
than someone looking at this objectively.

Company needs users. Plugin has users. Plugin does things company's flagship
product _could_ do (and it is _free_). Company reaches out to Plugin developer
and they come to an agreement to add support for the flagship product into the
Plugin, but the new support is _not_ enabled by default.

Wherein lies the problem?

~~~
rhizome
"Lynch mob?" Really?

~~~
Grue3
There was a guy calling for a communist-style "purging" of anyone involved
with this company in the last thread. I think you're underestimating how mad
people get about free plugins for their (incredibly bloated and inefficient)
code editor.

------
c17r
> We’re on the HN homepage, with 900 upvotes, and passionate comments. All
> great, except for one thing: we are the scourge of the internet. How did we
> get ourselves here?

Well it's not surprising, is it?

From the outline article:

>> Then he blew this reporter off. “I apologize in advance that I can't answer
any further questions,” he wrote. “I need to focus on other parts of the
business, including continuing to improve the product for our users, and
conflict like this is always doubly distracting.”

------
mort96
Fuck Kite. This is obvious damage control after the backlash of their severe
betrayal of the open source community. They’re not sorry they did what they
did; they're sorry they got caught.

The title “Staying Open” is so full of BS it hurts.

~~~
jethro_tell
Retroactive 'Openness' is not open. Openness is when you let us know before
you do shit like this, not after you're caught.

------
free_everybody
As others have pointed out, the key issue is that Kite thought it was a good
business practice to ask a hired open-source developer to integrate Kite ads
into their heavily used projects. They wanted a shortcut to users at the
expense of open-source ethics.

Yes, open-source developers should get paid. But if they take this route, they
may lose credibility within the community.

------
dmitrygr
I interviewed with Kite a number of years back. From that experience, I am
_entirely_ sure that they really had no malicious intent with any of this.
That being said, I did tell them that IMHO they were severely underestimating
the privacy concerns of developers. Looks about right.

~~~
bauerd
They had no malicious intents? Like in they had no intentions of hiring open-
source maintainers, taking over their codebases and quietly injecting their
product?

Point is, if we don't consider this sort of behaviour malicious then we can
expect to see this more and more often.

~~~
eridius
Whether or not we consider this behavior to be malicious has no real bearing
on whether they had malicious intent. I'm sure they think that adding Kite
support to these plugins is great for everybody. But they have different
priorities and opinions. I can easily accept that they had no malicious
intent, but simply failed to realize that other people would feel differently
about the changes they made. And that's definitely a problem, they should
absolutely have realized that they were doing something people would not like.
But when you're excited about your own product it can be hard to recognize
that other people aren't.

Don't get me wrong, I think they're absolutely in the wrong here. I just also
think it's important to understand motivations and reasoning instead of just
attributing everything to malice. Otherwise you can't prevent this from
happening again.

------
EgoIncarnate
The updated dialog still feels kinda slimy ([https://github.com/kiteco/kite-
installer/pull/50](https://github.com/kiteco/kite-installer/pull/50)). It
makes no mention that search and usages are paid add ons
([https://kite.com/pro](https://kite.com/pro)).

------
hsod
I generally think HN'ers are too quick to boycott, but this seems like a level
of malicious action that will be very difficult to recover from, both for Kite
and it's principals (including the maintainers who sold out their user base).

Taking over an unrelated open-source project and attempting to monetize it's
users (without being _very_ open about what you're doing) is unethical in and
of itself.

Using dark-pattern UX to manipulate those users into making poorly-informed
decisions is even worse, and doing it in a way that potentially violated
privacy and confidentially expectations is even worse than that.

I admire the commenters here who chalk this up to an honest mistake, but my
viewpoint is a bit more cynical than that. The most likely truth is that knew
what they were doing, knew it was wrong, and did it anyway because it
benefited them.

Now they come out with a self-congratulatory crisis management non-apology
which seeks to minimize their bad actions at every turn. I'm not buying it.

------
nostradamnit
We're sorry? start by changing this

[https://github.com/kiteco/atom-
plugin/blob/master/LICENSE](https://github.com/kiteco/atom-
plugin/blob/master/LICENSE)

Copyright (c) 2017 Manhattan Engineering, Inc - All Rights Reserved

Reproduction of this material is strictly forbidden unless prior written
permission is obtained from Manhattan Engineering, Inc.

~~~
gus_massa
From "Update LICENSE" (2017-01-13) [https://github.com/kiteco/atom-
plugin/commit/fc1b1ab6efafcd4...](https://github.com/kiteco/atom-
plugin/commit/fc1b1ab6efafcd426787ac99ebd10407aa9ac071)

> _-The MIT License (MIT)_

> _+Copyright (c) 2017 Manhattan Engineering, Inc - All Rights Reserved_

> _-Copyright (c) 2013-2016 Kite & contributors._

> _-_

> _-Permission is hereby granted, free of charge, to any person obtaining a
> copy_

> [...]

IIRC this is perfectly legal with the MIT license. But legal doesn't mean
community friendly or a good idea.

Edit: Ups. I forget:

> _-The above copyright notice and this permission notice shall be included in
> all_

> _-copies or substantial portions of the Software._

------
sboselli
Not buying it at all.

How does the announcement of Kite Enterprise (twice!!) fit within the supposed
"apology"?? It has absolutely nothing to do with either project.

It's ironic actually. Within their "apology" they are doing the EXACT same
thing they are apologizing for: sneaking in some more advertising of their
products.

This is one disgusting company.

------
karpest4
Just in case someone here didn't already say this:

 _Do not use Kite_.

It's software that was made by people who are fine uploading your code to
their servers. The kind of people who should be out of business as soon as
possible.

------
logicallee
This comment is very sightly off-topic for this story, but 100% on topic for
HN, and so many people might find it useful that I feel compelled to write it.

The first link in this write-up is to this story which gives the background:

    
    
      https://theoutline.com/post/1953/how-a-vc-funded-company-is-undermining-the-open-source-community
    

And I wanted to draw attention to something remarkable from that write-up.
Without any irony, completely straight-faced, the writer nonchalantly included
the line:

    
    
       >Although Kite has no business model yet, it’s widely
       >thought in Silicon Valley that having users is the
       >first step toward profitability.
    

The article had introduced the startup as:

    
    
       >a $4 million venture capital-funded startup
    

That's not a valuation but the size of the round.¹ The title and subtitle of
the article are:

    
    
       > How a VC-funded company is undermining the open-source community
    

and:

    
    
       >A San Francisco startup called Kite is being accused
       >of underhanded tactics.
    

Now what I wanted to bring attention to in this comment is the fact that it is
possible to nonchalantly mention that a startup has no business model, and is
a $4 million VC-backed business, but this tells you nothing about the startup:
except that it is based in Silicon Valley/San Francisco.

I really want to emphasize this geography to you, because people here are
skeptical.

We had a recent article here on "Ways a VC says no without saying no". One
person wrote ², in complete denial:

    
    
       >a few years ago when trying to raise a Series A. We
       >were getting the "location" excuse over and over. It
       >usually went something like, "we love what you are
       >doing, and we would probably invest in you, but your
       >location is a non-starter for us." The truth, as was
       >illuminated to me during, is that they just aren't
       >interested. If you were a compelling enough business for
       >the investor, your location would not be a factor. If
       >you can prove that you are succeeding in your location,
       >then the location obviously isn't an issue.
    

VC after VC after VC mentioned the exact words "your location is a non-
starter" but this person is in denial.

I wanted to use this story to illustrate that you do not even need a business
model in order to raise money in Silicon Valley/San Francisco. It is there in
black and white and without comment, mentioned off-hand in a story about
something different. Memorize these fourteen words. Memorize these words now:
"A San Francisco startup"; "$4 million venture capital-funded"; "has no
business model yet."

Just memorize it. It is the difference between the success and failure of your
startup and if you read this comment carefully and take it to heart, this
comment can become the most important one you will have read in the past five
years.

¹ [https://www.crunchbase.com/organization/kite-
com](https://www.crunchbase.com/organization/kite-com)

²
[https://news.ycombinator.com/item?id=14815785](https://news.ycombinator.com/item?id=14815785)

~~~
falloutx
VCs really need to look in the mirror. We often say on the internet that
Innovation can come from anywhere, but VCs don't believe that at all. VCs are
only interested in funding their friends living a few blocks away or some
college kids living in NYC or SFO. VCs are the only people who can help in
spreading the wealth around. Why not fund a startup in Des Moines or
Harrisburg. That would help grow those cities and also reduce the stress on
cities like SFO. Also it would save valuable money for the startups as those
cities cost far less.

------
danso
It is nice to see a more extensive explanation, even as the motive is to save
face. But the apology, like the incident itself, feel like symptoms of a
flawed strategy.

> _How did we get ourselves here? We started Kite with the idea that machine
> learning could help eliminate the repetitive parts of programming. We spent
> three years building the initial product - and it works. Our software has
> really great completions, conveniently sorted by relevance instead of the
> alphabet, among other features that are proving useful to coders._

> _We’re proud of the tools we’ve built - the problem we faced was finding a
> way to tell potential users about the thing we created. As we considered our
> options, we had a novel idea: buy an open source plugin, reward the author
> for their work, and expose new users to Kite._

Many eminently useful plugins and software have been able to endear themselves
via word of mouth and user happiness; Homebrew, Bootstrap, and Atom come to
mind. And plenty of programmer-optimized software can even charge good money,
such as Textmate and PyCharm.

Advertising isn't a bad way to get exposure, but yeah, I do agree that Kite's
approach was " _novel_ ". It'd be as if the official CDN version of React
wrote console messages about how great Instagram's new Snapchat-like features
are. Even if Kite's injection of self-promoting code into a popular plugin was
harmless, it felt exactly like the kind of shady tactic that people cynically
suspect user-data-in-the-cloud companies to partake.

The critique of Kite was not the only Kite-related article to get a huge
number of HN upvotes; Kite's initial announcement and a followup about Python
features got 1,138 and 553 upvotes [0] respectively. That (plus the VC funding
and connections you already had) is enough to get a critical mass of interest.
If Kite hasn't gotten the desired userbase a year later, advertising isn't the
solution. In each of those HN discussions, as well as on Reddit, the primary
concern was the cloud hosting of code. Maybe it is impossible for Kite to be
full-featured as a locally-hosted product, but most users seemed unconvinced
because they were apparently unable to see the value of Kite over what offline
IDEs are able to do.

Kite's response shouldn't have been "the same concerns were raised for tools
like Dropbox and Github [which]are now used without hesitation" [1], but to
focus on a minimal viable local product that would become popular enough to
have the same kind of trust/popularity that Github and Dropbox earned (hard to
imagine either being successful if not for their generous free plans).
Undertaking a strategy that re-emphasized people's concerns about the cloud
and Kite's unclear privacy policies is just not a good look.

[0]
[https://hn.algolia.com/?query=kite&sort=byPopularity&prefix&...](https://hn.algolia.com/?query=kite&sort=byPopularity&prefix&page=0&dateRange=all&type=story)

[1]
[https://www.reddit.com/r/Python/comments/4erjy4/kite_program...](https://www.reddit.com/r/Python/comments/4erjy4/kite_programming_copilot/)

------
emondi
So I guess this is the kind of thing that RMS wanted to prevent when he talked
against unofficial packages and repos in Emacs.

------
justinholmes
Hope these guys run out of funding

------
holtalanm
@OP: This will probably get ignored, but on
[https://kite.com/languages](https://kite.com/languages)

why u no Elixir support?

