If you're reading this Kite. I now have a negative view of your product. We cannot allow corporations to take over open source tools. Donating is perfectly fine and encouraged, but the above example is a downright take over. If you want another tool then create one, don't take over an existing one and use the communities trust of that tool to promote your product.
It took me months to get through to a human to get them to delete my code, including two emails to the CEO.
I like the idea, but there is no way I would use it after this experience.
That is why developers should be very careful what applications they install on the corporate computer and what cloud services they use.
> When you use our services, we may collect [...] Any source code files on your computer's hard drive that you have explicitly allowed our services to access. To learn how to control access to your source code files, please visit our FAQ.
The FAQ says
> Kite only uploads files that:
> 1. Have a .py file extension,
> 2. Are children of a whitelisted directory,
> 3. And are not ignored by a .kiteignore file.
That doesn't seem like "any source code file on your computer" to me - unless it whitelists root by default, which would be a hella dark pattern.
Also, removing a file from the local index should remove it from the server as well 
I was actually questioning myself when I realised what had happened -- I thought, "perhaps I just messed up". But after I saw this story about their other dark patterns, I'm convinced they just deceived me.
Seems similar enough to current version.
Easy to see very intelligent and circumspect people interpreting "where enabled" to mean "when I ask for autocomplete" and "your code" to mean "that specific snippet" because who the hell would actually think it's cool to just carte blanche upload other people's workspaces?
Maybe you are thinking only for your self. What about the majority of the users of minimap/(other hacked plugins) who doesnt know this is going on, and they are not aware that some files need to be deleted from someone elses server.
ps. i know "hacked" is not the proper term here ,but you get the idea.
I have zero faith this page actually works though. A few months ago I deleted all of my data and I checked back today and it has reappeared. (I uninstalled the client and deleted my login token back then too, so as far as I can see it's their issue.)
I have sent them a stern email to delete my data. If you want your data deleted too, I would recommend doing the same rather than trusting their web interface. None of the emails on their website seem to work, though. Emailing the CEO does work eventually, but I don't want to start a witch hunt. My email is in my profile if you want his email.
anybody has a list of infected packages so others can quickly remove with `apm uninstall ...`?
Now that doesn't make it any less shady though...
My assumption from that dialog box would be that at most, the code I currently have open in my editor would be uploaded. Not all the source code on my computer.
Edit to add: oh, wait, I misunderstood. It grabs all the code on your computer? That's crazy. I just meant it's not totally unreasonable to grab the whole git repo you're working in, say.
Even without that, basic contract law in many places requires a degree of mutual understanding for the contract to be valid in the first place. You can't just bury a surprising term with a huge effect deep inside a long legalese document and expect it to actually stand up in court, and if you're doing something dubious and relying on that as your defence then you might be in for some disappointment.
Maybe even corporate espionage.
Copyright infringement is not theft. These are two completely different issues. When data is copied it is not taken away from the owner like when physical goods are stolen. Secondary damages may or may not occur, but they are not the same as depriving someone of a good. As an analogy, I wouldn't steal a car, but I surely would copy a car if I could do so by simply pressing a button...
Legally, the word "theft" isn't only used when one party loses anything; a victim of identity theft doesn't lose their identity, yet we don't call it "identity infringement". I'm not familiar enough with US law to know for sure, but it wouldn't surprise me if the word "theft" is used somewhere for obtaining sensitive information without permission.
It's one thing to infringe on the copyright of a public work
Another, very different thing is to copy something that's not public and might be considered IP or a trade secret
This happens to be the one under which Kite would fall (since they're infringing copyright for "commercial advantage").
But that's about as unlikely as the code containing trade secrets.
- For copyright infringement, they'd need to actually redistribute the code. Using it for machine learning and distributing short snippets wouldn't be copyright infringement.
- For that trade secret stuff you'd need to prove intent.
IANAL, but I don't think so. In MAI v. Peak, the court determined that even loading a program from disk to RAM was a copy, and therefore infringing without a license. Congress has since then added a specific exception for "Machine maintenance and repair", but that's it. Copying from a remote machine and storing it in their disks should certainly qualify.
Unpublished code, is itself a trade secret. Even just the processes, procedures, organisation, tooling, library use, etc in the code provides a competitive advantage. i.e. The 'metadata' is also a trade secret.
The only intent you'd need to prove is that the accused is using the trade secret to the 'economic benefit of anyone other than the owner'.
It seems obvious that Kite is training a proprietary ML algorithm, with trade secrets, for their own economic benefit.
Obviously this would a be a terrible thing to do and no one should.
It didn't ask? Sounds like malware, and meets the definition of theft. Inviting someone into your house does not give them permission to steal things in your home, and leave with them.
I believe about every company that develops software has some clauses about what software is allowed to be installed on the corporate computers and who has to initial any request to install a new program on the computer.
I don’t know how much I agree with that statement in general. There are several major open source projects with corporate “control” – Mozilla, Google and Apple control/heavily influence Firefox, Angular and Swift respectively and there are probably a dozen others. The idea that corporations are “bad” is a tired trope. Some corporations are bad, some are good, some are in the middle.
But I agree with your actual actual sentiment though – corporate involvement in open source should be as benevolent as possible.
I don't think we need to bring morality to the discussion and complicate the issue.
Corporations are organized around profit, open-source is not. With only that in mind you can predict what will happen in most of the cases.
To put Mozilla, a not-profit, in this context, in the same set that Google and Apple is not fair, by the way.
All three of these statements seem like nonsense.
First, "Corporations are organized around profit".
No, they are legal entities, organized around articles of incorporation. These have a purpose statement. Often, those purpose statements are directed toward lawful business goals.
But you do not have to be.
Non-profit vs profit corporations can, quite literally, have the same set of purposes. The only difference between the two is what you can do with profits.
"open-source is not".
I'm not even sure what you are trying to say here.
Very large amounts of popular open source, is, in fact, produced by for-profit companies, and has been since the beginning of open-source.
The term was even created by a group of people at a for-profit company. So ....
"With only that in mind you can predict what will happen in most of the cases."
No, you can let whatever biases you seem to have stoke your imagination and prognosticate. You can't actually predict what will happen. There are plenty of happy, well functioning for-profit companies in open source that have been helping open source for many many many years. There are also plenty of non-profits that have harmed open source greatly.
It takes a lot of blindness to see this stuff as simply black and white.
Red-Hat main worry is to be profitable. That's is above any other concern.
You can be sure that, if their bottom line was threatened, they will be pushed, in order to survive, to change their business model and they will not be beyond behaving in a "bad" (but legal) way if they don't see other way around the problem.
If fact, we can argue, that Red-Hat management, being it a public company, is forced by law to do that.
You're acting as though nobody who works at Red Hat cares about the community which they worked with before they had a job at Red Hat. I work at SUSE, and I work primarily as a member of a community. If SUSE started mistreating their customers or the wider community I would quit.
I hope that if you found that your company was mistreating the wider community you would also quit.
My point is not that "all companies are good". I'm saying that making a judgement that "all companies will harm free software at the end of the day" ignores the fact that companies still need humans to work for them that do said contributions. Personally I find that many people who work in free software have quite strong ethics when it comes to things like this, but that's just my anecdote.
I have no idea how Red Hat or SUSE would act, maybe they would be an exception, and, maybe, very ethical workers could keep some companies in check.
In the other hand, I don't think that the idea of companies, in order to survive, will try anything (legal), should be so polemic.
I don't know where this view comes from, it was Stallman's goal from day one that it should be possible to have companies built around free software. The fact that my first job out of high school was working at a free software company should be celebrated as a huge accomplishment by the wider community. But it's not seen that way. I find it quite disheartening, because I've always been an advocate for free software and my job title doesn't suddenly change that.
I realise that you're not saying that (and so I'm sorry for the strong response), and of course we must question the motives of companies. But it's become a popular game these days to pretend as though everything that a free software developer does as part of a job must be part of a conspiracy to create a monopoly -- it's ludicrous and is quite grating.
I think people are interested in their basics, income, job, family before any other priorities.
Some people infact become so paranoid about this they may overlook even support unethical action as long as they are safe.
Surveillance, profiling and dark patterns by leading SV companies including Google, Facebook, Palantir etc composed of tens of thousands of engineers who may at one time have loudly proclaimed contrary values is just one example of this.
The comparison isn't as appropriate, as Oracle is a much bigger company, and is able to handle the loss of that many people in a better way. But the jist is similar.
That was the result, they tried to mistreat the OpenSolaris community and then Oracle no longer was competitive in the Solaris space.
If you want to learn more, check out bcantrill's talk. https://m.youtube.com/watch?v=-zRN7XLCRhc
You could argue that, but you would almost certainly be wrong. It is a myth that management at a company is always required to seek profit above everything else. Indeed, many companies explicitly do not do this, for example by having policies about operating in an environmentally friendly way for ethical reasons.
I'm not saying that companies have to search profit above everything, I am saying that it's its main concern, otherwise they will not survive.
Indeed, management will have space to be nice when things go well, but they, automatically, will receive pressures from investors to change their nice ways when things go bad.
This is the way that it's intended to work and there is, I think, nothing surprising there.
There's a difference between short-term and long-term profitability. Being 'nice' might limit profits in the short term but might be crucial for long-term survival.
And, nobody knows for sure what the correct long-term strategy is. Not every step that yields an immediate profit is a step in the right direction.
For instance, you call Mozilla a non-profit. But it is a non-profit corporation, a legal entity that has organized itself in a certain way and applied for special tax treatment.
The goals and the incentives are very different.
The corporation is governed by the same rules as the foundation, compare https://www.mozilla.org/en-US/foundation/
> Our work is guided by the Mozilla Manifesto.
> The Mozilla Corporation is guided by the principles of the Mozilla Manifesto.
(I'm an employee of moco, I've always felt like I'm working at a values-based rather than a profit-based organization, personally.)
Just to clarify, since this sentence was ambiguous: not-for-profit companies do not have shareholders or owners. So the fact that there is no "pressure from shareholders" is vacuously true, because there are no shareholders.
Not-for-profits typically have donors and boards of directors, who both apply pressure to see the corporation's funds used to realize its mission.
I'm board member of smallish Czech non-profit and one of the things I've found out is that the legal requirements on the corporate governance structure are mostly equivalent to what is required for publicly tradeable corporation that is actually not publicly traded, thus for me it makes some sense to equate voting members to shareholders.
With just this information and no other, I think I'd predict corporations to make better software than open source. I take it that's not what you had in mind.
(This is for similar reasons that I expect for-profit companies to provide better service than government-run ones. I don't particularly want to get into a debate right now about whether that actually happens, just trying to explain my intuitions.)
Also Internet Explorer is infinitely better than Chrome and Firefox.
Heck in direct comparison Ubuntu 16.04 looks like a joke system compared to Windows 10, for example Ubuntu doesn't let me use my on board sound and only displays the dedicated sound card, but only half of the time. It has a horrible toy like ripped off user interface with ugly buttons, I can't think of a single application that is actually better than an equivalent application that is also available on Windows.The only reason I'm using Linux is because in a lot of areas including the field I work in it has achieved the same lock in that windows has for the general desktop market.
It is kind of sad that the only two alternatives are a clone of 70s technology or a clone of 80s technology. I feel like there should be a way to get things unstuck, but research into operating system design has all but ceased, with very few exceptions, many of them ironically coming from Microsoft.
I blame the so-called "experts" and their propaganda about "complexity" and "human behaviour" for distorting the efficient market. In the cases of historical data it seems they have even retroactively distorted the markets.
I have opinions about to what extent my counterfactual prediction is correct; and to what extent it's not; and why it fails, in the cases that it fails. I left them out because they weren't relevant. If you wanted to talk about them, that's a thing I might be willing to do. But I'm not interested in being snarkily accused of mistakes I didn't make.
What I mean is this: If you mix open-source with a for-profit entity, don't be surprise when that entity try to extract profits even in orthogonal ways to the original intention of the project.
Of course, in practice, and by the nature of open-source, this is a very difficult to do and, normally, can be prevented, but the trend is there and should be take into account.
I beta tested the Kite product when it first launched maybe two years ago. I don't use it today but I would try it again. Since then they've only tightened down on permissions and made things clearer.
Kite was also not the first to run ads in an IDE plugin (Wes Bos has sponsored several), at least not in Sublime. Personally it's not my preference to have ads either but ultimately this is up to the maintainer of each repo. The tool is still free to use. It clearly states that using the cloud engine will upload your code to do analysis in the cloud. It's 2-3 sentences, not like it's buried in some long EULA.
Shame on the article for labeling inserting an ad as "taking over" and labeling an ad as "spyware"… pure clickbait targeting non-devs.
The new Kite engine also clearly states it is a cloud-based service and they build integrations for their service. The whole industy works the same way. You don't have to use their engine to use autocomplete-python and its opt-in too.
Your comments are such a poor defense of a dubious feature I wonder if you have a connection to Kite.
I think you're overlooking the diagram linked above which shows enabling the Kite engine is an opt-in button click.
The CEO also states that it is opt-in in the article: "Most users who install autocomplete-python close the engine selection prompt, which results in not getting Kite or its benefits," [the CEO] said in an email.
As I stated above, I beta tested the Kite product early on and have used it in Sublime through a similar add-on. I am not a current customer / user, but I do make my own dev tools. It was always completely transparent to me that they are sending code to their server to run a cloud analysis platform. Based on that, I still maintain that the community is massively overreacting to something that was made explicit upfront.
It's a slippery slope, similar to the controversies over using BitKeeper for the Linux kernel or adding DRM to HTML5 (both justified, I think). The openness in open source needs to be defended.
I genuinely don't understand why this service is getting a disproportionate amount of backlash relative to the plethora of cloud based services out there that analyze one's entire codebase. Maybe it's because they're interacting with the code from the dev machine directly vs integrating with repos on the git server? Would that make it different to you?
When I sign up for a service like Code Climate it's very clear that I am giving them access to some of my code. I also have easy control over what code they can see. They are honest and upfront about what they are doing and why.
Kite has been trying to hide what they are doing, with the goal of tricking developers into doing things they otherwise wouldn't. They're taking advantage of the huge amount of trust in the open source community. Kite must know that abusing this trust has a high chance of hurting the community, but they don't seem to care, as long as they can make a quick buck or two for themselves.
A lot of people here really cherish that trust and goodwill among strangers in the open source world, and are understandably pretty pissed when someone comes along and messes with it.
The bottom line though is being honest and upfront with developers. I suspect Kite could have been a bit more forward about what they were doing and the developer community would have reacted with much less outrage.
Installing Kite and accidentally allowing them to sucker me into uploading the entire corporate source tree -- quite possibly with creds -- is literally a walk you out fuckup. At bare minimum I would have to page ops and roll creds on every bit of prod. Want to know why there's both a gitignore and a git commit hook making sure 'config/creds.py' is not uploaded anywhere?
There's virtually no ethical way to build that dialog unless you put 40 point red font saying "We upload your entire source tree" and make you wait 10 minutes before continuing. This is not a decision line level devs are allowed to make on their own, and Kite tricks them into doing exactly that.
One misrepresentation that I wanted to quickly highlight is that the autocomplete-python install flow has three steps, not just the one linked in to in the screenshot above. The other two are:
Enter their email address - https://user-images.githubusercontent.com/87728/28395016-dc7...
Read a warning, decide if they want to whitelist any files - https://user-images.githubusercontent.com/87728/28395021-e04...
Small technicality: these screenshots say that Kite is installing but it's actually only downloading the installer binary to memory; the actual install doesn't happen unless the user goes through all three steps.
It's also worth noting that if the user clicks "Add Later" no code is sent to the Kite servers for analysis until they whitelist a directory.
It's funny seeing this now to see where I tripped up. When you say "enable access in /Users/ben", I guess 6-months-ago-me assumed it meant "enable access to code in /Users/ben when I am working on it". It felt a bit like an iOS permissions dialog, where I was giving you access to my filesystem. Parsing it now, I realise that the text above the button says "where enabled, your code is sent to our cloud".
You could argue I should have read that more carefully, but that copy doesn't scream to me "I'm about to upload all of the source code on your computer including proprietary stuff and secrets". Because that button was the default highlighted button, I assumed it wasn't going to do anything drastic like that. (It's like Ryanair having a big red "YES I WOULD LIKE INSURANCE" button, hiding the "no I don't want to spend $100" button somewhere in the small print.)
Above all, you certainly shouldn't have included that as a shady update to some Atom extension I was using.
From the article:
> Smith also said that most of the negative reaction was due to confusion around what the tools actually do. (Connor pointed out that it’s not possible to review what Kite does, since it itself is not open source.) Then he blew this reporter off. “I apologize in advance that I can't answer any further questions,” he wrote. “I need to focus on other parts of the business, including continuing to improve the product for our users, and conflict like this is always doubly distracting.”
The above sounds like you were given the opportunity to explain things but shrugged it off as a distraction.
If it deserves a more thorough response, why hasn't that been given? Even in this reply you only "quickly highlight" one point.
Why not fork the original autocomplete-python with one that has Kite enabled instead? Then users who want Kite or use Kite are able to do so, without screwing over everyone else who have no idea what Kite is and dont want anything to do with it.
Reminds me of software downloaded in the past that comes with some random search toolbar that gets installed in browsers. Annoying. Shady. Not cool.
According to your and his comments on this page you two co-founded Kite, how is that "no relation at all?"
Besides the open source issues, this tactic seems to reveal a massive desperation by the Kite folks. There is no way they couldn't have seen how negative this was going to look once people found out. Their ability to attract new users through word-of-mouth and organic advertising must have plateaued. Sneaking their service into a well-used plugin would have given them a boost in users, maybe enough to attract a new round of funding, but they must have known it would cause this kind of bad blood. Especially based on their past reception on HN, which was highly upvoted but in which they never convincingly answered the concerns about uploading users' source code to the cloud:
That's the weirdest part to me. Who, exactly, thought this was going to go well? It is hard to be sneaky with open source. And even harder to win back goodwill after being caught out.
For instance, now that I know, it would take a change of management and business model before I'd even consider running any of their code, and I'll be writing a Kite-detector for our code scanning tool this week.
"our plan is to earn trust the hard (i.e. only) way: transparency, published policies, and a track record of good decision making."
Easier said than done, apparently.
Then, there are alternatives such as sublimetext/vscode, which have the minimap builtin...
Disclaimer: Not affiliated, I prefer n/vim anyways. This is a copy from my comment in the issue. Please read @abe33's comment  in the issue. This might explain a thing or two.
First, he focuses heavily on how much stress the backlash has caused him. Then he tries to paint it as a "misunderstanding" on behalf of the users. None of this strikes me as the behavior of someone taking full responsibility for their actions.
Further, I keep seeing people trying to justify his actions with the pathetic excuse that he was probably just doing as told by his employer. Sorry folks, that's not how being an adult works. There's a reason virtually every formal code of ethics stresses personal responsibility. Take, for instance, 8-b from https://www.nspe.org/resources/ethics/code-ethics
Engineers shall not use association with a nonengineer, a corporation, or partnership as a "cloak" for unethical acts.
Software engineers shall act consistently with the public interest. In particular, software engineers shall, as appropriate:
1.01. Accept full responsibility for their own work.
Otherwise, if they offered the job with no conditions attached he'd be under no obligation to change his own personal projects for them.
There's no implementation I can think of where I wouldn't feel icky about this, even if the 'Kite update' did absolutely nothing without turning it on explicitly through some setting that I actively have to look for (so no 'would you like to opt-in' screen' at all).
Secondly, even if it may seems to come late, we've heard you and decided
to revert all the changes related to the python links feature. The next
release will no longer show anything. I'll also make sure that the relation
between Kite and the minimap package are as clear as possible. I've been an
employee at Kite for over half a year now and this plugin is now
officially maintained by Kite.
only speculating but truly possible.
> It must have been frustrating for him, as the plugin's
> original developer, to be dragged through this crap.
Then, this sets a precedent. It reminded me of Google injecting some binary code into Chromium [https://news.ycombinator.com/item?id=9724409]. However, we have a single person here. I can wholeheartedly imagine, that this can cause quite some stress. Also, it could have happened to many, I think...
Edit: I'm happy about the discussion here. At least, this won't happen again, anytime too soon.
So far I have found it utterly unconvincing to the point of near uselessness. It rarely finds anything intelligent to say about my code, and gives a significantly worse view of documentation than Dash (for which I have a hotkey bound for near-instant lookup).
On top of that, I found Kite to use significant resources, there's no way to inspect what it's uploading so now way to ensure you aren't uploading things you don't want to, and the second time I tried it the UI was filled with dark patterns and I found it quite difficult to uninstall (I reverted to just trashing all the files I could find relating to it).
It is a featured Atom package, which may point to whom is GitHub endorsing in this issue, though we could see a more direct response from them regarding both minimap and autocomplete-python.
After reading sadovnychyi's reaction to the autocomplete engine selection screenshot, I think forking is also the only remaining step for autocomplete-python.
This type of entrepre-narcissism has to be shutdown hard. How deluded does somebody have to be to imagine that putting a confirm-shaming dialogue in an opensource tool is not Advertising?
It's a real shame as the service was good, but nothing is good enough to justify advertisements in my work-space. The fight against distraction is hard enough as it is without having to think carefully about where I'm clicking due to dark-pattern UI.
The reviews above made me reconsider.
I'm a freelancer, and my code is open-source anyway.
I still had to manually purge my machine and files from that page.
If you think your files were removed, check again.
I would recommend emailing them to delete your account and data, including backups and so on.
Something different was likely happening in bfirsh's case (sibling comment). If you delete the files from the kite.com/settings/files page but Kite is still installed then they will get synced up again. The most fail proof way is to uninstall and then wipe files from kite.com/settings/files. We will make the wipe files link log Kite out on that machine.
Sorry about the edge cases. We've been working on it, and will continue to do so!
I almost spit my coffee out when I learned about this (as I'm a minimap user who had no idea this was going on). Not a fan of these shady practices - completely breaks the trust between package maintainer and users.
Thanks, Kite. I'll make sure to remember this in case anyone ever considers your service.
Completely morally bankrupt. All of them.
I am not saying that you necessarily advocated for this position in your comment but I just felt the need to make my point clear.
To be clear I'm not advocating a witch hunt, but saying all employees are innocent because they were following their bosses orders is a Nuremberg defence.
I think that we all agree that this event should be documented and reported objectively as it's newsworthy proved by this very article here and it deserves a mention in a subsection on their Wiki entry.
So people should quite obviously chill a bit. Even if the pitchfork-people in this thread only wish bad PR upon this company, thousands of people are reading these threads, and it only takes one slightly unstable personality to think he'll be a hero for the community if he publishes the CEO's honeymoon photos (or whatever).
Also, to keep this in perspective: they did nothing illegal. Changing the rules is a much better course of action than vigilant justice if you believe this to be wrong.
1.They have every right to make (it is open source and they have write access to the repo)
2.I have every right to either fork and reverse, or completely stop using.
I gave up hope for such things after seeing staff, investors, and speculators tripping over their own dicks to invest in Brendan Eich's latest venture (Brave) and its ICO, with full knowledge of his revolting and public bigotry against gay people.
Money trumps morals, it seems.
So was the people calling for him to resign.
Kite's business model is just as legal as Eich's free speech money. But people still think it's wrong, and so they try to find ways to discourage others to act similarly.
I'm not completely sure if such punishment works, but I'm pretty sure that if it works for Each, it will work for Kite, and vice versa.
Kite's business model is attack against open source, thus pertinent to tech.
Eich's view on marriage is completely unrelated and attacks on his professional career for this are abhorrent and juvenile and should be condemned rather than encouraged. Even if you disagree with Eich's stance (which for the record I do).
I must admit that I am not well acquainted with all the facts of this controversy, just the basics and I don't recall him calling for violence.
There's no reason to turn this into a less reasonable version of a McCarthy type inquisition. Once we start up with that nonsense it doesn't lead to a good place. No matter how strongly you feel you are right.
Boycotting a company because you don't like the political views of one of it's employees on the other hand is just silly.
What exactly is your issue with separating personal and professional life? Do you feel you should be professionally attacked or your company boycotted because you (presumably) support gay marriage and some people feel that's wrong? No, of course you shouldn't. You should have a right to vote, support, do whatever in this regard and it shouldn't affect you professionally.
Look, I personally support gay marriage. But this kind of behavior on the part of the "crusaders" is outrageous. It really is.
Again, the issue was not his "private religious views." The issue was when he used his power and influence to enforce those views on other people who did not subscribe to them. The line is crossed when one tries to enforce their personal beliefs on others via the government. It's not about politics--I think there are many things in politics about which reasonable people can disagree--it's specifically about enforcing a religious viewpoint on other people through the government. I don't force my religion on others; I think it's reasonable to demand that others do the same, and to enforce that demand through the means available to me, which may well include a boycott.
And who cares? The question should be is the browser any good.
Do you think people should call his place of employment and claim they aren't going to use the product unless they "fire the pervert"? It's ridiculous. It really is. And I'd be saying exactly the same thing if the relationship were switched.
I honestly don't know where I stand on Brave. I hate our current ad-supported world, and it's an interesting alternative to that. On the other hand, I loath Eich and have no interest in supporting him financially after what he has done. Mostly I just stay silent; my feelings aren't strong enough to actually oppose other people using it, but I won't use it myself.
Note that I never said anything about Brave one way or the other. My response was simply that Eich's donation was not simply "free speech," it was a sincere and successful effort to enforce his personal religious views on others, and that it's perfectly fine to oppose that behavior.
From my comment at https://news.ycombinator.com/item?id=12721891 (linked from https://news.ycombinator.com/item?id=13411986):
``Prop 8 would not and did not "nullify" any marriages licensed by the state in the middle of 2008. See http://www.sfgate.com/bayarea/article/Prop-8-not-retroactive...
Retroactive or ex-post-facto law is unconstitutional. I am a big fan of this principle. It protects all of us.''
Now, how about you stop the hate ("I loath [sic] Eich")? I do not hate you.
You can use whatever word you like, but you used your money and influence to cause incredible amounts of harm to your fellow citizens and previous employees through your bizarre need to use the government to enforce your personal religious views on other people. I don't know the right word for that kind of behavior.
Moving on to assert "incredible amounts of harm" as caused by me among a majority of Californians who supported both Prop 8 and the prior work of Mark Leno et al. on Domestic Partner Law, California's form of civil unions -- which as https://en.wikipedia.org/wiki/Domestic_partnership_in_Califo... says, and as Leno said at the time, ensures equivalent positive rights under state law for all -- is nonsensical.
We were allies when we supported civil unions. Obama was on side of civil unions in 2008, and likely strategically lying that he believed marriage was one man and one woman. Then the goalposts moved, and incredible yet heretofore invisible harm was being done? Nonsense.
Fixating on "religion" is also nonsense. Theft is against the law. Major religions teach that theft is sinful. Does this mean religious people are enforcing personal views on other people? Of course not. Atheists (I know some; neo-Darwinian evo-biologists) supported Prop 8. People who didn't like the Foucauldian agenda behind the whole thing, or the judicial overreach, or mayors like Newsom overreaching, supported Prop 8. For many and usually coherent reasons, religious or not.
It shows either ignorance or ill will to dismiss both group diversity of thought and individual integrity of thought by labeling views you dislike as "religious", and therefore somehow illegitimate as the basis of action in the public square. Frankly, it is un-American.
You are entitled to your own opinions, as Daniel Patrick Moynihan quipped, but not your own facts. The fact is Californians including me who supported Domestic Partner Law did not do "incredible amounts of harm" up to May 2008. We did not suddenly start doing harm in June 2008 when Prop 8 got on the ballot. We did not do harm when the majority passed it.
Federal law, DOMA -- an unconstitutional power grab against the states by congress and a pandering president -- caused hardships for Domestic Partners in Californians, but Californians could do nothing about that Bill Clinton era law.
As my search link shows, you've been calumniating me on HN for years, while trying unsuccessfully to stay silent on the topic. I'm not optimistic you'll stop now, but that search also shows I've tried engaging in good faith. Here I am again. Instead of silently dropping refuted assertions and moving the goalposts, e.g., to vague "incredible amounts of harm" imponderables, how about making an explicit statement of whom I harmed, how I harmed them, and how I can make amends.
I do want to sincerely apologize if I've been misrepresenting your viewpoint. If I have, it was unknowingly. I assumed it was religious, because that's by far the most common objection to it. In all our years of sparring, you still haven't explained why you're opposed to gay marriage, to my knowledge. You always dance around the issue. If you tell me that it isn't based in religion, then I apologize and will immediately stop making that claim. But then what is it? If you're not actually opposed to gay marriage, but rather something like judicial overreach, was the continued harm to gay people worth whatever point it is you wished to prove?
> how I can make amends.
I can't speak to others. For me personally, an apology for supporting the campaign and a statement in support of gay marriage would shut me right up.
I never bullied anyone, so leave that out. Be careful arguing that I'm responsible for others' actions due to systemic problems and biases. That fallacious line of argument cuts in many directions.
Your whole approach, asserting religion only and as if illegitimate, asserting incredible harm ascribed causally to me personally, then moving on after rebuttal without any amendment to your assertions, shows ill will. I'm not going to "dance around" anything with you, and we are nowhere near a common understanding of all our priors.
The best I hope for is try to find common factual ground, which we are doing, slowly.
However, if you can only keep assuming your conclusions and smearing me by association with groups or people I didn't and don't support, I'm out. If you see no way for civil society to function without all the dissenters --
religious or not, we are many -- toeing your line and apologizing for their heresy, then we are definitely done. We can agree that "Error has no rights" and stop now.
If nothing else, these people come off as sociopathic and it makes me wonder if they are in opposition to you because they feel something immoral has been committed or simply because they just want to let out their hatred into the world.
My viewpoint is that the only reason to oppose gay marriage is because you believe that gay relationships are inferior to straight relationships. Can you please explain to me a reason to oppose gay marriage other than that? You listed a few earlier:
> People who didn't like the Foucauldian agenda behind the whole thing, or the judicial overreach, or mayors like Newsom overreaching, supported Prop 8.
I don't know what "Foucauldian agenda" means. Sorry.
"Judicial/Newsom overreach" don't make sense to me in the context of a public referendum. These people voted against something they wanted just to prove a point about something else(?); and then what, they were going to vote in favor of it again sometime in the future? Okay, but that's pretty baffling behavior.
I just have a hard time believing anyone in support of gay rights would choose to vote against gay rights and support anti-gay organizations. Maybe you can explain this more for me.
But people have all kinds of ideas about what constitutes "proper and fair". Some people feel differently about marriage and being gay than you do (Or I do). They might come here and argue about perversion and degradation of society and and what their kids are exposed to. And what can and can't be tolerated as far as behavior. And how marriage is such and such and doesn't apply etc. etc. And, they feel every bit as strong about it as you do. This isn't a wacky fringe view (yet) and it isn't considered "discriminatory" by the people professing it.
As far as I know Eich doesn't condemn gay people for being gay. He just apparently has certain views on what constitutes marriage. And he isn't alone in these views. I don't agree. You don't agree. The Supreme Court doesn't agree. But the public crucification of the guy's professional work because of these beliefs (which as far as I know he kept private) is to me 100 times worse than the views he holds. And it's a dangerous stance to take. We've been here many times before. Moral crusaders (of all stripes) out to improve the world who do little but cause destruction. At some level we have to accept not everyone shares our backgrounds or political beliefs and work with this fact in a constructive, civil and reasonable manner. It's part of becoming an adult in a multicultural society.
I appreciate you aren't trying to knock his work, that was OP. My only complaint is your original over the top rhetoric, other than that fine, I understand you have a different view than Eich. But you can not like an idea a person has without personally hating a person for having the idea. And that is the right thing to do.
I'm still not certain whether I agree with what happened entirely, but calling it ridiculous is a bit of a stretch.
Being in the position of CEO gives you many powers and perks, and I think it's perfectly acceptable that it also gives you responsibilities that may include 'not being controversial'. I'd say this is especially the case when you're CEO of a a very large, important, and well-known non-profit.
Basically, it's the whole 'with great power comes great responsibility thing'. People in positions of power can be held to standards that don't necessarily apply to everyone else.
I completely understand if people disagree with this position, but it's far from ridiculous.
(and of course I can't speak for those who do feel that aforementioned reason #1 and #2 are enough).
I think your claim of "bigotry" is a bit overstated and I don't really care about people's political views in this context.
Microsoft copied the model for operating systems. Token resistance from programmers.
Kite copies the model for programming tools. Too late, programmers.
If you can't see the distinction between this and the examples you mention, you really don't qualify to make sarcastic comments.
HN is specifically geared towards people who make a living coding things in the new "surveillance economy." This particular example (to go along with the dotnet command line issue) is just a difference in degree, not kind. They're mad that someone else is abusing their trust and privacy.
Welcome to the party, pal!
That is a narrow way to look at things and is not the full picture. Plenty of people protested and still protest Google's unethical business practices.
But I'm waiting for autocomplete-python to be changed, too...
I don't distrust Linux distributions' respective security guidelines; but it can't be that hard to find a loophole in community-driven system/software development and the damage would be substantial if a popular Debian package would have been subverted and have gone out with updates.
There's a significant level of risk around open source projects changing hands, something which may be invisible to the users of those projects, especially as they become more heavily used and therefore more tempting targets for attackers.
In theory, Debian or any organization could do the same background check, but is that the best use of their limited resources? And would they want to do it anyway given the ideals of the general OSS community?
Open-source projects often have random people "from the internet" working together with a great deal of individual autonomy (authority doesn't go down well when you are contributing for free). This ad-hoc style works well for open-source development, but it does make some kinds of code/system subversion a lot easier and we'd do well to keep that in mind.
Besides, I'm into open-source and security exactly because I don't want to rely on the goodwill of Apple, Google and Microsoft. ;)
OSS teams could spend the time and money running these tests, but this seems like a good area where governments and companies can step in to help.
pam_sss is easier to understand and its functionality expands upon it, but it was a redesign.
I admire their cleverness.
If it were me: I'd create an extension interface for completion libraries to accept third party plugins. I'd stop at putting in a third party stuff in by default. A sufficiently good plugin API for python-autocomplete shouldn't require it even to know about Kite.
That said, I don't think Kite should be disallowed. If they have a secret sauce that they think can empower completion plugins, give them an API to plugin to.
It's not in the spirit of open source to shut the door on proprietary solutions (IMO). Transparency should be paramount. Normally most Linux users opt-in to using proprietary/blob software/drivers one way or another anyway. Open source projects routinely maintain relationships with vendors (NVIDIA, Intel). It doesn't necessarily mean evil is at work.
Though, as someone who's struggled with the performance and reliability of completion tools, I don't know if I'd personally opt to outsource that functionality. I'd wait and see if our current tools get better.
Simply put; if some unethical corporation can hijack projects like this, then a much more malicious actor can as well. One that isn't as easy to detect, and does much more harm (like harvesting any code or input that looks like it could be private data such as credit cards numbers, SSNs, email and passwordish strings found near each other, etc.).
Extensions, plugins, and what have you are cool, but straying outside of the fairly monitored confines of you OS's controlled packages carries a risk.
I think there has to be some responsibility from projects that pack such plugins, to police their ecosystem. I can understand browsers having security layers, because they work exclusively with the biggest cesspool of them all (the internet), but stuff as basic as a text editor should not need something like that - if it does, something else has gone deeply wrong with the project.
> Hi, folks -- Juan from Kite here, thank you for the feedback, we appreciate it.
> We have decided to leave the feature as opt-out since many users have found it useful. [...]
> [...] I've been an employee at Kite for over half a year now and this plugin is now officially maintained by Kite. [...]
I think that the BDFL system work in open source because it's too easy to fork the project. The old BDFL just transferred the power to a new BDFL, but it was not so clear for the community. There is a fork now, so if the situation doesn't improve and the users are unhappy, the Kite team will be the BDFL of an empty project without users.
It should be made clear to the employees, management and investors of Kite that this is the sort of thing that marks you as someone willing to engage in unethical and underhanded behaviour. I wouldn't hire any such person into any team I manage, and I suspect quite a few other people wouldn't either. Actions have consequences. Especially unethical actions.
Here's a great explanation and strategy for applying to software development:
You could say for yourself "I personally don't believe in private property, so I don't see any objection with theft" but my hunch is that this argument wouldn't do much to calm the victim of your theft.
That proposed code of ethics in software seems like an attempt to create exactly such an agreement.