Kite: Thoughts on Security

Something people should consider when thinking about tools like Kite:<p>If you&#x27;re a contract developer, or a developer working full-time for a consulting firm, you might not have the authority to determine for yourself whether it&#x27;s contractually allowable to upload code to Kite&#x27;s servers. But if you&#x27;re working for a pro shop, you can bet every dollar in your pocket that the contracts your firm has with its clients technically prohibit it.<p>Kite is really neat, but I&#x27;m a little uncomfortable with the idea that I&#x27;d have to remember to remind consulting vendors not to let their developers use it when working with my codebase.

I had the top comment on the original post and was critical of Kite&#x27;s approach. I still think that Jetbrains has proven that you can be very effective locally without consuming your entire machine, because the needs of one project do not require making sense of all Python libraries. You only need to make sense of the fairly small subset of libraries that a given project actually uses.<p>That said, I think this response is terrific. The value proposition was outlined well. Feedback loops are important and cloud services naturally have much tighter loops. Security considerations are no different than they are for GitHub, so those will not be insurmountable for many.<p>So, neat looking product and very nice response to initial feedback!

It&#x27;s not really about &#x27;security being addressed&#x27;, we all know that. It&#x27;s about marketers creating the illusion that security has been addressed for end users that don&#x27;t understand it anyway. In the case of stuff like Windows, it&#x27;s about eventually forcibly removing control from the users by pushing updates.<p>I think it&#x27;s dishonest to not just simply post that &#x27;if you&#x27;re afraid of the cloud, you are not our target market, go away&#x27;. I guess it&#x27;s a capitalism thing. Wouldn&#x27;t look good to investors, or whatever.<p>I am sad because I have a beefy machine, and I want to use this, but I can&#x27;t. I&#x27;d pay for it, you know? But I don&#x27;t &#x27;do&#x27; SaaS, the reasons are too long to list here.<p>More concretely, 32GB RAM is trivial, and preselecting my languages is... I&#x27;ve already pre-selected them! It takes months, years to learn a language :P<p>Kite looks really super cool.

You &quot;launched&quot;, really? Maybe internally, but I haven&#x27;t received even an email confirmation that you&#x27;ve got my &quot;signup request&quot;. As far as most of us are concerned, you launched a video.

Many people complaining about security because of the nature of the &#x27;cloud&#x27; here. This is what I thought when github came out as well. But look today, everyone has their code (supposedly their IP) on github. Ulitmately, kite&#x27;s track record on the cloud will trump any security considerations.

This sort of open communication is great way to start to build trust of users (both relating to security and otherwise). I was thrilled to see the devs responding to comments positively in both the HN and reddit threads.<p>I&#x27;m looking forward to seeing Kite expand their security support and I can&#x27;t wait to try it out on Linux.

Reposting since it wasn&#x27;t answered earlier:<p>Even though I trust you, there&#x27;s no way anyone can guarantee that a hacker won&#x27;t get into your database and get my proprietary source code.<p>I&#x27;m no security expert but one way I can think of is creating an encryption system which works like this: all my source code will be stored encrypted on your (non-ephemeral) databases. The decryption key will be stored on my computer, and it&#x27;ll be transferred to the server when I run Kite and destroyed as soon as I quit Kite. The key will be stored in your server only in an ephemeral storage (in-memory database etc.) Do you have something like this in the works?

Some things I didn&#x27;t seem mentioned (I may have skipped over) which would be awesome:<p>* Let us delete all of the data we have stored on your servers, whenever we want. * Let us see all of the data we have stored on your servers, whenever we want. I really don&#x27;t care how you&#x27;re manipulating it, but would like to see (and additionally delete) any information you have stored on me that I&#x27;m uncomfortable with.

Not (directly) related to the security, but I was wondering if you were inspired by any research from academia when creating this. I only ask because I just watched a talk from a Stanford professor from 2012 where he talks about anonymizing and aggregating everyone&#x27;s code in the cloud to create better documentation, albeit as a one sentence aside at the end of an otherwise unrelated talk.

I&#x27;d like to hear a statement like this that explicitly acknowledges something like, &quot;as a private company funded by Silicon Valley investors, we need a clear way to capture more and more value, and that&#x27;s a big reason why we want to collect your data on our servers and use a client model for our proprietary algorithms.&quot;<p>That&#x27;s how it works, we all get it!

For the record, we went through this too. Kite is awesome, and I have no doubt it will succeed, but we fought the enterprise virtual appliance train for years. The cloud grew, we got more customers, but there were certain verticals we could never reach: finance, government, etc.<p>We recently built a virtual appliance. It&#x27;s growing infinitely faster than our cloud solution ever did. Those numbers speak for themselves.<p>Certain products just need to have the virtual appliance option. I&#x27;m sure Kite will get there one day.<p>For now, I&#x27;m going to use it for personal projects because it&#x27;s still a badass solution to a problem I have. :)

&quot;Some folks still use Garmin GPS due to privacy concerns, but most of the world uses internet-connected navigation for its many advantages: fresher maps, more coverage, better tuned navigation algorithms, better user experience because iteration is 10x cheaper, etc.&quot;<p>There is one thing missing: people use Google Maps, Waze etc simply because it&#x27;s free.

Just out of interest is there a plan to make Kite work on an iPad rather than just a window on my computer - even some kind of screen sharing with (basic) touch support would be excellent.<p>I will probably never use it because it scares the crap out of me that I&#x27;ll type my password in the wrong window though :-)

This is more about Thoughts on Privacy than security.

Unfortunately,<p><pre><code> Convenience &gt; Security </code></pre> Laziness is both a curse and a blessing.

So how do I sign up?

&gt; &quot;we believe we will set industry standards that will be adopted across multiple categories of tools such as continuous integration and code review systems&quot;<p>Excuse me? Why is that? It sounds like either they think they are programming wizards or they believe the CI folks are incompetent, none of which signals a company I would like to trust.