undefined | Better HN

0 pointsgus_massa8y ago0 comments

The problem is that the screen was not clear enough. Users just press Continue, Continue, Agree, OK, Share all my user directory, Install, OK, Close. They never read the small or big letters, they just click the green button. The "Enable local engine" looks like a "Cancel" button.

That's how you get installed an unwanted browser bar, a new amazing search engine, and the Norton security pack for 60 days.

If you see the screenshot carefully, by default they are asking permission to upload to their servers the content of your user directory "Enable access in Users/kite". Go and take a look at all the info you have in the subfolders of your user directory. [1]

My guess is that most people just expected that the current file was uploaded, not all the py files. Perhaps only the current line, not all the file. And many didn't read the dialogs and they just pressed enter.

[1] They only support Phyton, so they uploaded only the .py files, but I guess that in the future they can extend the search types to C and upload the .c, .cpp, .h, .inc, ... files too. Do they have to ask again or the current permissions are enough? What if they extend the search to .doc and .xls? What if they extend the search to images? Go again and take a look at all the info you have in the subfolders of your user directory.

0 comments

3 comments · 1 top-level

holtalanm8y ago· 2 in thread

Once again, that sounds more like a fundamental flaw in the service/software and less like malicious intent.

I'm probably not going to use their service any time in the future, but to imply they intentionally put users in the dark is kind of a stretch.

More like, they failed to communicate how their service worked. Also, they failed to provide a clear distinction between the two options for completion engines that described both objectively.

Honestly, it sounds to me like they were just overly-excited to sell their service, and didn't take a step back and say "hey, do you think this wording makes Jedi look a little overly-bad?" They could have done with some user-acceptance testing on this, for sure.

noxToken8y ago

I feel like part of the disconnect is that Kite uploads source code to servers. In a perfect world with perfect security and 100% honest people, this is no big deal. The world doesn't work like that.

The last thing that I or my employer wants is our source code sitting on someone else's server - even if it's for code completion. My employer's code is proprietary. Period. If I mistakenly enabled Kite when working on some of this source, it's a huge deal. That is grounds for termination, and I am sure there are many other programmers who are in the same boat.

It's probably not a big deal that someone's code is on there, but there are big implications. It doesn't matter that it probably won't be seen. If the source has been leaked to a 3rd party, it would be negative. My employer doesn't give two flips about fundamental flaws and malicious intent. They care if it did or did not happen.

bronson8y ago

Or, "hey, should we try to put our ads in the minimap package?"

It probably doesn't matter if it was intentional hostility or unintentional incompetence. Either way, it needs to be fixed.

j / k navigate · click thread line to collapse