{"id":155106,"date":"2019-09-09T13:42:07","date_gmt":"2019-09-09T17:42:07","guid":{"rendered":"https:\/\/www.countingpips.com\/?p=155106"},"modified":"2019-09-09T13:42:07","modified_gmt":"2019-09-09T17:42:07","slug":"thoughts-on-security","status":"publish","type":"post","link":"https:\/\/www.investmacro.com\/forex\/2019\/09\/thoughts-on-security\/","title":{"rendered":"Thoughts on Security"},"content":{"rendered":"<div id=\"inves-3986004381\" class=\"inves-below-title-posts inves-entity-placement\"><div id =\"posts_date_custom\"><div align=\"left\">September 9, 2019<\/div><hr style=\"border: none; border-bottom: 3px solid black;\">\r\n<\/div><\/div><div class=\"blog__hero\">\n<div class=\"blog__author\">\n<div class=\"blog__author-info\">\n<div class=\"blog__author-info__name\"><strong>By Adam Smith for Kite.com<\/strong><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"homepage__section\">\n<div class=\"homepage__section__content blog__content\">\n<div class=\"content-block\">\n<p>Last week we launched\u00a0<a href=\"https:\/\/kite.com\/\">Kite<\/a>, a copilot for programmers. We\u2019ve been excited about the Kite vision since 2014\u2014we\u2019re blown away by how many of you are excited about it too!<\/p>\n<p>The response far exceeded our expectations. We had over a thousand upvotes on Hacker News; we were in the all time top 1% of launches on Product Hunt; and we had over two thousands tweets about Kite, not counting retweets. We couldn\u2019t be more grateful to those who believed in the vision and took the time to share Kite with a friend or join the discussion online.<\/p>\n<p>That said, we have a lot of work to do. Kite is the first product of its kind, which means we\u2019re pioneering some new terrain. We signed up for this, and are committed to getting it right.<\/p>\n<h2>Why Cloud? Garmin versus Waze.<\/h2>\n<p>The first question is: why keep the copilot logic in the cloud, instead of locally as part of the Kite install? The short answer is we can build a better experience if Kite is a cloud service.<\/p>\n<p>The full answer is a long list of things that are better about cloud services. Editors today are Garmin GPS, and Kite is Waze. Some folks still use Garmin GPS due to privacy concerns, but most of the world uses internet-connected navigation for its many advantages: fresher maps, more coverage, better tuned navigation algorithms, better user experience because iteration is 10x cheaper, etc.<\/p>\n<p>The same patterns apply to Kite. I\u2019d like to give three quick examples, and then talk about the larger strategy.<\/p><div id=\"inves-3116641021\" class=\"inves-in-content inves-entity-placement\"><hr style=\"border: 1px solid #ddd;\">\r\n<div id=\"inpost_ads_header\">\r\n<p style=\"font-size:10px; float:left; color:#666;\">Free Reports:<\/p><\/div>\r\n<div id=\"inpost_ads\"> \r\n<p style=\"font-size:15px; float:left;\"><a href=\"https:\/\/goo.gl\/1ApBOV\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/investmacro.com\/wp-content\/uploads\/2018\/06\/graph_techs_PD.png\" align=\"left\" width=\"80\"  height=\"55\"\/><\/a>\r\n\t     <a href=\"https:\/\/goo.gl\/1ApBOV\"><b><u>Get Our Free Metatrader 4 Indicators<\/u><\/b><\/a> - Put Our Free MetaTrader 4 Custom Indicators on your charts when you join our Weekly Newsletter<\/p><br><br>\r\n<br>\r\n<br>\r\n<p style=\"font-size:15px; float:left;\"><a href=\"https:\/\/goo.gl\/f3RrHX\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/investmacro.com\/wp-content\/uploads\/2019\/01\/cot_pie_80.png\" align=\"left\" width=\"80\"  height=\"55\"\/><\/a>\r\n\t    <a href=\"https:\/\/goo.gl\/f3RrHX\"><b><u>Get our Weekly Commitment of Traders Reports<\/u><\/b><\/a> - See where the biggest traders (Hedge Funds and Commercial Hedgers) are positioned in the futures markets on a weekly basis.<\/p><br><br>\r\n<\/div>\r\n<hr style=\"border: 1px solid #ddd;\">\r\n<br><\/div>\n<ol>\n<li><b>Data by the Terabyte.<\/b>\u00a0Kite uses lots of data to power the copilot experience. We index public documentation, maintain maps of the Python world (e.g.\u00a0<code>scipy.array<\/code>\u00a0is an alias for\u00a0<code>numpy.array<\/code>), and surface patterns extracted from all of Github. We keep all of this in RAM, so you don\u2019t have to. We run servers with 32 GB of RAM; while some of you may have that kind of rig (we\u2019re jealous!), the typical Macbook Pro doesn\u2019t. This data set will grow as we add support for more programming languages and more functionality. With a cloud-based architecture you don\u2019t need to preselect which languages you\u2019ll use, or sacrifice gigabytes of memory on your machine.<\/li>\n<li><b>Machine Learning.<\/b>\u00a0Kite is powered by a number of statistical models, and we\u2019re adding more over time. For example, Kite\u2019s search and \u201cDid you mean\u201d features both use machine learning. Of course we could ship these to your local client, but our models will get smarter over time if we know which result you clicked on (like Google Search) and whether you accepted a suggested change to your code (like Google Spellcheck).<\/li>\n<li><b>Rapid ship cycles.<\/b>\u00a0We ship multiple times per week. This means our bugs get fixed faster, data is fresher, and you get the newest features as soon as possible.<\/li>\n<\/ol>\n<p>The cloud and its resulting feedback loops lead to better products, faster. We\u2019ve seen the same evolution across a number of verticals. A few examples:<\/p>\n<ul>\n<li>Outlook \u2192 Gmail<\/li>\n<li>Colocation \u2192 AWS<\/li>\n<li>Network File Share \u2192 Dropbox<\/li>\n<li>MS Office \u2192 Google Docs<\/li>\n<\/ul>\n<p>In each of these cases, security had to be addressed. At first it wasn\u2019t clear the world would make the jump. It didn\u2019t happen all at once, and there are still people using the legacy technologies. This evolution takes time, and overall is very healthy.<\/p>\n<p>So what does Kite need to do as a company excited about the possibilities of cloud-connected programming?<\/p>\n<h2>Security: Core Principles<\/h2>\n<p>Let\u2019s talk about the security concerns that naturally arise from a cloud-powered programming copilot. As software developers, security has naturally been on our minds since the beginning. Frankly many of us here at Kite would have left similar comments on the HN thread :). Many of you are rightfully concerned about security as well, so let\u2019s jump in.<\/p>\n<p>Our approach to security begins with a few core principles:<\/p>\n<ol>\n<li><b>Security is a journey, not a destination.<\/b>\u00a0We will never be done giving you the tools you need to control your data. We will also never be done earning your trust.<\/li>\n<li><b>Control.<\/b>\u00a0You should control what data gets sent to Kite\u2019s backend and whether you want us to store it for your later use. We should offer as much control as we can.<\/li>\n<li><b>Transparency.<\/b>\u00a0You should understand what is happening. We need to communicate this repeatedly, and clearly.<\/li>\n<li><b>We\u2019re building the future together with you.<\/b>\u00a0We don\u2019t presume to have all of the answers. We want to work with all of you to find the best solutions.<\/li>\n<\/ol>\n<p>We are committed to these principles. We want you and your employer to be excited about using Kite, and we think these principles are a good first step.<\/p>\n<p>Let\u2019s look at some examples of how we\u2019ll put these principles into action.<\/p>\n<p>You should be able to\u00a0<em>control<\/em><\/p>\n<ul>\n<li>Which directories and files, if any, are indexed by Kite,<\/li>\n<li>If Kite should remember your history of code changes,<\/li>\n<li>If Kite should help with terminal commands,<\/li>\n<li>If Kite should remember terminal commands you\u2019ve previously written,<\/li>\n<li>If Kite should remember the output of past terminal commands,<\/li>\n<li>\u2026and you should be able to easily turn these switches on and off.<\/li>\n<li>If you change a setting, we should ask if you\u2019d like to delete historical data, as applicable.<\/li>\n<\/ul>\n<p>You should always be able to\u00a0<em>see<\/em><\/p>\n<ul>\n<li>What files Kite has indexed (and permanently remove them as needed),<\/li>\n<li>What terminal commands, or file edits, are being remembered by Kite (and permanently remove them as needed),<\/li>\n<li>\u2026and Kite should check in periodically to verify that your security settings match your preferences.<\/li>\n<\/ul>\n<p>These are the first levels of control and transparency, which are based on files, directories, and the type of information (terminal versus editor).<\/p>\n<p>Secrets, like passwords or keys, are a category of content that deserve special attention. We don\u2019t want secrets on our servers, and we will be developing multiple mechanisms (automated and manual) to make sure they stay off our servers. We don\u2019t have specifics to announce yet, but we believe we will set industry standards that will be adopted across multiple categories of tools such as continuous integration and code review systems.<\/p>\n<p>We know a lot of folks are also interested in on premise deployment. We understand the use case and want to support it. We worry that it would delay a lot of seriously awesome stuff we have on the roadmap, e.g. support for Javascript, so we are thinking through how to fit it in. It is something we want to facilitate, particularly in the long run.<\/p>\n<\/div>\n<div class=\"content-block\">\n<h2>An Example<\/h2>\n<p>Since last week\u2019s launch we have begun adding some of these principles into the product. I\u2019d like to show you one feature we shipped yesterday. It\u2019s called the lockout screen.<\/p>\n<p>Kite\u2019s Security panel asks users to whitelist the directories that Kite should be turned on for. Code living outside of this whitelist never gets read by Kite. So what should the sidebar show if you open a Python file outside of the whitelist? As of yesterday\u2019s addition, you\u2019ll see something like this:<\/p>\n<\/div>\n<div class=\"image-block\"><img decoding=\"async\" class=\" ls-is-cached lazyloaded\" src=\"https:\/\/kite.com\/wp-content\/uploads\/2019\/03\/lockout.c7151e99.jpg\" data-src=\"https:\/\/kite.com\/wp-content\/uploads\/2019\/03\/lockout.c7151e99.jpg\" \/><\/div>\n<div class=\"content-block\">\n<p>This interaction embodies the principles of transparency and control. It communicates what is happening, why, and gives you a one-click control mechanism to change what\u2019s happening, if you so choose.<\/p>\n<\/div>\n<div class=\"content-block\">\n<h2>The Future Ahead<\/h2>\n<p>We are committed to incorporating the principles of control and transparency into the foundations of Kite. We will write more about security on our blog as we design and implement these features.<\/p>\n<p>That said, we realize that everyone has different needs. We can\u2019t promise that the options and functionality we choose on day 1 will be perfect for everyone, but we\u2019re working day and night to expand the circle as widely as possible. We\u2019ll do this tirelessly over the long term.<\/p>\n<p>We\u2019d love to hear your thoughts along the way. It\u2019s only been a week, but all of you have been incredibly helpful as we learn how to get this right. As always, we encourage you to talk with us\u00a0<a href=\"https:\/\/twitter.com\/kitehq\" target=\"_blank\" rel=\"noopener noreferrer\">on Twitter at @kitehq<\/a>.<\/p>\n<p>Nothing makes us happier than knowing so many of you are equally excited about the Kite vision. The future of programming is awesome. Let\u2019s build it together!<\/p>\n<p>P.S. We are hiring! We are looking for frontend web devs, generalist systems engineers, programming language devs, and mac\/windows\/linux developers. You can reach us at\u00a0<a href=\"mailto:jobs@kite.com\">jobs@kite.com<\/a>.<\/p>\n<p><em><strong>About the Author:<\/strong><\/em><\/p>\n<p><a href=\"https:\/\/kite.com\/blog\/product\/thoughts-on-security\/\" target=\"_blank\" rel=\"noopener noreferrer\">This article<\/a> originally appeared on <a href=\"https:\/\/kite.com\" target=\"_blank\" rel=\"noopener noreferrer\">Kite.com<\/a>.<\/p>\n<p>(Reprinted with permission)<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>By Adam Smith for Kite.com Last week we launched\u00a0Kite, a copilot for programmers. We\u2019ve been excited about the Kite vision since 2014\u2014we\u2019re blown away by how many of you are excited about it too! The response far exceeded our expectations. We had over a thousand upvotes on Hacker News; we were in the all time [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-155106","post","type-post","status-publish","format-standard","hentry","no-post-thumbnail"],"_links":{"self":[{"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/posts\/155106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/comments?post=155106"}],"version-history":[{"count":1,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/posts\/155106\/revisions"}],"predecessor-version":[{"id":155107,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/posts\/155106\/revisions\/155107"}],"wp:attachment":[{"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/media?parent=155106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/categories?post=155106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.investmacro.com\/forex\/wp-json\/wp\/v2\/tags?post=155106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}