> Its paid features are always enabled when completing Rust code, in acknowledgment of the fact that TabNine could not exist without the Rust ecosystem.
Think of it like "I couldn't have done it without you" when people accept awards. Sure they could have, it's just an expression of appreciation.
He might also not have chased the project if he weren't working in an ecosystem he particularly liked, so who knows, maybe it wouldn't have happened without Rust.
And Rails could have been written in C. The reason why it wasn't should be clear. Different languages enable different ways of thinking, and what is hard to express in one can come out easily in another.
This is valid for both programming and human languages.
Not everyone has infinite time for development. If Rust was the only language they could get to the performance they want, with all the features, in the time available then the statement is valid.
Note that they talk about the ecosystem, not just the language. If you want a high performance, compiled language, with a good ecosystem of packages that you can leverage then Rust is a great choice. Arguably Go is the only other language that would fit the bill, but for some people the simpler type system doesn't allow the abstractions they want.
...as risky as installing a proprietary editor plugin which updates automatically, yes.
Also, AFAIK most understandings of MIT, BSD, and Apache 2.0 licenses require you to acknowledge the copyright holders of the source code you compile into your binary, even if the licenses permit binary distribution. I can't find your "Copyright (c) 2018 Tokio Contributors" or "Copyright (c) 2014 The Rust Project Developers" that I'd expect based on `strings TabNine | grep github`. Maybe you've got a lawyer that suggests otherwise? Your plea of "trust me, I have good hygiene" carries less weight when I have to `strings` your stuff to know what shoulders of which giants you're standing on.
Does the Vim version autoupdate? I'd rather it wait for me to run my plugin manager- I specifically don't want anything on my machine to update when I'm on-call or traveling.
Wait, is the auto-update all that's needed for network? I assumed it was license validation or something. If it's just updating, couldn't you provide a different method of updating like manual update checking, and then peoples concerns would be solved?
> Finally, TabNine will work correctly if you deny it network access (say, by blacklisting update.tabnine.com).
Just to clarify - would it still work if I deny network acess for the TabNine binary, _after_ validating my license key? Or is the key validation invoked on every launch (hence requiring network access)?
I agree with your concerns - I wonder what could be written to alleviate them? This brings up an interesting problem.
Ie, could we write a monitoring proxy where if enabled, all traffic goes through this proxy. This proxy enables the end user to monitor 100% of traffic, all http requests, and could even have a secondary documentation flow that explains the I/O for security minded individuals.
Then you'd shut off remote network access to the binary, monitor all traffic, and feel secure knowing that it's only sending what it says it's sending, and why.
With that said, I imagine you could do the same thing with a sniffer. Perhaps a documentation standard could be built into request/responses, so a monitoring program like Wireshark could snuff the I/O and see what it is.
Do you have any thoughts on how someone could both network-license, and make you feel secure in their I/O? Ie, no trust needed?
I don't think a DRM solution that is both robust against an adversary and inspectable by a stakeholder can be engineered. Software can't look out for both the person running it and the person selling it simultaneously when their needs are mutually exclusive. Cory Doctorow has some eloquent content on the topic, ie at [0].
In this particular case, the use of TLS (good!) makes it relatively challenging to inspect. Assuming the author isn't shipping a cert in his binary (doesn't look like it) - I'd have to spinup a new VM, load a custom root cert, and mess with a TLS terminating proxy / forwarding solution, and hope he's not using a secondary stream cipher on top of TLS. Maybe I get lucky and https://mitmproxy.org/ or something just works out of the box. In any case, lots of effort to know he's not siphoning up all the source code on the local machine and using it to train v2 of his project. And the more robust the DRM solution, the less feasible it is to inspect.
A combo of two applications: main app and network agent. Main app writes to a file with request, registration check or update, in JSON or other text-format for user inspection. It loads the agent which reads same file, applies operations, sends them to 3rd party, and writes result into another file. Main app reads that the second it appears. To keep it simple and not have to delete, the files might be numbered with old exchanges kept unless admin/owner deletes them.
With such a setup, users can see exactly what data is outgoing, have a reasonable belief they know what's incoming is harmess, main app gets no network access, agent has no access to secrets/system, and agent can be open source (entirely or mostly).
So, there's a quick brainstorm from how I did privilege-minimization for high-assurance security. This is basically a proxy architecture. That's a generic pattern you can always consider since it can help protect lots of risky apps both ways.
I wish someone would figure out the right UX for partial autocompletion. e.g. I type "wo" and my phone suggests ("would", "work", "wonder"), there should be an easy way to say I'm trying to type "working" rather than clicking the "work" autocomplete then backspace, then "ing".
I'd imaging TabNine has this problem in spades, since it does such long autocompletes. It could suggest "unsigned long long" when I've typed "unsi" and I really want "unsigned long int". Seems like a tough UX problem. ¯\_(ツ)_/¯
Xcode has handled this for years. In Xcode, when autocompletion is presented, hitting Tab will complete the longest unique prefixed subword for the currently-selected tab item. If this results in only having one completion option left, then it completes the whole thing (e.g. adding method arguments and whatnot). Similarly, hitting Return will just complete the whole entry instead of the longest unique prefixed subword.
By that I mean if you have 2 autocompletion options `addDefaultFoo()` and `addDefaultBar()`, and you type `add` to get those options, hitting Tab will fill in `addDefault`, and then hitting Tab again will fill in the rest of the selection.
The longest-unique-prefixed-subword is the completion that bash (and tcsh and many other shells) have had for ~30 years now. The non-uniques are listed on the 2nd tab.
Sounds like what you want is fuzzy searching (say fzf [0]) over autocomplete suggestion results. You could type the prefix, and then fuzzy search by typing the suffix to get your desired word (while letting autocomplete fill in the middle of the word).
Fwiw, if there are competing `unsigned long int` autocompletes, it looks like it will shorten the recommendation to `unsigned long `, which is really neat.
This is just based on the site, I've not tried it yet. YMMV
UX-wise holding tab would be the best, meaning tab => use completion (like it works now), holding tab => use this completion but show me further possible completions of that word; if it doesn't have any just keep the caret there (for me to finish it writing manually)
That can lead to ("Work", "Worry", "Word") so you'd then have to type the 'k'. Now you could have ("Work", "Worker", "Worked") and still are missing the variant you want.
It'd be nice to long press "Work" at step one, get that completed without a space being inserted, then tap 'i' to get ("Working", "Workings", "Workingmen")
I've been using TabNine for a few weeks, and it's really cool how well it works. My first "woah" moment with it was writing a function where the first thing I wanted to do was take the length of the array, and once I started typing
def foo(bar):
n
it suggested the entire completion of "= len(bar)". It has a really cool way of picking up your coding style that makes it stand out to me.
Thinking about it more, I wonder how useful that type of autocompletion is for those who can type fast. I wonder how much time it takes my brain to context switch away from "code authoring and typing mode" to recognize the " = len(bar)" in the autocomplete options list. It seems like it would be faster to just type out the " = len(bar)" for those who type a solid 60+ words a minute?
I'm trying it out now. If it works well $30 is nothing for this magic. Especially in VSCode, my favorite editor. I have a problem with many languages not having the support I need. And I also don't have the best memory, so autocompletion makes me much faster and costs me less frustration with Googling.
Played with free for a bit, 200KB is quite a bit low, didn't get any completions. Purchased the premium licence. Gotta say stripe integration is very smooth.
Overall after a couple of hours of playing with this. My mind is quite blown away. This is absolutely amazing.
Hopefully Microsoft or someone acquires this technology for a fat sum and open sources it.
I've thought about code completion smarts for a long time. You actually executed and delivered a product. Kudos! Take my money!
I suppose because it's worth trying and the price is not unreasonably high.
But the 15MB indexed limit to me seems strange on premium, as others have mentioned.
I was using it on a large project so 15 MB got me no completions on the files I cared.
$30 is a pretty cheap price for a pattern based completion engine.
It’s the first time I’ve seen it work well. It was completing fairly long statements and I was pleasantly surprised how close the first few results were to what I wanted.
The whole configurationless, all language completion using pattern analysis and fast index lookups in a very easy to install delivery is great execution.
This are the kinds of little small things that make me think “why didn’t I do this?”
I wish the author gave, 30 day free premium trial. A lot people would be willing to spend on the license IMHO.
I'm trying this with VSCode and C#. It's quite neat, though no doubt it'd be even better with a dynamic language.
My main issue is when I type a '.', the C# extension gives me an accurate list of members, but TabNine intersperses its own guesses, which are often wrong.
Possible fixes or mitigations (VSCode API permitting):
- After a '.', discard the TabNine completions whose prefix doesn't match one of the C# completions.
- After a '.', discard all one-word TabNine completions.
- Give all TabNine completions a different icon and maybe sort them all at the top or bottom.
>TabNine is 11,000 lines of Rust.
In recognition of the fact that TabNine could not exist without the Rust ecosystem, TabNine's paid features are always enabled when completing Rust code.
Readit News
> Its paid features are always enabled when completing Rust code, in acknowledgment of the fact that TabNine could not exist without the Rust ecosystem.
Thanks for this, Jacob!
[0] - https://www.reddit.com/r/rust/comments/9uhc1x/tabnine_an_aut...
He might also not have chased the project if he weren't working in an ecosystem he particularly liked, so who knows, maybe it wouldn't have happened without Rust.
This is valid for both programming and human languages.
Note that they talk about the ecosystem, not just the language. If you want a high performance, compiled language, with a good ecosystem of packages that you can leverage then Rust is a great choice. Arguably Go is the only other language that would fit the bill, but for some people the simpler type system doesn't allow the abstractions they want.
Following your logic, nobody should show appreciation for anything.
[1] https://xkcd.com/378/
So, give your proprietary software both network access and access to all my source code?
I have very few complaints about the Jedi autocomplete library, which is neither proprietary nor requires network access.
I welcome innovation in dev tools, but I wish you had found a monetization strategy that didn't require us to trust you so completely.
The private keys used to sign releases are kept offline and would not be available to an attacker even if they compromised my online accounts.
Finally, TabNine will work correctly if you deny it network access (say, by blacklisting update.tabnine.com).
Also, AFAIK most understandings of MIT, BSD, and Apache 2.0 licenses require you to acknowledge the copyright holders of the source code you compile into your binary, even if the licenses permit binary distribution. I can't find your "Copyright (c) 2018 Tokio Contributors" or "Copyright (c) 2014 The Rust Project Developers" that I'd expect based on `strings TabNine | grep github`. Maybe you've got a lawyer that suggests otherwise? Your plea of "trust me, I have good hygiene" carries less weight when I have to `strings` your stuff to know what shoulders of which giants you're standing on.
Just to clarify - would it still work if I deny network acess for the TabNine binary, _after_ validating my license key? Or is the key validation invoked on every launch (hence requiring network access)?
Ie, could we write a monitoring proxy where if enabled, all traffic goes through this proxy. This proxy enables the end user to monitor 100% of traffic, all http requests, and could even have a secondary documentation flow that explains the I/O for security minded individuals.
Then you'd shut off remote network access to the binary, monitor all traffic, and feel secure knowing that it's only sending what it says it's sending, and why.
With that said, I imagine you could do the same thing with a sniffer. Perhaps a documentation standard could be built into request/responses, so a monitoring program like Wireshark could snuff the I/O and see what it is.
Do you have any thoughts on how someone could both network-license, and make you feel secure in their I/O? Ie, no trust needed?
In this particular case, the use of TLS (good!) makes it relatively challenging to inspect. Assuming the author isn't shipping a cert in his binary (doesn't look like it) - I'd have to spinup a new VM, load a custom root cert, and mess with a TLS terminating proxy / forwarding solution, and hope he's not using a secondary stream cipher on top of TLS. Maybe I get lucky and https://mitmproxy.org/ or something just works out of the box. In any case, lots of effort to know he's not siphoning up all the source code on the local machine and using it to train v2 of his project. And the more robust the DRM solution, the less feasible it is to inspect.
[0] https://github.com/jwise/28c3-doctorow/blob/master/transcrip...
With such a setup, users can see exactly what data is outgoing, have a reasonable belief they know what's incoming is harmess, main app gets no network access, agent has no access to secrets/system, and agent can be open source (entirely or mostly).
So, there's a quick brainstorm from how I did privilege-minimization for high-assurance security. This is basically a proxy architecture. That's a generic pattern you can always consider since it can help protect lots of risky apps both ways.
https://www.openmined.org
I'd imaging TabNine has this problem in spades, since it does such long autocompletes. It could suggest "unsigned long long" when I've typed "unsi" and I really want "unsigned long int". Seems like a tough UX problem. ¯\_(ツ)_/¯
By that I mean if you have 2 autocompletion options `addDefaultFoo()` and `addDefaultBar()`, and you type `add` to get those options, hitting Tab will fill in `addDefault`, and then hitting Tab again will fill in the rest of the selection.
[0] https://github.com/junegunn/fzf
This is just based on the site, I've not tried it yet. YMMV
It'd be nice to long press "Work" at step one, get that completed without a space being inserted, then tap 'i' to get ("Working", "Workings", "Workingmen")
def foo(bar):
it suggested the entire completion of "= len(bar)". It has a really cool way of picking up your coding style that makes it stand out to me.Full disclosure that I know the author.
Thinking about it more, I wonder how useful that type of autocompletion is for those who can type fast. I wonder how much time it takes my brain to context switch away from "code authoring and typing mode" to recognize the " = len(bar)" in the autocomplete options list. It seems like it would be faster to just type out the " = len(bar)" for those who type a solid 60+ words a minute?
Just wonderful. All dev tools should be like this.
I got great results for a PHP/JS project straight away — an instant upgrade for me just to support continued development.
Overall after a couple of hours of playing with this. My mind is quite blown away. This is absolutely amazing.
Hopefully Microsoft or someone acquires this technology for a fat sum and open sources it.
I've thought about code completion smarts for a long time. You actually executed and delivered a product. Kudos! Take my money!
$30 is a pretty cheap price for a pattern based completion engine.
It’s the first time I’ve seen it work well. It was completing fairly long statements and I was pleasantly surprised how close the first few results were to what I wanted.
The whole configurationless, all language completion using pattern analysis and fast index lookups in a very easy to install delivery is great execution.
This are the kinds of little small things that make me think “why didn’t I do this?”
I wish the author gave, 30 day free premium trial. A lot people would be willing to spend on the license IMHO.
My main issue is when I type a '.', the C# extension gives me an accurate list of members, but TabNine intersperses its own guesses, which are often wrong.
Possible fixes or mitigations (VSCode API permitting):
- After a '.', discard the TabNine completions whose prefix doesn't match one of the C# completions.
- After a '.', discard all one-word TabNine completions.
- Give all TabNine completions a different icon and maybe sort them all at the top or bottom.
This makes me very happy as a new Rust learner.