Comment on Jetbrains AI-debacle(their AI-assitant, failing to address concerns)
youtrack.jetbrains.comUnless I’m missing something, there were 3 issues related to this plugin:
1) The inability to totally remove this core plugin.
2) This core plugin seemed to be reenabling itself after it was disabled.
3) A concern about data being exfiltrated by this plugin while being enabled, but not configured.
The answers being:
1) It’s a core plugin - such plugins cannot be disabled.
2) This was a bug that will be fixed in the next release.
3) The plugin did not send any data up unless it had been fully configured.
Much of the alarm seems to be revolving around the 3rd issue which seems to have garnered most of the attacks.
The biggest issue that I see is not the plugin myself, but JetBrains response (or lack thereof). Folk complained about loosing trust with JB over the fear of 3)
I get it, but don’t get it. Apple fucked up years ago with the whole battery gate crap when they made changes to fix an issue but didn’t tell anyone.
I’m still using Apple devices and I’ll still continue to keep my JB subscription. Sure JB shot themselves in the foot over a lack of communication, but unless someone can show me otherwise, it looks like no data was transmitted by the plugin unless it had been fully configured.
Well a core-plugin can still be disabled just not uninstalled. The behavior of the plugin indicates bugs and for a plugin that exfiltrates data it is rater bad to not have gone through proper QA.
For number 3 we will have to take them at their word which, to my mind is not worth a lot at this stage as they have a clear incentive not to follow through on that. They want to generate their own models to be used in their products. What better way to garner data than to have their already good autocomplete make suggestions and then the developer uses them and it is then send of to the server to train models.
In general, as said, I don't mind the occasional bug, BUT when it is vital to be fixed where the vendor has a clear incentive not to fix it as it would be in their favor and where they force something like that upon someone it is different. In such situations I call bullshit. There the vendor has be presumed hostile.
As for the thing you said about Apple. A) I don't use their products. Where I have clout I even advise/discourage/actively go against Mac-products. B) And this is most important. It is whatabout-issm. Just because someone else did it does not make it right.
We, as societies and professionals that hold a lot of the keys to what goes and does not go in society have have to own up to our responsibilities.
What am I to say to my neighbour who is a professional writer when an AI takes his job or the truck-driver that is out of a job because of that or the woman next door that lost their child or husband to one of Tesla's autopilots that they unleashed on the public for beta-/or even alpha-testing knowing that it has bugs that can cause the loss of limb and live? Those engineers,PMs and Managers that go along with that are nothing but despicable to use a generous term.
And here we are : Jetbrains plays the game as well now, muddies the water, pleads ignorance and hopes it can keep the hand in the cookie-jar. Next time around they might be more creative. They can already say that it is YOUR responsibility for keeping your employer's code-base save and YOU should've know better. And they will not thank you for doing your part of being a sucker and helping them build a product they will make millions with. They will laugh all the way to the bank as you still pay them.
The Whataboutism of your's mentioning Apple aside: You basically say that you don't care who falls under the bus as long as you can have it as commfortable as possible. The IP that your employer entrusted you with to keep safe? Na!! Hubub... I wanna plead ignorance, play the sucker, pay for being the product and not think and not be disturbed in my comfort-zone.
I would not hire people that are non-conscientious or critical willing to throw everything aside for their convenience. But... to each their own I suppose, at least do yourself and others around you a favor and be honest about it. Don't utilize strawmanarguments such as whataboutisms to justify decisions.
I’m not claiming any straw man or whataboutisms.
I’m simply stating that these are not hills I feel I need to die on.
One has to have trust. I trust JB just a tish bit more than MS.
I mentioned Apple to show another example of how dog-awful communication made a potential non-issue look even worse than it may have otherwise been.
A just saw.. a dupe https://news.ycombinator.com/item?id=38696325 ... But I cannot comment......
Before we get into it, the linked ticket is a cluster of over 40 tickets all dealing with the same thing and Jetbrains (JB for short) pretty much did nothing. So if you are working in a heavily regulated part of the industry, handle proprietary code or are just hobby-dev not liking the idea to be spied on. The link above is for you. I fear there is more hostile behavior to come from that vendor. Ironically I am posting this here and not there because, after having penned this - and I took my time composing it and didn't want that effort to go to wase -, I noticed that I was not able to reply as all comments were closed, effectively silencing everyone. Enjoy the read and I encourage you to pilfer through the tickets.
------------
One thing I would like to point, as some may feel this way as well and have just never explicitly vociferated it or never thought about that aspect before. The core-problem for all of this is is not a technical but a less tangible one that is harder to fix - if at all.
If JB would've turned around and provided a stand along plugin running (maybe even split it between running via API and locally) it would've been a pleasant, thoughtful and welcome update. After all, this is where the industry is heading at the moment and only an idiot fights the wind. If they would've provided a plugin for the sole purpose of collecting training-data, that would've been ok as well. Some Open-Source folk working in public, might've liked to help out improve that AI that it may serve all of us on our local machines.
Instead we saw ..... this.... in all its detail and I am very sure that there was/is stuff going on behind the scenes that we don't know and will never know about.
I would like to point out that, while they could've done it, they did not disable the IDE when some users deleted the bundled plug-in.Maybe they didn't think of it? To be seen. So I can still, like any physical appliance, buy the thing, put it wherever I like and even work on it.
Why people buy appliances with cameras and put them in living-space(e.g. bedroom, living-room, etc.) even though they may not be enabled is beyond me. However, that is the equivalent of what happened here IMHO and those with subscription were blind-sided by it.
That shipping with an update violates the concept of agency. I should have the ultimate say in what can and cannot run on my machine and I can have this say without open source as well, as that addresses a different matter altogether(the ability to proof it).
Most people do not mind benign functionality which is also the reason why most of the bundled plugins didn't stand out or cause an uproar.
The Ai-functionality provided is different though and we developers are rightfully a paranoid bunch as we work in our industry daily and know how some exec's and c-suite darlings cut through red-tape and are rather ruthless at times. They took away our agency in this matter thinking that we will be docile like most non-tech people or fanboys.
I would've overlooked this matter more than gladly if JB would've been more engaging. We all make mistakes and misjudging something sometimes is a staple trade of the human condition after all. I fear that the lack of engagement displayed by JB is indicative of other things though. For one, that they only wanted to commit to things that they would have no choice but to commit to. Also, I would say that the move we saw from JB today only came about because they were hoping that, like most shitstorms on the Inet, this would abate and that complacency will take over and then they got cold feet.
The fact that the plugin is still sitting there is also not boding well, which means that if I ever were to use their product ever again, I would be forced to watch the network-traffic very closely. Not because the product is closed-source but because of the aforementioned underlying non-technical.
This problem composes of the willingness to take away your customers agency and willingly accepting that they are violating their regulations on pain of being fired(It does not make sense for a freelancer to acquire a company license or when someone works in a "use your own IDE"-environment - would've to read the fine-print on the agreement again TBH). The actively "activating the plugin should it be active"-approach or the nagging for it to be enabled, the enabling of the plugin after update in connection with the lethargy of JB makes might be further highlighting of the fact that their intention with this is to have our work build their product against our consent. Another problematic willingness of this vendor is also that they are willing to ship buggy code(as per their description of events) for a very, very sensitive part of functionality and then not engage with their worried customer-base at all. That itself is problematic in the event that there is some problem that might be exploitable(as happened with Youtrack itself). Also, the upending of discussions on this by closing comments and pretty much not moving from their position.
(For the legal-departments in companies affected(having employees running JB on a non-commercial license because of policy and having ill configured professional licenses): Question here would also be: how much data was already unlawfully/illegally exfiltrated during those incidents as the plugin was running?)
------
I, for one, am not willing to keep this appliance in my house. Not because the functionality is not great but because the vendor has a track-record of shipping buggy code, has shown the willingness to have their customers potentially infringe regulations by taking away their agency to control what runs on their machine, has displayed a carefree attitude of taking its paying customers seriously and has attempted to make its users a commodity in a two-sided market.
-------
You made me look for alternatives. I liked what I saw and thanks to your heinous handling of this matter and your odious way of shipping this functionality I can even live happily without some features(until someone rebuilds them).