JSON Style JavaScript Class/Object declaration

  • Thread starter M A Hossain Tonu
  • Start date
D

Dmitry A. Soshnikov

Well, JavaScript never cared about abstraction and other theoretical
stuff,

Why so? JS has its way where some ideas are from other languages and
from the general theory.
so the only way it could understand encapsulation is by
interpreting it in access restriction / data security terms :)

No, it's not.
Which
is IMHO the original purpose of encapsulation in the first case.

It is good, though, that you use "IMHO" acronym in this case. Because
again, the main purpose of the encapsulation is a to encapsulate (to
abstract) from a user some /auxiliary data/ which participate to provide
some public data, the public interface (API).

If in future the public API will be changed, then the /ability to
localize and predict the internal (encapsulated) places of the needed
changes with the minimum of expenses/ -- is the /main/ purpose of the
encapsulation.
The
global abstraction logic is secondary,

It is good to use "IMHO" word here too.
to make CS students to use
encapsulation instinctively by the end of the university.

An encapsulation of some entities can be related e.g. with a simple
function. Thus, when you use e.g. Math.round(...) you don't think about
what is "round" and how is it implemented; you just use (call) it -- the
implementation is hidden (abstracted) from you.

So if a student understands an encapsulation as a measure for exactly
security hiding -- he understands it incorrectly.

P.S.: regarding __parent__ by the way, it is very convenient to use it
to make a "private" concept usable via the naming convention with the
leading underscore -- http://gist.github.com/363056

P.S.: I don't wanna to make a big off-topic in the thread related with
"JSON Style JavaScript Class/Object declaration". So, if you want, you
can make separate thread to make the discussion more relevant with the
thread title.

Dmitry.
 
J

John G Harris

And when it comes to inheritance, objects
inherit from objects, not classes from classes as in the "class"-ical
languages.
<snip>

That's not true about classical OO languages. In C++ and Java each
derived-type object inherits instance data from the base-type object
inside itself. Functions could be per instance, but there's no point as
it's the same functions for each instance. They are more conveniently
accessed via a shared v-table (which is *not* the "class" whatever the
more mystical bloggers might pretend).

The big difference, and it looks less and less different the more you
look at source code, is that in C++ and Java the objects' data and
functions are defined in a piece of text flagged as a class definition,
and in javascript they are defined in a piece of text flagged as a
constructor definition.

John
 
V

VK

It is good, though, that you use "IMHO" acronym in this case. Because
again, the main purpose of the encapsulation is a to encapsulate (to
abstract) from a user some /auxiliary data/ which participate to provide
some public data, the public interface (API).

Maybe now, but not originally. Originally it was an obvious security
necessity to expose for security related actions only what is needed
to be exposed and only in one way to be used. Because if you write say
a C shell for a language X, and this language has method getFileName,
and your method implementation has some intermediary method or var
with hard disk access, this fact will be sooner or later found and if
it can be used for hacking - it will be used that way.
If in future the public API will be changed, then the /ability to
localize and predict the internal (encapsulated) places of the needed
changes with the minimum of expenses/ -- is the /main/ purpose of the
encapsulation.

Correction: a deeply secondary (by the timeline at least) and severely
misused purpose of the encapsulation. ;-)
P.S.: regarding __parent__ by the way, it is very convenient to use it
to make a "private" concept usable via the naming convention with the
leading underscore --http://gist.github.com/363056

Wow... Thank again. I am getting two impressions by now: i) since
JavaScript 1.6 the Mozilla team is having a good time of joking over
the language and ii) the most dangerous person for JavaScript, Mozilla
project and ECMA standards is Mr. Brendan Eich. No personal offence...
P.S.: I don't wanna to make a big off-topic in the thread related with
"JSON Style JavaScript Class/Object declaration". So, if you want, you
can make separate thread to make the discussion more relevant with the
thread title.

Changed to "Encapsulation in JavaScript"
 
D

Dmitry A. Soshnikov

Maybe now, but not originally. Originally it was an obvious security
necessity to expose for security related actions only what is needed
to be exposed and only in one way to be used.

By the way, why do you use a assertion form of your sentences, just it
would be the truth? Please mention, I'm talking to you, but not asking
you what is encapsulation and what does it /originally/ and /now/ mean.

I don't know what to suggested you to read, you can start reading from
the general theory (e.g. Wikipedia also fits).

So, /originally/ (please record, this is a lecture), a concept of an
information hiding (an encapsulation) is invented to increase an
abstraction of a system.

If you have some modules, then these modules can collaborate via the
specified API from every module. If some module will change tomorrow
representation of its internal state -- all other modules will continue
to use the same API just it there were no any change. And /this/ is the
/main/ purpose of the /encapsulation/ concept -- decreasing of modules
coupling and increasing of the abstraction.

I.e. a system is a "black box" with its /internal state/ and /external
API/. And (I repeat) /predicting and localizing/ the places of some
changes of an internal state without (possibly) changing the external
API -- is the /main/ purpose of the encapsulation.

In some OOP implementations this principle was extended with ability to
change a /level/ of accessibility (as a consequence of some designs,
e.g. an inheritance). If some classes have collaboration -- then it is a
good design if they "talk" with each other via the public API, and do
not interesting about /their construction/ (or internal state). /This/
is the main purpose of the encapsulation, but not the security reasons
at first place!
Because if you write say
a C shell for a language X, and this language has method getFileName,
and your method implementation has some intermediary method or var
with hard disk access, this fact will be sooner or later found and if
it can be used for hacking - it will be used that way.

Oh, come on, you don't think that for software security and safety a
"private" keyword is used, right? Good then.
Correction: a deeply secondary (by the timeline at least) and severely
misused purpose of the encapsulation. ;-)

I have no again idea why do you use the assertion form of your statement.

If some CS teacher/lecture learned you (or some student) that
encapsulation is for security -- please send this teacher to me to talk.
I am a lecture myself.
Wow... Thank again. I am getting two impressions by now: i) since
JavaScript 1.6 the Mozilla team is having a good time of joking over
the language and ii) the most dangerous person for JavaScript, Mozilla
project and ECMA standards is Mr. Brendan Eich. No personal offence...

Well, don't know, but some of the stuff is very convenient though ;)

Dmitry.
 
V

VK

By the way, why do you use a assertion form of your sentences, just it
would be the truth? Please mention, I'm talking to you, but not asking
you what is encapsulation and what does it /originally/ and /now/ mean.

I am not the FAQ Maintainer of this newsgroup. Only that person may
need to indicate for statements if he/she speaks as a regular poster
or expressing a current consensus among the group regulars. In my case
unless it is indicated otherwise, I am talking for myself, nickname
VK, [schools_ring-at-yahoo-dot-com] for nickname hijacking check if
any doubts. The only exception I do sometimes is if I have a lot of
different recent posts and I am currently answering to a newcomer. In
such case I may indicate at the beginning that it is my private
opinion so she would not make false assumption of VK expressing some
consensus clj opinion. I do not see a reason to prefix each and every
statement with "In my opinion," or to postfix is with IMO/IMHO.
I don't know what to suggested you to read, you can start reading from
the general theory (e.g. Wikipedia also fits).

I am 42 years old and my memory is not senile yet. So I better rely on
my memory. The history description may differ dramatically from the
history as it is. You may know that.
So, /originally/ (please record, this is a lecture), a concept of an
information hiding (an encapsulation) is invented to increase an
abstraction of a system.

Your experience differs from mine at that point.
If you have some modules, then these modules can collaborate via the
specified API from every module. If some module will change tomorrow
representation of its internal state -- all other modules will continue
to use the same API just it there were no any change. And /this/ is the
/main/ purpose of the /encapsulation/ concept -- decreasing of modules
coupling and increasing of the abstraction.

I.e. a system is a "black box" with its /internal state/ and /external
API/. And (I repeat) /predicting and localizing/ the places of some
changes of an internal state without (possibly) changing the external
API -- is the /main/ purpose of the encapsulation.

In some OOP implementations this principle was extended with ability to
change a /level/ of accessibility (as a consequence of some designs,
e.g. an inheritance). If some classes have collaboration -- then it is a
good design if they "talk" with each other via the public API, and do
not interesting about /their construction/ (or internal state). /This/
is the main purpose of the encapsulation, but not the security reasons
at first place!

Carefully read, but hundreds of security breaks I remember prevent me
to agree with you. I mean security breaks because of security-
sensitive objects exposed something besides of what they had to expose
and others found it. Or what had to be exposed was exposed in a wrong
way so allowed to use the exposed feature in some way beyond the
intended one.
Oh, come on, you don't think that for software security and safety a
"private" keyword is used, right?

Wrong. Go change some Java class vars or method from the original
private to something else and I'll show you how wrong you are. With
Jad it will not take too long. Actually, there is no need to hack Java
source. You may just help me answer to my question posted at
comp.lang.java.help (it is JavaScript related as well):
http://groups.google.com/group/comp.lang.java.help/browse_frm/thread/dc29f8c3c187b791
I have no again idea why do you use the assertion form of your statement.

If some CS teacher/lecture learned you (or some student) that
encapsulation is for security -- please send this teacher to me to talk.
I am a lecture myself.

I am a language (human ones) specialist by my diploma. Plus C++ 3
months crash course in the US. Plus in that sorry business since 1996.
So with CS lectures (from Berkley mainly) I spoke only a few times, it
was in SF bars and it was about the baseball and not about the
encapsulation :) That can be the core of the problem.
Well, don't know, but some of the stuff is very convenient though ;)

It is. But in the recent years Mozilla acts too often like W3C tried
to act, and Brendan Eich like Sir Berners-Lee. So as if they are the
only legitimate JavaScript standards developers and Brendan Eich is
still the owner of the thing he invented. For you: IMHO. They know CC
used for AJAX data exchange encapsulation for *security* reasons in
many commercial libraries. Yet they introduce a non-documented non-
standard feature that f*cks up the whole CC mechanics. Sure, who wants
it, he can read about yet another non-documented non-standard feature
that allows to fix the breach caused by the first one. Global source
code search-replace, QA testing, notify all customers and make free
update for them. Big deal, really... Johnny Doe uses __parent__ in his
Firefox interface part of code, he really likes it and he doesn't want
any inconvenience. So what a big deal, b*ches?! IMHO, sarcasm.
 
V

VK

So, /originally/ (please record, this is a lecture), a concept of an
Your experience differs from mine at that point.

I may need to explain it further. If say i) there is a custom function
getPosXY(elm) that returns the real left-top coords of elm and ii)
this function exposes some internal intermediary property or method
_foo and iii) by setting this method to 0, null or undefined the user
can make the whole script crashed: given these circumstances, the
amount of care I do give to the possibility of (iii) is so small that
one needs an electronic microscope to see it - and even then doubtful.
Thus the encapsulation concept as described in your lecture is
completely out of my interest and used to be out of the JavaScript
coding practice. As Roedy Green said, "He would only hurt himself.
That's fine. You can't protect people from committing suicide." So *in
the programming* I am on the eugenics side: idiots have to eventually
die so do not pollute the common genotype. :)

Yet if I am developing a stay-alone module for say 3rd party data
exchange, I'll do my best to make the data accessible only in the way
as spelled in my manual. Same for local file access tools, same for
ActiveX objects. They always can be hacked. The 1st axiom of the
programming, remember: "Anything created by one human being can be
reverse engineered and altered by another human being". But at least I
will try my best.
 
D

Dmitry A. Soshnikov

I do not see a reason to prefix each and every
statement with "In my opinion," or to postfix is with IMO/IMHO.

Of course it is not required to use /every time/ IMHO or IMO (or
whatever uncertain introduction of a phrase). I just want to prevent a
some demagogy style, when some starts to talk with assertions just to
"win" the talk (hoping, that an opponent won't check or don't know the
subject). If this isn't you case, then we can continue to talk.

Also, I want to prevent the tries to guess something. Personally, if I
don't know something, I -- (a) talk in interrogative form (asking those
who know the subject) if the subject is /known/, or (b) talk in the
guessing/proposal form if the subject isn't know yet and innovative. If
I at the position of a speaker who is sure in what he's talking about, I
talk in assertion form.

But to be able to talk in the "language of assertions" it is needed: (a)
to know the general theory well and (b) to know deeply the concrete
theory/ideology/practical aspects of the concrete technology.

Regarding the encapsulation, I explain you the general theory (which is
applied also to the concrete technology -- ECMAScript) of this concept.
I am 42 years old and my memory is not senile yet. So I better rely on
my memory.

Don't worry, I respect the age. Moreover, your age is absolutely normal
for me, as at work I have some colleagues of your and older age. For
your info I am 27 years old (if it matters somehow).

But. In the professional discussion neither age, nor some status, as
well as nor an authority, nor a position and accessory to some
"privileged" community or a group and so on, and so forth /do no
matter/. I for you an interlocutor. As you are for me. No more, no less.
If you have the same meaning we can continue the talk.

The history description may differ dramatically from the
history as it is. You may know that.

Maybe, but can you show me that you call an "original" meaning of the
encapsulation and exactly that there is said, that this concept was
invented for the /security/ reasons but not for an abstraction,
structural decomposition of a system on modules where every module
encapsulates its internal auxiliary state and has a public API?
Your experience differs from mine at that point.

I see. But I don't argue with you. I just can explain it. To accept it
or not -- this is your choice. But if you understand a professional
discussion as meanings exchange, then you'll see that I am spiritted
positively and on exchange of knowledge, but not on desire to "win a
dispute".
Carefully read, but hundreds of security breaks I remember prevent me
to agree with you. I mean security breaks because of security-
sensitive objects exposed something besides of what they had to expose
and others found it. Or what had to be exposed was exposed in a wrong
way so allowed to use the exposed feature in some way beyond the
intended one.

If a programmer will won't to use/change "private" access level, he'll
do it -- e.g. just open a file of your library and change it.

If you're interested in "maliciousness hackers", they will find a way to
hack your system in completely other ways, but not via "private"
keyword. Once again -- encapsulation is for a /programmer/, but not a
measure of software security! It was so and it is so.

<snip>

Ok, you can read this paper: <URL: http://bit.ly/MP49r> -- this is the
text of the /original/ meaning of the encapsulation written by "David
Parnas" <URL: http://en.wikipedia.org/wiki/David_Parnas> -- the
/original inventor/ of the encapsulation concept.

In addition, you can read just Wikipedia, as I mentioned already:

http://en.wikipedia.org/wiki/Information_hiding
http://en.wikipedia.org/wiki/Encapsulation_(object-oriented_programming)

And try to find a word where is said that the /main/ purpose of the
encapsulation is /security/, but not the /increasing of an abstraction/
via /hiding internal state (predicting and localizing the further
changes of this internal state) with providing a public API/.

Dmitry.
 
D

Dmitry A. Soshnikov

I may need to explain it further. If say i) there is a custom function
getPosXY(elm) that returns the real left-top coords of elm and ii)
this function exposes some internal intermediary property or method
_foo and iii) by setting this method to 0, null or undefined the user
can make the whole script crashed: given these circumstances, the
amount of care I do give to the possibility of (iii) is so small that
one needs an electronic microscope to see it - and even then doubtful.
Thus the encapsulation concept as described in your lecture is
completely out of my interest

That's your choice. Repeat, I just can explain, but not to force you to
accept the truth (possibly, you'll need some time to understand and
accept this truth -- but that's completely OK, because as I mentioned
this problem with understanding the main purpose of the encapsulation is
widespread). In any case, the truth isn't being disturbed because of
someone does not understand it (or understand it incorrectly) or does
not accept it.

Yet if I am developing a stay-alone module for say 3rd party data
exchange, I'll do my best to make the data accessible only in the way
as spelled in my manual.

Should be a correct understanding of the encapsulation. If some (a user,
a programmer) will wanna change the code of your library -- he will. But
why the heck he should ask your permission to do this? He uses your lib,
see some bad implementation -- go to source and change them (if the
license is OK to change the code). Accordingly, he can change you
"private" keyword to "public" if he want.

Many languages e.g. Ruby has this concept (of encapsulating the internal
state) built-in in core principle. E.g. everything is base on
getter/setter methods for internal state. Thus, an internal state can be
more complex than just a simple variable:

class A

def initialize
@x = 100 # private state var
@y = 300
@z = 500
end

# getter
def x
@x
end

# setter
def x=(new_x)
@x = new_x
end

# only getter for @y
def y
@y + 100
end

end

a = A.new
a.x # 100

a.x = 200
a.x # 200

a.y 400
a.y = 500 # error

a.z # error -- there is no even a getter for z

At the same time, Ruby has several /meta/ methods, including
getting/setting private internal state:

a.instance_variable_get:)@z) # 500
a.instance_variable_set:)@z, 600)
a.instance_variable_get:)@z) # 600

# define an own getter
# for @z for "a" instance

def a.z
a.instance_variable_get:)@z)
end

a.z # 600

If tomorrow a representation of the internal state will be changed, the
public API will be the same (supposing that "a.y" is used in many places):

def a.y
500
end

a.y # 500


Another simplest example of the encapsulation can a casual /constant/
concept when you use e.g. MAX_LENGTH constant /predicting and
localizing/ the places (currently will be only one place) of needed changes:

MAX_LENGTH = 100;

And then always use MAX_LENGTH everywhere. If tomorrow if will be 200,
all other modules won't even notice that your module has changed some
internal state (the value) -- they will continue to use public API --
MAX_LENGTH.

And /this/ is the main purpose of the encapsulation. Go and tell "them"
all that I've told you. And I will tell this for everyone independently
their status or authority. But repeat -- with the positive approach and
with the only one objective -- to show what exactly it means, but not
accept the misconceptions forced by some authorities without understanding.

Dmitry.
 
S

Sherelle

The problem with that clone method, that if you have sub objects
within the obj, their references will be cloned, and not the values of
every sub object.

var clone = function(o) {
    var no = {};
    for ( var i in o ) {
        no = o;
    }
    return no;
}
var a = {a: 1, b: 2},
    b = clone(a),
    c = a;
a.a = 3;
b.a = 4;
console.log(a.a, b.a, c.a);
outputs 4 4 4 they are using same memory...

No, it doesn't. The b variable holds a reference to a different object,
and it writes 3,4,3.
The "singleton pattern" makes no sense in a classless language.
It means that you can only create one instance of a specific class.
It has no meaning when there are no classes.
What would it be that you could only create on instance of?
/L 'You could do it with host objects, but then, you can do
    anything with those'

The clone method used was created to illustrate the problem with the
reasoning in the article. Cloning sub-objects is a trivial matter of
recursion.
 
V

VK

That's your choice. Repeat, I just can explain, but not to force you to
accept the truth (possibly, you'll need some time to understand and
accept this truth -- but that's completely OK, because as I mentioned
this problem with understanding the main purpose of theencapsulationis
widespread). In any case, the truth isn't being disturbed because of
someone does not understand it (or understand it incorrectly) or does
not accept it.

Should be a correct understanding of the encapsulation. If some (a user,
a programmer) will wanna change the code of your library -- he will. But
why the heck he should ask your permission to do this? He uses your lib,
see some bad implementation -- go to source and change them (if the
license is OK to change the code). Accordingly, he can change you
"private" keyword to "public" if he want.

Your position is clearly understood. IMO the problem is in the
semantic, not in in the correctness / non-correctness of a programming
paradigm. Any JavaScript program has three main stages of the life
cycle:
1) idle stage (source stage)
That is the stage of a program being say open in an editor or simply
stored as a file client/server side.
2) parsing stage
This is the stage of the source being fed to the parser
3) execution stage
I guess it doesn't need to be explained

In your posts you are talking about the idle stage and the
"abstraction encapsulation" as it applies to that stage. For this
stage and this kind of encapsulation your arguments are correct.
Indeed, the abstraction encapsulation appeared as a measure of
protection of programmers from programmers, so the library would be
used in the documented way and not over different "undocumented
features" ("Undocumented features of ..." once was a very popular
title at DOS/Windows 3.x times). The usage of undocumented features
and unfrozen interfaces may be very effective for a particular task in
comparison with officially exposed methods. Yet such usage is a
ticking bomb in case of internal library changes. So here the
abstraction encapsulation came. Can anyone still alter the program on
its idle stage, say private to public etc? Of course she can. Here
digital signatures, hash codes and user agreements come into play. So
I can alter or completely redo a 3rd party library but it eliminates
my possibility to complain if anything goes wrong, it eliminates my
rights for support and in most cases it violates the user agreement I
had to accept. So the explicit manual change of a 3rd party program
lies beyond any programming matters, in the legal domain.

The issue with the abstraction encapsulation - which is rightly
criticized by you - is that at some moment some programmers wrongly
took the possibility of the "back door" access as their
responsibility. Other words if method getXY() has internal _foo
accessible from outside, and by setting _foo to something makes
getXY() behave wrongly then it is by definition my own holly
obligation to protect _foo from side access. It is not. I may do it,
or I may let anyone to "shoot his leg" and screw them.

So for the abstraction encapsulation we seem to have no points to
argue. I was arguing about the execution stage and the security
encapsulation which is a whole different issue.
 
D

Dmitry A. Soshnikov

Your position is clearly understood. IMO the problem is in the
semantic, not in in the correctness / non-correctness of a programming
paradigm.

Besides, I don't see any problem with understanding what does the
"encapsulation" term (in computer science) mean.

Any JavaScript program has three main stages of the life
cycle:
1) idle stage (source stage)
That is the stage of a program being say open in an editor or simply
stored as a file client/server side.
2) parsing stage
This is the stage of the source being fed to the parser
3) execution stage
I guess it doesn't need to be explained

Let's say -- not only JavaScript, but many other languages have such
stages (I'll mention the Ruby soon to show you again -- how we can
easily and _dynamically_ affect the code, getting access to the
encapsulated data if needed) ;)

Of course, if we have the case when a programmer do this often (of
without understanding -- that is more essential), then it is possible to
talk about /bad programming stylistics/.
In your posts you are talking about the idle stage and the
"abstraction encapsulation" as it applies to that stage.

Not only the "idle" stage (by your terminology). In completely dynamic
language with mutable objects we can affect the code dynamically at
runtime. Take any such language -- Ruby, Python, ECMAScript, etc.
For this
stage and this kind of encapsulation your arguments are correct.

OK. But I should again mention -- I didn't prove anything, I just explained.
Indeed, the abstraction encapsulation appeared as a measure of
protection of programmers from programmers,

Yeah, that's right -- as a good helper for more abstractly and therefore
-- more quality build a system -- with a (possibly) complex and powerful
internal state, but with the convenient public API for a user of our
system. And this internal state (an auxiliary data) is encapsulated from
the user, making using the system really convenient and all details are
transparent. I should underline the whole this sentence -- this exactly
is called as an encapsulation in the computer science.
so the library would be
used in the documented way and not over different "undocumented
features" ("Undocumented features of ..." once was a very popular
title at DOS/Windows 3.x times).

Yeah, I remember that titles ;)
The usage of undocumented features
and unfrozen interfaces may be very effective for a particular task in
comparison with officially exposed methods.

Maybe, but such cases (if possible) should be avoided in the good
stylistics. Notice, nevertheless, I don't mention security.
Yet such usage is a
ticking bomb in case of internal library changes.

Yep. Only the programmer is responsible for that. If he want to use a
system not by the "rules", he _may_, but -- the full responsibility is
on him. If something goes wrong -- only he will rewrite his system
correctly using special public interface to talk with the system.

That's it -- the system has its right -- to change at any time its
internal state. At the same time, if a programmer knows the system
completely and knows /how/ and /when/ it will look like after the
changes of some internal state, he can affect this internal state, but,
repeat, with full responsibilities for that.

I mention the Ruby again. I already showed you an example how a
programmer can affect internal instance variables (in Ruby they prefixed
with @ sign -- analog of using `this.` in other languages).
Alternatively, Ruby has ability to send messages to /private/ state of
an object:

class A

def initialize
@a = 10 # instance variable without getter/setter
end

def test
return @a + private_method()
end

private

def private_method
return " from private"
end

end

a = A.new # an instance

a.a # error, there is no getter for @a

# the general getter of instance
# internal (sic!) encapsulated variables

a.instance_variable_get:)@a) # 10

# public method has access
# to the private method

a.test() # "10 from private"

# at the same time "a" has
# no access to the "private_method"
# from the outside of the "A" class definition

a.private_method() # error, access to private method

# but (sic!) using the general "send"
# method we can access this encapsulated state

a.send:)private_method) # OK - " from private" is returned

Now tell me. The author of Ruby -- Yukihiro Matsumoto <URL:
http://en.wikipedia.org/wiki/Yukihiro_Matsumoto> -- could he /by his own
hands/ just "kill" his language and provide such "insecure" methods?
Could he just don't think about anything and create such "ugly" language
which (oh-o-o..) has no /"private" keyword for "security"/? Or maybe, he
just knew _what is_ encapsulation?
So here the
abstraction encapsulation came. Can anyone still alter the program on
its idle stage, say private to public etc? Of course she can.

By the way, why do you used "she" word? I'm just interested from the
English language position. Why not "he"?
Here
digital signatures, hash codes and user agreements come into play. So
I can alter or completely redo a 3rd party library but it eliminates
my possibility to complain if anything goes wrong, it eliminates my
rights for support and in most cases it violates the user agreement I
had to accept. So the explicit manual change of a 3rd party program
lies beyond any programming matters, in the legal domain.

Yes, true.
The issue with the abstraction encapsulation - which is rightly
criticized by you - is that at some moment some programmers wrongly
took the possibility of the "back door" access as their
responsibility.
Yes.

Other words if method getXY() has internal _foo
accessible from outside, and by setting _foo to something makes
getXY() behave wrongly then it is by definition my own holly
obligation to protect _foo from side access. It is not. I may do it,
or I may let anyone to "shoot his leg" and screw them.

But please notice, I don't say a word that "strong encapsulation" --
i.e. without _any_ ability to affect the internal state is bad.
Vice-versa -- it's even better helper for a programmer, because can
faster catch errors. But, he will catch the same errors and in e.g.
Ruby's implementation -- where will be such errors with /direct/ using
of an internal state.
So for the abstraction encapsulation we seem to have no points to
argue.

Yeah, seems so. OK.

Just want again to notice, that if we sure that some internal state
won't be change in the future, then (IMO -- and logically) there is no
/any/ need to make it encapsulated providing hiding of /absolutely
non-abstract/ entities. This can be the same ridiculous as not to
understand the language (yep, e.g. as using === with `typeof' comparing
the result with strings).

I mean if you sure that in future `foo' datum won't be changed, then:

function getFoo() {
return foo;
}

is just /big misconception of an encapsulation/. Of course, if we
/predict/ such changes and in future `foo's getter will be more complex,
then we can _reserve_ such _non-abstract_ getter and this is completely OK.

However, it's just my meaning and regarding the particular
implementation, e.g. ECMAScript. Because again in Ruby, this is in the
_core ideology_ -- an internal datum could/should have a getter/setter
-- and in general case these getters/setters can be the same
non-abstract just returning the value of that internal state (in the
mentioned example on Ruby above for @a e.g. -- def a; return @a; end).
But at the same time (having such ideology) you saw the mechanism of
getting access to the internal data.

Or, another example where such absolutely non-abstract getters/setters
can make sense. This is Java. If I remember correctly, it recommends to
use always getter/setter for a "private" variables. But -- what's the
most funny -- it relates to the implementation of the Java: there a.foo
and a.getFoo() can (in some specific cases) return /different/ results
-- because methods are polymorphic, but properties not (if will be
needed a complete example of such ambiguity, let me know). So for the
/correct/ behavior they recomment always use getters for that. Although,
I've heard, and in Java community there are people which don't see a
sense in such non-abstract (read === "useless") encapsulation.
I was arguing about the execution stage and the security
encapsulation which is a whole different issue.

The term "security encapsulation" is odd, but at the same time
widespread in its misconception. I can imagine e.g. "security measures"
concept. Yes, software could/should be secure -- depending on our needs.
If we have a dynamic language with mutable objects which can be altered
at runtime, and at the same time we openly provide such ability -- using
e.g. "console" or "javascript:" pseudo-protocol, then it is not so
responsible not to check the data also on the server side (in this case,
the JavaScript is just an convenient addition).

But sure, a "private" isn't for security, but for programmers.

You put a "private" keyword? -- a hacker will alter the bytecode.

You have some compiled program? -- the hacker will alter it with
HEX-editor and won't even see on your "private" keyword.

You afraid that the hacker will change your private "_foo" which is used
in "setFoo" -- don't worry -- he will change completely "setFoo" instead
(the language is dynamic, forgot? -- or maybe you'll suggest to make JS
static? -- it won't help also).

You afraid that somebody will alter your JS object via console? -- the
hacker will sniff a traffic on the net level and don't even see your
JavaScript object with a "private" keyword.

So, I repeat, other measures are used for software security and safety,
but not the "private" keyword.

But, of course, encapsulation sugar in OOP such as "private",
"protected" and "public" is a good sugar (and "strong" version can be
even more convenient for someone) and a good helper for the _programmer_
-- therefore this sugar was invented. Thus, notice, "protected" is just
a consequence of some paradigm.

Dmitry.
 
V

VK

Now tell me. The author of Ruby -- Yukihiro Matsumoto <URL:http://en.wikipedia.org/wiki/Yukihiro_Matsumoto> -- could he /by his own
hands/ just "kill" his language and provide such "insecure" methods?
Could he just don't think about anything and create such "ugly" language
which (oh-o-o..) has no /"private" keyword for "security"/? Or maybe, he
just knew _what is_ encapsulation?

Yukihiro Matsumoto thoughts are his thoughts, I didn't participate in
Ruby design. He might know what encapsulation must be by CS
definition. He might not knowing what practical security issues can
be. You didn't answer my question about Java <=> JavaScript interop
over JSObject and the security/stability issue caused by missing
encapsulation for Applet generic methods. Would you mind to consider
this case
http://groups.google.com/group/comp.lang.java.help/browse_frm/thread/dc29f8c3c187b791
and comment on it: is it abstraction encapsulation issue as defined by
you, is it another type of encapsulation issues, is it not the
encapsulation issue at all?
By the way, why do you used "she" word? I'm just interested from the
English language position. Why not "he"?

Just the pc (political correctness) habit. In the US "he" as the
universal 3rd person was admitted as sexist, so switched to "he/she" -
"she/he", then to the shortcut "(s)he". Both rightly considered as
ugly so finally it was decided to use "she" everywhere just to be left
in peace by pc maniacs. So not be surprised by seeing "she" throughout
in many US originated manuals. Not to say I am in pc violation fear in
this NG, just a typing habit. If it irritates you I'll try to control
it and to use "he" instead.
 
V

VK

But sure, a "private" isn't for security, but for programmers.

While you are analyzing the counterexample I gave to you...
You put a "private" keyword? -- a hacker will alter the bytecode.

You have some compiled program? -- the hacker will alter it with
HEX-editor and won't even see on your "private" keyword.

You afraid that the hacker will change your private "_foo" which is used
in "setFoo" -- don't worry -- he will change completely "setFoo" instead
(the language is dynamic, forgot? -- or maybe you'll suggest to make JS
static? -- it won't help also).

You afraid that somebody will alter your JS object via console? -- the
hacker will sniff a traffic on the net level and don't even see your
JavaScript object with a "private" keyword.

There is no use to extra prove the 1st Axiom of Programming ("Anything
made by one human being can be reverse engineered or altered by
another human being"). An axiom by definition is something to be taken
for granted as opposed to a theorem. Say the Super Hacker theorem is
based on the initial axiomatic set: the 1st axiom, the 2nd axiom of
the incremental security ("The human intentions are to continuously
increase the security rather than to decrease it"), the axiom of the
human integrity ("There cannot be a fraction of a human being"). Being
put together it leads to the Super Hacker theorem: the maximum
achievable security for any finite time span (from say one year to say
1,000,000 years) is an absolutely secure system and the only one human
being in the whole world able to hack it. If such person happens to be
a law obeyed one then the equation will be resolved to 0 by non-
mathematical means. btw the Super Hacker theorem was creatively used
in the famous "The Matrix" movie.

It is important though do not wall into another extreme by concluding
from the 1st axiom that any security measures are futile so useless.
The task is not to write a totally secured code as it is not possible.
The task is to make it enough secured for the pre-postulated usage
frame and target audience. With this realistic approach it has a
perfect sense to encapsulate an independent XHR (AJAX) module for 3rd
party data retrieval. Can be data stream intercepted by side tools?
Sure if someone has the necessary knowledge. Can it be first altered
and then used? Sure if someone has the necessary knowledge. Yet I will
encapsulate it at least for the casual AID (Anti-Idiot Defense) and
against the most obvious attacks. It is not more futile than writing
client-side scripts per se, with the ethernal possibility of at least
one UA where the most basic code may fail.
So, I repeat, other measures are used for software security and safety,
but not the "private" keyword.

While you are analyzing the counterexample I gave to you...
 
D

Dmitry A. Soshnikov

Yukihiro Matsumoto thoughts are his thoughts, I didn't participate in
Ruby design. He might know what encapsulation must be by CS
definition. He might not knowing what practical security issues can
be.

It was an example for you. Repeat, I'm not proving you anything, I just
can explain.
You didn't answer my question about Java<=> JavaScript interop
over JSObject and the security/stability issue caused by missing
encapsulation for Applet generic methods.

You're still trying to treat our discussion as a dispute. Please notice
also our positions: we're exchanging with meanings. I've listened your
meaning, decided that it distinguishes from the my meaning. It has
turned out that the correct meaning of the encapsulation is on my side
(if you want the division on "your" and "my" sides). Should I excuse
before you for that? ;) Who have decided that it's on "my" side? -- The
(1) general theory, (2) the initial document of encapsulation concept
written by inventor, (3) several examples in other languages.

But, repeat, until you'll stop treating the discussion as a dispute, it
is hard to accept the truly meaning. And if you stop treating the
discussion so, you'll see, that there should not be so, that your
position is (sort of) "judging" and I "should" to prove you something
answering your question.

I can answer your questions if you ask me. But please don't treat the
talk that I "should" prove you something (_you_ can (try to) prove me
something in the current position, but not vice-versa (e.g. I can ask
you -- show me any documents where written that the purpose of an
encapsulation is a "security measures from hackers") -- but I don't
wanna such talk). Because if all I explained to you (opening eyes and
showing several examples and explanations from the general theory) is
not needed to you, I let myself not to do this. As I said, the truth
won't be hurt just because someone don't accept/understand it.

Yes, sure.
is it abstraction encapsulation issue as defined by
you, is it another type of encapsulation issues, is it not the
encapsulation issue at all?

First, you should answer yourself, what will be, if a user of the page
with your applet bridge calls that _public_ methods? Will it hurt
someone else? Why that methods are public? Is it a public interface? If
so, why the user should ask your permission to call them? If you don't
control the "privacy" of that methods and they come from Java applet
class -- then you should answer again the question -- what will be if he
call them.

If this action will destroy all accounts or get all money to she's (I
used "she" :)), then the language (JS in this case) is treated in wrong
way of using. Repeat, if we have dynamic language which simply allows to
modify its code at runtime with the simple approaches (via console or
"javascrpt:" or anything else), then we should expect using of this
language as a useful and convenient _addition_ for the _user_. If user
don't wanna that convenience and want to examine what will be if he call
`init' method again -- and therefore he will _"break" just his own page_
-- then it's she's right.

If your methods still "delete all accounts" or "get all money to she's
account", but you made this with "private" method, then, repeat, the
hacker will use completely other measures, e.g. traffic sniffing, direct
call to your application (besides JS) or methods. But. If your system
can "delete all accounts" or "get all money to she's account" just with
some method call without (sic) crypted authentication and authorization
(and this data also can be sniff on traffic and decoded), then just your
system is build incorrectly.

So, backing to the JavaScript. As a simplest example I can suggest JS
form validators which some people use to check the data before inserting
to database without checking them on the server-side. JS should be
treated as just an _addition_ -- a convenience for the user. If user
breaks it himself (e.g. by simple replacement of a funciton:
form.isValid = function () { return true; }) -- then he makes it
inconvenient for only himself (you'll return the page with errors
checked on the server side to which the user has no access at all). Will
you suggest to make "isValid" static and read-only? OK, he will send the
direct request without your JS at all. But for what all that? If he want
to hack the server -- he should (try to) hack the server with completely
other measures. And please notice, we talk about some "hacker" which _do
not have access to the server code_ but try to hack the server (your JS
which is the addition isn't interesting to him, because he knows, that
if you clever, you'll made all the checks on server).

In contrast a _programmer_ (not a hacker which isn't related with
working with your code) _has access to your code_ (supposing that she
used it locally, but not load from the other source) and can change it
as she wish. If she loads it from the other source, she (a programmer)
still can to update the code via "monkey patching". If you won't prevent
also this -- do not user dynamic languages. But why should you want to
prevent this? Because your system is designed so, that there is magic
method calling which will "delete all accounts" or "get all money to
she's account". Then the problem is just in your system. And programmers
which use your lib can do with a code whatever they want, including
changing "privacy" of class fields if they thought it will be convenient
for them.

So, regarding exactly your example. I think it isn't encapsulation issue
at all, because you deal not even with a programmer, but with some user
which "plays" with this code on shes own page.
Just the pc (political correctness) habit. In the US "he" as the
universal 3rd person was admitted as sexist, so switched to "he/she" -
"she/he", then to the shortcut "(s)he". Both rightly considered as
ugly so finally it was decided to use "she" everywhere just to be left
in peace by pc maniacs. So not be surprised by seeing "she" throughout
in many US originated manuals. Not to say I am in pc violation fear in
this NG, just a typing habit. If it irritates you I'll try to control
it and to use "he" instead.

Oh, good to know, thanks. So you use always "she" when meaning
third-party men. OK, will use also.

Dmitry.
 
T

Tim Streater

Dmitry A. Soshnikov said:
Oh, good to know, thanks. So you use always "she" when meaning
third-party men. OK, will use also.

No, don't - it's stupid. Only foolish Americans have allowed themselves
to be bullied in this way.
 
V

VK

But, repeat, until you'll stop treating the discussion as a dispute, it
is hard to accept the truly meaning.

If you don't see a possibility of a discussion on the matter - because
the indisputable and the only true is yours - then there is a little
point to continue. The Usenet is not a university billboard with the
right by definition profs posts. You see the encapsulation as an
abstraction tool only and anything that is not an abstraction tool is
not the encapsulation by definition - like the Java issue I mentioned.
Your position can be justified by some very reputable sources
including the "canonical" definition by Grady Booch.
The truth is... OK, sorry: my truth is that this approach is the same
extreme as "encapsulation no matter what" you are fighting with. I do
understand why you are pushing it on your students: you want to shake
out from them the "encapsulation==security" paradigm at the early
stage of learning. Yet you maybe do not notice that you throw the baby
out with the bathwater. Again someone - possible me again - will get a
CS fresh graduate who needs an emergency real life dirt load on his/
her theoretical purity. That is not nice of you ;-) :-|

I told you in my previous post that it's all about the semantic. Now -
really, only now - I googled to see if there are some established
terms instead of my custom-made ones. So again: you are only concerned
about the abstraction encapsulation
http://en.wikipedia.org/wiki/Encapsulation_(computer_science)#Encapsulation
and only for that you accept the term "encapsulation" as the valid
one.

My definition of the encapsulation is wider than that and the aspect I
might be really concerned in particular projects is the information
hiding encapsulation
http://en.wikipedia.org/wiki/Data_encapsulation
http://en.wikipedia.org/wiki/Information_hiding

And in the aspect of a security related encapsulation as a weird
combination of words you may consider the encapsulating security
payload
http://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload

If you don't want to see it as a discussion because nothing to discuss
then consider it as my votum separatum to your indisputable
resolution. :) :-|
 
S

Scott Sauyet

Tim said:
On Jun 16, 3:31 pm, "Dmitry A. Soshnikov"<[email protected]>
By the way, why do you used "she" word? I'm just interested from the
English language position. Why not "he"?
Just the pc (political correctness) habit. [ ... ]
Oh, good to know, thanks. So you use always "she" when meaning
third-party men. OK, will use also.

No, don't - it's stupid. Only foolish Americans have allowed themselves
to be bullied in this way.

The old standard of using masculine pronouns for anonymous individuals
has been declining in many English-speaking countries for several
generations. Some people will take offense to the old usage, probably
with reasonable justification. But no consensus has emerged on how to
replace it. As VK said, "he/she" and "(s)he" are monstrosities. My
personal choice is to randomly assign a gender to an unknown
individual, and stick with it while discussing that person. But this
can be disconcerting for those who still use the traditional form:
"How do you know it's a woman?"

It's definitely considered wrong to use a gender known to be incorrect
for a partially anonymous individual. This feels quite wrong: "If any
of the players on the U.S. Men's World Cup team doesn't like it, she
can complain to the authorities." So does this: "An expectant mother
can expect his bulging midriff to attract attention." But for, say,
an anonymous user of a website, either "when the user moves her
mouse..." or "when the user moves his mouse..." would be widely
accepted.
 
V

VK

But no consensus has emerged on how to
replace it.  As VK said, "he/she" and "(s)he" are monstrosities.  My
personal choice is to randomly assign a gender to an unknown
individual, and stick with it while discussing that person.  But this
can be disconcerting for those who still use the traditional form:
"How do you know it's a woman?" ....
But for, say,
an anonymous user of a website, either "when the user moves her
mouse..." or "when the user moves his mouse..." would be widely
accepted.

It is OT by thank you for extending your first post: as it would be
hugely unfair to make me anyhow responsible for things introduced by
native speakers. If the ol'good King James bible now considered
politically incorrect by some... http://www.bible-researcher.com/links12.html
I just may suggest if writing a help file or a manual for CA in the US
either say "she", or rephrase for not using 3rd person singular, or
use other tricks from "Gender-Neutral Bible translations" (Jh, Holly
Mother of Lord...)
Not a requirement of any kind, just a suggestion from my personal
experience.
 
D

Dmitry A. Soshnikov

If you don't see a possibility of a discussion on the matter - because
the indisputable and the only true is yours - then there is a little
point to continue. The Usenet is not a university billboard with the
right by definition profs posts.

Nobody said that. If I don't know something and someone explains it to
me, I'm thankful to him, because he upgrades my knowledge. If I am not
right, I accept it and thankful. If I am right -- my "opponent" accepts
my meaning. It was, is and will be so.
You see the encapsulation as an
abstraction tool only and anything that is not an abstraction tool is
not the encapsulation by definition - like the Java issue I mentioned.

I see it as I is. OK, you may see it as you see.
Your position can be justified by some very reputable sources
including the "canonical" definition by Grady Booch.

Well, yeah, it seems acceptable explanation.
The truth is... OK, sorry: my truth is that this approach is the same
extreme as "encapsulation no matter what" you are fighting with. I do
understand why you are pushing it on your students: you want to shake
out from them the "encapsulation==security" paradigm at the early
stage of learning. Yet you maybe do not notice that you throw the baby
out with the bathwater. Again someone - possible me again - will get a
CS fresh graduate who needs an emergency real life dirt load on his/
her theoretical purity. That is not nice of you ;-) :-|

I explain as I read and understood it. It's not me who invented
"encapsulation" concept. So I can just to pass this knowledge to other.
Who interested of course.
I told you in my previous post that it's all about the semantic. Now -
really, only now - I googled to see if there are some established
terms instead of my custom-made ones. So again: you are only concerned
about the abstraction encapsulation
http://en.wikipedia.org/wiki/Encapsulation_(computer_science)#Encapsulation
and only for that you accept the term "encapsulation" as the valid
one.

This is main its purpose.
My definition of the encapsulation is wider than that and the aspect I
might be really concerned in particular projects is the information
hiding encapsulation
http://en.wikipedia.org/wiki/Data_encapsulation
http://en.wikipedia.org/wiki/Information_hiding

Yeah, you can read these two articles (the second one is better as it's
more complete and describes an "encapsulation" from my viewpoint).
And in the aspect of a security related encapsulation as a weird
combination of words you may consider the encapsulating security
payload
http://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload

The word "encapsulation" can be used in any other region of application.
You can invent your own combination of words with this word and the
provide your own meaning.

From the CS viewpoint, "encapsulation" was and is an _increasing of an
abstraction, predicting and localizing the places of internal state
changes to store compact public API_. This is my own definition.
If you don't want to see it as a discussion because nothing to discuss
then consider it as my votum separatum to your indisputable
resolution. :) :-|

You have complete right on it. OK, thanks for discussion.

Dmitry.
 
D

Dmitry A. Soshnikov

On 16.06.2010 21:57, Scott Sauyet wrote:

It's definitely considered wrong to use a gender known to be incorrect
for a partially anonymous individual. This feels quite wrong: "If any
of the players on the U.S. Men's World Cup team doesn't like it, she
can complain to the authorities." So does this: "An expectant mother
can expect his bulging midriff to attract attention."

Yeah, I was confusing with this too.

But for, say,
an anonymous user of a website, either "when the user moves her
mouse..." or "when the user moves his mouse..." would be widely
accepted.

OK. So how at the end it is preferable to call "this third-party man"?
"She" for me sounds really odd yet :p

Dmitry.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,078
Messages
2,570,570
Members
47,204
Latest member
MalorieSte

Latest Threads

Top