From: VK on
> It is good, though, that you use "IMHO" acronym in this case. Because
> again, the main purpose of the encapsulation is a to encapsulate (to
> abstract) from a user some /auxiliary data/ which participate to provide
> some public data, the public interface (API).

Maybe now, but not originally. Originally it was an obvious security
necessity to expose for security related actions only what is needed
to be exposed and only in one way to be used. Because if you write say
a C shell for a language X, and this language has method getFileName,
and your method implementation has some intermediary method or var
with hard disk access, this fact will be sooner or later found and if
it can be used for hacking - it will be used that way.

> If in future the public API will be changed, then the /ability to
> localize and predict the internal (encapsulated) places of the needed
> changes with the minimum of expenses/ -- is the /main/ purpose of the
> encapsulation.

Correction: a deeply secondary (by the timeline at least) and severely
misused purpose of the encapsulation. ;-)

> P.S.: regarding __parent__ by the way, it is very convenient to use it
> to make a "private" concept usable via the naming convention with the
> leading underscore --http://gist.github.com/363056

Wow... Thank again. I am getting two impressions by now: i) since
JavaScript 1.6 the Mozilla team is having a good time of joking over
the language and ii) the most dangerous person for JavaScript, Mozilla
project and ECMA standards is Mr. Brendan Eich. No personal offence...

> P.S.: I don't wanna to make a big off-topic in the thread related with
> "JSON Style JavaScript Class/Object declaration". So, if you want, you
> can make separate thread to make the discussion more relevant with the
> thread title.

Changed to "Encapsulation in JavaScript"

From: Dmitry A. Soshnikov on
On 06.06.2010 21:39, VK wrote:
>> It is good, though, that you use "IMHO" acronym in this case. Because
>> again, the main purpose of the encapsulation is a to encapsulate (to
>> abstract) from a user some /auxiliary data/ which participate to provide
>> some public data, the public interface (API).
>
> Maybe now, but not originally. Originally it was an obvious security
> necessity to expose for security related actions only what is needed
> to be exposed and only in one way to be used.

By the way, why do you use a assertion form of your sentences, just it
would be the truth? Please mention, I'm talking to you, but not asking
you what is encapsulation and what does it /originally/ and /now/ mean.

I don't know what to suggested you to read, you can start reading from
the general theory (e.g. Wikipedia also fits).

So, /originally/ (please record, this is a lecture), a concept of an
information hiding (an encapsulation) is invented to increase an
abstraction of a system.

If you have some modules, then these modules can collaborate via the
specified API from every module. If some module will change tomorrow
representation of its internal state -- all other modules will continue
to use the same API just it there were no any change. And /this/ is the
/main/ purpose of the /encapsulation/ concept -- decreasing of modules
coupling and increasing of the abstraction.

I.e. a system is a "black box" with its /internal state/ and /external
API/. And (I repeat) /predicting and localizing/ the places of some
changes of an internal state without (possibly) changing the external
API -- is the /main/ purpose of the encapsulation.

In some OOP implementations this principle was extended with ability to
change a /level/ of accessibility (as a consequence of some designs,
e.g. an inheritance). If some classes have collaboration -- then it is a
good design if they "talk" with each other via the public API, and do
not interesting about /their construction/ (or internal state). /This/
is the main purpose of the encapsulation, but not the security reasons
at first place!

> Because if you write say
> a C shell for a language X, and this language has method getFileName,
> and your method implementation has some intermediary method or var
> with hard disk access, this fact will be sooner or later found and if
> it can be used for hacking - it will be used that way.
>

Oh, come on, you don't think that for software security and safety a
"private" keyword is used, right? Good then.

>> If in future the public API will be changed, then the /ability to
>> localize and predict the internal (encapsulated) places of the needed
>> changes with the minimum of expenses/ -- is the /main/ purpose of the
>> encapsulation.
>
> Correction: a deeply secondary (by the timeline at least) and severely
> misused purpose of the encapsulation. ;-)
>

I have no again idea why do you use the assertion form of your statement.

If some CS teacher/lecture learned you (or some student) that
encapsulation is for security -- please send this teacher to me to talk.
I am a lecture myself.

>> P.S.: regarding __parent__ by the way, it is very convenient to use it
>> to make a "private" concept usable via the naming convention with the
>> leading underscore --http://gist.github.com/363056
>
> Wow... Thank again. I am getting two impressions by now: i) since
> JavaScript 1.6 the Mozilla team is having a good time of joking over
> the language and ii) the most dangerous person for JavaScript, Mozilla
> project and ECMA standards is Mr. Brendan Eich. No personal offence...
>

Well, don't know, but some of the stuff is very convenient though ;)

Dmitry.
From: VK on
On Jun 6, 11:24 pm, "Dmitry A. Soshnikov" <dmitry.soshni...(a)gmail.com>
wrote:
> By the way, why do you use a assertion form of your sentences, just it
> would be the truth? Please mention, I'm talking to you, but not asking
> you what is encapsulation and what does it /originally/ and /now/ mean.

I am not the FAQ Maintainer of this newsgroup. Only that person may
need to indicate for statements if he/she speaks as a regular poster
or expressing a current consensus among the group regulars. In my case
unless it is indicated otherwise, I am talking for myself, nickname
VK, [schools_ring-at-yahoo-dot-com] for nickname hijacking check if
any doubts. The only exception I do sometimes is if I have a lot of
different recent posts and I am currently answering to a newcomer. In
such case I may indicate at the beginning that it is my private
opinion so she would not make false assumption of VK expressing some
consensus clj opinion. I do not see a reason to prefix each and every
statement with "In my opinion," or to postfix is with IMO/IMHO.

> I don't know what to suggested you to read, you can start reading from
> the general theory (e.g. Wikipedia also fits).

I am 42 years old and my memory is not senile yet. So I better rely on
my memory. The history description may differ dramatically from the
history as it is. You may know that.

> So, /originally/ (please record, this is a lecture), a concept of an
> information hiding (an encapsulation) is invented to increase an
> abstraction of a system.

Your experience differs from mine at that point.

> If you have some modules, then these modules can collaborate via the
> specified API from every module. If some module will change tomorrow
> representation of its internal state -- all other modules will continue
> to use the same API just it there were no any change. And /this/ is the
> /main/ purpose of the /encapsulation/ concept -- decreasing of modules
> coupling and increasing of the abstraction.
>
> I.e. a system is a "black box" with its /internal state/ and /external
> API/. And (I repeat) /predicting and localizing/ the places of some
> changes of an internal state without (possibly) changing the external
> API -- is the /main/ purpose of the encapsulation.
>
> In some OOP implementations this principle was extended with ability to
> change a /level/ of accessibility (as a consequence of some designs,
> e.g. an inheritance). If some classes have collaboration -- then it is a
> good design if they "talk" with each other via the public API, and do
> not interesting about /their construction/ (or internal state). /This/
> is the main purpose of the encapsulation, but not the security reasons
> at first place!

Carefully read, but hundreds of security breaks I remember prevent me
to agree with you. I mean security breaks because of security-
sensitive objects exposed something besides of what they had to expose
and others found it. Or what had to be exposed was exposed in a wrong
way so allowed to use the exposed feature in some way beyond the
intended one.

> > Because if you write say
> > a C shell for a language X, and this language has method getFileName,
> > and your method implementation has some intermediary method or var
> > with hard disk access, this fact will be sooner or later found and if
> > it can be used for hacking - it will be used that way.
>
> Oh, come on, you don't think that for software security and safety a
> "private" keyword is used, right?

Wrong. Go change some Java class vars or method from the original
private to something else and I'll show you how wrong you are. With
Jad it will not take too long. Actually, there is no need to hack Java
source. You may just help me answer to my question posted at
comp.lang.java.help (it is JavaScript related as well):
http://groups.google.com/group/comp.lang.java.help/browse_frm/thread/dc29f8c3c187b791

> >> If in future the public API will be changed, then the /ability to
> >> localize and predict the internal (encapsulated) places of the needed
> >> changes with the minimum of expenses/ -- is the /main/ purpose of the
> >> encapsulation.
>
> > Correction: a deeply secondary (by the timeline at least) and severely
> > misused purpose of the encapsulation. ;-)
>
> I have no again idea why do you use the assertion form of your statement.
>
> If some CS teacher/lecture learned you (or some student) that
> encapsulation is for security -- please send this teacher to me to talk.
> I am a lecture myself.

I am a language (human ones) specialist by my diploma. Plus C++ 3
months crash course in the US. Plus in that sorry business since 1996.
So with CS lectures (from Berkley mainly) I spoke only a few times, it
was in SF bars and it was about the baseball and not about the
encapsulation :-) That can be the core of the problem.

> >> P.S.: regarding __parent__ by the way, it is very convenient to use it
> >> to make a "private" concept usable via the naming convention with the
> >> leading underscore --http://gist.github.com/363056
>
> > Wow... Thank again. I am getting two impressions by now: i) since
> > JavaScript 1.6 the Mozilla team is having a good time of joking over
> > the language and ii) the most dangerous person for JavaScript, Mozilla
> > project and ECMA standards is Mr. Brendan Eich. No personal offence...
>
> Well, don't know, but some of the stuff is very convenient though ;)

It is. But in the recent years Mozilla acts too often like W3C tried
to act, and Brendan Eich like Sir Berners-Lee. So as if they are the
only legitimate JavaScript standards developers and Brendan Eich is
still the owner of the thing he invented. For you: IMHO. They know CC
used for AJAX data exchange encapsulation for *security* reasons in
many commercial libraries. Yet they introduce a non-documented non-
standard feature that f*cks up the whole CC mechanics. Sure, who wants
it, he can read about yet another non-documented non-standard feature
that allows to fix the breach caused by the first one. Global source
code search-replace, QA testing, notify all customers and make free
update for them. Big deal, really... Johnny Doe uses __parent__ in his
Firefox interface part of code, he really likes it and he doesn't want
any inconvenience. So what a big deal, b*ches?! IMHO, sarcasm.
From: VK on
> > So, /originally/ (please record, this is a lecture), a concept of an
> > information hiding (an encapsulation) is invented to increase an
> > abstraction of a system.
>
> Your experience differs from mine at that point.

I may need to explain it further. If say i) there is a custom function
getPosXY(elm) that returns the real left-top coords of elm and ii)
this function exposes some internal intermediary property or method
_foo and iii) by setting this method to 0, null or undefined the user
can make the whole script crashed: given these circumstances, the
amount of care I do give to the possibility of (iii) is so small that
one needs an electronic microscope to see it - and even then doubtful.
Thus the encapsulation concept as described in your lecture is
completely out of my interest and used to be out of the JavaScript
coding practice. As Roedy Green said, "He would only hurt himself.
That's fine. You can't protect people from committing suicide." So *in
the programming* I am on the eugenics side: idiots have to eventually
die so do not pollute the common genotype. :-)

Yet if I am developing a stay-alone module for say 3rd party data
exchange, I'll do my best to make the data accessible only in the way
as spelled in my manual. Same for local file access tools, same for
ActiveX objects. They always can be hacked. The 1st axiom of the
programming, remember: "Anything created by one human being can be
reverse engineered and altered by another human being". But at least I
will try my best.


From: Dmitry A. Soshnikov on
On 07.06.2010 0:34, VK wrote:
> On Jun 6, 11:24 pm, "Dmitry A. Soshnikov"<dmitry.soshni...(a)gmail.com>
> wrote:
>> By the way, why do you use a assertion form of your sentences, just it
>> would be the truth? Please mention, I'm talking to you, but not asking
>> you what is encapsulation and what does it /originally/ and /now/ mean.
>

<snip>

> I do not see a reason to prefix each and every
> statement with "In my opinion," or to postfix is with IMO/IMHO.
>

Of course it is not required to use /every time/ IMHO or IMO (or
whatever uncertain introduction of a phrase). I just want to prevent a
some demagogy style, when some starts to talk with assertions just to
"win" the talk (hoping, that an opponent won't check or don't know the
subject). If this isn't you case, then we can continue to talk.

Also, I want to prevent the tries to guess something. Personally, if I
don't know something, I -- (a) talk in interrogative form (asking those
who know the subject) if the subject is /known/, or (b) talk in the
guessing/proposal form if the subject isn't know yet and innovative. If
I at the position of a speaker who is sure in what he's talking about, I
talk in assertion form.

But to be able to talk in the "language of assertions" it is needed: (a)
to know the general theory well and (b) to know deeply the concrete
theory/ideology/practical aspects of the concrete technology.

Regarding the encapsulation, I explain you the general theory (which is
applied also to the concrete technology -- ECMAScript) of this concept.

>> I don't know what to suggested you to read, you can start reading from
>> the general theory (e.g. Wikipedia also fits).
>
> I am 42 years old and my memory is not senile yet. So I better rely on
> my memory.

Don't worry, I respect the age. Moreover, your age is absolutely normal
for me, as at work I have some colleagues of your and older age. For
your info I am 27 years old (if it matters somehow).

But. In the professional discussion neither age, nor some status, as
well as nor an authority, nor a position and accessory to some
"privileged" community or a group and so on, and so forth /do no
matter/. I for you an interlocutor. As you are for me. No more, no less.
If you have the same meaning we can continue the talk.


> The history description may differ dramatically from the
> history as it is. You may know that.

Maybe, but can you show me that you call an "original" meaning of the
encapsulation and exactly that there is said, that this concept was
invented for the /security/ reasons but not for an abstraction,
structural decomposition of a system on modules where every module
encapsulates its internal auxiliary state and has a public API?

>> So, /originally/ (please record, this is a lecture), a concept of an
>> information hiding (an encapsulation) is invented to increase an
>> abstraction of a system.
>
> Your experience differs from mine at that point.
>

I see. But I don't argue with you. I just can explain it. To accept it
or not -- this is your choice. But if you understand a professional
discussion as meanings exchange, then you'll see that I am spiritted
positively and on exchange of knowledge, but not on desire to "win a
dispute".

>> If you have some modules, then these modules can collaborate via the
>> specified API from every module. If some module will change tomorrow
>> representation of its internal state -- all other modules will continue
>> to use the same API just it there were no any change. And /this/ is the
>> /main/ purpose of the /encapsulation/ concept -- decreasing of modules
>> coupling and increasing of the abstraction.
>>
>> I.e. a system is a "black box" with its /internal state/ and /external
>> API/. And (I repeat) /predicting and localizing/ the places of some
>> changes of an internal state without (possibly) changing the external
>> API -- is the /main/ purpose of the encapsulation.
>>
>> In some OOP implementations this principle was extended with ability to
>> change a /level/ of accessibility (as a consequence of some designs,
>> e.g. an inheritance). If some classes have collaboration -- then it is a
>> good design if they "talk" with each other via the public API, and do
>> not interesting about /their construction/ (or internal state). /This/
>> is the main purpose of the encapsulation, but not the security reasons
>> at first place!
>
> Carefully read, but hundreds of security breaks I remember prevent me
> to agree with you. I mean security breaks because of security-
> sensitive objects exposed something besides of what they had to expose
> and others found it. Or what had to be exposed was exposed in a wrong
> way so allowed to use the exposed feature in some way beyond the
> intended one.
>

If a programmer will won't to use/change "private" access level, he'll
do it -- e.g. just open a file of your library and change it.

If you're interested in "maliciousness hackers", they will find a way to
hack your system in completely other ways, but not via "private"
keyword. Once again -- encapsulation is for a /programmer/, but not a
measure of software security! It was so and it is so.

<snip>

Ok, you can read this paper: <URL: http://bit.ly/MP49r> -- this is the
text of the /original/ meaning of the encapsulation written by "David
Parnas" <URL: http://en.wikipedia.org/wiki/David_Parnas> -- the
/original inventor/ of the encapsulation concept.

In addition, you can read just Wikipedia, as I mentioned already:

http://en.wikipedia.org/wiki/Information_hiding
http://en.wikipedia.org/wiki/Encapsulation_(object-oriented_programming)

And try to find a word where is said that the /main/ purpose of the
encapsulation is /security/, but not the /increasing of an abstraction/
via /hiding internal state (predicting and localizing the further
changes of this internal state) with providing a public API/.

Dmitry.