"no variable or argument declarations are necessary."

Frithiof Andreas Jensen frithiof.jensen at die_spammer_die.ericsson.com
Tue Oct 4 11:57:45 CEST 2005


"bruno modulix" <onurb at xiludom.gro> wrote in message
news:43412d69$0$11141$626a14ce at news.free.fr...
> James A. Donald wrote:
> > I am contemplating getting into Python, which is used by engineers I
> > admire - google and Bram Cohen, but was horrified
>
> "horrified" ???
>
> Ok, so I'll give you more reasons to be 'horrified':
> - no private/protected/public access restriction - it's just a matter of
> conventions ('_myvar' -> protected, '__myvar' -> private)
> - no constants (here again just a convention : a name in all uppercase
> is considered a constant - but nothing will prevent anyone to modify it)
> - possibility to add/delete attributes to an object at runtime
> - possibility to modify a class at runtime
> - possibility to change the class of an object at runtime
> - possibility to rebind a function name at runtime
> ....
>
> If you find all this horrifying too, then hi-level dynamic languages are
> not for you !-)

Not to mention that since the O.P. seem to assume that the compiler will
protect against deliberate subversion by evil programmers then he must be
further "horrified" to learn that, although it is harder to do the above in
f.ex. C++, it is not at all impossible, a carefully crafted pointer or a
little devious sub-classing goes a long way.

If all else fails, The humble Linker holds the Word of Power!

Tampering with linking is both the easiest way to subvert code reviews,
language checks and boundaries and also the hardest to discover because the
tampering will be buried somewhere deep inside the build process, the part
that never, ever gets reviewed because it is automated anyway and too
complex entirely so nobody sane will actually mess with it once it "works"
i.e. produces runnable code!.

Finally, given proper  permissions, one can of course re-link the binary
executable, should the occasion merit. Like when one needs HIP in Telnet
which is an absolute b****rd to build on a modern Linux box. (Somebody build
that *once* in maybe 1978, I think ;-) One can replace classes in Jar
archives too - possibly one can even get the Java runtime to load the "new
version" of a jar archive in preference to the shipped one ...


I.O.W:

Superficially, the compile-time checks of Java and C++ provides some checks
& boundaries but it comes at the expense of much more machinery with many
more intricate movable parts than *also* can be interfered with (or broken).

Python is simple and self-contained, thus it is pretty obvious - or at least
not too difficult, to check what *actually* goes on with an application.

If there is no trust, nothing can be done safely. If there is trust, then
most of the percieved safety just get in the way of work.





More information about the Python-list mailing list