Does Python really follow its philosophy of "Readability counts"?

Steven D'Aprano steven at REMOVE.THIS.cybersource.com.au
Wed Jan 14 08:40:10 CET 2009


On Tue, 13 Jan 2009 20:17:08 -0800, Carl Banks wrote:

> On Jan 13, 9:50 pm, Carl Banks <pavlovevide... at gmail.com> wrote:
>> The cultural impact that would have on the community is far worse,
>> IMHO, than any short-sighted benefits like being able to catch an
>> accidental usage of an internal variable. Trust would be replaced by
>> mistrust, and programming in Python would go from a pleasant experience
>> to constant antagonism.
> 
> And I'll give you a perfect example:
> 
> XML-DOM versus ElementTree
> 
> XML-DOM is the sort of standard that is borne of a culture that values
> encapsulation, strict type safety, and so on.  It's the way it is
> because designers were allowed to distrust the user, and the culture
> said that it was good to distrust the user.  Consequently, the interface
> is a pain to use, with all kinds of boilerplate and iterator types and
> such.
> 
> ElementTree was borne out of an environment where implementors are
> forced to trust the user.  As a consequence it was free to create an
> interface that was natural and straightforward and pleasant to use,
> without having to be guarded.

Which is all well and good, but there are circumstances where you *don't* 
want to trust arbitrary parts of your code to change other parts of your 
code, for good reason. In other words, you don't always want to trust 
your users.

Forget copy protection and DRM. Think about the software controlling a 
radiation machine for cancer treatment, with a limit on the number of 
rads it fires at any one time. It would be disastrous for any arbitrary 
function in the machine's software to be able to mess with that limit, 
accidentally or deliberately. People will die if you get it wrong.

My attitude when programming in Python is to accept that if the caller 
passes an inappropriate argument to my function, my function may crash 
(raise an exception). That's the caller's responsibility. I can get away 
with this laissez faire attitude because I don't have to worry about my 
software crashing at the wrong time and causing a plane filled with 500 
nuns and orphans suddenly flip upside down and nose-dive into a mountain. 
Or the nuclear reactor to suddenly drop all the fuel rods into the core 
simultaneously. Sometimes "oh, just raise an exception and exit" is 
simply not good enough.

Security/safety and freedom/flexibility are sometimes in conflict. There 
are plenty of languages which enforce access. It is a good thing that 
Python allows more flexibility. That's why I use Python. The traditional 
answer to this "if you need Java, you know where to get it".

But, gosh darn it, wouldn't it be nice to program the critical parts of 
your code in "strict Python", and leave the rest as "trusting Python", 
instead of having to use Java for the lot just to get strictness in the 
critical parts? If only there was a way to do this, and ensure people 
won't abuse it.


-- 
Steven



More information about the Python-list mailing list