
Wikileaks To Leak 5000 Open Source Java Projects - rimantas
http://steve-yegge.blogspot.com/2010/07/wikileaks-to-leak-5000-open-source-java.html
======
malkia
In a global header long time ago, a friend of mine (and big "C" lover) did
this to his best buddy once (a C++ and especially boost lover):

#define class struct

#define private public

#define protected public

~~~
jmatt
continued "fun" (read dangerous) redefines:

    
    
      #define true false
      #define false true
    
      #define true 0
      #define false !true
    
      #define if while
      #define continue break
    

:)

~~~
shasta

      #define true false
      #define false true
    

Did you know that if you do both of those, they cancel each other out? True
story.

~~~
troels
My head hurts. Explanation, please?

~~~
shasta
There's a rule in the preprocessor to prevent infinite recursion: only replace
each symbol once. The first time it encounters 'true', it's replaced with
'false'. The first time it encounters 'false, it's replace with 'true'. It's
already seen 'true', so it throws up its hands.

The consequence of this rule is that cycles of #defines don't do anything.
Edit: Well, that's only true if there aren't other symbols introduced during
expansion. Here's a counterexample that prints 3:

    
    
       #include <stdio.h>
    
       int x = 1;
    
       #define x 1 + y
       #define y 1 + x
    
       int main(int argc, char *argv[])
       {
         printf("%d\n",x);
         return 0;
       }

~~~
troels
Ah .. Makes sense. Thanks.

------
mmaunder
"If I buy you a house and put the title in your name, but I mark some of the
doors 'Employees Only', then you're not allowed to open those doors, even
though it's your house. Because it's really my house, even though I gave it to
you to live in."

Love it!

~~~
DanielRibeiro
This actually reminded me of Apple...

~~~
derefr
The difference between phones, and all other products, is that phones don't
_work_ unless you're currently in a business relationship with some telecom or
another. It's a bit more like selling someone a nuclear reactor—they're
beholden to your rules as long as they have no other source of fissile
materials.

~~~
davidw
In 15 minutes, with 15 euros, I could be out the door and have a new 'business
relationship' with a different telecom provider. It's not that big a deal: you
just pop in a new sim card.

Sure, in the US people have all these locked up phones, but that's the price
you pay for getting subsidized hardware.

~~~
car
Not to mention the higher rates, thanks to virtually zero regulation of the
telcos here in the US.

~~~
maximilian
Higher rate my foot. Cell phones in Switzerland and Germany are crazy
expensive. It costs people like 0.20 cents to call someone with a phone, and I
pay like 0.25 cents or something. When I used to have a phone in Germany, I
used to spend upwards of 90 euros a month calling like I was used to in the
states, where I basically have as much calling as I need for $50 (including
tax and all that sneaky bullshit). Cell phones in europe are a little cheaper
if you don't talk much, but if you really want to use it as a primary phone,
they are insane expensive. Thats why everybody texts like crazy here, but even
texts are expensive.

~~~
smcl
Is that 0.25 cents (as written) or 25 cents ?

~~~
maximilian
I hate it when I do that! Obviously 25 cents.
[http://verizonmath.blogspot.com/2006/12/verizon-doesnt-
know-...](http://verizonmath.blogspot.com/2006/12/verizon-doesnt-know-dollars-
from-cents.html)

------
aphyr
_...run through a Perl script that removes all 'final' keywords except those
required for hacking around the 15-year-old Java language's "fucking
embarrassing lack of closures."_

This guy feels my pain! :)

------
matrix
I like it, but making fun of Java (and Java's "thought leaders") is just too
easy. It's like shooting fish in a barrel. With a grenade launcher.

Eclipse is another matter: far more ridicule is called for. Far, far more.

~~~
ckuehne
Exactly: Or Smalltalk or Ruby for that matter, which both facilitate
information hiding via private access. It's great to feel superior, isn't it?

~~~
mxavier
Yeah except in Ruby (I don't know about smalltalk) private access has the
loophole of the send method. FreeHouse.send(:open_employees_only_door)

Matz would never deny us of our right to snoop around where we don't belong.

------
lanstein
Christ, this guy never ceases to amaze. His talk at I/O a couple years ago was
absolutely fantastic: <http://www.youtube.com/watch?v=BttI-y9VzXQ>

~~~
moron4hire
One of the points he makes is that VMs are obvious for the purpose of language
interop. Seems like C and Lisp (and D, another language he mentions) have been
interoperating with each other without a VM in common for quite a while.

~~~
Goladus
But it's not a many to many mapping, that's the point he was making. Lots of
languages interop with C, but you can't just import a ruby module into a
python script very easily. In fact if you want to link to C libraries from D
you have to modify the C header files to turn them into D modules.

~~~
andrewf
I think Microsoft actually did a reasonable job with the "original" COM (ie
OLE 2.0 - the stuff that let you put an Excel 95 spreadsheet into a Word 95
document).

It had a bit too much bolted on, probably due to its origins in OLE, and I
think "dynamic OLE" was a tragic mistake. And its reference counting approach
was a lot more appropriate in the early 90s than it is today (where a
compacting GC may be the smart choice, performance-wise). But for making calls
between objects in C, C++, VB6, Delphi, and pretty much every other language
that lived on the Windows platform, it worked really well.

~~~
limmeau
For a compacting GC, you'd have to hunt down a complete set of references from
running programs written in unknown languages, with strange errors if the set
is underapproximated even once. I'd rather have reference counting.

------
wzdd
It's interesting to see how important compiler-enforced access specifiers were
to C++ and Java. It seems they are going out of fashion. In the Python world
they were always considered a bit silly.

~~~
sliverstorm
The languages have fundamentally different goals.

If you explained Unix file permissions to a Windows guy, he'd probably think
it was silly. They exist for a purpose though- just not a purpose the Windows
guy has spent much time with.

------
Zarkonnen
This reads to me as "let's make all state mutable and remove all indication as
to which bits of the code are the interface, and which are implementation
details". I like immutability and minimal interfaces, they make it easier to
reason about what the code will do, freeing brain cycles to work on more
interesting things than "but what if someone modifies foo between invocations
of bar".

If you need access to a library's private or final fields, the library API is
badly designed. Or, if you're that keen on wanting to change how the library
works, fork it. That's kind of the point of open source.

~~~
TwoSheds
You've got a point, but I think final class modifier which prevents extension
often hinders Unit Testing and never adds much value.

~~~
jbooth
final class modifier is pretty useless.

private final member variables? Invaluable.

------
roadnottaken
Can someone please explain what this means to people not familiar with Java?
I'm confused because I thought open source meant open source, as in "all of
the source-code is available." What does 'open source' mean in this context,
if not "open'??? When I read the title I thought it was a joke. Thanks and
sorry for my ignorance, I'm a lowly perl hacker.

~~~
MartinCron
A big part of OO languages is encapsulation. Private fields encapsulate state
and private methods encapsulate implementation details. The intention there is
to make the code more robust to restrict the way collaborating classes can
interact with it.

Example, if you have a type representing a game score, you may want to
implement a public Increment() method instead of letting other types access
the score value directly.

The author of the post is pointing out the irony of people saying "this code
is totally open" yet forcing you, ostensibly for your own good, to interact
with it in a prescriptive way.

~~~
roadnottaken
Thanks for the response, but can you not see the source code of these private
methods? And wouldn't that allow you to re-write them yourself to behave
however you want?

~~~
mechanical_fish
A sign of experience with open source: You become incredibly reluctant to hack
directly on the source of a popular library. With great power comes great
responsibility.

In Drupal, for example, there is a saying: "every time you hack core (or a
module you didn't write) god kills a kitten." In the spirit of open source, we
probably borrowed that saying from some earlier project, because it is
generally true.

The standard Java String library is the same for everyone. [1] If you download
Random Java Library X, and X works with the String library, you can probably
be assured that X has been tested with the standard String library. As soon as
you change one line of the library this is no longer the case. You must now
face the possibility that your "minor" change will lead to side effects when
combined with other things, and the responsibility for finding those side
effects is now entirely yours.

Plus, the sheer mechanical tedium of preserving your patch, making sure to
apply it to every new version of the library as it comes out, relearning how
the patch works every few months, porting the patch when it fails to apply
cleanly to a new version, figuring out how to distribute your personalized
package to others because they can no longer simply `apt-get` your package
from the canonical repository, dealing with the fact that the standard docs
and the published books might not cover your variation...

Tools like Github have made all this stuff much easier, but it's still a bad
idea to tinker with others' libraries without a good reason.

The more typical advantage of open source is that you can read exactly what
your library is doing, which makes it easier to figure out how to work around
it without actually editing it.

\---

[1] Until it isn't. But at that point it will generally get a different
version number, and an official release notice, and it will have a community
that is aware of the change and will promptly coordinate to find and fix any
new incompatibilities with other libraries.

------
spivey
I sympathize, yet encapsulation is appropriate for some projects. Not all
users of a library want to frequently update to their own code. Forbidding
encapsulation and deprecation would increase this cost. Also, it's comforting
to be able to refactor the guts of a class without harming users.

~~~
j_baker
The issue is less about encapsulation and more about _language-enforced_
encapsulation. Encapsulation is good, but encapsulation that's enforced by the
language is debatable.

~~~
MartinCron
If the language isn't enforcing the encapsulation, how is it encapsulated?

For me, encapsulation comes down to "What I hide, I can change. What I expose,
other types may couple to in an inappropriate way."

~~~
fogus
> If the language isn't enforcing the encapsulation, how is it encapsulated?

What do you mean by "enforce"? Java's private modifier doesn't enforce
encapsulation. Javascript's objects do not have a private modifier, but still
_provides_ encapsulation via closures. It's hard to have a meaningful
discussion when loose terms like "enforce" are thrown around.

~~~
MartinCron
Sure, the private access modifier doesn't strictly "enforce" encapsulation.
Perhaps the term should be "language supported".

I guess, for me, that the point of private is to clearly communicate the
intent of the interface (small "i" interface) of a type. That intent is
generally "don't use this, use this other part instead" or "if you couple, to
this, it may break on you".

There are other ways of expressing that intent, I just really like having the
compiler help me and my collaborators from making stupid mistakes.

------
eneveu
Some context:

WalterGR commented on reddit that this rant is actually in response to this
tweet by Marco Tabini:

\-------------------------

"@ijansch Private has absolutely no useful role in open-source code." (
<http://twitter.com/mtabini/status/18867470296> )

\-------------------------

Marco is the co-founder of "a consulting firm that specializes in information
architecture, code and security auditing, large-scale deployments and
optimization".

More information:

[http://www.reddit.com/r/programming/comments/cusyw/wikileaks...](http://www.reddit.com/r/programming/comments/cusyw/wikileaks_to_leak_5000_open_source_java_projects/c0vfj1w)

------
afhof
First note: I have never dealt with the internal workings of the Java VM, so
this is just speculation. I also haven't tested any of this, but its still fun
to speculate.

In java private variables and functions are not accessible from outside the
class. This means that the compiler would be able to make some assumptions
about the nature of these members in the effect of optimization. When calling
a public function of another class in java, I suspect that the name of the
function is mapped to the actual bytecode at invocation time after being
looked up in some sort of trie/tree/hashtable. So, for every function call or
varaible access, there would have to be a lookup. On the other hand, if the
members were declared private, the compiler could directly link a caller to
the function and skip the lookup. If this is the case, then setting all these
projects' sources to use only public would mean a substantial performance
loss.

I would love to be corrected if this is not the case, as I haven't taken a
course in OO compilers yet.

~~~
ewjordan
_In java private variables and functions are not accessible from outside the
class._

Not quite - using reflection you can dig into private fields and do your worst
to them, you just need to tag each private member's Field object with with
field.setAccessible(true) before accessing it reflectively.

The only hitch is that you might get a SecurityException, but you can avoid
that if you're running your code on your own JVM (by default, it should work
just fine, it's if you're deploying applets or something like that where you
might get the exception due to the different sandboxing rules).

------
arohner
Clojure has tools to make it easy to bypass private/protected :

[http://richhickey.github.com/clojure-contrib/java-utils-
api....](http://richhickey.github.com/clojure-contrib/java-utils-
api.html#clojure.contrib.java-utils/wall-hack-method)

~~~
fogus
Granted it's just using Java calls (no magic), but still fun.

~~~
bretthoerner
Are those called wall-hack for the reason I think they are? If so, awesome.

~~~
dedward
It's a spoof alrticle -a joke - and "private" and "protected" were never about
the legality of letting other parties access things - they were just
conveniences for the developers and the tools to make it clear what could be
optimized how, and what should and should talk to what.

~~~
bretthoerner
Hm? I was referring to the Clojure link in the comment above. (And they're the
functions linked are no joke)

------
Tichy
I have to say, for me private methods and fields are not a security thing.
They are a way to keep the public interface clean and only confront the user
with the information they need.

~~~
someone_here
And that's the problem.

~~~
Tichy
Why? It conveys a piece of information. Would you feel better about it if
instead of writing "private" in front of it, I would write a comment "it is
probably a bad idea to use this method in your own code"? What would be the
gain - it is simply more verbose?

------
angusgr
The doubly great thing about this article is that maybe Steve Yegge will start
blogging again. :)

------
chrisduesing
Personally I would prefer a script that made all variables private and removed
setters, but I suppose that would be more useful than funny.

~~~
Goladus
The problem with blocking the intended side-effects in side-effect-driven
programming is that the programs will break. A script to re-write all Java
into Clojure would be useful, too, but really kind of not the point.

------
wglb
Awesome. Tweaks Java, Agile _League of Agile Methodology Experts (LAME)_ ,
Wikileaks, Oracle on one short non-steve-yegge-length post.

------
lanstein
It wasn't until I re-read this that I noticed the two fake 'more news'
entries.

------
NewSoftzzz
If you really try to make the OO as beautiful as humanly possible, you neither
make the member variables public nor do you offer getters and setters.
Everything is realized by functions which have a meaning, you really give the
class the power to manage itself, not be managed from the outside with getters
and setters! If you successfully adopt this thinking pattern then you have so
many problems less...

------
joegaudet
"If I make something private, it means that no matter how desperately you need
to call it, I should be able to prevent you from doing so, even long after
I've gone to the grave."

I am pretty sure this can be defeated without taking private out. Reflection
will get you there with the security checking turned off.

------
dustrider
I can't decide whether this is serious or not. Don't doubt the actual
wikileaks announcement just the comments from the various sources seem too
funny to be true.

favorite: "But use it exactly how I tell you to use it, because fuck you, it's
my code. I'll decide who's the goddamn grown-up around here."

~~~
infinite8s
Really? Why would wikileaks care about the source to open-source java
applications

------
sprout
For a second I was actually hoping someone leaked Google's internal stack and
all of it was GPL.

~~~
infinite8s
Even if it was GPL, it doesn't mean they would have to give anyone the source
code.

------
seis6
I think this could be a good example for making a program that creates jokes
for programmers. In essence, substitute words

Goverment => Java Privacy => Private Method Public Alarm => ...

------
jamesshamenski
This is the best thing to happen to Java. Hopefully, this gives that community
a ladder to catch up to the innovation around true open source communities.

------
tamersalama
"and turns all fields without getters/setters into public fields."

Why not all fields perid. Even those with getters,setter?

------
TeHCrAzY
Does Java have something similar to .Net's reflection?

~~~
wmf
Considering the history, don't you mean "Does .NET have something similar to
Java's reflection?"

~~~
JeremyBanks
I don't understand the up-votes on this. He asked a reasonable question and
phrased it with respect to his knowledge base. Your reply assumes he knows the
answer to the question he's asking. Huh?

~~~
wmf
My comment was a joke. (Which I thought appropriate given the root of this
thread.)

------
robwgibbons
This reads like an Onion article.

~~~
pvg
Modulo the funny.

~~~
Eliezer
You don't think the Onion is funny?

~~~
infinite8s
he's saying this reads like the Onion without the funny.

------
runT1ME
Ahhh... That was the sigh of vindication after reading this post and
confirming my opinion of Steve Yegge.

