Enforced privacy is rude: advise instead

The problem with this argument is that no matter how much you make the developers aware that they are doing something wrong, there will be developers who do it when under pressure. (Meaning to go back and clean it up, but we know how that one goes.) And then when you break stuff, people <i>OTHER</i> than that developer will not be aware of how well you warned the developer.<p>In that situation, you&#x27;ll be the one blamed. It is unfair, but that is what will happen.<p>For a case in point, Microsoft encountered this one repeatedly in the 80s and 90s. (It didn&#x27;t help that sometimes it probably was their fault..but most of the time it wasn&#x27;t. It really, really wasn&#x27;t.)

I&#x27;m in nearly complete disagreement with the author here. I guess it helps that I&#x27;ve been burned more than once when using code from two third parties where party A reached into the &quot;private areas&quot; of party B&#x27;s code. Rather than working with party B to resolve the incompleteness of the solution, they work around it and then push it to everyone. Later, when party B makes a change (&quot;Hey, it&#x27;s private, and the public interface doesn&#x27;t change!&quot;) and suddenly breaks A&#x27;s code - there are a bunch of un-related other parties which now have a nightmare on their hands.<p>Case in-point (of which there are many, I&#x27;m sure): QExtSerialPort. The author needed access to underlying Windows functionality that Qt didn&#x27;t publicly provide, however, there was this nice, private header file laying around they could use. The Qt team later decided they wanted to remove the contents of that file, because no one should ever be using it. Anyone who wanted to build QExtSerialport had to go and grab the original file, and put it into the correct location. If they had instead submitted a patch to Qt to fix the problem, many hours would have been saved.<p>The author might get more points with me if they added &quot;keep private usage private,&quot; but instead they are advocating accessing private internals of 3rd party tools in new open-source projects, which restricts the original developer from making changes without impacting users of the third party tools. Privacy is important - if you want to go around it fine, but you have to expect the price for you and your users, to hand-wave around that is naive at best.

It seems that the post argues that enforced privacy is too theoretical, in practice, advice is better than enforcement.<p>I&#x27;d argue that the post is too theoretical, in practice, enforced privacy works much better. People will do stuff against your advice. That&#x27;s OK, you say - they&#x27;ll get in trouble eventually, but it was their decision. However, it affects you, the library (app, etc.) developer, as your clients might turn out to be more powerful than you.<p>Think of Linus&#x27; rant on not breaking userspace. He&#x27;s right I believe. In general, you are not allowed to break client code, even the client did something he was discouraged to do.<p>Interfaces are contracts. The ultimate documentation is the code, not the comment. You are saying that in the following case,<p>&#x2F;&#x2F; do not access;<p>public int getSize();<p>comment has precedence over the visibility modifier. Well, no.

This is quite naive.<p>When I learned to drive, my tester required that I demonstrate competence with the controls, using them at the appropriate times, in the appropriate ways.<p>If my car exposed all of its private internal operations, I would have needed to know how to use them, and demonstrated that I know that. I haven&#x27;t a clue about fuel flow and gear ratios, or air&#x2F;fuel mixture or how the thermostat affects how the engine operates. I&#x27;m quite happy that I didn&#x27;t have to demonstrate all of that too.<p>What the article ignores is that a good API provides everything the consumer <i>needs</i>, while keeping the API small and easily comprehensible. A driver who has to keep track of 5 details is more likely to learn to use his car more quickly, and less likely to crash than one who has to keep track of 200 details and make decisions about each one.

Enforced privacy is advisement. It&#x27;s a signal that if you want access to a library&#x27;s internal behaviours or state you should either communicate your use cases to the library&#x27;s maintainer or fork it and manually integrate upstream changes. This leaves the maintainer free to make changes to internal behaviours and state without breaking an implicit API contract they didn&#x27;t realize they had made.

Unenforced privacy is a Bad Idea for (shared) libraries that may be upgraded independently of whatever uses them. It means that any internal change becomes a breaking change, and when some application stops working after a library upgrade <i>it is your fault</i> regardless that you told the application developers &quot;don&#x27;t do that&quot; (the users don&#x27;t know or care that you said that, they only know that upgrading your library broke their stuff).

There&#x27;s a middle ground between public and private, and some languages call it &quot;protected&quot;.<p>In FOSS libraries that I maintain, methods and properties that I don&#x27;t want to expose are prefixed with an underscore and designated as protected. Protected members are not directly accessible, but anyone who wishes to play with them can create a subclass to access them. They also don&#x27;t need to make any further changes other than subclassing, whereas private members might need to be overridden or (even worse) reimplemented depending on the language. So I think &quot;protected&quot; hits a nice balance between simplicity, openness, and maintainability.<p>The requirement to create a subclass to access protected members might come across as an inconvenience, but it sends the same message as the article&#x27;s &quot;dodgy&quot; JS syntax: <i>Here be dragons, tread carefully and don&#x27;t blame me if your app breaks.</i> It would be very nice if users understood that the leading underscore is meant to send the same message, but since they&#x27;re apparently not getting the message, a little more inconvenience might be needed.

The two footnotes are good counter-arguments. The only time I can imagine making a class final (can&#x27;t extend) is when it&#x27;s a matter of security (e.g., Java&#x27;s String class).<p>Then there is a matter of &quot;well, it&#x27;s not MY fault if you didn&#x27;t use the public API and your code is now broken.&quot; I recall even Steve Jobs chastising developers for doing this.<p>Building something with a sensible yet strict privacy model takes a lot of upfront design. Makes sense for code that will be used by the masses, but maybe not for a small project.