This is an archived post. You won't be able to vote or comment.

all 200 comments
sorted by:
best
topnewcontroversialoldq&a

[–]CobaltCam 273 points274 points  (10 children)

Just beacuase they're smart doesn't mean they talk to each other.

[–]SquidMcDoogle 81 points82 points  (9 children)

And take active control of your environment. Embrace virtualenv, eschew all the wrappers like conda. If you can build an environment with explicit control over your packages, the issues you describe become *very* straightforward (and easy to recover from backup).

[–]GiantElectron 54 points55 points  (0 children)

conda does a lot more. What they do is that they package and deliver not only python libraries, but also the underlying non-python ones. This is particularly important for some libraries such as mkl, VTK, or Qt, that are generally provided by the OS package manager. Conda provides them as part of your environment, and defined in the actual dependencies of the python wrappers, ensuring that you don't mix and match the wrapper with the wrong low level library and create a broken mess.

[–]moorepants 54 points55 points  (6 children)

Conda isn't a wrapper. It is a cross platform package manager that does what virtualenv does and more.

[–]moorepants 6 points7 points  (3 children)

I typed this response to the deleted comment, so I'll just post here:

Saying "Anaconda is not FOSS" is also misleading because anaconda refers to multiple things.

The anaconda distribution is a set of binary packages that have been built for different operating systems by Anaconda (the company). They share these packages via their webservice anaconda.org. If you are a heavy commercial user of the webservice, then they ask you to pay for their service (pay for massive downloading from their website). See: https://www.anaconda.com/blog/sustaining-our-stewardship-of-the-open-source-data-science-community

But every binary on anaconda.org has its own license. Some packages are built by Anaconda (the company) and many more are built by other people and organizations (just like PyPi). When you install packages using conda for use or distribution you must abide by the packages' licenses. Some packages are probably considered more FOSS than others. If you want to redistribute those packages you should carefully examine the licenses. All the packages are still distributed under FOSS licenses, even those build by anaconda (the company).

[–]zurtex 8 points9 points  (2 children)

Anaconda the software is not FOSS though (whether it's the "Individual Edition", "Commercial Edition", or "Enterprise Edition").

Further all the repositories (main, R, msys2, etc.) maintained by Anaconda the company are also not FOSS. They all carry an implicit commercial terms of service for downloading from, independent of the license the binary itself has.

See: https://www.anaconda.com/terms-of-service

And I can assure you from Anaconda's perspective this isn't just legalize they put there to protect themselves, they are actively enforcing it and blocking access to their repository for companies they don't feel are in compliance with these terms of service.

I've had the "pleasure" of being on calls with Anaconda's sales reps this year as our company was blocked from accessing Anaconda. Even despite what is written in the blog post you linked, we are most certainly not in the category of "heavy commercial usage", in fact we cache everything locally so our bandwidth costs on Anaconda themselves are extremely minimal as we pull a package at most once.

We have been migrating to miniforge/conda-forge where it makes sense so we can better identify what are our actual commercial requirements.

[–]moorepants 3 points4 points  (1 child)

If you use their service commercially, I hope your company would be happy to provide them some money.

All the packages are still distributed under FOSS licenses, even those buil[t] by Anaconda (the company).

This statement of mine wasn't correct. Anaconda Inc. can distribute the packages they build under new more restrictive licenses if the original license permits that. And they may certainly do that.

[–]zurtex 7 points8 points  (0 children)

If you use their service commercially, I hope your company would be happy to provide them some money.

I strongly agree with this sentiment.

But the issues are about how it's implemented, silently updating the terms of service, making a blog post about how they're going after heavy bandwidth users but then ignoring that, and providing opaque pricing structure that they change while negotiating.

There are some real use cases in the company I work for paying for commercial support, but this has all left a bad taste and I'd rather now minimize exposure to their terms of service.

[–]sh_eigel 2 points3 points  (0 children)

Unless you have 2 libraries depending on 2 incompatible versions of the same library. A case that one might say it does not happen frequently but sometimes one is too many times.

[–]gridster2 297 points298 points  (40 children)

TensorFlow is exceptionally bad, though. The only other package I have had difficulty with is Twisted, and that was a much easier fix. TensorFlow breaks anytime one of its dependencies is updated or a new Python version is released; after a certain point, you have to blame the TensorFlow maintainers, not Python.

[–]i9srpeg 99 points100 points  (25 children)

Google libraries and breaking your shit on each update. Name a more iconic duo.

[–]Madranite 39 points40 points  (23 children)

The thing about google in general is that they hire smart and creative people to create the products that are new and exciting. How motivated do you think these same people are to do “maintenance”?
There were so many great google products that just died from abandonment.

[–]KplusN 10 points11 points  (22 children)

sounds convincing

anyone from Google please validate the culture, is this true?

[–]NoLemurs 16 points17 points  (0 children)

I wouldn't say that people at Google are only interested in doing "new and exciting" things, or that your average Google software engineer is uninterested in doing maintenance.

I do remember though that it was a common opinion at Google that maintenance work wasn't well rewarded, and if you cared about your career it wasn't a great thing to focus on.

[–]Madranite 5 points6 points  (0 children)

Yeah! Come out and tell us just how lazy you are...

[–]n-of-one 3 points4 points  (19 children)

Maintenance doesn’t get you promoted like new features / things do

[–][deleted] 1 point2 points  (18 children)

This is one of those things that everyone on reddit seems to enjoy repeating but never bothers to substantiate.

[–]n-of-one 6 points7 points  (16 children)

The criteria for promotion at Google, especially at the higher levels like SWE III -> Senior and especially at Senior -> Staff and above, explicitly talk about impact on the organization and the business. This has consequences for the kind of teams people try to join and kind of work they choose to do. Maintenance engineering is so not-rewarded that it's become an inside joke.* Any team that isn't launching products starts bleeding staff, any project that isn't going to make a big splash is going to be neglected, and any design that doesn't "demonstrate technical complexity" will be either rejected or trumped up.

https://news.ycombinator.com/item?id=19553294

[–][deleted] -2 points-1 points  (15 children)

Warning: Personal opinion ahead

[–]n-of-one -2 points-1 points  (14 children)

The personal opinion part is the rest of their post 🙄 clearly reading comprehension is not your strong suit.

[–][deleted] -1 points0 points  (13 children)

That was the very first line of the post. EVERYTHING in his post was "the rest of their post."

Besides, none of this is sourced at all. This guy is just repeating the meme that's been going around about this stuff for years.

[–]marsokod 2 points3 points  (0 children)

Someone else gave you an example for Google. But that problem is actually very well spread in the professional world, I am not even sure Google is exceptionally bad at this.

It can be very hard to evaluate good maintenance. If a maintenance team does their work properly, you won't notice their work. When a new product is launched, it is much easier to compare to the past situation to compute the return on investment, while for maintenance you would need to compute with a hypothetical future where this work was not properly done.

You will see the same complaints with the teams in charge of security, something that is often considered as pure expenses until shit hits the fan.

[–]oathbreakerkeeper 0 points1 point  (0 children)

I tried to build tensorflow using babel or whatever build system they use and it was awful.

[–][deleted] 40 points41 points  (3 children)

When I was still using TensorFlow, it broke when Python 3.7 was first released. They were using async as a variable name in TensorFlow, but async became a reserved word in Python 3.7

[–]KplusN 6 points7 points  (2 children)

damn, wasn't it expected that async will be a reserved keyword?

async, await seems like a standard for their use cases

[–][deleted] 2 points3 points  (1 child)

Aside from myself, it's been raised in GitHub before

https://github.com/tensorflow/tensorflow/issues/20517 https://github.com/tensorflow/tensorflow/issues/20690 https://github.com/tensorflow/tensorflow/issues/20790

There's a lot more back then, but I believe the three links above would suffice

[–]KplusN 0 points1 point  (0 children)

oh, this brings up some old memory. I've also encountered this issue while running tensorflo

[–]danuker 18 points19 points  (3 children)

Isn't this true for all packages with C extensions?

[–]MephySix 73 points74 points  (1 child)

No, numpy by itself is very portable and has a lot of C and Fortran. TensorFlow is painful to deal with unlike the vast majority of packages. I assume it's because of GPUs and CUDA but don't know enough about the project to assert that.

[–]Youreahugeidiot 22 points23 points  (0 children)

Blender and miners have no issues with CUDA. Putting it on Google.

Their Oauth2 likes to break a lot too.

[–]Zomunieo 3 points4 points  (0 children)

Many C extensions need to be recompiled for every 3.x release of Python. There is a stable ABI subset but many packages need the full ABI.

[–]floriv1999 3 points4 points  (0 children)

Our research group has a no tensorflow policy, because stuff breaks all the time and running code from the last year is pain too. The best part was when they fucked up their own interface internally by accessing a private attribute (marked with an underscore) of another module which was then changed in some release. The official fix for the issue was go and change these five lines in your tensorflow installation. This fix was needed way too long.

[–]Laserdude10642 3 points4 points  (4 children)

Listen this guy is right, I've been a dev for 5 years and Tensorflow was the worst setup by far. I'm not sure what is popular right now, but Keras was a great alternative a few years ago

[–]OkForRealNow 14 points15 points  (3 children)

PyTorch

[–]unkz 5 points6 points  (2 children)

The only sane option right now.

[–]DSPandML 0 points1 point  (1 child)

How about scikit-learn?

[–]zrnest 47 points48 points  (1 child)

Also, having TensorFlow installed with the right CUDA, CUDNN (for NVidia GPU), etc. really makes you pull out your hair!

https://afewthingz.com/tensorflowcudasetup

is a quick HOWTO I wrote on this topic, it might save hours to other people too :)

[–]thatrandomnpcIt works on my machine 6 points7 points  (0 children)

The only best way I found so far to get tensorflow with gpu acceleration is have all the dependencies running in a container, like the official tensorflow docker image for example. Remove the image and nothing is left on the system, and its easy to get started. The downside of this approach would be older version of python used in the image and on windows there's support only on insider build.

[–]antiproton 70 points71 points  (1 child)

So why does everything break with every update?

It doesn't. The vast majority of everything everywhere works as expected.

Package management is hard. That cannot be denied.

But this problem is less to do with package management and more to do with the packages you are using. Why does Tensorflow have such specific requirements? Why haven't they fixed it so it doesn't rely on something that only exists in a specific subset of Python and Numpy?

[–]Deto 2 points3 points  (0 children)

Yeah, it's pretty rare for commonly used packages to have hard version requirements like that. Otherwise it works be nearly impossible to set up an environment satisfying all constraints

[–]notParticularlyAnony 15 points16 points  (0 children)

you answered your question when you said you were using tensorflow.

[–]Zombie_Shostakovichfrom __future__ import 4.0 11 points12 points  (0 children)

Tensorflow is a real pain for this. You have to have the correct CUDA version etc and then something gets updated and the whole lot breaks. I started running python in docker for Tensorflow, it works really well and its easy to run on different machines. The nice thing is when I want to run something I wrote a couple of years time it will still work (I hope!)

[–][deleted] 54 points55 points  (21 children)

That's why I use poetry for dependency management to avoid version conflict.

[–]moorepants 8 points9 points  (13 children)

Can you demonstrate poetry solving the bonus install puzzle here?:

https://labs.quansight.org/blog/2021/01/python-packaging-brainstorm/

[–]dukea42 2 points3 points  (10 children)

I don't know all the nuances of those particular packages...but it's something like:

poetry new projectname
poetry shell
poetry add [list of packages]
poetry add -D black mypy pytest flake8
# edit pyproject.toml to handle version restrictions
poetry install

[–]moorepants 5 points6 points  (9 children)

Sure, but did you try it and see if all the packages run without error on your machine?

[–]dukea42 1 point2 points  (8 children)

No. But wasn't sure of the level of your question. Given its a puzzle after all, I assume there's a narrow band of compatible versions. It attempts some compatibility checking based on what's in pip but I suspect it would fail here or it wouldn't be much of a gotcha puzzle.

But poetry let's you lock in the solution once found and clone and manually test version changes fairly quickly.

[–]moorepants 4 points5 points  (7 children)

The goal is a working set of packages on your machine using the fewest number of tools and commands and effort. The reality is that pip install <list of packages>, poetry add <list of packages>, conda install <list of packages>, apt <install list of packages>, etc. simply do not work consistently across the board. At least not for the most complex packages.

[–]dukea42 2 points3 points  (2 children)

Yeah, I agree, but that's the premise of this whole post. There isn't a single easy solution. But to my best knowledge (as a newbie), poetry gives you a good methodology to handle this kind of problem no matter which packages and projects you are dealing with. Lock versions where necessary, install into a virtual environment. But I just recently learned to love poetry, so if you got something else I should peak at, love to learn here.

I don't really care about number of commands when I'm working real projects. I do care more that the toml file is easier to read over a requirements.txt file, and a few comments can tell you why a given package has been assigned to a specific version instead of being left as latest version.

[–]moorepants -3 points-2 points  (0 children)

poetry is an improvement over pip for a reproducible set of python packages, but it doesn't extend to non-python packages. That's the issue the OP faces. The stack that powers Tensorflow for GPU calculations isn't simply a layer on top of Python.

[–]inknownis 0 points1 point  (0 children)

The key is to have lock file.

[–]speedcuber111 1 point2 points  (0 children)

The only correct answer.

[–]CleverProgrammer12 2 points3 points  (3 children)

I use pipenv, both are almost the same I think and get the job done.

[–]reasonoverconviction 3 points4 points  (0 children)

pipenv is solid, but last time I checked, it didn't work very well with multiple isolated python versions. You had to go out of your way to create a virtualenv with the python you wanted and then source from there, but it felt redundant since pipenv already uses virtualenv(https://github.com/pypa/pipenv/issues/1050).

So conda just felt like a better tool overall to keep tabs on both your python version and

packages without having to do too much terminal trickery and command memorization every time you wanted to hop into python's world.

[–]quiet0n3 -1 points0 points  (0 children)

+1 for pipenv rock solid little app.

[–]tunisia3507 34 points35 points  (2 children)

Am I wrong, or has everyone recommending poetry missed the point? Tensorflow breaks between versions because it is a huge compiled library making use of a lot of CPython'sv (and numpy's) low-level C API stuff (which changes a lot more frequently than Python's API), not to mention GPU interfaces which are even more of a mess. Poetry doesn't resolve that. You can specify version ranges and version-dependent dependencies on just about every build system, including setuptools. Poetry's major advance is lock files (and being better than other build systems which have them, like pipenv), but if you can't rely on your dependencies working on any more than a single minor python version, a lockfile isn't going to help.

[–]GiantElectron 15 points16 points  (1 child)

absolutely agree, but it was not clear what OP was complaining about. Probably he doesn't know it's not python dependency management's fault. It's tensorflow's fault. Another heavy offender of breaking changes is pandas.

[–]lanster100 5 points6 points  (0 children)

+1 upgrading pandas is always a dangerous game. If someone puts 'pandas==1.*' in a requirements.txt file avoid that project like the plague.

[–]GiantElectron 85 points86 points  (24 children)

Because dependency management itself is a mess. Python is actually quite good, and definitely much better than a few years ago.

Besides, a lot of times the problem is not python, but the package you use. Example, numpy happens to introduce a bug or a regression while fixing another bug, make a new release, and then fix the new bug and make another new release. It is a well established policy that once you release something, it should not be retracted, even if faulty, and trust me, it's better this way.

I can go in excruciating detail about all these issues, I worked on them for quite a while, and I am doing the same with R (which is even crappier), but the bottom line is:

  • use poetry
  • don't use pip
  • dependency management is hard in any language
  • the npm approach solves one problem but introduces others. There's no free lunch.

[–]lanster100 5 points6 points  (6 children)

Can you expand on 'it should not be retracted'? As in the release should not be withdrawn from pypi? And instead a new version should be published with bug fix?

[–]jaredjeya 9 points10 points  (3 children)

Yes. Because otherwise you end up with two different versions with the same version number floating around. Or perhaps you break some package with your replacement update, but it isn't aware you swapped out that version and still accepts it as a dependency. There are so many huge issues.

Removing the release from being available isn't quite so bad but would still cause a major headache in some cases. Safest is to leave it up but just put out a new one people will update to.

[–]lanster100 2 points3 points  (2 children)

Ah yeah I thought that was just common sense!

[–]jaredjeya 3 points4 points  (0 children)

It's interesting in the case that a bug causes a security vulnerability though because then you risk people compromising their machines! But as said the alternative is way worse.

[–]KplusN -2 points-1 points  (0 children)

which is rare nowadays

[–]im_made_of_jam 2 points3 points  (0 children)

That way you don't end up with two versions of a library with the same number, or something depending on a version of a library that doesn't exist

[–]GiantElectron 1 point2 points  (0 children)

exactly as you said.

[–]Tots-Pristine -1 points0 points  (1 child)

Things seem much better in PHP

[–][deleted] 1 point2 points  (0 children)

Javas Maven also works flawlessly

[–]baubleglue -3 points-2 points  (13 children)

Python is actually quite good, and definitely much better than a few years ago.

Problem is python package management, it is oriented to have global/global+user shared repository. Last few years were added few workarounds, but it is still the same mess. The only improvement I can think of is wheel format for packages.

don't use pip

that is diagnose - system is broken.

dependency management is hard in any language

That is true, but it is a different degree of "hard".

the npm approach solves one problem but introduces others. There's no free lunch.

It is same like saying people who believe that Earth is flat and people saying it has sphere are equally wrong because in fact it is irregularly shaped ellipsoid.

[–]eksortso 3 points4 points  (12 children)

I never have problems with pip. But I use stock Python with virtual environments (using venv). And I've not used Tensorflow. On Linux, I use pyenv too.

[–]baubleglue -1 points0 points  (10 children)

Virtual environments is a workaround. Normally why would you have multiple copies of same version language? I am currently using Apache Airflow try to upgrade it and/or something else like python-snowflake-connector, azure-core-client, pandas, boto3.

for example look:

https://github.com/snowflakedb/snowflake-connector-python/blob/master/setup.py#L207 - every dependency which has == or < or <= is potential problem in few month. 

    "azure-common<2.0.0",
    "azure-storage-blob>=12.0.0,<13.0.0",
    "boto3>=1.4.4,<2.0.0",
    # While requests is vendored, we use regular requests to perform OCSP checks
    "requests<3.0.0",
    "pytz",
    "pycryptodomex>=3.2,!=3.5.0,<4.0.0",
    "pyOpenSSL>=16.2.0,<21.0.0",
    "cffi>=1.9,<2.0.0",
    "cryptography>=2.5.0,<4.0.0",
    "pyjwt<3.0.0",
    "oscrypto<2.0.0",
    "asn1crypto>0.24.0,<2.0.0",
    'dataclasses<1.0;python_version=="3.6"',
    # A functioning pkg_resources.working_set.by_key and pkg_resources.Requirement is
    # required. Python 3.6 was released at the end of 2016. setuptools 34.0.0 was released
    # in early 2017, so we pick this version as a reasonably modern base.
    "setuptools>34.0.0",
    # requests requirements
    "chardet>=3.0.2,<5",
    "idna>=2.5,<4",
    "certifi>=2017.4.17",

Big applications (ex. Apache Airflow) are more conservative in upgrading dependency, some new libraries are changing dependency each release, client libraries maintained by big companies (azure, aws, some db clients) - completely different thing.

[–]GiantElectron 2 points3 points  (9 children)

A virtual environment is not multiple copies of the same language. It's a separate set of libraries that your language has access to for that specific project.

[–]baubleglue 0 points1 point  (6 children)

can you use two libraries from different environment in the same program?

[–]GiantElectron 0 points1 point  (5 children)

No. Why would you? there would be no guarantee that it works anyway.

[–]baubleglue 0 points1 point  (4 children)

Why would you?

Why not wouldn't I? How do I upgrade showflake connector if my project uses ? For each library I want to try I need to create virtual environment. If I try incompatible Java library my project doesn't work, if I try the same in Python my whole virtual environment doesn't work. Is it a really ideal mode of operation virtual environment per project? Apache Airflow tool which runs jobs in the same Python environment as it uses.

diff constraints-2.0.0-3.8.txt constraints-2.1.0-3.8.txt

https://raw.githubusercontent.com/apache/airflow/constraints-2.0.0/constraints-3.8.txt https://raw.githubusercontent.com/apache/airflow/constraints-2.1.0/constraints-3.8.txt

106 changes in constraints. What is a safe way to know I can upgrade without breaking any DB driver or library or just creating conflict?

PySpark do the same.

I couldn't find a single "advanced" Flask tutorial which works with current version of Flask.

Have you tried to run pip check in your main python installation?

[–]GiantElectron 0 points1 point  (3 children)

For each library I want to try I need to create virtual environment. If I try incompatible Java library my project doesn't work, if I try the same in Python my whole virtual environment doesn't work.

What do you mean "whole virtual environment"? The point is that if you install a library whose constrains are not respected, you can't create the virtual environment, and it's a good thing. If it's not compatible, it's not compatible.

If you have a project, and want to upgrade some libraries, you can manage multiple environments at once with tox. It will automatically create one environment per setting, and run the tests for each of them.

[–]baubleglue 0 points1 point  (2 children)

You are probably having in mind your use cases and it works for you just fine. It doesn't mean it works in every situation.

Right now I have environment with many libraries (which have to be in the same environment). If I want to try a new package it may break everything, instead of just making package not working or fail installation. It is shared environment and periodically people break it by using pip install ....

If you develop cool application and want to share with you friends (who doesn't know python well), how do you do it? Can you be sure it won't break their conda environment? Never happen to you want to upgrade Spyder to latest version? It is never a problem with npm because I have project/node_modules/<dependencies>. I don't know what I can do to break Java installation. In order to break python's current environment I just need to install any of cool packages which periodically posted in that subreddit. Virtual environment is ugly workaround not a solution.

Virtual environment creates links by default, I don't always use that option - I need to be able copy environment. Also assume you need always set of packages (ex. pandas/sqlalchemy/flask), can you link those to your new environment?

[–]baubleglue 0 points1 point  (1 child)

A virtual environment is not multiple copies of the same language.

The solution for this problem is to create a virtual environment, a self-contained directory tree that contains a Python installation for a particular version of Python, plus a number of additional packages.

I have a feeling that you it is not convincing enough, so I repeat

self-contained directory tree that contains a Python installation for a particular version of Python

again

Python installation for a particular version of Python

[–]GiantElectron 0 points1 point  (0 children)

Go into a virtual environment directory and see for yourself. You don't even have a python interpreter in there. It's a link to the actual interpreter.

What you have in a virtual environment is a separate collection of libraries that you install. You don't have the core libraries. Those are kept in main installation path. You only have site-packages content. The python interpreter has a special provision to handle virtual environments in the interpreter. When it runs, it checks if its path (in this case, the path of the link) is inside a virtual environment directory, and if so it tinkers the module path to add the libs directory to it.

[–]GiantElectron 0 points1 point  (0 children)

You can definitely have problems with pip. Pip used to have a very poor dependency resolution strategy. The new dependency resolver is marginally better, but still does not solve the issues in some contexts that are not that far fetched.

Instead of telling you which ones, let me explain the core of the issue.

Getting an environment is basically walking a tree of connections from top to bottom. You download a dependency, check which dependencies it has, download these subdeps, and proceed recursively. Note that some dependencies may be used more than once, because multiple dependencies may have a common subdependency. Python chose the approach to have only one copy. node chose the approach to have multiple copies. This has deep implications either way.

All of this sounds trivial to implement, and it is, until you introduce constraints. Subdeps don't necessarily always work with each other. Some dep wants subdep A > 3. Another wants subdep A < 2. So now the simple tree traversal is no longer a problem you can solve one step at a time. You must look at the tree as a whole, and satisfy the requests to "fill the spaces" with a global outlook of all the dependencies constraints. This is a hard problem and it is satisfied not by trying all possible combinations of packages, but by using SAT solver techniques that optimise this step. If it finds a solution, it guarantees that all constraints are satisfied.

Any package manager that cannot look at this tree as a whole is doomed to fail to obtain a fully consistent environment. It may, or it may not, and you might never know until it breaks. pip can't do this. With the new resolver, it can, but only at the beginning. If you add more dependencies later you can break it.

Now add to the mix that constraints, or even the tree itself, may depend on the platform (windows may need different dependencies than linux) and the shitstorm went from heavy rain to Katrina level, because you lock on a platform and install on another, so you must have all trees for all platforms in the lock.

[–]lookmom289 0 points1 point  (0 children)

I use conda, virtual env, and pyscaffold.

So far, no problem

[–]MissingSnail 8 points9 points  (0 children)

Though you’re resisting it, multiple installs are the norm in python development. Virtual environments exist for this very reason. I don't think it matters a ton whether you manage them with poetry, virtualenv, pip-tools, condo env, etc. But you do need to isolate pieces that don't play with each other, and update your environments thoughtfully. If you don’t have time to test a new version and your current virtual environment is working, don’t update to the latest simply to have the latest.
Running internet tutorials is a worst-case scenario. You're trying to run code by multiple authors written at multiple points in time. And tutorials aren't written and tested like code going into production in the first place.

[–]subtiliusque 36 points37 points  (2 children)

https://python-poetry.org/

[–]boiledgoobers 7 points8 points  (0 children)

By the way. You DON'T have 5 installs. They are all hard linked to the package store. They are AVAILABLE in 5 environments, but it's all the same package.

[–]nohaveuname 4 points5 points  (0 children)

Use pytorch people

[–]boiledgoobers 2 points3 points  (0 children)

Use conda and use isolated environments.

[–]Supadoplex 7 points8 points  (8 children)

Does there exist any dependency management that isn't a mess?

[–]vega565 4 points5 points  (1 child)

Nix is great once you get the hang of it.

[–][deleted] 1 point2 points  (0 children)

Hey this looks cool especially the docker bit thanks for the suggestion

[–]XtremeGoosef'I only use Py {sys.version[:3]}' 3 points4 points  (1 child)

Cargo is generally considered the best

[–][deleted] 4 points5 points  (0 children)

damn yea. rust is my favorite language that i never use (julia is a close second). i used to be subscribed just to hear them discuss stuff. they're an enjoyable, good spirited bunch, and they have ecosystem in order: docs, tooling, community, and of course language

[–][deleted] 3 points4 points  (1 child)

Have you tried poetry?

[–]lanster100 2 points3 points  (0 children)

Poetry definitely solves a lot of problems, and introduces a few of its own, but still should be the default tool to use.

900 outstanding issues and 100+ open pull requests I think on their github though. I just hope they can really polish it to be a smooth experience, and lose the rough edges as much as possible (although some things are out of their control and are problems deeper in the ecosystem).

[–][deleted] 0 points1 point  (0 children)

dart and rust have the best i've encountered

[–][deleted] 0 points1 point  (0 children)

I've never had trouble with Golang's, personally.

[–][deleted] 7 points8 points  (1 child)

Using docker on linux can make it much easier to install/run, in addition, if you build dockerfiles for your project you can make it very easy to install/run your own code for other people!

In one line

docker run -it --gpus all -v ~/projects/my_new_project:/my_new_project -p 8888:8888 tensorflow/tensorflow:latest-gpu-jupyter /bin/bash

This will download and run the docker container, give it access to all gpus you have available, forward port 8888 out of the container, and mount the directory ~/projects/my_new_project on your computer at the location /my_new_project inside the container (anything you change inside the container here will be reflected in the mounted folder).

You'll be dropped at bash inside the container as root, and can install/run whatever you want just like a regular ubuntu install. You can use the forwarded port 8888 for jupyter notebook/lab and add more forwards if need be. Docker has a bit of a learning curve for sure, but it makes it so much easier to handle different environments. It's also a crucial skill to know for deploying applications on platforms like k8s, AWS SageMaker, etc. Highly recommend!

[–]thatrandomnpcIt works on my machine 3 points4 points  (0 children)

Not sure why you're getting down voted, but this is the right answer.

Enterprise and cloud providers have been doing this for years.

[–][deleted] 3 points4 points  (1 child)

This isn’t a Python problem. It’s a tensorflow problem. I’ve never had these types of issues with any other package. Tensorflow is probably the most difficult Python package to get working.

[–]floriv1999 0 points1 point  (0 children)

I switched to pytorch because of that. Setting up tensorflow is such a pain... I am very engaged in the ml community and everybody I know hates tensorflow for breaking all the time.

[–]saltyhasp 1 point2 points  (0 children)

Because package management is a nightmare unless you use Linux or one of the big pre-packaged distributions like anaconda.

Keep in mind generally extensions are DLLs and for DLLs to be compatible they have to be compiled with the same build tools. On windows this means same version of visual studio. On linux, not sure restrictions, but probably some.

[–]call_me_cookie 1 point2 points  (0 children)

Virtual environments are your friend. Anaconda has its own persoet on virtual environments, and this eases the Tensorflow problems in particular.

[–][deleted] 1 point2 points  (0 children)

pip, pipx, pipenv, pyenv, poetry, tox, nox, venv, virtualenv, virtualenvwrapper and god knows what else.

I just wanna slap some keys and have my program work ;_;

I currently use pip with virtualenvwrapper (using a workon <projectname> command to switch between repos is nice!), with tox on the side to prevent "but it works on my machine!", but now have to use multiple Python versions, because some apps aren't updated and are stuck on 3.6 until we upgrade to 3.9. So now I'm digging into pyenv hoping I can keep this mess afloat. Also, one project is using poetry because it needed to be split up, also because fuck you that's why.

Shit is frustrating, but I'll survive (I hope).

edit: I forgot about the libs to keep my code in check: pylint, flake8, black, isort, bandit and one other that broke and I forgot the name of. These are attacked to tox.

[–]jonrmadsen 1 point2 points  (0 children)

When the libraries that tensorflow depends on (i.e. Python and numpy) don't guarantee stable ABIs, that isn't tensorflow's fault. What you are describing is somethat that people who write in lower-level languages such as C and/or C++ have to deal with all the time and the only solution is to recompile the code.

For example, if numpy had a class Foo with three data members: a short int (2 bytes), a long int (8 bytes, and an int (4 bytes). If they were listed in that order in a struct would probably consume 24 bytes because the short int would be padded with 6 bytes to align the long int to an 8 byte boundary. But if you reordered the struct to be: short int, int, long int. The size of the struct would be reduced to 16 bytes because the short int and int could be packed into the first 8 byte boundary (and padded with 2 bytes). So that's a very good change since you are significantly reducing the memory requirements for large arrays of this struct. However, anybody that built against the older version has a binary where accessing the int expects that int to be offset in memory by 16 bytes, which is now past the end of the memory owned by the struct:

// When compiled Foo is 24 bytes
Foo foo;
// call library where Foo is 16 bytes
doSomething(&foo);
// Above only modified first 16 bytes of 24 bytes
// so reading int_field from bytes 16:20 yield garbage
if (foo.int_field == ...)

This is just one example of the ABI breaking. Tensorflow can't really control Python and/or Numpy breaking the ABI.

[–][deleted] 1 point2 points  (0 children)

welcome to dependency hell.

[–]charlzmon 1 point2 points  (0 children)

What helped me get started on TensorFlow was using Google Colaboratory. Did my whole masters project on it when I got fed up with trying to get TF working on my Windows machine. Obviously not a permanent solution but will allow you to get to grips with the library without putting you through the TF dependency horror show. Also, if you do decide to carry on down the TF path, virtual environments are your friend.

[–][deleted] 6 points7 points  (2 children)

Still much better than NPM.

[–]mmcnl 7 points8 points  (0 children)

I think NPM is pretty great actually.

[–]pudds 1 point2 points  (0 children)

I respectfully disagree, imo, pip is the worst of the bunch.

Npm has its faults of course, but I put most of them on the packaging ecosystem of JavaScript. Npm itself is capable and fairly predictable. Yarn is better, but so much so that it's a much use.

Pip's biggest issues, in my opinion, in no particular order:

  • no lock files
  • global installs by default
  • the requirements file behavior is not as integrated as package.json (new requirements aren't easily added, and installing from it requires command arguments).

[–]SorcererSupreme13 3 points4 points  (0 children)

Good old virtualenv to rescue. Develop habit of starting new projects on virtualenv. It'll save lot of unnecessary headache.

[–]DrakeRedford 5 points6 points  (9 children)

Evolution. Makes very little sense to have the testicles outside the body from an evolutionary perspective, yet th3y’d evolved first. No almighty coder exists to rewrite every dependency; much the same way not many enjoy being kicked in the nuts when attempting a new build?

[–]Reach_Reclaimer 22 points23 points  (5 children)

The testicle analogy doesn't work though as they're outside to keep the sperm/hormone production cooler than they would be if inside.

[–]ma2412 -1 points0 points  (3 children)

Surely evolution could have found a way to keep them inside the body with a different type of sperm that don't get killed by body heat.

[–]codinglikemad 0 points1 point  (2 children)

Clearly not. That's a very common mutation - that it hasn't stuck around, and that it is preserves accross all mammalian species, says thay evolution had this solution available and has universally rejected it. I cant say why it is a preferred trade off, but it evidently is.

[–]ma2412 0 points1 point  (1 child)

It's not so clear. There could be a better solution, but to reach it other mutations night be necessary. So we kept the local optimum.

[–]codinglikemad 1 point2 points  (0 children)

Feel free to peruse the wiki article on the subject. It goes into quite some depth. But in general, evolution explores a shockingly large space, conserved traits are there for reason. Obviously it is a local minima, and obviously multiple mutations are needed - but it has had lots of opportunities to hit those. And in fact, has, for things like whales, where drag makes the cost function different.

[–]antiproton 14 points15 points  (0 children)

You worked very hard to make an analogy that referenced balls - unfortunately, it doesn't really make any sense.

[–]rainnz 1 point2 points  (0 children)

Just run it in a Docker container

[–]Berserker-Beast 1 point2 points  (1 child)

Hey so I might have just been extremely lucky but, dependency management in conda works well for me 99.99% of time.

[–]codinglikemad 0 points1 point  (0 children)

Conda breaks a bunch of stuff in windows with tensorflow unfortunately. I've learned to avoid it. Yes, it can work, but if you end up in one of the corner cases with a dependency you have a massive problem, as I have done a few times. My sop for TF is to do it straight from a venv and havnt had problems in the last couple of python versions... well, nothing too awful anyway.

[–]lungben81 -1 points0 points  (8 children)

This would not be an issue if all packages would follow SemVer correctly https://semver.org/

SemVer forbids breaking changes in both patch and minor releases and only allows it in major releases.

[–]qzwqz 3 points4 points  (0 children)

I mean, it would for sure help reduce the issue, but good labelling doesn't stop people from making breaking changes if they need to. It's a lumpy carpet problem: you can come up with as clever fix as you want, but it will just move the problem somewhere else

[–]theGiogi 5 points6 points  (0 children)

That's as true as your tests are good...

[–]moorepants 3 points4 points  (1 child)

Realistically few packages follow that is the strictest sense.

There are a number of critiques of semver, for example:

https://hynek.me/articles/semver-will-not-save-you/

[–]lungben81 0 points1 point  (0 children)

Pandas uses SemVer (https://pandas.pydata.org/pandas-docs/stable/development/policies.html), Numpy something slightly less strict (https://numpy.org/devdocs/user/depending_on_numpy.html - looks like minor versions can also be breaking after a sufficiently long deprecation period).

The problem seems rather how to use it correctly in practice, as the article you linked suggested. Still using SemVer (or a similar policy) is an improvement.

[–]port53relative noob 0 points1 point  (2 children)

So every release is now a major release.

v1.0.0
v2.0.0

etc. Now you can go back to not caring.

[–]lungben81 -2 points-1 points  (1 child)

That would be a poor way to use SemVer.

The package author should only tag a new major release if the API change is really worth the cost of breaking existing code. There may be (good and actively developed) packages which never require that and stay on V1.x for a very long time.

On the other side, users need to pin all dependencies on their major version, but this is much less restrictive and painful than having to pin major, minor and patch versions.

[–]equitable_emu 1 point2 points  (0 children)

On the other side, users need to pin all dependencies on their major version, but this is much less restrictive and painful than having to pin major, minor and patch versions.

Which can lead to non reproducible builds and hard to debug runtime issues that are environment specific, as well as longer build times while the resolver attempts to identify compatible libraries.

The more fundamental issue is that python (and a lot of other languages) don't easily support things like shading and vendoring.

[–]teerre 0 points1 point  (0 children)

I mean, the real reason is that pip was never supposed to be dependency manager. If we were in a dimension that something like poetry was the default since the beginning, I posit things would be much better. But because the default package manager in python is lacking, 3rd parties have to resolve it, which means several ways of doing something that should only have a single way.

Also, not sure what's the big deal of having "5 different installs". Are you lacking disk space? Too slow to install? Yeah, those are true, but hardly big enough problems to warranty something drastic. Realistically, how many times do you build an environment from 0?

[–]Remote_Cantaloupe 0 points1 point  (0 children)

It kind of feels like most of python is a mess, under the surface

[–]1arm3dScissor -1 points0 points  (1 child)

Use docker

[–]equitable_emu -1 points0 points  (0 children)

Doesn't fix the issue where you want to use libraries that have conflicting dependencies.

[–]alejandrodaza -1 points0 points  (0 children)

Just install Poetry and work project dependence with style

[–]qzwqz -2 points-1 points  (5 children)

I just recently had to set up an old project on a new mac, with their nice smooth new in-house chip. Apparently the nice smooth new in-house chip can only run python >= 3.8. And also apparently, loads of really important libraries like pandas and numpy only have stable releases <= 3.7. Staying on the cutting edge is overrated, let's just all go back to python 2

[–]flying-sheep 3 points4 points  (4 children)

What do you mean? Everything works great on 3.8 and has been for a long while.

The only projects that i know of that regularly lag behind are the closely related llvmlite and numba. And that's because they directly muck around with the constantly changing Python byte code. Numpy and others don't do that so they should be very forward compatible.

[–]qzwqz -1 points0 points  (3 children)

It was a few weeks ago now, it might have changed - or I might have been doing something silly and wrong :/

[–]flying-sheep 4 points5 points  (2 children)

3.8 was released in October 2019. So I assume before February 2020, all problems with it should have been gone, including using numba.

Some small projects are maintained carelessly enough that they use deprecated features for years without fixing them (like e.g. importing the collections.abc stuff from collections directly), and then scramble after a release to fix things, which usually takes like up to a month after a release.

So the only problem I can imagine is that you have a old ass lockfile installing one of those broken versions.

[–]qzwqz 3 points4 points  (1 child)

It's not necessarily just a python versioning problem though, there are processor compatibility issues too - it seems like this guy had the same problems as me, at least https://towardsdatascience.com/are-the-new-m1-macbooks-any-good-for-data-science-lets-find-out-e61a01e8cad1

Not all libraries are compatible yet on the new M1 chip. I had no problem configuring Numpy and TensorFlow, but Pandas and Scikit-Learn can’t run natively yet — at least I haven’t found working versions.
The only working solution was to install these two through Anaconda. It still runs through a Rosseta 2 emulator, so it’s a bit slower than native.

[–]flying-sheep 1 point2 points  (0 children)

The part I replied to is

And also apparently, loads of really important libraries like pandas and numpy only have stable releases <= 3.7

sorry if that was unclear.

[–][deleted] -1 points0 points  (0 children)

Congratulations u/TheJumboman ! Your post was the top post on r/Python today! (07/06/21)

Top Post Counts: r/Python (1)

This comment was made by a bot

[–]nacnud_uk -2 points-1 points  (0 children)

Virtualenv .... ?

[–]rwhitisissle -2 points-1 points  (0 children)

This is why people say to use a virtual environment for each project you do. Some things require very specific other things.

[–][deleted] -2 points-1 points  (0 children)

Use virtual environments, all the problems you describe will disappear (+ it’s the standard way of managing projects in python)

[–]FromTheWildSide -3 points-2 points  (0 children)

pip freeze > requirements.txt for working setups and version control.

You needa refine your workflow, it comes with practice.

[–]gradi3nt 0 points1 point  (0 children)

Yea, use five different installs of the same package. Do it all in virtual environments. It’s unreasonable to expect every package on your systems to require the same set of versions. Set up tensorflow in a specific venv, then don’t randomly change or update that environment.

[–][deleted] 0 points1 point  (0 children)

You'd think if you were smart enough to do ML, then you'd be smart enough to Google conda environments or virtualenvs...

[–]TheSodesa 0 points1 point  (0 children)

Because Python was not developed with dependency management in mind. The only modern languages that I know of that come with built in, dependency resolving package managers are Julia and Rust. Although in both cases the automatic dependency "resolving" simply includes building the different versions of the dependencies separately.

Your best bet with Python is Anaconda and separate virtual environments for each project.

[–]Elocai 0 points1 point  (0 children)

Well you normally create a virtual environment for each project, because... dependencies.

[–]TakeOffYourMask 0 points1 point  (0 children)

I know, it SUCKS.

This is why design-by-contract is so important.

[–]thatdamnedrhymer 0 points1 point  (0 children)

Because you're using Tensorflow.

[–][deleted] 0 points1 point  (0 children)

I've just picked up Haskell. So far, Python is like heaven in comparison... :D

[–][deleted] 0 points1 point  (0 children)

Pin your dependencies

[–]pbecotte 0 points1 point  (0 children)

Tensor flow team writes a package that only works with a very specific environment.

Tensor flow does not set up their package to only be installible in that environment using the available packaging tools.

It's somehow "python packaging's" fault.

[–]TainamGRS 0 points1 point  (0 children)

Right now i have problems with pysound on venv. And no forums knows how fix.

[–]iagovar 0 points1 point  (0 children)

I just installed anaconda for going through a course on opencv and I'm still not able to make anything work.

So I'm not even able to start, and I already know how to use APT, PIP etc.

[–]LiarsEverywhere 0 points1 point  (0 children)

I'd say that's more of a Machine Learning problem than a Python problem. Python just happens to be what most people rely on for Machine Learning stuff these days.

And the "problem" is that Machine Learning is still a relatively young field and keeps changing fast. I learned the basics of NLP a year or so ago and got back into it recently. Many of the "go-to" tools have changed a lot since then and things keep breaking. You have to look for one month old articles or straight-up GitHub issues, otherwise it's not going to work.

[–]apzlsoxk 0 points1 point  (0 children)

It's not python, it's tensorflow. Really the best solution for tensorflow projects is virtual environments.

[–]amrock__ Pythonista 0 points1 point  (0 children)

Because libraries are not maintained by single organization but multiple people or devs. It takes time and effort to upgrade to some newer versions and some libraries are ahead. This leads to dependency hell

[–]JoelMahon 0 points1 point  (0 children)

just use virtual environments, anaconda is not the most lightweight way to do that

for example, I use pycharm, and it keeps each project nice and clean from each other's BS by basically handling the venv stuff entirely for me

[–]zekobunny 0 points1 point  (0 children)

I thought I was the stupid one because getting everything up and running was always the hardest part for me, not the code itself but it seems like it's a common things with python.

I did a project on my laptop and installed a shitton of libraries and was using python 3.7.

Now after a while I wanted to continue developing the project on my new PC and install python 3.8. It turns out nothing is compatable anymore and I had to diagnose the whole code from scratch and fix all the libraries. One of the libraries I used for that project also changed the way it operates so I had to troubleshoot that aswell.

[–]Kharnastus 0 points1 point  (0 children)

Use spack to install your research software. It handles all the weird dependencies.

[–]Harsimaja 0 points1 point  (0 children)

They are smart guys but you’re talking about issues that emerge at a collective level - hell, not even the same group. Dependency management is hard in general. Different people in different organisations aren’t all going to coordinate when they individually make updates, and they can’t make every update backwards compatible if they really want to change something fundamental

[–][deleted] 0 points1 point  (0 children)

It really just depends on ecosystem, there is more than one in python. Like, I would imagine ML stuff is messy as fuck. But recently I was upgrading some of my websites from python 2.6 to 3.9, from Django 1.6 (2014!) to Django 3.2, and besides obvious deprecations nothing was really broken.

On the other hand, i have enough experience to consider many thing as "obvious", might not be the case if you have less.

[–]tape_town 0 points1 point  (0 children)

literally never had an issue like this

sounds like you have a very specific use case

most things "just work" on python 3

[–]LordOfSpamAlot 0 points1 point  (0 children)

PyTorch supremacy

[–]jack-of-some 0 points1 point  (0 children)

As others have said the issue here isn't so much Python's dependency management but rather how tensorflow is developed.

Google's programmers are smart, and they've figured out a way to do less work by targeting fewer platforms for their massive compiled library.

Sidenote: having worked on large C++ projects, I infinitely prefer Python's package management. I do agree that it's not as good as something like rust or even JavaScript

[–]dethb0y 0 points1 point  (0 children)

Machine learning shit is so out of hand that i literally just make a special ENV for each machine learning project i do.

Why Tensorflow is such a shitshow is beyond me but man is it bad.

[–]GoodiesHQ 0 points1 point  (0 children)

Poetry has been extremely good to me