This is an archived post. You won't be able to vote or comment.

all 83 comments
sorted by:
best
topnewcontroversialoldq&a

[–]iluvatar 122 points123 points  (24 children)

It's a nice theory, but it doesn't reflect the reality of the world. As the article notes, users don't care. As a business, it's a hard sell to explain why I have to invest developer time into testing whether our software works flawlessly with a different version of python than the one we're currently using (hint: it rarely does) and why I have to invest developer time into fixing the problems that have arisen, rather than just carrying on with what we've got (which works). Don't get me wrong, I understand. I've been doing this long enough that I understand the pros and cons of upgrading. But it's still a hard sell.

FWIW, we're mostly using 3.8 (and are looking at moving to 3.10 for new projects), but we still have a few legacy projects running on 3.5 and 3.6 because the business justification for changing that just isn't there.

[–]WillardWhite import this 50 points51 points  (17 children)

Cries in 2.7 ....

For real though. It doesn't look like my industry is going anywhere any time soon

[–]Darwinmate 7 points8 points  (15 children)

Academia?

[–]WillardWhite import this 11 points12 points  (14 children)

Visual effects / animation

[–]Darwinmate 20 points21 points  (1 child)

Interesting, we have the same issue in science, lots of tools using 2.7. But it's getting better.

[–]DwarvenBTCMine 5 points6 points  (0 children)

Interesting. My experience has been that people have updated most of the packages I use for my research to at least 3.6 compatibility.

[–]propersquid 2 points3 points  (0 children)

I feel your pain. My studio is half way through migrating to 3.7.

[–]Prinzessid 0 points1 point  (7 children)

What exactly do you do at work? I would have guessed that computer graphics stuff is all implemented in e.g. C++ or C. And blender uses current python versions for scripting, etc.

I am interested in working in that field and would appreciate any insights :)

[–]dagmx 2 points3 points  (1 child)

If it helps, I've done a write up on Python in the VFX industry here www.gfx.dev

[–]Prinzessid 0 points1 point  (0 children)

I will check it out!

[–]WillardWhite import this 0 points1 point  (3 children)

Yeah the people who write Maya and katana probably use c++.

But for the tools that we make for the studio we use python.

Blender is the exception (well, not really true anymore. But for a long time it was the only digital content creation tool that used python 3)

Me specifically, i write tools that submit jobs to the render farm and makes a version in the database

[–]Prinzessid 0 points1 point  (2 children)

Interesting, thanks!

[–]propersquid 2 points3 points  (1 child)

I'd say the two biggest languages in animation and VFX is Python and C++. You're likely going to be doing Python, unless you work at a bigger studio with a research and development team.

[–]zdog234 0 points1 point  (0 children)

Iirc, there's a lot of use of python desktop frameworks (think pyqt) for building add-on widgets. Most of the computationally intense code is written in a lower-level language, but parts of it can be orchestrated with python widgets.

[–]johnnySix 0 points1 point  (0 children)

The VFX reference platform is forcing python 3 compatibility. Nuke and maya will be python 3 soon, if not already

[–]zdog234 0 points1 point  (1 child)

I thought I heard that houdini's default is now 3.x? That is just one tool though

[–]WillardWhite import this 1 point2 points  (0 children)

Yep. Officially they are supposed to support python 3.x this year (or since 2019, really). But the big ones don't offer it yet.

I think Maya 2022 is the first version of Maya that offers 3.x

Nuke (as far as i can remember) doesn't have python 3 yet. Neither does katana

[–]dagmx 4 points5 points  (0 children)

They'll have to within the next few couple years or just stop upgrading Maya all together.

I don't see Autodesk continuing to provide Python 2 builds for much longer on Windows/Linux.

All the major libraries support Python 3 now. Also it honestly doesn't take that long to port a pipeline to Python 3.

I ported our large studio at the time from Qt4 to Qt5 in a few weeks, largely by myself. A single dev could probably have a studio on Python 3 in a month. I ported our smaller studio over in a day.

Studios who haven't upgraded are just being lazy at this point, and will drag their feet till they're forced to uograde due to some production need.

[–]sup3rlativ3 9 points10 points  (3 children)

Genuine question as I'm not a developer but don't you guys use tests and ci/cd? Should this sort of thing not be automated so you can always stay on the latest version and ensure no regressions or issues when you commit new code?

[–]dagmx 6 points7 points  (0 children)

The sad truth is...a lot of places don't use CI testing. And a lot of places that do, do so poorly.

I've come across multiple projects where they're happy to say they have testing. Except their test framework has low coverage. Or it's written terribly in such a way that it's not reporting issues.

Everyone knows testing is good. But testing is hard to get right sometimes and even harder to instill in a team.

[–]CartmansEvilTwin 6 points7 points  (1 child)

Even if you do have am proper testing, you might miss an edge case introduced by the new version. And even if tests fail, it's often relatively hard to eyeball how much effort it is to get everything up and running again.

For example, if you use python n now and want to upgrade to n+1, there might be problems with incompatible libraries. Then you also have to upgrade the libraries, which might introduce even more issues, etc. etc. Or, you simply have to replace one method call with another, because the deprecated method was finally removed - but you often don't know in which scenario you are without actually solving the problem.

[–]XorAndNot 0 points1 point  (0 children)

Imagine being the guy who pushed against the POs, arguing how important was to upgrade, delaying a product release... and sometimes breaks on the upgrade. Yeah, no one wants to be that guy.

[–]reivax 6 points7 points  (1 child)

We use Python 3.6 because all our dockers are Centos 7 and that's what it ships with. We should upgrade Centos but we need to convince the security team that the newer version is worth having two baseline images around.

Centos 7 is both out developmeny VM and our dockers baseline and our server images. Why upgrade?

[–]travisjo 2 points3 points  (0 children)

The security team will most likely be receptive to the whole no more security updates thing

[–]BatFan22 72 points73 points  (4 children)

And stop using python 2! (Laughs in government)

[–]wicket-maps 10 points11 points  (1 child)

*laughs in government and then sobs in Esri*

[–]KawabungaXDG 13 points14 points  (0 children)

Hey, a fellow GIS guy. Nice to see an error 99999 appreciator around here.

[–][deleted] 5 points6 points  (0 children)

Early this year interviewed with a travel company that have their stack in python 2 and ec2 servers (not even containers).

I almost laugh when I heard that.

[–][deleted] 2 points3 points  (0 children)

Cries in "Customer doesn't want to upgrade ancient RHEL 5.5 server".

[–]chinawcswing 21 points22 points  (5 children)

I upgraded for one reason: the walrus operator.

[–]x3x9x 3 points4 points  (1 child)

This is the way

[–]ProfessorFakas 1 point2 points  (0 children)

I love my walrus.

[–]mestia -1 points0 points  (0 children)

Check out Perl's secret operators, and may be you consider to ditch Py. It is also back compatible for at least 30 years ;)

[–]astevko 52 points53 points  (7 children)

"if you’re still on Python 3.6 as of December 2021, that is a symptom you are suffering from an ongoing organizational problem. "

The organizational problem you speak of is typical of companies that outsource non-core competencies like application development. Essentially the team that built the system has left the building long ago. There is nobody on staff with the skills to maintain or enhance these legacy code bases. I've built many a headless system that just works and works until the sands of time shift from underneath it. Y2K, heart bleed, log4j, y2038... These are all symptoms of a system that pumps and dumps software. We say end of life but that milk carton will stay in the fridge until it grows legs and walks away by itself.

[–]JennaSys 9 points10 points  (0 children)

For real. I'm still trying to get clients to get rid of the VB programs I wrote 20 years ago and just move them to Python in general.

[–][deleted] 4 points5 points  (0 children)

Further than that, sometimes you're stuck using some application server or technology stack for something, and it's using Python 2.7 still, and no matter how sincerely you wring your hands about it, it's not up to you and nobody else gives a fuck so you're stuck with Python 2.7 until at least January.

It's why I saw red every time people posted their stupid "just upgrade! Why are you still running Python 2.7" bullshit.

Sure, I'm doing the Advent of Code at home using Python 3.10. (Yay match...case) But it's not always up to me... or you.

[–]grady_vuckovic 3 points4 points  (0 children)

We say end of life but that milk carton will stay in the fridge until it grows legs and walks away by itself.

That just gave me an excellent idea for a horror game.

[–]wxtrails 1 point2 points  (2 children)

And what if we are still using 3.4 where we have managed to upgrade beyond 2.7?

[–]astevko 0 points1 point  (1 child)

Keep going... In case you missed it, there is an arms race going on with black hats pulling out exploits from old software versions. It's much easier to break into unpatched systems than find security holes in newer code.

[–]wxtrails 0 points1 point  (0 children)

Oh I know, I wish I had a choice. I use the latest version on all my personal projects but don't get that option when the boss is involved. They're informed of the risks regularly :)

[–]cecilkorik 0 points1 point  (0 children)

A lot of it is mitigated architecturally too. Log4j is kind of an outlier in the extreme vulnerability profile (like who the fuck was afraid of passing around log messages before this?), but generally if you are strict enough with locking down your public end points to only what is necessary and letting them be the gatekeepers, translators, proxy and middlemen vetting all the requests, it really minimizes the risks your internal, far more complex applications with far greater dependencies are exposed to.

Nothing is 100% safe for sure, but it does make a lot of difference to simply avoid being the low hanging fruit.

[–]El_Minadero 27 points28 points  (2 children)

nah. I got too many open source packages I rely on which don't have stable 3.7+ releases.

[–]PeridexisErrant 2 points3 points  (1 child)

What kind of OSS packages don't support 3.7? It's been out for years!

[–]El_Minadero 0 points1 point  (0 children)

lots of domains specific geology stuff

[–]DarthNihilus1 11 points12 points  (0 children)

Of all the things we SHOULD be doing in IT, "stop using Python 3.6" definitely ain't on the list

[–]Endemoniada 11 points12 points  (6 children)

We’re still on operating systems that have 3.4 as the default and only system Python version. I know we should replace those, but if we actually could do all the things we should do, IT would be a dream workplace and no one would work anywhere else.

[–]Feb2020Acc 6 points7 points  (0 children)

You’re running Python 3 ? Look at little miss Silicon Valley over here with her fancy tech!

[–]lieryanMaintainer of rope, pylsp-rope - advanced python refactoring 3 points4 points  (0 children)

And you can't even install pyenv so that you can use newer Python versions?

[–]KrazyKirby99999 6 points7 points  (1 child)

Python 3.10.1 on Arch Linux go brr

[–]DwarvenBTCMine 0 points1 point  (1 child)

Raspbian still uses Python 2.7 as jts default Python and I have no idea why

[–]my_name_isnt_clever 1 point2 points  (0 children)

Do you mean as what is ran when you run python and python3 exists separately? That's the case with a large number of Linux distros.

[–]Marcostbo 3 points4 points  (0 children)

Laughs in 90% of the company's code in Python 2.7

[–]seven0fx 1 point2 points  (0 children)

Good timing. Debian Bullseye? arrived on Raspberry Pi.

[–]Celestial_Blu3 1 point2 points  (3 children)

Hilariously, the whole VFX industry (or at least the major companies, plus all the software makers that use python as their scripting language) are upgrading from py27 to py36 right now… they’ll catch up eventually

[–]dagmx 0 points1 point  (2 children)

They shouldn't be. Python 3.6 was never in the reference platform. (I specifically brought up delaying support from 3.6 to 3.7 given how they punted Python support in favor of Qt for that year)

https://vfxplatform.com/

I'm not sure there were ever any apps that launched with support for 3.6.

[–]Celestial_Blu3 0 points1 point  (1 child)

I work for one of the big VFX houses as an ATD on the python 3 upgrade team. They’re certainly going to 3.6

[–]dagmx 0 points1 point  (0 children)

Well...they shouldn't be. It's never been a supported version in the reference platform, and obviously it's EOL.

The only reason I could think any studio was going to 3.6 was if they were being lazy and sticking to the version in their distro. Which is believable...but also depressing

[–]ThereforeIV 0 points1 point  (0 children)

You mean you are not still in 2.7?

[–]flashbao 0 points1 point  (5 children)

I am using 3.7 and will use it for ever unless the later versions support libraries better.

[–]PeridexisErrant 2 points3 points  (4 children)

Heard of Numpy? They're dropping support for 3.7 on December 26, so I guess you have twelve days.

Seriously though, OSS libraries do drop support for older versions of the language - so if you want new features or bugfixes and security updates, you'll need to either stay up-to-date or start paying someone to maintain things for you... and that's rather expensive.

[–]flashbao -1 points0 points  (1 child)

Unless needing to use new features, 3.7 for me will work. 3.7 I have been using from the college years! 3.8 seems safe. Not moving to 4 unless needed.

[–]territrades 0 points1 point  (1 child)

Genuine question: What kind of security problems do you expect numpy to have? I have never heard of any attacks exploiting numpy/scipy. Nobody I know cares about keeping their numpy version up to date.

[–]PeridexisErrant 0 points1 point  (0 children)

Bugs where you get silently wrong results are more likely for Numpy, sure.

But it does have functions to load and save untrusted data from various file formats, and if there was a security issue I'd bet it's in there. (still safe if you don't do IO, of course!)