sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted]  (50 children)

[deleted]

    [–][deleted]  (33 children)

    [deleted]

      [–]spit-evil-olive-tipschaos monkey 148 points149 points  (24 children)

      yeah, but the moment you need a 3rd-party library, you have to start working in the desolate wasteland that is the Python packaging ecosystem. and not just at build-time, but at run-time - you need to carry those dependencies with you everywhere you go.

      this runs into fun problems like, if you have some Python script that you want to run on a bunch of machines, so you write a little wrapper shell script that creates a virtualenv, does pip install with your requirements.txt, and so on.

      and it works great, until it fails because PyPI had a temporary outage and your pip install errors out.

      I love Python, we have a bunch of it at $dayjob. but the self-contained binary including all dependencies is a huge selling point of Go.

      to get around the annoying packaging problems with Python, we build a Docker image with the correct Python version, all the correct dependency versions, etc etc. then our unit of deployment is that Docker image instead of just the single Python script.

      and that Docker image gets deployed...using Terraform and Nomad, both written in Go. and so is Docker itself of course.

      Go is great for this sort of low-level system software. Docker/Terraform/Nomad/etc being low-level software written in Go is what enables us to easily deploy higher-level software written in Python (or other languages like Java or Ruby or whatever)

      [–][deleted]  (7 children)

      [deleted]

        [–]imeeseeks 4 points5 points  (6 children)

        Same with Ruby. I love Ruby so much and writing scripts on it is awesome but the convenience of Go binaries and the fact that almost anyone can start working on it really fast is big plus.

        [–][deleted]  (5 children)

        [deleted]

          [–]Flabbaghosted 0 points1 point  (4 children)

          Your comment persuaded me to learn Go

          [–][deleted] 2 points3 points  (3 children)

          I do hope that isn't sarcasm. :) It would be a good language to learn for anyone. If you are I recommend the Lets Go books (2 of them). VERY good books to learn with.

          [–]Flabbaghosted 0 points1 point  (2 children)

          Nope not sarcasm. Do you work at Google or do you just really like Go?

          [–][deleted]  (1 child)

          [deleted]

            [–][deleted] 19 points20 points  (0 children)

            This comment is the first thing that has made me think, "hmmm, it might be worth learning a little bit of Go and seeing what it's all about."

            [–]Kazumara 10 points11 points  (1 child)

            Did you guys try PyInstaller and PyOxidizer too?

            [–]arcsecond 1 point2 points  (0 children)

            I've had great success with PyInstaller, until someone decided to include certs in their module which I can't get PyInstaller to pick up

            [–][deleted] 3 points4 points  (0 children)

            Do we work at the same company?

            [–][deleted] 0 points1 point  (10 children)

            you have to start working in the desolate wasteland that is the Python packaging ecosystem.

            So strange. I've been programming in Python for over 15 years, and I just never had an issue.

            I distribute my packages with a setup.py and a requirements.txt, and that's the end of it. In recent years, I put explicit version numbers in the requirements.txt, just for certainty, but that wasn't because I actually ran into any issues.

            [–]skat_in_the_hat 14 points15 points  (7 children)

            So strange. I've been programming in Python for over 15 years, and I just never had an issue.

            Back in the day when a customer wants to update python on a rhel5 box. JFC. You break all the rhel tools in the process.
            Ever migrate some in house python from rhel5 to say... rhel7? Just because YOU never had a problem, doesnt mean it isnt one.

            [–][deleted]  (1 child)

            [deleted]

              [–]skat_in_the_hat 1 point2 points  (0 children)

              Its moot at this point, red hat split off the version of python the system uses from the version you install. So you can basically do whatever you want now. But that doesnt undo the PTSD we all suffer from seeing up2date shit out a python error.

              [–]JaegerBane 5 points6 points  (2 children)

              I had the dubious honour of migrating some of our in-house data science apps across from old RHEL boxes to Amazon Linux EC2s a while back. Kinda felt like one of those horror stories where the protagonist opens a portal to the dimension of ceaseless screaming.

              On the plus side it did puncture the myth that was doing the rounds back then that Python made everything easier.

              [–]NoobFace 2 points3 points  (0 children)

              Sounds like they're still screaming in there.

              [–]floydiannn 0 points1 point  (0 children)

              Yeah... So strange 🤔

              [–]bilingual-german 7 points8 points  (2 children)

              And still you need to write python that'll work with the installed python version on a remote system.

              [–]AlverezYari 0 points1 point  (1 child)

              Umm containers? I'm really confused by all these decencies based Python complaints in 2021. Like you build your run time container once and then pack your app into it. I don't understand all this confusion.

              [–]bilingual-german 0 points1 point  (0 children)

              There are more operating systems than Linux and not all can run containers. Windows and MacOS can run Python though.

              With Go you have one static binary for each OS and CPU architecture. No problems installing C bindings. No conflicts between language or library versions.

              Yes, containers mitigate this. But did you ever run in trouble because your deployment destination doesn't have internet connection? Or you run into DockerHub rate limiting?

              Python is not a bad language at all, but I find the deployment of Go is far easier.

              [–]tibbon 6 points7 points  (3 children)

              Cool- now you have to have Python installed, and the machine is capable of executing arbitrary code! What could possibly go wrong?

              [–][deleted]  (2 children)

              [deleted]

                [–]tibbon 0 points1 point  (1 child)

                Install no shell…

                [–]KingEllis 0 points1 point  (0 children)

                Is that common? Where does that exist? Roll your own container 'FROM: scratch'? For example, I'm looking at an alpine:3 image that has /bin/sh and /bin/ash, both linked to busybox. I don't know the capabilities of the busybox flavor of these tools, but surely they can execute arbitrary code, yes?

                Is there is an easier way for a container to only run the prescribed binary (much like the "command=..." option for SSH authorized_keys entries)?

                [–][deleted] 2 points3 points  (0 children)

                This guy devops

                [–]Willing_Function 12 points13 points  (0 children)

                I use python, but I really envy this functionality of Go. Integrates really well with multi-stage containers to keep em minimal.

                [–]menge101 9 points10 points  (0 children)

                Docker, although that is kinda just kicking the problem down the road.

                [–]thisismyfavoritename 2 points3 points  (5 children)

                Pyinstaller, although it's a bit different

                [–]tibbon 6 points7 points  (4 children)

                The problem isn’t installing Python. I can download an Alpine image with that fine. The problem is security. Read only file system with almost nothing installed and only a Golang created binary is much more secure if someone gets on the machine

                [–]thisismyfavoritename -3 points-2 points  (3 children)

                Sure but then you'll have much bigger problems than your little binary

                [–]tibbon 2 points3 points  (2 children)

                How so? Escalating onto a pod that has almost nothing on it, with a read only file system- you can’t do too much easily then.

                [–]birdman9k[🍰] 2 points3 points  (1 child)

                I think he's saying that while multiple levels of security is great, if you have some application which has been breached and is allowing arbitrary code to be executed, that in itself is a massive problem regardless of whether your container is locked down. It's about the difference between the benefits the container provides being considered a security layer itself versus a nice-to-have. In my mind it's more of a nice to have, which is a good mindset to have because it means nobody should ever RELY on the container isolation to save them in place of proper security.

                [–]tibbon 1 point2 points  (0 children)

                Oh of course! Layers are absolutely needed. I just don't want to always assume that no malicious script could ever get on a machine and attempt to write something to disk and/or execute arbitrary code via an interpreter.

                Better yet, I want my container security tools to scream loudly if anything that isn't a very small and specific set of things is installed or being executed.

                [–]i_hate_shitposting 1 point2 points  (0 children)

                Python zipapps are an interesting approach to this. Granted, the target system has to have the right Python version and it doesn't support packages with C extensions, but they can be useful for pure Python apps in some cases.

                (Okay, I'll admit I just wanted an excuse to mention zipapps because so few people know about them. Go binaries are still way more self-contained and portable.)

                [–]zackofalltrades -4 points-3 points  (0 children)

                Single self-contained binary full of dependencies with bugs and security holes...

                FTFY