Making Sense of Security

Securing your Digital World.

Making Sense of Security

Python is dead. Long live Python!

Python is dead. Long live Python!

Python 2 has been one of the world’s most popular programming languages since 2000, but its death – strictly speaking, at the stroke of midnight on New Year’s Day 2020 – been widely announced on technology news sites around the world.

But Python isn’t dead, because Python 3 has been around since the late 2000s.

So there will be no “interregnum” period during which Python doesn’t exist – just as in a hereditary monarchy, succession is considered technically instantaneous, ensuring an unbroken line.

If you’re programmer or a sysadmin (and, in truth, a sysadmin is just a special sort of programmer who is expected to use their skills to code people out of the holes that others have coded them into), then you have almost certainly used Python at some point.

And if you’ve never programmed in Python yourself, you’ve almost certainly used software written in Python, or relied on online services that were supported by software written in the Python language.

So, given that Python 2 has been replaced by Python 3 without any interruption, and given that nothing bad happened when Python 1 switched over to Python 2 around the turn of the millennium, why is the “death” of Python 2 such a big deal now?

Well, the problem – or the perceived problem – is that the changeover is not quite as straightforward this time as it was before.

When Python 2 came along, it was a natural progresion from Python 1, and software written in Python 1 was, essentially, already valid Python 2.

So you could just replace your Python 1 software development system with a Python 2 installation and carry on as usual.

However, when Python 3 was introduced, it included what software developers call breaking changes – differences that were incompatible to the point that you couldn’t just take a Python 2 program, run it under Python 3, and expect it to perform correctly.

Why break things?

Python 3 was devised, at least in part, to be different from Python 2 in carefully planned and incompatible ways.

The idea was not only to add new features to Python 3 but also to remove some of the pitfalls and imperfections that Python 2 was forced to inherit from Python 1 in order to stay compatible with it.

As the Python website says:

Python 3.0 (a.k.a. “Python 3000” or “Py3k”) is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. Also, the standard library has been reorganized in a few prominent places.

That’s usually the whole idea of breaking changes in programming – you do them not because you want to break the software in the future, and thereby to make things worse, but to break with some of the mistakes you made in the past, and thereby to make things better in the long run.

That’s why Python 2 and Python 3 have coexisted for so many years – to give programmers plenty of time to port their code to Python 3, ready for the end of the Python 2 era.

Why not keep Python 2 for ever?

In an ideal world, the Python ecosystem – remember, Python is a free and open-source project, not a commercial venture – would simply carry on supporting Python 2 for ever…

…but that would eat up an enormous amount of time, most of it given voluntarily by Python fans around the world.

Plus, the Python community devised Python 3 to be better than Python 2, and to remove some of its risky, confusing and unnecessary parts.

Indeed, all that time-consuming work “backporting” new fixes to the old codebase would ironically make it easier for die-hard Python 2 fans to keep on living in the past.

What to do?

Python 2 software will still work, so there’s no immediate problem – the “death” of Python 2 is a conceptual issue, not a literal one.

In other words, if you still have large Python 2 projects that you haven’t yet ported to Python 3, you’re not in imminent danger of your software stopping working.

But the entire Python 2 environment will no longer be getting security fixes, making it a bit of a fool’s errand to carry on using it.

As the Python Foundation’s news blog explains:

Users are urged to migrate to Python 3 to benefit from its many improvements, as well as to avoid potential security vulnerabilities in Python 2.x after April 2020. This move will free limited resources for the CPthyon core developer community for other important work.

So, we recommend:

  • Use Python 3 for all new Python projects.
  • If you don’t yet have a plan for retiring or porting your Python 2 apps, make one now.
  • If you’re relying on a vendor who’s still coding in Python 2, ask them about their plans to move forward.
  • Learn Python 3 if you’re new to programming and just getting started.

As an interesting aside, even though 01 January 2020 is the official “death of Python 2” date, you’ll have noticed the mention of “April 2020” in the Python Foundation’s comments above.

Indeed, it seems that CPython (the primary Python implementation, itself written in C) will actually see its last major version in April 2020, after which “all [CPython] development will cease for Python 2.”

So perhaps Python 2 isn’t quite dead after all…

…perhaps it’s just resting; maybe pining for the fjords?

View Original Article HERE