Sources

You say that. But, for the cheap web hosting I bought for a hobby project, the only options are the painfully slow web interface, or ftp. (And not even sftp/ftps. It's unencrypted. And I can't disable the FTP account, either. It's always on, FFS.) So I fired up ncftp and had to remember how to use it. It was like being hit by a cold shower. But it sounds like I got more hits than Corey. (Also, the web panel has an API which sounds like it will support git, when I get it sorted.) … * For example, I have an application from a place I've volunteered. I've got a big archive full of code and I have a backup of a database. The organization doesn't want to run it, which is great, because I would have to guess what to do with this stuff if they did. There's no documentation of what this does, how to install it, what's in the database, and for all I know, there may be components written by the original contractors which aren't in my big archive. I have no way of knowing whether this can run, even though theoretically I do have copies of the files concerned. … AWS specifially has been failing *a lot* for a cloud which claims to be bullet proof. I'm a Gen-er and largely with you. I've always hated the complexity in default AWS and haven't liked the party Azure has followed much better. As an actual fan of JS/TS, I've fought against undue complexity for over half my career. I've seen both spaghetti monoliths and microsecond jungles. … My biggest issue with pointing out Google as a positive is they're likely to just kill the product and workflow you've built on with the next update. I don't trust them. And good luck finding a real person when they disconnect your account from logging in. Lol how long did it take to figure out what region it was in? … One of the things that got me was how difficult it was to set up environments and systems, so that on the dashboard I could see resource usage and thus spend against Dev, Test and Prod(client 1), Prod(client 2)… I’m sure it is doable, as it s”assembler”, but… *"People who are trained up and accomplished at its configuration "* … " People who are trained up and accomplished at its configuration can make a good few quid on the job market." Except there's almost no useful training and experience is the way you learn things. Manuals are useless and/or hopelessy outdated, if they even exist. That applies also to enterprise users, which means that a simple migration project to AWS takes 18 months. With competent enterprise level machine room operators/developers, not just anyone. … AWS have always made life difficult and the security people have consistently put day1 startup mentally at a higher priority than customer success, pulling the wool over the eyes of senior management in the name of security. Whenever I see a message like 'unable to find a policy to allow this' all that I have ever wanted in the past 10 years is a simple button which says "Fix this" so that AWS can go away and create the IAM records it needs for me to continue. … No, speaking as a currently designated security troglodyte who’s spoken with some of the chief IAM architects, I would say legacy drift is not the big problem with IAM. The real problem is twofold. Firstly, the AWS APIs are all random SOAP-style verbs instead of REST and control plane and data actions are in the same service-url namespaces so nothing can be built around object or even object class permissions, only lists of actions that are unpredictably idempotent or mutating or data-exposing or control-plane-exposing. Secondly, the chief design requirement of IAM is performantly deterministic permission evaluation, not actual security or usability or least privilege. This leads to choices like making permissions a list of low-level API actions (because that’s where policies are evaluated), the boolean logic hell that is the deny sandwich and conditions, and strict character limits on policies such that you can’t explicitly list the actions for a single service like EC2 in a policy and are then forced to use wildcards and guess whether they’re restrictive enough and don’t open you up to the new surprise actions AWS adds without warning. The “fixes” they’ve added are just more layers of the same flawed design and implementation via permission boundaries and SCPs. So anyone used to sane CRUD permissions has to relearn everything and then discover that their basic security expectations and requirements are impossible to implement in any auditable way in AWS. No, it's nothing to do with that at all. … ~~victims~~ customers end up paying for stuff they didn't or can't use - and so the capacity can be sold to multiple customers. The bad consultancies like it as well, because it makes them irreplaceable and gives more scope for nickle-and-diming. So basically everyone who isn't already locked in, doesn't want to play there.

## The hidden cost: cognitive load and velocity loss The part nobody warns you about isn’t the bill. It’s the *brain tax*. AWS doesn’t just charge money it charges attention. Every new service you touch adds a little more surface area you have to remember, reason about, and explain to Future You when something breaks for reasons that feel personal. On paper, **Amazon Web Services** gives you infinite flexibility. In practice, that flexibility shows up as decisions you didn’t know you were signing up for. Networking models. Permission boundaries. Execution roles. Service limits. Quotas you only learn about by hitting them. None of these things are individually terrible. The problem is accumulation. I’ve lost more time than I want to admit debugging IAM policies that were technically correct but emotionally hostile. You start by wanting to give a service access to one thing, and an hour later you’re three tabs deep in docs, muttering “why is this denied” like it’s a personal betrayal. And that time adds up. Infra reviews start taking longer than feature planning. Pull requests get blocked not on logic, but on configuration. You hesitate to ship small changes because you’re not entirely sure which invisible meter they might spin. This is where velocity quietly leaks out. Not because AWS is slow but because *thinking about AWS* is slow. It pulls you out of product mode and into platform-operator mode, even when you never wanted that job.

## My problem with Python Like all programming languages, Python has its shortcomings, which I can easily mention. These flaws become obvious when I compare it to other programming languages I use: - It’s slow (not compiled) - Has a huge dependency on C for heavy tasks - Possible to create desktop applications, but inappropriate - Has no built-in linear algebra functionality - No integrated dataframe management functionality - No integrated statistics or machine learning functionality - Object-oriented doesn’t integrate well with any of the above functionalities (Numpy and Pandas for instance feel weird to use personally)

### Dealing with Library Overload The community of Python is very much alive as new libraries and modules are being created by developers constantly. The consequence of this is that it becomes challenging for the developer to determine which library would best fit their project due to a large number of choices available. In many cases, developers have to consider documentation, community support, overall maturity as well as stability of the library. ### Keeping up with Rapid Ecosystem Changes The Python ecosystem is constantly evolving, with new versions of the language, libraries, and frameworks being released regularly. Staying up-to-date with these changes can be a daunting task for Python developers. Keeping track of breaking changes, deprecations, and the latest features can be time-consuming and requires a significant investment of effort. ### Managing Compatibility and Version Conflicts The interdependency between libraries and the rapid evolution of the ecosystem can lead to compatibility issues and version conflicts. Developers may encounter situations where a specific library or framework they need is not compatible with the version of Python or other dependencies in their project. Resolving these conflicts can be a complex and time-consuming process, often requiring extensive research and troubleshooting. … Novice developers, in particular, may struggle to understand these messages and find the appropriate solutions, leading to a time-consuming and frustrating debugging process. Moreover, debugging asynchronous and concurrent code in Python presents its own set of challenges. Asynchronous programming features like asyncio and multithreading can introduce complexities such as race conditions and deadlocks, making it harder to identify and resolve issues. … ### Balancing Technical Debt and Innovation As Python-based applications grow in complexity, technical debt can accumulate, making it increasingly difficult to introduce new features or make updates. Developers must strike a delicate balance between addressing technical debt and introducing innovative solutions to meet evolving customer demands.

## 1. Performance Issues **Challenge: Python is an interpreted language, which can lead to slower execution times compared to compiled languages like C or Java. This performance issue becomes particularly noticeable in applications that require heavy computation or real-time processing.** **Solution: To address performance issues, developers can use various optimization techniques:** - **Profile Your Code: Identify bottlenecks by using profiling tools likecProfile orline_profiler. These tools help pinpoint the exact sections of the code that are slowing down execution.** - **Optimize Algorithms: Review and improve the efficiency of your algorithms. Sometimes, a more efficient algorithm can significantly reduce execution time.** - **Use Built-in Functions and Libraries: Python’s built-in functions and standard libraries are often optimized for performance. Utilize these instead of writing custom code.** - **Leverage C Extensions: For performance-critical sections, consider usingCython or writing extensions in C. These can significantly boost performance by compiling Python code to C.** … ## 2. Managing Dependencies **Challenge: Managing dependencies in a Python project can be tricky, especially as the project grows. Different environments and dependency versions can lead to conflicts and compatibility issues.** **Solution: Effective dependency management can be achieved through:** … ## 4. Handling Large Codebases **Challenge: As projects grow, the codebase can become unwieldy and difficult to manage. This can lead to issues with code maintainability, readability, and collaboration among team members.** **Solution: Implement strategies to manage and maintain large codebases effectively:**

Python is a popular, high-level programming language that is widely used for web development, scientific computing, data analysis, artificial intelligence, and more. However, despite its popularity and versatility, Python users often encounter several pain points when working with the language. In this blog post, we’ll explore some of the most common pain points and provide tips on how to solve them. - Performance: Python is an interpreted language, which means that it can be slower than compiled languages like C or C++. However, there are several ways to improve performance, such as using NumPy or PyPy, or writing performance-critical code in C or C++ and integrating it with Python. - Memory management: Python automatically manages memory, but this can sometimes lead to memory leaks. To avoid memory leaks, make sure to close files, sockets, and other resources when you’re done with them. You can also use memory profilers to identify areas of your code that are consuming large amounts of memory. … - Code readability: Python is known for its readability, but it’s easy to write code that’s difficult to read. To improve code readability, follow PEP 8 style guide, use descriptive variable names, and write docstrings to document your code. In conclusion, Python is a powerful and versatile language that can be used for a wide range of applications. However, users may encounter several pain points when working with Python, including performance, memory management, debugging, package management, and code readability. By following the tips outlined in this post, you can overcome these pain points and make the most of Python.

I strongly suspect that devs' satisfaction with Python is strongly correlated with the size of the codebase they're working on. Generally people using Python for one-off projects or self-contained tools tend to be pretty happy. People stuck in sprawling enterprise codebases, with O(million) lines of code to wrangle, seem almost universally miserable with the language. What I've observed a lot is that many startups or greenfield projects start with Python to get an MVP out the door as fast as possible. Then as the scope of the software expands they feel increasingly bogged down and trapped in the language. reissbaker on Nov 13, 2020 ... I have used that library on multiple projects for my job. It makes the code run about 50% slower, on average, because all the type checking is done at run-time. I am OK with the slow down because I don't use Python when I need speed. My "developer speed" was greatly improved with stricter types. … If we are being realistic, most of the time 80% of python programs are spend waiting on network. Granted, python is not overly fast, but then most of the time your bottleneck is the developer not the language. > no concurrency Yes, this is a pain. I would really like some non GIL based threading. However its not really been that much of a problem. multiprocessing Queues are useful here, if limited. Failing that, make more processes and use an rpc system. > typing as second-class citizens The annotation is under developed. being reliant on dataclass libraries to enforce typing is a bit poop. > People stuck in sprawling enterprise codebases, with O(million) lines of code to wrangle, seem almost universally miserable with the language. I work with a _massive_ monorepo. Python isn't the problem, its programmer being "clever" or making needless abstractions of abstractions. None of that is python's issues, its egotistical programmer not wanting to read other people's (un documented) code. And not wanting to spend time make other people's code better. … As for processing scalability - Python is OK, but it's considerably hampered by BDFL's own opinions. The result is a few third party libraries that implement parallelism in their own way. That functionality should be integral to the standard library already. The worst part is lack of standard API for data sharing between processes. > packaging Python's packaging issues only start with package management. Setuptools is a wholly mess of a system, that literally gave me headaches for the lack of "expected features". I hate it with every single cell in my body. And then there are systems and libraries, where you literally cannot use docker (Hello PySpark!). … If only for the lack of (strong/static) typing and the relatively underpowered control flow mechanisms (e.g. Python often using exceptions in their stead)... While surely all languages have pain points that show up at scale, Python still has a notable lot of significant ones precisely in this area. >docker, poetry, venv... … Ever wonder why you don't hear endlessly about different ways of doing dependency management in non-Python ecosystems? Because we have tools that actually work, and get on with actually writing programs. It baffles me that Python keeps making new tools and keeps repeating the same mistakes over and over: non-reproducible dependency resolution, excessively tight integration between the language and the build tools, and tools and infrastructure that can't be reused locally. … 1) system packages: almost always out of date for my needs 2) Binary wheels: I actually haven't investigated this much, maybe it will work (and if it does, I'll buy you a drink if we ever meet in person). 3) Building from source: this kinda proves my point about Python having poor dependency management tools if this is a serious response. In general, this would be much further down the rabbit hole than I want to go. … ... Additionally, they are part of a larger application, which is mostly managed by pip, which means that I need both pip and conda which is where things get really, really hairy. I actually blame Google and FB here, as neither of them use standard python dependency management tools, and many of their frameworks bring in the world, thus increasing the risk of breakage. … What I've observed a lot is that many startups or greenfield projects start with Python to get an MVP out the door as fast as possible. Then as the scope of the software expands they feel increasingly bogged down and trapped in the language.

Despite all the innovation, the 2025 survey found a widespread and costly habit: the vast majority of developers are running outdated Python versions. 83% are missing out on the latest updates, with most saying their current version works just fine or that they simply haven’t had time to upgrade. Kennedy points out that this isn’t just about missing a few new features; it’s leaving serious performance gains on the table. An upgrade from Python 3.10, for example, could make code run about 42% faster without a single change.

## Limitations / Watch‑outs **Raw CPU performance**lower than C++/Rust/Go for pure compute‑heavy workloads → mitigate via native extensions, vectorization, parallelism. **Historical concurrency (the GIL)**: limits CPU-bound multi‑threading (I/O is fine). Alternatives: asyncio, multi‑process, native offload. *Free‑threaded*builds are progressing; validate case by case. **Latency & footprint**: cold starts/memory sometimes higher than Go/Node for serverless. **Typing debt**: annotations are optional → enforce mypy/pyright in CI. **Tooling fragmentation**: multiple workflows (pip/Poetry/Hatch/PDM/uv) → standardize at the team level.

You don't like Python's use of IEEE 754 float64 for its "float" type because it's already so slow that you think Python should use a data type which better fits the expectations of primary school math training. Then to demonstrate the timing issue you give an example where you ignore the simplest, fastest, and most accurate Python solution, using a built-in function which would likely be more accurate than what's available in stock Rust. … Pathologically large numerators and denominators make rationals not "just slower" but "a lot slower". > somehow every Python implementation would be compatible It's more of a rough consensus thing than full compatibility. > Python doesn't really care about compatibility Correct, and it causes me pain every years. But do note that historic compatibility is different than cross-implementation compatibility, since there is a strong incentive for other implementations to do a good job of staying CPython compatible. … In my experience it is alright to write short scripts but complexity very quickly balloons and python projects are very often unwieldy. I would write a script in python, but only if I was positive I would never need to run or edit it again. Which is very rarely the case. This is an extraordinarly common feature among scripting languages. In fact, JS is really the odd duck out.

# Typing Is Very Weak Python introduced types in 2015 in Python 3.5. During my assignments I never used them. Mostly because we had the requirement to use Python 2. As I developed more and more features in my project, I forgot exactly which type of parameters or variables I needed and added types. Now, the whole code is fully typed. Still, I have many runtime issues. Coming from a similar experience where JavaScript wasn't typed and TypeScript added type I was surprised to see that typing the code does not provide much defense against bad code. Python's type is mainly a documentation and helps the code editor. … Fortunately, I have several unit tests that mitigate most of the issues. However, the problem with testing was that the tests were failing not because of assertion but because the PyTest tool couldn't run the tests in some situations because of the refactoring of broken dependencies. In other cases, the unit tests would fail before hitting the assertion because a function received a wrong object and properties were missing. Another pitfall with type is asynchronous functions. Missing an `await` generates an exception instead of automatically giving the developer a hint that this does not work. In the end, the problem is that once it works, it works but nothing prevents someone from modifying the return of a function and still having the code looking fine until at runtime it fails. While unit tests might mitigate some issues, there are many scenarios where it continues to be precarious. Going back to the change of the return type, the unit tests of the modified function might fail and will require changes but every place where the code invokes the function is now failing. … # Conclusion Overall, the typing situation looks problematic as a project grows, especially if you have not written a part (or don't remember). The project is only about 7,000 lines of code, and I feel some pain and hesitation when refactoring. With a stronger typing system, moving files from one folder to another would let the code editor manage the reference automatically.

Python remains a powerhouse in 2025, driving AI, web apps, and data science. But as the language evolves, so do the pitfalls. From clinging to legacy code to botching async workflows, even seasoned developers fall into traps that sabotage performance, security, and scalability. In this guide, we’ll expose the **7 deadly sins of Python programming in 2025**—and arm you with battle-tested fixes to write code that’s fast, secure, and maintainable. **Sin #1: Ignoring Type Hints** **Why It’s Harmful:** Unreadable code, missed bugs, and angry teammates. Type hints are now **mandatory** in 2025 enterprise projects. **Fix It:** - Use `mypy`or `pyright`for static analysis. - Add hints for complex functions ``` def process_data(data: list[dict[str, int]]) -> pd.DataFrame: ... ``` **Pro Tip:** Adopt Python 3.12’s new `@override` decorator for clearer OOP. **Sin #2: Clinging to Python 2.x Legacy Code** **Why It’s Harmful:** Python 2’s EOL in 2020 didn’t stop some holdouts. By 2025, unpatched security flaws and compatibility issues will cripple your apps. **Fix It:** - Run `2to3`for basic conversions. - Refactor - Test with `tox`across Python 3.9+ environments. **Case Study:** A startup lost $200k in downtime after a Python 2.7 script failed under Py3.11. **Sin #3: Blocking the Event Loop (Async Abuse)** **Why It’s Harmful:** Async code that blocks (e.g., sync HTTP calls) throttles performance. **Fix It:** - Replace `requests`with `httpx`or `aiohttp`. - Use `anyio`for structured concurrency: … **Sin #4: Dependency Chaos** **Why It’s Harmful:** Global `pip installs` lead to version conflicts and “works on my machine” disasters. **Fix It:** **Poetry:**Manage dependencies and virtual environments. **PDM:**Modern PEP 621-compliant tool. **Dockerize:**Lock OS and Python versions. **Dependency Manager Comparison** |Tool|Best For| |--|--| |Poetry|Apps with strict deps| |PDM|Library developers| |Pipenv|Legacy projects| **Sin #5: Over-Engineering with Patterns** **Why It’s Harmful:** Forcing Abstract Factories into a 100-line script? YAGNI! **Fix It:** - Follow KISS (Keep It Simple, Stupid). - Use `dataclasses`or `pydantic`for data models. - Reserve patterns for complex domains (e.g., fintech transaction systems). **Example:** ``` # Bad: Over-engineered class AbstractReport(ABC): @abstractmethod def generate(self): ... # Good: Simple def generate_report(data: list, format: str) -> str: ... ``` … **Stat:** 60% of Python breaches in 2025 trace to `pickle` misuse (OWASP). **Sin #7: Slow Data Handling with Vanilla Python** **Why It’s Harmful:** Loops and lists can’t compete with NumPy/Polars in 2025’s data-heavy apps. **Fix It:** **Polars:**Process 10M rows in seconds. **DuckDB:**SQL-like queries on DataFrames. **Numba:**Accelerate math-heavy code. **Code Snippet:** ``` # Bad: Slow loop total = 0 for num in data: total += num # Good: Polars df.select(pl.col("values").sum()) ``` **Case Study: How Fixing These Sins Saved a Startup** **Problem:** A healthtech app crashed under 10k users due to sync I/O and untyped code. **Solution:** - Migrated to async with FastAPI. - Added type hints and `mypy`. - Switched from CSV to Polars.