Stack Overflow has released the results of its 2020 survey of nearly 65,000 developers, revealing their favorite and most dreaded programming languages, tools and frameworks. From a news writeup: The survey shows that TypeScript, Microsoft's superset of the widely-used JavaScript programming language, has overtaken Python as the second most beloved programming language behind Rust. This year 86% of respondents say they are keen to use Rust, while 67.1% want to use TypeScript, and 66.7% want to use Python. Stack Overflow attributes TypeScript's rising popularity to Microsoft's embrace of open source software as well as the existence of larger and more complex JavaScript and Node.js codebases.

Rust has been the most loved programming language for five years running, despite few developers having experience with it. This year, just 5.1% developers report having used Rust, compared with the 68% who use JavaScript, which is the most commonly used language. [...] Meanwhile, the top 10 most dreaded programming languages are VBA, Objective-C, Perl, Assembly, C, PHP, Ruby, C++, Java and R.

The report also looks at average salaries of each developer role. In the US, engineering managers attract the highest salary at $152,000 per year, followed by site reliability engineers who earn $140,000 per year. Salaries across the globe for these roles are lower, at $92,000 for an engineering manager and $80,000 for a site reliability engineer. Other high-paying roles with an average salary of at least $115,000 in the US include data scientist and machine learning specialist, DevOps specialist, engineer, back-end developer, embedded application developers, mobile developers, scientist, desktop application developer, and educator.

Security researchers from ReversingLabs say they've discovered 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards. From a report: The malicious packages were uploaded on RubyGems between February 16 and 25 by two accounts -- JimCarrey and PeterGibbons. The 725 libraries, which are listed here in full, have been removed two days later, on February 27, after the ReversingLabs team notified the RubyGems security team. All the Ruby libraries were copies of legitimate libraries, used lookalike names, worked as intended, but also contained additional malicious files. The extra file inserted into each package was named aaa.png. However, ReversingLabs say this file wasn't a PNG image, but instead was a Windows PE executable.

The tech jobs marketplace at Hired.com crunched their data on more than 400,000 interview requests and job offers over the last year to produce their annual "State of Software Engineers" report. Among its surprising insights: software engineers with more than 10 years of experience get 20% fewere interview requests than engineers with 4 to 10 years of experience.

Other insights: Demand for AR/VR talent is up by 1400%, mirroring blockchain's 517% demand growth last year... In large U.S. tech hubs AR/VR engineer salaries range from $135k - $150k... 46% of software engineers rank AR/VR as one of the top 3 technologies they'd like to learn in 2020... If you work in AR/VR, you may want to move to San Francisco, where they pay $150k/year on average.
The next-highest growth in demand came for "gaming engineers" and "computer vision engineers" -- with both positions seeing a 146% increase in demand over 2018. The next-highest demand growth was for "search engineers" (increasing 137%) and for "machine learning engineers" (increasing 89%). Demand for "blockchain engineers" increased by just 9%.

But they also report that demand for frontend and backend engineers "grew steadily by 17%, which shows that all companies -- not just Silicon Valley tech giants -- are evolving into being tech companies..." The worldwide process of digital transformation, while something of a buzzword, reflects a critical truth: every company is now a technology company. Whether the company is Bank of America, Alaska Airlines, Sainsbury's, or Tesla, investment in top software engineering talent isn't a future ambition, it's a matter of survival.
And the #1 most-desired coding skill was Go (for the second year in a row), "garnering an average of 9.2 interview requests for every Go-skilled candidate..." But there may be a larger trend. All told, the number of interview requests across all languages remained nearly constant year-over-year, with only minor fluctuations in average requests, and zero change in how each language ranked against others. This could suggest that supply for these skills has not yet caught up with demand...

According to Robert Half, 67% of IT managers plan to expand their teams in areas such as security, cloud computing and business intelligence, but 89% reported challenges in recruiting that talent. Those challenges in hiring are even greater for roles related to machine learning, artificial intelligence, and blockchain.
Their analysis concludes the most in-demand programming languages are Go, Scala, Ruby, TypeScript, Kotlin, Objective C, JavaScript, Swift, PHP, Java, HTML, and then Python -- though Python, JavaScript, and Java are engineers' favorite coding languages, "largely because of their useful and well-maintained libraries and packages..."

"Ruby, PHP and Objective C are ranked the least favorite (and least fun) languages for software engineers."

An anonymous reader quotes the Verge: In December, online coding bootcamp Lambda School quietly partnered with Edly, a digital marketplace that helps schools sell income-sharing agreements (ISAs) to accredited investors. The arrangement allows Lambda to receive money from the ISAs upfront, rather than waiting for students to find jobs. But it also flies in the face of the values Lambda typically espouses: namely, that ISAs align its incentives with the goals and aspirations of the students...

Lambda's ISAs promise an alternative to traditional student loans by allowing students to defer tuition until they've landed a job that pays $50,000 a year or more. When that happens, they hand over 17 percent of their income until the $30,000 tuition is paid off. If students don't find work within five years of completing the program, the ISA is automatically dissolved. It's a business model that allows Lambda to brag about investing in students — which, in many ways, it still does. The school provides living stipends and even housing to some students who need it. But reselling ISAs muddies the narrative a bit since Lambda can make money long before students find jobs...

Shortly after the arrangement was called out on Twitter, following a report by The Verge about some students' disappointment with the curriculum, Edly began taking down pages that referenced the Lambda partnership. Edly did not immediately respond to a request for comment about why these pages were taken down, and Lambda declined to comment on the nature of the partnership at all.
"I wonder why Lambda isn't so keen on seeing discussions about how students are being packed into the same kind of CDOs that brought us the financial crisis," tweeted David Heinemeier Hansson, the creator of Ruby on Rails, who's been tweeting screenshots of Edly's past statements about their ambitions as well as links to Google's cache of Edly's pitches to investors.

Last year Wired reported that nearly half of Lambda's ISAs had at least partly been sold off to investors. They also note that in January of 2019, Lambda "received $30 million from investors including Google Ventures, Y Combinator, and Ashton Kutcher."

Makers of productivity suite Basecamp have announced Hey, an email product they plan to release this spring. Basecamp founder and CEO, Jason Fried shared the vision for what they are calling a much-improved approach to email in an open letter today on the Hey website: You started getting stuff you didn't want from people you didn't know. You lost control over who could reach you. You were forced to inherit other people's bad communication habits. Then an avalanche of automated emails amplified the clutter. And Gmail, Outlook, Yahoo, Apple, and all the others just let it happen. Now email feels like a chore, rather than a joy. Something you fall behind on. Something you clear out, not cherish. Rather than delight in it, you deal with it. Your relationship with email changed, and you didn't have a say.

So good news, the magic's still there. It's just obscured -- buried under a mess of modern day bad habits and neglect. Some from people, some from machines, a lot from email systems. It deserves a dust off. A renovation. Modernized for the way we email today. With HEY, we've done just that. It's a redo, a rethink, a simplified, potent reintroduction of email. A fresh start, the way it should be. For web, iOS, and Android. HEY is our love letter to email, and we're sending it to you. Over 12,000 people have requested early access to Hey since yesterday, said David Heinemeier Hansson, founder of Basecamp, and creator of Ruby on Rails.

Which programming language saw the biggest jump on TIOBE's index of language popularity over the last year?

Unlike last year -- it's not Python. An anonymous reader quotes TIOBE.com: It is good old language C that wins the award this time with an yearly increase of 2.4%... The major drivers behind this trend are the Internet of Things (IoT) and the vast amount of small intelligent devices that are released nowadays...

Runners up are C# (+2.1%), Python (+1.4%) and Swift (+0.6%)...

Other interesting winners of 2019 are Swift (from #15 to #9) and Ruby (from #18 to #11). Swift is a permanent top 10 player now and Ruby seems [destined] to become one soon.

Some languages that were supposed to break through in 2019 didn't: Rust won only 3 positions (from #33 to #30), Kotlin lost 3 positions (from #31 to #35), Julia lost even 10 positions (from #37 to #47) and TypeScript won just one position (from #49 to #48).
And here's the new top 10 programming languages right now, according to TIOBE's January 2020 index.

• Java
• C
• Python
• C++
• C# (up two positions from January 2019)
• Visual Basic .NET (down one position from January 2019)
• JavaScript (down one position from January 2019)
• PHP
• Swift (up six positions from January 2019)
• SQL (down one position from January 2019)

TechCrunch reports that another employee, engineer Alice Goldfuss, has resigned from GitHub over the company's $200,000 contract with Immigration and Customs Enforcement (ICE). From the report: In a tweet, Goldfuss said GitHub has a number of problems to address and that "ICE is only the latest." Meanwhile, Vice reports at least five staffers quit today. These resignations come the same day as GitHub Universe, the company's big product conference. Ahead of the conference, Tech Workers Coalition protested the event, setting up a cage to represent where ICE detains children.

Last month, GitHub staff engineer Sophie Haskins resigned, stating she was leaving because the company did not cancel its contract with ICE, The Los Angeles Times reported. Last month, GitHub employees penned an open letter urging the company to stop working with ICE. That came following GitHub's announcement of a $500,000 donation to nonprofit organizations in support of "immigrant communities targeted by the current administration." In that announcement, GitHub CEO Nat Friedman said ICE's purchase was made through one of GitHub's reseller partners and said the deal is not "financially material" for the company. Friedman also pointed out that ICE is responsible for more than immigration and detention facilities.

An anonymous reader quotes the BBC: A US financial regulator has opened an investigation into claims Apple's credit card offered different credit limits for men and women. It follows complaints -- including from Apple's co-founder Steve Wozniak -- that algorithms used to set limits might be inherently biased against women.

New York's Department of Financial Services has contacted Goldman Sachs, which runs the Apple Card. Any discrimination, intentional or not, "violates New York law", the Department of Financial Services said. The Bloomberg news agency reported on Saturday that tech entrepreneur David Heinemeier Hansson had complained that the Apple Card gave him 20 times the credit limit that his wife got. In a tweet, Mr Hansson said the disparity was despite his wife having a better credit score. Later, Mr Wozniak, who founded Apple with Steve Jobs, tweeted that the same thing happened to him and his wife despite their having no separate bank accounts or separate assets. Banks and other lenders are increasingly using machine-learning technology to cut costs and boost loan applications. But Mr Hansson, creator of the programming tool Ruby on Rails, said it highlights how algorithms, not just people, can discriminate.
"Apple and Goldman Sachs have both accepted that they have no control over the product they sell," Hansson posted angrily on Twitter. "THE ALGORITHM is in charge now!

"All humans can do is apologize on its behalf, and pray that it has mercy on the next potential victims."

An anonymous reader quotes a report from ZDNet: A software engineer pulled a personal project down after he found out that one of the companies using it had recently signed a contract with the U.S. Immigrations and Customs Enforcement (ICE). The engineer, Seth Vargo, cited the ICE's "inhumane treatment, denial of basic human rights, and detaining children in cages," as the reason for taking down his library. The project was called Chef Sugar, a Ruby library for simplifying work with Chef, a platform for configuration management. Varga developed and open-sourced the library while he worked at Chef, and the library was later integrated into Chef's source code.

Earlier this week, a Twitter user discovered that Chef was selling $95,000-worth of licenses through a government contractor to the ICE. The news didn't go well with Vargo, who, yesterday, September 19, took down the Chef Sugar library from both GitHub and RubyGems, the main Ruby package repository, in a sign of protest. "I have a moral and ethical obligation to prevent my source from being used for evil," Vargo wrote on the now-empty Chef Sugar GitHub repository. Vargo's actions didn't go unnoticed, and in a blog post published later in the day, Chef Software CEO Barry Crist said the incident impacted "production systems for a number of our customers." The Chef team fixed the issue by scouring some of the older Chef Sugar source code and re-uploading it on their own GitHub account. Following public criticism of the contract, Chef Software CEO Barry Crist responded by saying the company had been a long-time ICE collaborator for years, since the previous administration, long before ICE became the hated agency it is today.

"While I understand that many of you and many of our community members would prefer we had no business relationship with DHS-ICE, I have made a principled decision, with the support of the Chef executive team, to work with the institutions of our government, regardless of whether or not we personally agree with their various policies," Crist said.

"I want to be clear that this decision is not about contract value - it is about maintaining a consistent and fair business approach in these volatile times. I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business," Crist added.

"A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators," reports Ars Technica: The compromises of Webmin and the RubyGems libraries are only the latest supply chain attacks to hit open source software. Most people don't think twice about installing software or updates from the official site of a known developer. As developers continue to make software and websites harder to exploit, black hats over the past few years have increasingly exploited this trust to spread malicious wares by poisoning code at its source...

To be fair, closed-source software also falls prey to supply-side attacks -- as evidenced by those that hit computer maker ASUS on two occasions, the malicious update to tax-accounting software M.E.Doc that seeded the NotPetya outbreak of 2017, and another backdoor that infected users of the CCleaner hard drive utility that same year. But the low-hanging fruit for supply chain attacks seems to be open source projects, in part because many don't make multi-factor authentication and code signing mandatory among its large base of contributors.

"The recent discoveries make it clear that these issues are becoming more frequent and that the security ecosystem around package publication and management isn't improving fast enough," Atredis Partners Vice President of Research and Development HD Moore told Ars. "The scary part is that each of these instances likely resulted in even more developer accounts being compromised (through captured passwords, authorization tokens, API keys, and SSH keys). The attackers likely have enough credentials at hand to do this again, repeatedly, until all credentials are reset and appropriate MFA and signing is put in place."

Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people's Ruby projects. ZDNet reports: The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to an analysis by Jan Dintel, a Dutch Ruby developer, the malicious code found in rest-client would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine. "Depending on your set-up this can include credentials of services that you use e.g. database, payment service provider," Dintel said.

The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute malicious commands. A subsequent investigation by the RubyGems staff discovered that this mechanism was being abused to insert cryptocurrency mining code. RubyGems staff also uncovered similar code in 10 other projects. All the libraries, except rest-client, were created by taking another fully functional library, adding the malicious code, and then re-uploading it on RubyGems under a new name. All in all, all the 18 malicious library versions only managed to amass 3,584 downloads before being removed from RubyGems.

An anonymous reader shares a report: Not all programming languages endure forever. In fact, even the most popular ones inevitably crumble away, as new generations of developers embrace other languages and frameworks they find easier to work with. In order to determine which programming languages are likely doomed in the medium- to long-term, we looked at the popularity rankings by TIOBE and RedMonk, as well as Dice's own database of job postings. If your career is based on any of the following languages, we suggest diversifying your skill-set at some point: Ruby, Haskell, Objective-C, R, and Perl.

An anonymous reader quotes The Verge's AI and Robotics reporter: By scanning huge datasets of text, machine learning software can produce convincing samples of everything from short stories to song lyrics. Now, those same techniques are being applied to the world of coding with a new program called Deep TabNine, a "coding autocompleter." Programmers can install it as an add-on in their editor of choice, and when they start writing, it'll suggest how to continue each line, offering small chunks at a time. Think of it as Gmail's Smart Compose feature but for code.

Jacob Jackson, the computer science undergrad at the University of Waterloo who created Deep TabNine, says this sort of software isn't new, but machine learning has hugely improved what it can offer... Earlier this month, he released an updated version that uses a deep learning text-generation algorithm called GPT-2, which was designed by the research lab OpenAI, to improve its abilities. The update has seriously impressed coders, who have called it "amazing," "insane," and "absolutely mind-blowing" on Twitter...

Deep TabNine is trained on 2 million files from coding repository GitHub. It finds patterns in this data and uses them to suggest what's likely to appear next in any given line of code, whether that's a variable name or a function... Most importantly, thanks to the analytical abilities of deep learning, the suggestions Deep TabNine makes are of a high overall quality. And because the software doesn't look at users' own code to make suggestions, it can start helping with projects right from the word go, rather than waiting to get some cues from the code the user writes.
It's not free software. Currently a personal license costs $49 (with a business-use license costing $99), the Verge reports -- but the tool supports the following 22 languages...

Python, JavaScript, Java, C++, C, PHP, Go, C#, Ruby, Objective-C, Rust, Swift, TypeScript, Haskell, OCaml, Scala, Kotlin, Perl, SQL, HTML, CSS, and Bash.

Fedora 30, the newest release of the venerable Linux distribution that serves (in part) as the staging environment for Red Hat Enterprise Linux, was released Tuesday, bringing with it a number of improvements and performance optimizations. From a report: he most exciting aspect, for workstation/desktop users at least, is the update to GNOME 3.32. Of course, that is hardly the only notable update -- the DNF package manager is getting a performance boost, for instance. In other words, this is a significant operating system upgrade that should delight both existing Fedora users and beginners alike. "Fedora 30 brings enhancements to all editions with updates to the common underlying packages, from bug fixes and performance tweaks to new versions. In Fedora 30, base updates include Bash shell 5.0, Fish 3.0, the GNU Compiler Collection (GCC) 9 and Ruby 2.6. Fedora 30 also now uses the zchunk format for data compression within the DNF repository. When metadata is compressed using zchunk DNF will only download the differences between earlier copies of metadata and the current versions, saving on resources and increasing efficiency," says The Fedora Project.

angel'o'sphere shares a report: The annual Stack Overflow survey is one of the most comprehensive snapshots of how programmers work, with this year's poll being taken by almost 90,000 developers across the globe. This year's survey details which languages developers enjoy using, which are associated with the best paid jobs, which are most commonly used, as well as developers' preferred frameworks, databases, and integrated development environments.

Python's versatility continues to fuel its rise through Stack Overflow's rankings for the "most popular" languages, which lists the languages most widely used by developers. This year's survey finds Python to be the fastest-growing major programming language, with Python edging out Android and enterprise workhorse Java to become the fourth most commonly used language. [...] More importantly for developers, this popularity overlaps with demand for the language, with Julia Silge, data scientist at Stack Overflow, saying that jobs data gathered by Stack Overflow also shows Python to be one of the most in-demand languages sought by employers.

[...] Rust may not have as many users as Python or JavaScript but it has earned a lot of affection from those who use it. For the fourth year running, the language tops Stack Overflow's list of "most-loved" languages, which means the proportion of Rust developers who want to continue working with it is larger than that of any other language.[...] Go stands out as a language that is well paid, while also being sought after and where developers report high levels of job satisfaction. Full report here.

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:

• C (47%)
• PHP (17%)
• Java (11%)
• JavaScript (10%)
• Python (5%)
• C++ (5%)
• Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.

A recent TechCrunch article claimed to have identified the best indicator of programming language popularity: GitHub's annual "State of the Octoverse" reports. So Austin-based technology reporter Mike Melanson explored the new verdict in GitHub's 2018 report: It felt to me like the overarching theme of the numbers was one of quiet stasis for the year past, at least when it comes to those languages deemed the cream of the crop. One of the first graphics offered in the post shows the top languages according to the number of repositories created and we see that everything seems to be flowing along, just as it has for the last decade. While GitHub points to a "steady uptick" for JavaScript after 2011, it looks like this list of languages hasn't changed much over time. [The graphic shows the four most popular languages -- every year since early 2014 -- have been JavaScript, Java, Python, and PHP.]

When we look at the top languages according to the number of contributors, we see a similar story, with the top four languages mirrored. In this chart, of course, we see that Ruby is on a steady decline, while Typescript is on a steady rise. The only surprise to be seen here is that C, after a brief uptick in popularity, has taken a bit of a nosedive over the past year. Either way, seven of 10 languages have the same exact ranking....

Finally, beyond the language rankings themselves, GitHub offers a wonderful analysis of just what it is that makes a particular language popular in 2018, boiling it down to three key characteristics: thread safety, interoperability, and being open source.
GitHub's report also identifies its fastest growing languages over the last year -- including Kotin, TypeScript, Rust, Python, and Go. "This year, TypeScript shot up to #7 among top languages used on the platform overall, after making its way in the top 10 for the first time last year," the report notes.

"TypeScript is now in the top 10 most used languages across all regions GitHub contributors come from -- and across private, public, and open source repositories."

GitHub saw more than 67 million pull requests this year -- more than a third of GitHub's "lifetime" total of 200 million pull requests since its launch in 2008. It now hosts 96 million repositories, and has over 31 million contributors -- including 8 million who just joined within the last 12 months.

These are among the facts released in GitHub's annual "State of the Octoverse" report -- a surprising number of which involve Microsoft.

• GitHub's top project this year, by contributor count, was Microsoft's Visual Studio Code (with 19,000 contributors), followed by Facebook's React Native (10,000), TensorFlow (9,300) and Angular CLI (8,800) -- as well as Angular (7,600) -- and the open source documentation for Microsoft Azure (7,800).

• Microsoft now has more employees contributing to open source projects than any other company or organization (7,700 employees), followed by Google (5,500), Red Hat (3,300), U.C. Berkeley (2,700), and Intel (2,200).

• The open source documentation for Microsoft Azure is GitHub's fastest-growing open source project, followed by PyTorch (an open source machine learning library for Python).

• Among the "Cool new open source projects" is an Electron app running Windows 95.

But more than 2.1 million organizations are now using GitHub (including public and private repositories) -- which is 40% more than last year -- and the report offers a fun glimpse into the minutiae of life in the coding community.

Read on for more details.

An anonymous reader writes: The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for .NET and PHP applications as well. Researchers published proof-of-concept code this week showing how to exploit serialization/deserialization operations supported by the built-in features of the Ruby programming language itself.

"Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated."

The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.

Julia, the MIT-created programming language for developers "who want it all", hit its milestone 1.0 release this month -- with MIT highlighting its rapid adoption in the six short years since its launch. From a report: Released in 2012, Julia is designed to combine the speed of C with the usability of Python, the dynamism of Ruby, the mathematical prowess of MatLab, and the statistical chops of R. "The release of Julia 1.0 signals that Julia is now ready to change the technical world by combining the high-level productivity and ease of use of Python and R with the lightning-fast speed of C++," says MIT professor Alan Edelman. The breadth of Julia's capabilities and ability to spread workloads across hundreds of thousands of processing cores have led to its use for everything from machine learning to large-scale supercomputer simulation. MIT says Julia is the only high-level dynamic programming language in the "petaflop club," having been used to simulate 188 million stars, galaxies, and other astronomical objects on Cori, the world's 10th-most powerful supercomputer. The simulation ran in just 14.6 minutes, using 650,000 Intel Knights Landing Xeon Phi cores to handle 1.5 petaflops (quadrillion floating-point operations per second).