The Oracle JDK "is available free of charge for production use again," reports InfoQ, under a new "Oracle No-Fee Terms and Conditions" license.

The move, announced in mid-September, "reverses a 2018 decision to charge for Oracle JDK production use and does not affect Oracle's OpenJDK distribution," they write, noting that the new license "applies to the recently released version 17 of Oracle JDK and future versions." Donald Smith, Senior Director of Product Management at Oracle, explained the reason for this decision in a recent blog post, writing:

"Providing Oracle OpenJDK builds under the GPL was highly welcomed, but feedback from developers, academia, and enterprises was that they wanted the trusted, rock-solid Oracle JDK under an unambiguously free terms license, too. Oracle appreciates the feedback from the developer ecosystem and are pleased to announce that as of Java 17 we are delivering on exactly that request."

Smith explicitly stated that the No-Fee Terms and Conditions license "includes commercial and production use" [although the license does not seem to highlight this fact] and stated that "redistribution is permitted as long as it is not for a fee."

"Bringing VS Code to the browser is the realization of the original vision for the product," Microsoft said in a blog post. "It is also the start of a completely new one. An ephemeral editor that is available to anyone with a browser and an internet connection is the foundation for a future where we can truly edit anything from anywhere."

Or, as Mike Melanson describes it in his "This Week in Programming" column, "Microsoft continued its march toward developer dominance this week with the launch of Visual Studio Code for the Web, a lightweight version of the company's highly popular (mostly) open source code editor..." Now, before you go getting too excited, VS Code for the Web isn't really a fully-functional version of VS Code running in the browser, as it has no backend to back it up, which means its primary purpose is for client-side HTML, JavaScript, and CSS applications... VS Code for the Web is able to provide syntax colorization, text-based completions and other such features for popular languages such as C/C++, C#, Java, PHP, Rust, and Go, while TypeScript, JavaScript, and Python are "all powered by language services that run natively in the browser" and therefore provide a "better" experience, while those aforementioned Web languages, such as JSON, HTML, CSS, and LESS, will provide the best experience. Extensions, meanwhile — which are among the top reasons for using VS Code — generally work for user interface customizations (and can be synced with your other environments), but, again, not so much for those back-end features.

Caveats aside, VS Code for the Web does, indeed, offer a lightweight, available-anywhere code editor for things like your tablet, your Chromebook, and heck, even your XBOX...

While companies like Amazon and Google seem to be sitting idly by in this arena, Microsoft is not the only company focused on providing remote developer experiences. The Eclipse Foundation, for example, last year offered what it said was "a true open source alternative to Visual Studio Code" with Eclipse Theia, and Eclipse Foundation executive director Mike Milinkovich said he expects this to be just the beginning. "We have been saying for years that the future of developer tools is the browser. Developers already use their browsers for the vast majority of their day-to-day tasks, with code editing being amongst the last to move," Milinkovich wrote in an email. "Microsoft's recent vscode.dev announcement is a recognition of this trend. I expect that every serious cloud vendor will be following suit over the next few quarters."

GitPod, meanwhile, has been hard at work in this very same arena, with its own launch just last month of the open source OpenVSCode Server, which also lets developers run upstream Visual Studio Code in the browser.
Gitpod co-founder Johannes Landgraf calls it "yet another validation that we reached a tipping point of how and where we develop software" — but also more. "Think orchestration and provisioning of compute, operating system, language servers and all other tools you require for professional software development in the cloud."

Melanson's column also argues VS Code for the Web is meant to entice geeks further into the Microsoft development universe. "The next thing you know, you've spent $100 on other things...like GitHub Codespaces, which is, after all, pretty much the same exact thing, except it provides all those back-end services and, more importantly for Microsoft, is not free to use. And more important still, once you've got all those developers fully hooked on VS Code, Codespaces, GitHub, and the rest of it, Azure isn't too far down the line now, is it?"

Akamai researchers have analyzed 10,000 JavaScript samples including malware droppers, phishing pages, scamming tools, Magecart snippets, cryptominers, etc. At least 26% of them use some form of obfuscation to evade detection, indicating an uptick in the adoption of this basic yet effective technique. BleepingComputer reports: Obfuscation is when easy-to-understand source code is converted into a hard to understand and confusing code that still operates as intended. Threat actors commonly use obfuscation to make it harder to analyze malicious scripts and to bypass security software. Obfuscation can be achieved through various means like the injection of unused code into a script, the splitting and concatenating of the code (breaking it into unconnected chunks), or the use of hexadecimal patterns and tricky overlaps with function and variable naming.

But not all obfuscation is malicious or tricky. As the report explains, about 0.5% of the 20,000 top-ranking websites on the web (according to Alexa), also use obfuscation techniques. As such, detecting malicious code based on the fact that is obfuscated isn't enough on its own, and further correlation with malicious functionality needs to be made. This mixing with legitimate deployment is precisely what makes the detection of risky code challenging, and the reason why obfuscation is becoming so widespread in the threat landscape.

ZDNet reports: "Python 3.10.0 is the newest major release of the Python programming language, and it contains many new features and optimizations," CPython maintainers announced in a blogpost...

One of the headline features is "structural pattern matching" in Python 3.10 -- a technique for handling data that's already available in C, Java, JavaScript, Scala and Elixir. "Structural pattern matching has been added in the form of a match statement and case statements of patterns with associated actions. Patterns consist of sequences, mappings, primitive data types as well as class instances. Pattern matching enables programs to extract information from complex data types, branch on the structure of data, and apply specific actions based on different forms of data," the project explains in release 3.10 notes. "While structural pattern matching can be used in its simplest form comparing a variable to a literal in a case statement, its true value for Python lies in its handling of the subject's type and shape," it adds.

Python core contributors presented the update in a meeting this week. Pablo Galindo Salgado, a physicist and core Python contributor, explained how the project is using Microsoft's GitHub Actions DevOps (CI/CD) tools to test Python changes on Windows, Linux and macOS systems. "When you merge something to Python, there is a CI in GitHub Actions, and we have other providers, although we are mainly using GitHub Actions now. It tests your commits on every single commit on Linux, Windows, and macOS," said Salgado.
Besides better error messages (including more precise and reliable line numbers for debugging), other changes to the language include overloading the pipe operator to allow a new syntax for writing union types, and type aliases (a kind of user-specified type, offering a way to explicitly declare an assignment as a type alias).

ZDNet reports that Python "is now the most popular language, according to one popularity ranking."

"For the first time in more than 20 years we have a new leader of the pack..." the TIOBE Index announced this month. "The long-standing hegemony of Java and C is over."

When Slashdot reached out to Guido van Rossum for a comment, he replied "I honestly don't know what the appropriate response is...! I am honored, and I want to thank the entire Python community for making Python so successful."

ZDNet reports: [I]t seems that Python is winning these days, in part because of the rise of data science and its ecosystem of machine-learning software libraries like NumPy, Pandas, Google's TensorFlow, and Facebook's PyTorch. Python is also an easy-to-learn language that has found a niche in high-end hardware, although less so mobile devices and the web — an issue that Python creator Guido van Rossum hopes to address through performance upgrades he's working on at Microsoft.

Tiobe, a Dutch software quality assurance company, has been tracking the popularity of programming languages for the past 20 years. Its rankings are based on search terms related to programming and is one measure of languages that developers should consider learning, along with IEEE Spectrum's list and a ranking produced by developer analyst RedMonk. JavaScript, the default for front-end web development, is always at the top of RedMonk's list. For Tiobe, its enterprise focus, has seen Java and C dominate in recent years, but Python has been snapping at the heels of Java, and has now overtaken it...

Python's move to top spot on the Tiobe index was a result of other languages falling in searches rather than Python rising. With an 11.27% share of searches, it was flat, while second place language C fell 5.79% percentage points compared to October last year down to 11.16%. Java made way for Python with a 2.11 percentage point drop to 10.46%.

Other languages that made the top 10 in Tiobe's October 2021 index: C++, C#, Visual Basic, JavaScript,. SQL, PHP, and Assemblyy Language. Also rising on a year-on-year basis and in the top 20 were Google-designed Go, number-crunching favorite MATLAB, and Fortran.
"Python, which started as a simple scripting language, as an alternative to Perl, has become mature," TIOBE says in announcing its new rankings.

"Its ease of learning, its huge amount of libraries, and its widespread use in all kinds of domains, has made it the most popular programming language of today. Congratulations Guido van Rossum!"

Oracle's Java magazine takes a look at some current JDK Enhancement Proposals, "the vehicle of long standing for updating the Java language and the JVM." Today, concurrency in Java is delivered via nonlightweight threads, which are, for all intents, wrappers around operating-system threads... Project Loom aims to deliver a lighter version of threads, called virtual threads. In the planned implementation, a virtual thread is programmed just as a thread normally would be, but you specify at thread creation that it's virtual. A virtual thread is multiplexed with other virtual threads by the JVM onto operating system threads. This is similar in concept to Java's green threads in its early releases and to fibers in other languages... Because the JVM has knowledge of what your task is doing, it can optimize the scheduling. It will move your virtual thread (that is, the task) off the OS thread when it's idle or waiting and intelligently move some other virtual thread onto the OS thread. When implemented correctly, this allows many lightweight threads to share a single OS thread. The benefit is that the JVM, rather than the OS, schedules your task. This difference enables application-aware magic to occur behind the curtains...

Project Valhalla aims to improve performance as it relates to access to data items... by introducing value types, which are a new form of data type that is programmed like objects but accessed like primitives. Specifically, value types are data aggregates that contain only data (no state) and are not mutable. By this means, [value types] can be stored as a single array with only a single header field for the entire array and direct access to the individual fields...

Project Panama simplifies the process of connecting Java programs to non-Java components. In particular, Panama aims to enable straightforward communication between Java applications and C-based libraries...

Several Amber subprojects are still in progress.

Sealed classes, which have been previewed in the last few Java releases and are scheduled to be finalized in Java 17. Sealed classes (and interfaces) can limit which other classes or interfaces can extend or implement them...

Pattern matching in switches is a feature that will be previewed in Java 17...
The article concludes that Java's past and current projects "testify to how much Java has evolved and how actively the language and runtime continue to evolve."

"According to one measure, Python is potentially on the verge of becoming the most popular computer programming language," reports ZDNet, joining C and Java as the only other two languages to attain the #1 spot.

Of course, it depends on who's making the list... Python has been snapping at the heels of Java and C for the past few years on the 20-year-old Tiobe index and recently knocked Java off the second spot to rival C. Tiobe, a software testing company, bases its rankings on searches for programming languages on popular websites and search engines.

The Tiobe index is updated monthly, and it doesn't align with other language popularity rankings. For example, the electrical engineering magazine IEEE Spectrum has ranked Python as the most popular language since at least 2020, followed by Java, C, and JavaScript, while developer analyst RedMonk has JavaScript in top place, followed by Python and Java, and places C at tenth...

"Python has never been so close to the number 1 position of the TIOBE index," writes Paul Jansen, chief of Tiobe software. "It only needs to bridge 0.16% to surpass C. This might happen any time now..."

Python is hugely popular because of machine learning, but it has no place in mobile app development or web applications or development on mobile devices. It's also slow. Python's creator, Guido van Rossum, who works at Microsoft, recently conceded Python consumes too much memory and energy from hardware. He's working to improve Python's performance and reckons double is feasible...

Tiobe's top 10 programming languages in September 2021 were C, Python, Java, C++, C#, Visual Basic, JavaScript, Assembly language, PHP, and SQL. The top 20 languages also included Classic Visual Basic, Groovy, Ruby, Go, Swift, MATLAB, Fortran, R, Perl, and Delphi. Fortran's re-emergence as a top 20 language is notable. Just in July 2020, Tiobe ranked it as the 50th most popular language. But earlier this year, Fortran shot up to the 20th spot in Tiobe's index.
Paul Jansen, chief of Tiobe software, also called out some other interesting moves in this month's calculation. "Assembly gained 1 position from #9 to #8, Ruby gained 2 positions from #15 to #13, and Go went up even 4 positions from #18 to #14."

A new generation of detectors let scientists identify a dozen large episodes of bioluminescence, one a hundred times larger than Manhattan -- and that's the smallest. From a report: The ocean has always glowed. The Greeks and Romans knew of luminous sea creatures as well as the more general phenomenon of seawater that can light up in bluish-green colors. Charles Darwin, as he sailed near South America on a dark night aboard the H.M.S. Beagle, encountered luminescent waves. He called it "a wonderful and most beautiful spectacle." As far as the eye could see, he added, "the crest of every wave was bright" -- so much so that the "livid flames" lit the sky. Now, scientists report that ocean bioluminescence can be so intense and massive in scale that satellites orbiting five hundred miles high can see glowing mats of microorganisms as they materialize in the seas. Last month in the journal Scientific Reports, eight investigators told of finding a luminous patch south of Java in 2019 that grew to be larger than the combined areas of Vermont, New Hampshire, Massachusetts, Rhode Island and Connecticut.

"It was an epiphany," said Steven D. Miller, lead author on the bioluminescence study and a specialist in satellite observations at Colorado State University. When a hidden wonder of nature comes to light, he added, "it captures your imagination." The scientists said the close examination of images gathered between December 2012 and March 2021 from a pair of satellites let them identify a dozen extremely large events -- approximately one every eight months. Even the smallest was a hundred times larger than Manhattan. The imagery is opening a new window on the world's oceans, scientists say, and promises to aid the tracking and study of the glowing seas, whose origins are poorly understood. Kenneth H. Nealson, a pioneer of bioluminescence research at the University of Southern California, called the discovery "a big step toward being able to understand" how an enduring mystery of the sea "actually comes to be."

"The programming language Java's popularity has been slowly declining in some programming language index rankings, but it's popped back into the second spot in RedMonk's latest chart," reports ZDNet: Javascript still rules in RedMonk's Q3 2021 language popularity rankings, which have been updated twice a year since 2010.

Python overtook Java for the second spot in RedMonk's Q2 2020 ranking, and Java has remained there in Python's shadow ever since, but now it has jumped one spot to second — a place it once again shares with Python. As RedMonk analyst Stephen O'Grady notes, Java's consistent third placing over the past year was "prompting questions from observers as to whether it was fated to a gradual drift down these rankings".

Tiobe's CEO Paul Jensen last September said Java was in "real trouble" because of a notable decline in its share of queries for programming languages on major search engines. But now, according to RedMonk, Java has 'surged' back. "This would be less of a surprise but for many of the language's competitors — and, it should be said, the odd industry analyst or two — writing regularly recurring epitaphs for the stalwart of enterprise infrastructure," said O'Grady.
The article also reports that Google's Dart programming language "made its debut in RedMonk's top 20 this month and displaced Perl."

"Almost half of the packages in the official Python Package Index (PyPI) repository have at least one security issue," reports TechRadar, citing a new analysis by Finnish researchers, which even found five packages with more than a thousand issues each... The researchers used static analysis to uncover the security issues in the open source packages, which they reason end up tainting software that use them. In total the research scanned through 197,000 packages and found more than 749,000 security issues in all... Explaining their methodology the researchers note that despite the inherent limitations of static analysis, they still found at least one security issue in about 46% of the packages in the repository. The paper reveals that of the issues identified, the maximum (442,373) are of low severity, while 227,426 are moderate severity issues. However, 11% of the flagged PyPI packages have 80,065 high severity issues.
The Register supplies some context: Other surveys of this sort have come to similar conclusions about software package ecosystems. Last September, a group of IEEE researchers analyzed 6,673 actively used Node.js apps and found about 68 per cent depended on at least one vulnerable package... The situation is similar with package registries like Maven (for Java), NuGet (for .NET), RubyGems (for Ruby), CPAN (for Perl), and CRAN (for R). In a phone interview, Ee W. Durbin III, director of infrastructure at the Python Software Foundation, told The Register, "Things like this tend not to be very surprising. One of the most overlooked or misunderstood parts of PyPI as a service is that it's intended to be freely accessible, freely available, and freely usable. Because of that we don't make any guarantees about the things that are available there..."

Durbin welcomed the work of the Finnish researchers because it makes people more aware of issues that are common among open package management systems and because it benefits the overall health of the Python community. "It's not something we ignore but it's also not something we historically have had the resources to take on," said Durbin. That may be less of an issue going forward. According to Durbin, there's been significantly more interest over the past year in supply chain security and what companies can do to improve the situation. For the Python community, that's translated into an effort to create a package vulnerability reporting API and the Python Advisory Database, a community-run repository of PyPI security advisories that's linked to the Google-spearheaded Open Vulnerability Database.

An anonymous reader quotes a report from Ars Technica: Google's reputation for aggressively killing products and services is hurting the company's brand. Any new product launch from Google is no longer a reason for optimism; instead, the company is met with questions about when the product will be shut down. It's a problem entirely of Google's own making, and it's yet another barrier that discourages customers from investing (either time, money, or data) in the latest Google thing. The wide public skepticism of Google Stadia is a great example of the problem. A Google division with similar issues is Google Cloud Platform, which asks companies and developers to build a product or service powered by Google's cloud infrastructure. Like the rest of Google, Cloud Platform has a reputation for instability, thanks to quickly deprecating APIs, which require any project hosted on Google's platform to be continuously updated to keep up with the latest changes. Google Cloud wants to address this issue, though, with a new "Enterprise API" designation.

Enterprise APIs basically get a roadmap that promises stability for certain APIs. Google says, "The burden is on us: Our working principle is that no feature may be removed (or changed in a way that is not backwards compatible) for as long as customers are actively using it. If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible." If Google needs to change an API, customers will now get a minimum of one year's notice, along with tools, documentation, and other materials. Google goes on to say, "To make sure we follow these tenets, any change we introduce to an API is reviewed by a centralized board of product and engineering leads and follows a rigorous product lifecycle evaluation."

Despite being one of the world's largest Internet companies and basically defining what modern cloud infrastructure looks like, Google isn't doing very well in the cloud infrastructure market. Analyst firm Canalys puts Google in a distant third, with 7 percent market share, behind Microsoft Azure (19 percent) and market leader Amazon Web Services (32 percent). Rumor has it (according to a report from The Information) that Google Cloud Platform is facing a 2023 deadline to beat AWS and Microsoft, or it will risk losing funding. Ex-Googler Steve Yegge laid out the problems with Google Cloud Platform last year in a post titled "Dear Google Cloud: Your Deprecation Policy is Killing You." Google's announcement seems to hit most of what that post highlights, like a lack of documentation and support, an endless treadmill of API upgrades, and Google Cloud's general disregard for backward compatibility. Yegge argues that successful platforms like Windows, Java, and Android (a group Yegge says is isolated from the larger Google culture) owe much of their success to their commitment to platform stability. AWS is the market leader partly because it's considered a lot more stable than Google Cloud Platform.

SD Times takes another look at the uptake of Java 11 Previous reports of the Java community found that developers were still mainly using Java 8 and didn't adopt newer versions, but according to Snyk's JVM Ecosystem Report 2021, that is starting to change. This year, 61.5% of respondents are using Java 11 somewhere in production, and almost 12% are using the latest release, which was Java 15 during the survey. "This is huge, because it shows that developers do upgrade their Java version beyond Java 8 to some extent. The mantra that most Java developers are comfortable staying on Java 8 seems to be slowly breaking apart," Snyk stated in the report.

However, half of the Java 11 users — which is currently the most used version — still use Java 8 in their production stack...

In addition, almost half of developers (44%) use the free AdoptOpenJDK distribution in production as one of their JDKs and 48% use it in development.
"Other findings are that Java is still by far the most popular language by a long shot and Snyk stated it will probably remain that way in the foreseeable future and that JetBrains IntellIJ IDEA still remains dominant as an IDE in the Java ecosystem."

The TIOBE index of programming language popularity celebrates 20 years of continuous publishing this month. Started as a hobbyist project back in 2001, the site estimates each programming language's popularity by counting search engine results for the phrase <language> programming (indirectly counting each listing for developers, courses, and third-party vendors).

When it was started 20 years ago, the top languages were Java, C, and C++.

20 years later, the top languages are now C, Java, Python, and C++

And "The difference between position 1 and position 3 is only 0.67%." This means that the next few months will be exciting. What language is going to win this battle? Python seems to have the best chances to become number 1, thanks to its market leadership in the booming field of data mining and artificial intelligence.
ZDNet also noted the trends: Searches for C were down 4.83 percentage points compared to last July. Java searches were down 3.93% over the period, while Python gained 1.86%.

The top 10 languages behind C, Java and Python are C++, C#, Visual Basic, Javascript, PHP, Assembly Language, and SQL.
But they also have this to say about TIOBE's calculations: It's a different methodology to developer analyst RedMonk, which looks at language usage on software projects hosted on GitHub and discussions on the developer Q&A site, Stack Overflow.

RedMonk's Q1 2021 rankings place JavaScript in top place, followed by Python and Java.

Other interesting moves this month:

• C++ gained more than 0.5% getting closer to the top 3
• Rust rose from #30 to #27
• Go rose from #20 to #13
• TypeScript rose from #45 to #37
• Haskellrose rose from #49 to #39

An anonymous reader quotes a report from The Guardian: From espresso to instant, coffee is part of the daily routine for millions. Now research suggests the brew could be linked to a lower chance of developing or dying from chronic liver disease. Chronic liver disease is a major health problem around the world. According to the British Liver Trust, liver disease is the third leading cause of premature death in the UK, with deaths having risen 400% since 1970. Writing in the journal BMC Public Health, Roderick and colleagues report how they analyzed data from 494,585 participants in the UK Biobank -- a project designed to help unpick the genetic and environmental factors associated with particular conditions. All participants were aged 40 to 69 when they signed up to the project, with 384,818 saying they were coffee drinkers at the outset compared with 109,767 who did not consume the beverage.

The team looked at the liver health of the participants over a median period of almost 11 years, finding 3,600 cases of chronic liver disease, with 301 deaths, and 1,839 cases of simple fatty liver disease. The analysis revealed that after taking into account factors such as body mass index, alcohol consumption, and smoking status, those who drank any amount of coffee, and of any sort, had a 20% lower risk of developing chronic liver disease or fatty liver disease (taken together) than those who did not consume the brew. The coffee drinkers also had a 49% lower risk of dying from chronic liver disease. The team said the magnitude of the effect increased with the amount of coffee consumed, up to about three to four cups a day, "beyond which further increases in consumption provided no additional benefit." A reduction in risk was also found when instant, decaffeinated and ground coffee were considered separately -- although the latter linked to the largest effect.

"Microsoft has announced general availability of the Microsoft Build of OpenJDK, the open-source version of the Java development kit," reports ZDNet: The release follows the April preview of the Microsoft Build of OpenJDK, a long-term support distribution of OpenJDK... Microsoft announced general availability for the Microsoft Build of OpenJDK at its Build 2021 conference for developers.

Microsoft is a major user of Java in Azure, SQL Server, Yammer, Minecraft, and LinkedIn, but it's only been supporting Java in Visual Studio Code tooling for the past five years. "We've deployed our own version of OpenJDK on hundreds of thousands of virtual machines inside Microsoft and LinkedIn," Julia Liuson, corporate vice president of Microsoft's developer division, told ZDNet. "Across the board Microsoft has over 500,000 VMs running Java at Microsoft. We're also providing that to customers as well for Azure...."

"We believe Microsoft is uniquely positioned to be a partner in the language community. We can do a lot of direct contribution to the JDK community and we do world-class tooling, which is VS Code." Microsoft's contributions to OpenJDK — an open-source JDK for the most popular Linux distributions — includes work on the garbage collector and writing capabilities for the Java runtime.

The Microsoft Build of OpenJDK is available for free to deploy in qualifying Azure support plans. It includes binaries for Java 11 based on OpenJDK 11.0.11, on x64 server, and desktop environments on macOS, Linux and Windows, according to Microsoft...
Its download page at Microsoft.com touts it as "Free. Open Source. Freshly Brewed!"

And they describe it as "a new no-cost long-term supported distribution and Microsoft's new way to collaborate and contribute to the Java ecosystem."

Python's creator Guido van Rossum shared his opinions on other programming languages during a new hour-long interview with Microsoft's principle cloud advocate manager. Some of the highlights:

• Rust: "It sounds like it's a great language — for certain things. Rust really improves on C++ in one particular area — it makes it much harder to bypass the checks in the compiler. And of course it solves the memory allocation problem in a near perfect way... if you wrote the same thing in C++, you could not be as sure, as compared to Rust, that you've gotten all your memory allocation and memory management stuff right. So Rust is an interesting language."

• Go and Julia: "I still think that Go is a very interesting language too. Of all the new languages, Go is probably the most Python-ic — or at least the general-purpose new languages. There's also Julia, which is sort of an interesting sort of take on something Python-like. It has enough details that look very similar to Python that then when you realize, 'Oh, but all the indexing is one-based and ranges are inclusive instead of exclusive,' you think, 'Argh!' Nobody should ever try to code in Julia and in Python on the same day.
  
  "My understanding is that Julia is sort of much more of a niche language, and if you're in that niche, it is superior because the compiler optimizes your code for you in a way that Python probably never will. On the other hand, it is much more limited in other areas, and I wouldn't expect that anybody ever is going to write a web server in Julia and get a lot of mileage out of it. And I'm sure in five minutes that will be on Hacker News with a counterexample."

• TypeScript: "TypeScript is a great language. You might have noticed that in the past six or seven years, we've been adding optional static typing to Python, also known as gradual typing. I wasn't actually aware of TypeScript when we started that project, so I can't say that we were inspired by TypeScript initially. TypeScript, because it sort of jumped on the JavaScript bandwagon — and because Anders is a really smart guy — TypeScript did a few things that Python is still waiting to figure out. So nowadays, we definitely look at TypeScript for examples. We have a typing SIG where we discuss extensions of the typing syntax and semantics and the type system in general for Python, and we definitely sometimes propose new features because we know that certain features were also originally initially lacking in TypeScript, and then added to TypeScript based on user demand, and [became] very successful in TypeScript. And so now we can see we are in that same situation.
  
  "Because JavaScript and Python are relatively similar... Much more so than Python and say C++ or Rust or Java. So we are learning from TypeScript, and occasionally, from my conversations with Anders, it sounds like TypeScript is also learning from Python, just like JavaScript has learned from Python in a few areas."

The Microsoft security team has published details about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack. From a report: According to the Microsoft Security Intelligence team, the campaign is currently leveraging a mass-spam distribution vector to bombard users with emails containing malicious PDF file attachments. "Attackers used compromised email accounts to launch the email campaign," Microsoft said in a series of tweets last night. "The emails contained an image that posed as a PDF attachment but, when opened, connected to a malicious domain to download the STRRAT malware." First spotted in June 2020, STRRAT is a remote access trojan (RAT) coded in Java that can act as a backdoor on infected hosts. According to a technical analysis by German security firm G DATA, the RAT has a broad spectrum of features that vary from the ability to steal credentials to the ability to tamper with local files.

IBM announced during its Think 2021 conference on Monday that its researchers have crafted a Rosetta Stone for programming code. Engadget reports: In effect, we've taught computers how to speak human, so why not also teach computers to speak more computer? That's what IBM's Project CodeNet seeks to accomplish. "We need our ImageNet, which can snowball the innovation and can unleash this innovation in algorithms," [Ruchir Puri, IBM Fellow and Chief Scientist at IBM Research, said during his Think 2021 presentation]. CodeNet is essentially the ImageNet of computers. It's an expansive dataset designed to teach AI/ML systems how to translate code and consists of some 14 million snippets and 500 million lines spread across more than 55 legacy and active languages -- from COBOL and FORTRAN to Java, C++, and Python.

"Since the data set itself contains 50 different languages, it can actually enable algorithms for many pairwise combinations," Puri explained. "Having said that, there has been work done in human language areas, like neural machine translation which, rather than doing pairwise, actually becomes more language-independent and can derive an intermediate abstraction through which it translates into many different languages." In short, the dataset is constructed in a manner that enables bidirectional translation. That is, you can take some legacy COBOL code -- which, terrifyingly, still constitutes a significant amount of this country's banking and federal government infrastructure -- and translate it into Java as easily as you could take a snippet of Java and regress it back into COBOL.

CodeNet can be used for functions like code search and clone detection, in addition to its intended translational duties and serving as a benchmark dataset. Also, each sample is labeled with its CPU run time and memory footprint, allowing researchers to run regression studies and potentially develop automated code correction systems. Project CodeNet consists of more than 14 million code samples along with 4000-plus coding problems collected and curated from decades' of programming challenges and competitions across the globe. "The way the data set actually came about," Puri said, "there are many kinds of programming competitions and all kinds of problems -- some of them more businesslike, some of them more academic. These are the languages that have been used over the last decade and a half in many of these competitions with 1000s of students or competitors submitting solutions." Additionally, users can run individual code samples "to extract metadata and verify outputs from generative AI models for correctness," according to an IBM press release. "This will enable researchers to program intent equivalence when translating one programming language into another." [...] IBM intends to release the CodeNet data to the public domain, allowing researchers worldwide equal and free access.

Analyst firm SlashData surveyed over 19,000 respondents from 155 countries for its "State of the Developer Nation" survey — and now estimates that there's 24.3 million active developers worldwide.

TechRadar reports: The report pegs JavaScript as the most popular language that, together with variants including TypeScript and CoffeeScript, is used by almost 14 million developers around the world. Based on SlashData's observations over the past several years, more than 4.5 million JavaScript developers have joined the ranks between Q4 2017 and Q1 2021. This is the highest growth in terms of absolute numbers across all programming languages...

Next up is Python with just over 10 million users, followed by Java with 9.4 million, and C/C++ with 7.3 million. The report notes that Python added 1.6 million new developers in the past year, recording a growth rate of 20%.
From ZDNet: SlashData estimates the next three largest developer communities are using C/C++ (7.3 million), Microsoft's C# (6.5 million), and PHP (6.3 million). Other large groups of developers are fans of Kotlin, Swift, Go, Ruby, Objective C, Rust and Lua...

SlashData, however, notes that Rust and Lua were the two fastest growing programming language communities in the past 12 months, albeit from a lower base than Python.
And Visual Studio magazine couldn't resist emphasizing that C# "has ticked up a notch in popularity, overtaking PHP for No. 5 on that ranking..." "C# lost three places in the rankings of language communities between Q3 2019 and Q3 2020, but it regained its lead over PHP in the past six months after adding half a million developers," the report states... "C# is traditionally popular within the desktop developer community, but it's also the most broadly used language among AR/VR and game developers, largely due to the widespread adoption of the Unity game engine in these areas..."

It was a different story one year ago, when the 18th edition of the report said: "C# lost about 1M developers during 2019... [I]t seems to be losing its edge in desktop development — possibly due to the emergence of cross-platform tools based on web technologies."

The language might see more desktop development inroads as new initiatives from Microsoft such as Blazor Desktop (one of those "cross-platform tools based on web technologies") and .NET MAUI provide a wide array of desktop approaches.

theodp writes: Code.org on Wednesday announced that dozens of industry, education, and state leaders are supporting a new Code.org AP CS A Java-focused curriculum for high school students, which will be available at no charge to all schools starting in the 2022-23 school year. "We are proud to have the following companies on our Industry Advisory Panel: Adobe, Amazon, Atlassian, Disney, Epic Games, Goldman Sachs, Google, IBM, Instagram, Microsoft, Riot Games, Roblox, Snapchat, Spotify, Tesla, Unity, Vista Equity," Code.org tweeted. "A big thank you to the following colleges and universities on our Education Advisory Panel: @BowieState @UBuffalo @CarnegieMellon @Harvard @montgomerycoll @NCWIT @thisisUIC @Illinois_Alma @unlv @UNOmaha @SpelmanCollege @UT_Dallas @UW @westminsterpa." In an accompanying Medium post, Code.org explained: "This work is all made possible through a generous [$15 million] gift from Amazon Future Engineer."

Despite having the support of some of the world's richest corporations and individuals whose goals the nonprofit helps advance, recently-released SBA records show that Code.org applied for and was approved for its second forgivable Federal Paycheck Protection Program loan in the amount of $1.9 million dollars on March 25, a month after Amazon and Code.org issued a joint press release announcing their $15 million plan to work on a new AP CS A curriculum and other initiatives. Amazon certainly has ambitious plans for influencing K-12 CS education. Last week, the company announced a 2021 goal to "reach 1.6 million underrepresented students globally through Amazon Future Engineer with real world-inspired virtual and hands-on computer science project learning." And an Amazon Future Engineer job listing for a U.S. Country Senior Manager notes the job will require working "with national and local educational non-profits and governmental entities such as BootUp, Project STEM, Code.org, and the US and State Departments of Education," as well as positioning Amazon "as subject matter experts on US computer science education, as well as the local education systems of our headquarter regions."