Category Archives: Conferences

[devnexus 2024] apache maven 4

Posted on by
Reply

Speakers: Chandra Gunter and Rodrigo Graciano

@CGuntur and @rodrigograciano

For more, see the 2024 DevNexus Blog Table of Contents

General

  • Apache Maven 4 is still in alpha
  • Avoid profiles where can
  • Shoutout for mvn verify (vs maven install)
  • Sample code: https://github.com/c-guntur/maven4

Pain Points in Maven 3

  • Painful to maintain versions in multi module projects – flatten-maven-plugin helps with child versions but has hissues with profile interpolation. ci-friendly-flatten-maven-plugin solves profile interpolation problem but requires including third party plugin
  • No implicit way to separate build info from consumer info. Why do consumers need SCM location and Jira link – flatten-maven-plugin and c-friendly-flatten-maven-plugin help
  • Handling versions of sibling modules is a chore
  • We use default versions for plugins. Ex: compiler version has default so not everyone specifies.
    Creating BOM (Bill of Materials) not easy. No way to identify that default version is in use

Maven 4

  • Requires Java 17+ to run Maven and Java 17 to compile (but can use Java 17 to compile earlier version)
  • New schema version in <project> xmlns
  • <moduleVersion> is now 4.1.0
  • Can use <version>${revision}</version> without plugin – can pass from root pom or command line
  • Get warning in build log if use the default version number of any plugins
  • Two poms in .m2 for artifact. artifact-version-build.pom is what is used to build and artifact-version.pom is the consumer pom that goes to the repo when deploy
  • No need to specify version number of parent in multi module project. Figures out automatically. Version is still allowed. It is an optional field so can specify older version at will.
    • Build caching is improved so faster performance. ex: less re-compiling

My take

I didn’t take notes on Maven itself only the differences between Maven 3 and 4. I know it was necessary to get everyone on the same page. Given everyone raised their hand on using Maven, I wonder if could have been briefer. (Got to limitations of Maven 3 at 20 minute mark) I liked the interaction between the presenters to make it a conversation. The list of Maven 3 problems was great. And the demo of how Maven 4 fixes was good.

[devnexus 2024] More tales from the Dark Side: How AI is the bad guys new friend[devnexus 2024] dark tales ai

Posted on by
Reply

Speaker: Stevel Poole

@spoole167

For more, see the 2024 DevNexus Blog Table of Contents

General

  • Supply chain
  • Now we are all attack vectores

Wifi

  • We also use wifi
  • How many use VPN?
  • Easy to spoof wifi
  • Only need battery, raspberry pi and a few more things
  • Would you notice a box on the wall?

Charger

  • Plug in Mac laptop charger at conference
  • If leave unattended, someone could add hardware
  • Any USB has problem
  • USB data cable and power cable look same

Hotel rooms

  • Hidden camera
  • In some countries during cold war, used human cherography to influence where sit
  • Becoming more common
  • More people are pass thru to company now

Phishing

  • Getting better
  • More targetting. Can know how company does things. Or knowing boss;’ namePhishing -> Spear Phishing -> Personalized Attacks
  • Moving towards more organized and long term attacks

Adding AI

Bad things can do

  • Deepfake nude generator
  • Deepfake phishing grew by three thousand percent in 2023

Why now

  • Not hard to do a reasonable fake. USB acceleration is sixty bucks
  • Huggingface.co has lots of models
  • Models and data avaialble to you and bad guys

Other problems

How Protect

  • Paper on identifying mouth inconsistencies for lip synching
  • Text/numbers wrong
  • Find anomalies from lack of training data – this is going to be an arms race. Once AI knows wrong, can do better next time.
  • Be more suspicious
  • Secure supply chain – all the pieces involved in creating and delivering software
  • Control AI tools in process
  • Look at where models came from and decide if safe. Will have to prove where got it from
  • Consider how train AI and when retrain it
  • Government wants a SBOM, automated supply chain, evidence of software integrity and regular aduit
  • SBOM (software bill of materials) don’t find malicious code but ensure you know what have

My take

Demos were great. Security has changed a lot. Good emphasis on depending on how much money you spend at it. It’s scary, but supposed to be. Need to think about what else I can do in my own life.

Someone challenged saying the grandparent scam sounds fake and nothing like the person. Steve didn’t get to reply, but it’s not a fare analogy. The grandparent same isn’t targeting (at least not much). Some targeting you specifically will have audio/bideo of you to base it off of. And then we are back to the 7 seconds is enough.

[devnexus 2024] survivorship bias

Posted on by
1

Speaker: Hanno Embregts and Maarteen Mulders

@hannotify and @mthmulders #survivorshipbias

For more, see the 2024 DevNexus Blog Table of Contents

General

  • Many talks about how a tool will solve all your problems
  • X years ago, lots of talks about blockchain. And at one point, it was NoSQL. Now it is generative AI. “Can solve anything with it.”

In Netherlands

  • Vote by flling in circle with red pencil
  • Digital machines not secret because could monitor readiation and determine vote outside.
  • Also source code not open
  • Decided current way was just fine and no changes in 20 years
  • ”Innovation” was a smaller paper ballot

Trying Blockchain – Problems

  • Started a small scale voting POC application (not governnment) for a writers works council [i think that is like a union]
  • Internet flowchargs/decision models said din’t need blockchain for this use case
  • Considerations: writers known and treuted with interests unified. have trusted third party and private transactions. None of these requirements go well with blockchain

Surivorship bias

  • Showed map of where plane got hit in world war 2.
  • However, these planes returned.
  • The critial parts are the ones where the plane did not return
  • Not aware that didn’t see data that would lead you to a different conclusion
  • Most talks are “I tried this and it was glorious; you should try it as well”
  • Just because a speaker solved a problem with a technique, doesn’t mean it will also solve yours. If it was, we’d all be doing he same thing.
  • CDD = conference driven development. Doing whatever speaker did to solve everything Doesn’t work 🙂 Also, over engineers project

Examples of massive failed projects

  • Wikipedia has list: https://en.wikipedia.org/wiki/List_of_failed_and_overbudget_custom_software_projects
  • 15 years of work on a Dutch project built on a tech not fully understood
  • 11 years of work on a British health care system
  • Australlian project not yet cancelled but spent a billion dollars. Massively over time and budget. Biggest cause is XBRL format being too new and not enough experts

How avoid by imagining a fake conference called “Silver Bullet Con”

  • Think about alternatives during/after talk and research before choosing
  • Understand the problem. Also see if earlier talk will help understand an advanced talk
  • Gain some experience first. Write down name of talk and watch after have background to understand and maximize impact
  • Don’t need to avoid silver bullet talks but be careful
  • Make sure you meet prereqs. Don’t attend a talk that proposes a solution to a problem if you dont undersand the problem yet.
  • See where tech is in on the hype cycle ex: peak of inflated expectations). Talk titles often reflect position in hype cycle.
  • Note any drawbacks speaker mentions. Best talks contained detailed comparison of pros and cons. If speaker doesn’t mention, ask in Q&A “did you encounter any drawbacks”. Everyone wants to know
  • Ask speaker in hallway
  • After conference, think about how solve problem without tech speaker presented. Compare to speaker’s solution
  • Tinker/experiment with new approach. Should be able to reproduce both the problem and solution. If not, there might be another factor at play
  • Look online if others have tried. Did they succeed or fail? This is why it is important to blog/tweet/speak about failures and what learned
  • Blogs/videos/ChatGPT wil tell you the happy path. Stack Overflow wil show you the non-happy path
  • Master your tools and keep up to date. But beware of treating that tool like a hammer and imagining all tools are nails

My take

I wasnt sure what to expect, but I enjoyed it. I like the example of blockchain as we all know how it went. (aka that it didn’t solve all our problems). The Silver Bullet Conference idea was fun. The pretend talk titles were great. It would have been nice to gie images for the depenency tree comand to se what does.. I know that was a tagent though. And I use the IDE for thre tree so not put out. They also encouraged questions with stroopwafells