[devnexus 2024] apache maven 4

Speakers: Chandra Gunter and Rodrigo Graciano

@CGuntur and @rodrigograciano

For more, see the 2024 DevNexus Blog Table of Contents


  • Apache Maven 4 is still in alpha
  • Avoid profiles where can
  • Shoutout for mvn verify (vs maven install)
  • Sample code: https://github.com/c-guntur/maven4

Pain Points in Maven 3

  • Painful to maintain versions in multi module projects – flatten-maven-plugin helps with child versions but has hissues with profile interpolation. ci-friendly-flatten-maven-plugin solves profile interpolation problem but requires including third party plugin
  • No implicit way to separate build info from consumer info. Why do consumers need SCM location and Jira link – flatten-maven-plugin and c-friendly-flatten-maven-plugin help
  • Handling versions of sibling modules is a chore
  • We use default versions for plugins. Ex: compiler version has default so not everyone specifies.
    Creating BOM (Bill of Materials) not easy. No way to identify that default version is in use

Maven 4

  • Requires Java 17+ to run Maven and Java 17 to compile (but can use Java 17 to compile earlier version)
  • New schema version in <project> xmlns
  • <moduleVersion> is now 4.1.0
  • Can use <version>${revision}</version> without plugin – can pass from root pom or command line
  • Get warning in build log if use the default version number of any plugins
  • Two poms in .m2 for artifact. artifact-version-build.pom is what is used to build and artifact-version.pom is the consumer pom that goes to the repo when deploy
  • No need to specify version number of parent in multi module project. Figures out automatically. Version is still allowed. It is an optional field so can specify older version at will.
    • Build caching is improved so faster performance. ex: less re-compiling

My take

I didn’t take notes on Maven itself only the differences between Maven 3 and 4. I know it was necessary to get everyone on the same page. Given everyone raised their hand on using Maven, I wonder if could have been briefer. (Got to limitations of Maven 3 at 20 minute mark) I liked the interaction between the presenters to make it a conversation. The list of Maven 3 problems was great. And the demo of how Maven 4 fixes was good.

[devnexus 2024] More tales from the Dark Side: How AI is the bad guys new friend[devnexus 2024] dark tales ai

Speaker: Stevel Poole


For more, see the 2024 DevNexus Blog Table of Contents


  • Supply chain
  • Now we are all attack vectores


  • We also use wifi
  • How many use VPN?
  • Easy to spoof wifi
  • Only need battery, raspberry pi and a few more things
  • Would you notice a box on the wall?


  • Plug in Mac laptop charger at conference
  • If leave unattended, someone could add hardware
  • Any USB has problem
  • USB data cable and power cable look same

Hotel rooms

  • Hidden camera
  • In some countries during cold war, used human cherography to influence where sit
  • Becoming more common
  • More people are pass thru to company now


  • Getting better
  • More targetting. Can know how company does things. Or knowing boss;’ namePhishing -> Spear Phishing -> Personalized Attacks
  • Moving towards more organized and long term attacks

Adding AI

Bad things can do

  • Deepfake nude generator
  • Deepfake phishing grew by three thousand percent in 2023

Why now

  • Not hard to do a reasonable fake. USB acceleration is sixty bucks
  • Huggingface.co has lots of models
  • Models and data avaialble to you and bad guys

Other problems

How Protect

  • Paper on identifying mouth inconsistencies for lip synching
  • Text/numbers wrong
  • Find anomalies from lack of training data – this is going to be an arms race. Once AI knows wrong, can do better next time.
  • Be more suspicious
  • Secure supply chain – all the pieces involved in creating and delivering software
  • Control AI tools in process
  • Look at where models came from and decide if safe. Will have to prove where got it from
  • Consider how train AI and when retrain it
  • Government wants a SBOM, automated supply chain, evidence of software integrity and regular aduit
  • SBOM (software bill of materials) don’t find malicious code but ensure you know what have

My take

Demos were great. Security has changed a lot. Good emphasis on depending on how much money you spend at it. It’s scary, but supposed to be. Need to think about what else I can do in my own life.

Someone challenged saying the grandparent scam sounds fake and nothing like the person. Steve didn’t get to reply, but it’s not a fare analogy. The grandparent same isn’t targeting (at least not much). Some targeting you specifically will have audio/bideo of you to base it off of. And then we are back to the 7 seconds is enough.

[dev nexus 2024] teaching your kid programming from the perspective of a kid

Speaker: Cassandra Chin


For more, see the 2024 DevNexus Blog Table of Contents


  • Steven Chin’s daughter.
  • Worked with coding and YAML in MInecraft
  • Starting teaching kids to program at 14 at conferences
  • Junior in college
  • Creating podcast at internship for younger people (ex college)

Tech diversity

  • 20 years of feale tech panels and still need
  • Women who try AP Comp Sci in high school ten times more like to major it.
  • Black/Latino students seven times more lilkely.
  • Need to provide opportunity
  • Even at 6 year old, kids think computers are more suited to boys. Fifth grade it tapers down so sweet spot for starting.

Kids and code

  • Schools mandate human/world languages, but not coding languages
  • Since schools dont always provide, parents need to
  • Not all screen time is equal
  • Limit youtube
  • Minecraft in middle
  • Best use is learning to code – ex: Scratch
  • Redirect computer use vs taking away

Mistakes for parents to avoid

  • Don’t leave your daughters out. Bring to tech event
  • Computers at home matter – an actual computer, not a tablet. Lets do more than play mobile games
  • Don’t need to be good at math. While Assembly requires math, nobody uses anymore Modern programs use logic, not math
  • Kids dislike math the most followed by foreight language. Computers is third highest. Both things above are types of art.
  • Don’t start with books like Discrete Math
  • Give examples of programmers that they can relate to
  • Don’t start with boring parts like what an array is. Better to start with legos
  • Don’t do the code for the kids. They won’t learn. Never grab mouse or keyboard. Means content too har


  • Anyone can learn to code. Don’t have to be super smart.
  • Kids told programmers are genious do worse than kids who think practies will make them better


  • Phippys AI Friend – comes with online workshop that takes about an hour. Actually use boo as prop
  • Coding for Kids Python
  • GIrls who Code

Helping kids

  • Relate to your kids hobbies. Ex: discuss who built
  • Lego Spike – build robot and do block coding
  • Mbot (Make Block). Uses screws instead of legos. Don’t have to use blocks
  • Hour of Code. Lots of themes
  • Choose age appropriate. Often we choose twoo hard
  • Squishy circuits for 3-9 year olds
  • Raspberry Pi and Arduino – 9-15 years old
  • Groups of two works best. When three kids, the younest will often feel left out
  • Take kids to localy run workshops – ex: confernces, girls who code

My take

I like her responses to Todd’s mini interview a the begining while they dealt with AV issues. Great humor. I liked that she made a joke about her dad being there to tell jokes. I also like “I’m not the daughter of Steven Chin; I have a name”. Great content throughout hether new to the topic or not.

The content resonated well. I gave my best friends five year old (daughter) a toy robot for her fifth birthday. I enjoyed seeing her play. I now have a gift idea for next year!

I also liked the demo from her book!