avatarStephen Chapendama

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

4709

Abstract

de> command with parallelism.</p><h2 id="9570">Benchmarks</h2><p id="dc98">Benchmarks conducted on four different repositories revealed that a hot mvnd execution, where the daemon is already running, can accelerate builds by up to 50% of builds that do not run tests or static analysis as this is the most common use-case among developers in our organization.</p><figure id="442c"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*xot8KoV94usih-4e"><figcaption></figcaption></figure><h2 id="77be">Local vs CI server</h2><p id="ac6e">Using Maven Daemon significantly sped up our local builds, making our engineers’ daily iterations faster and more efficient. However, this solution wasn’t suitable for our CI environment with TeamCity. Since we don’t reuse TeamCity, there was no benefit to starting a daemon process in this context.</p><p id="3916">In response to this limitation, we will be exploring the possibility of reusing agents and investigating potential improvements in a different initiative to better optimize our CI environment.</p><h2 id="c57d">Adoption</h2><p id="8fb7">To ensure every Java team at Picnic could benefit from the increased speed of local builds using Maven Daemon, we created a comprehensive knowledge article outlining the steps and best practices. By sharing this detailed knowledge article, we ensured that all developers in our organization could easily adopt and benefit from using Maven Daemon, leading to faster build times and improved productivity.</p><p id="436d">Currently, we don’t have visibility in the adoption rate here, but we are looking into using OpenTelemetry Maven extensions to get more insights into this to better track and advocate</p><h1 id="aceb">Maven Build Cache</h1><p id="6a2a">One of the best ways to speed up builds is to do less. And the best way to do less is to eliminate duplicate or unnecessary work. Why should we want to rebuild and retest all modules in our project if I change a single test, or a small if-statement in a module no other module depends on? We can use a build cache to only execute Maven goals for modules that changed and modules that depend on these changes.</p><h2 id="f90a">How does it work</h2><p id="5cdc">The Maven Build Cache extension enhances the efficiency of large Maven projects by implementing the following set of features:</p><ol><li><b>Incremental Builds</b>: Only the modified parts of the project graph are rebuilt.</li><li><b>Subtree Support</b>: Allows isolated builds of specific parts in multi-module projects.</li><li><b>Version Normalization</b>: Facilitates version-agnostic caching.</li><li><b>Project State Restoration</b>: Avoids repeating expensive tasks like code generation by restoring previous states from the cache.</li></ol><figure id="5b07"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*ehx_WSQV_zw9e68p"><figcaption>The diagram shows that changes in a module (Module 2) lead to it and its dependents (Module 3) being rebuilt, while unchanged modules (Module 1 and Module 4) are retrieved from the cache.</figcaption></figure><h2 id="28f6">Local Build Cache</h2><p id="2678">When working locally, the Maven Build Cache stores the build output artifacts in a designated local cache directory. Here’s a step-by-step breakdown of how it operates:</p><ol><li><b>Initial Build:

  • </b>During the first build, Maven compiles the entire project as usual.
  • For each module, the build cache extension computes a unique hash based on the module’s inputs (source files, Maven configuration, dependencies, etc.).
  • The build outputs (e.g., compiled classes, packaged artifacts) are stored in the local cache directory with the computed key.</li><li><b>Subsequent Builds:
  • </b>Before building a module, Maven checks the local cache directory to see if there is a cached result for the module’s hash.
  • If a match is found, the cached outputs are restored, and Maven goals executed when the cache was constructed are now skipped.
  • If no match is found, Maven rebuilds the module, and the new outputs are cached for future use.</li><li><b>Cache Management:
  • </b>The local cache can be configured to limit its size and manage the retention of cached artifacts.
  • Policies can be defined to periodically clean up old or infrequently used cache entries, ensuring the cache directory remains manageable.</li><li><b>Key Generation:
  • </b>The unique key for each module is generated by hashing the module’s inputs. This includes source code files, project model (POM file), plugin configurations and parameters, and dependency versions and configurations.
  • By including all relevant inputs in the key, the build cache ensures that any change in the inputs results i

Options

n a new key, prompting a rebuild.</li></ol><p id="4903">The build cache uses hashing to generate unique keys for storing and restoring build results. Correctness is maximized by including all relevant files and functional plugin parameters, while reuse is enhanced by filtering non-essential files and minimizing controlled plugin parameters. Configuration involves balancing correctness and performance through an XML file, <code>buildinfo.xml</code>.</p><h2 id="88d2">Usage in CI</h2><p id="6966">In our CI process, we also leverage the Maven Build Cache solution to accelerate our CI builds. However, for CI, we employ <a href="https://maven.apache.org/extensions/maven-build-cache-extension/remote-cache.html">a remote cache</a> stored in an artifactory instead of using a local directory. In our case, cached artifacts are stored in Nexus. This approach has markedly increased the speed of our Java builds. Consequently, our builds finish sooner and build queues are shorter.</p><p id="d0a3">However, in certain situations, users need to perform a full build of their changes. To accommodate this, we introduced a TeamCity parameter called “Use Maven build cache” with the following options:</p><ul><li><code>true</code>: the cache is used</li><li><code>false</code>: the cache is not used</li><li><code>default</code>: the repository-level setting is applied</li></ul><figure id="51f5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*cjBQGpXtPyo_8MeafHw1TA.png"><figcaption></figcaption></figure><p id="76d0">It is good to note that we currently employ the cache only for builds that do not create production artifacts, as we wish to have these as ‘pure’ as possible. As such, we disable the cache for builds on default branches supporting continuous deployments, and in release builds.</p><h2 id="1253">Benchmarks</h2><p id="12d5">In the best-case scenario, the execution time of CI builds dropped by ~ 90% when execution of every module was skipped, this is how it was shown in the build logs:</p><div id="bdae"><pre>[INFO] Skipping plugin execution (cached): <span class="hljs-keyword">install</span>:<span class="hljs-keyword">install</span></pre></div><p id="72cd">Instead of 10 minutes 4 seconds, the build that was fully cached took only 1 minute 22 seconds. 😲</p><p id="fb1e">Of course, this is quite a rare case to run a build that has every module skipped. The average build time improvement across all Java repositories in Picnic is shown in the picture below. It is noticeable that build time dropped by 62% in general.</p><figure id="3fd7"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*m9KcQpIhbc66wTHDIvttPQ.jpeg"><figcaption></figcaption></figure><p id="97f1">For some repositories, the build time improvement was more noticeable than for others. Projects with many modules benefit more than projects with only a few modules. This can be seen in the chart below showing P75 build times. Highly modular projects see their build times drop from 10 to 5 minutes. Projects with a few modules only benefit little from this improvement.</p><figure id="8e53"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*Qp8AmIXK7M0xzbuc"><figcaption></figcaption></figure><h1 id="d1eb">Conclusion</h1><ol><li><b>Dramatic Build Time Reduction:

  • </b>Build times dropped from 12 minutes to 8 minutes in general. This significant improvement eliminates long waits, allowing developers to maintain focus and productivity.</li><li><b>Enhanced Developer Experience:
  • </b>Faster build times, especially for local builds, lead to fewer interruptions, enabling developers to stay in the zone and work more efficiently. This improvement has contributed to higher job satisfaction and overall happiness among our teams.</li><li><b>Increased Efficiency in CI Pipelines:
  • </b>Using the Maven Build Cache in our CI environment has sped up CI builds, reduced queue times, and made TeamCity agents available more quickly.</li></ol><p id="46a2">These improvements have significantly boosted developer morale and productivity. Reduced build times mean less context switching, quicker feedback, and a more enjoyable workflow.</p><p id="316d">Developers feel more empowered and efficient, resulting in higher-quality code and faster feature implementation.</p><p id="90d2">In summary, the integration of the Maven Build Cache extension and Maven Daemon has transformed our build process, making it faster and more efficient. We are excited to continue leveraging these tools to maintain and further improve our build processes, ensuring our developers have the best possible experience.</p><p id="0bd6">In collaboration with <b>Pieter Dirk Soels</b></p></article></body>

How I got a job in Cyber Security

Getting a job in Cyber Security can be incredibly frustrating, expensive and a lot of hassle. We are always reading that there’s a shortage of people in infosec, but yet every “entry level” role seems to require experience no graduate could possibly have or enterprise technologies a student could not possibly have had the chance to be exposed to (unless of course, you keep a data centre in your parents’ basement). The landscape is changing, having a degree is no longer enough. There are people who have taken other routes such as bootcamps or career changes who have more work experience trying to break through into cyber security.

But how can you get ahead of the curve, what can you do to show organisations that your University has prepared you for the world? I’ve put together resources I’ve found useful in my journey into the security world.

Photo by Carl Heyerdahl. “Do More!”

Practice makes perfect!

A key part of ‘experience’ people forget is teaching yourself counts as experience. Learning never stops! The same goes for the cybersecurity world when looking for roles and the same tools you’ve never heard of keep popping up and putting you off applying, learn about them. Utilise free resources like Oracle Virtual Box and start getting into the habit of managing your own virtual servers to test out tools. This will not only get you working more with Ubuntu, CentOS and Kali, it will also give you more in interviews to talk about. My current home setup includes a Raspberry Pi, MacBook Pro and a Windows Laptop which doubles as my Kali box and VM Server. Whenever I come across a new tool, I will always try and replicate the setup at home.

If something goes wrong, you get to troubleshoot and dive into the world of forums of people experiencing the same issues. This is something you can actually mention in an interview:

“Tried installing the ELK stack but I kept coming across the issue of…eventually I solved it by…after researching for X days.” is always a better answer than, “I’ve never come across it.”

This is a great way to show your willingness to learn new technologies and your determination to solve problems. If you are looking for industry standard tools to try out, I use DevOps Bookmarks as my resource for any tools I might be looking to install.

The news!

Keeping up-to-date with the going-ons of infosec is important. This is a great way to find new projects but also learn how organisations are dealing with situations. 1. Wired — I read Wired.co.uk every morning, usually has high-level posts on the mainstream stories in Cyber Security. You can add it as a feed to Apple News or Google News. This way any breaking news will be fed through straight to your phone and you can save articles to read at a later time.

2. SC Magazine — Once a week, I get Whitepapers for a more in-depth review of a security revelation. You need an account to access the Whitepapers but it is totally worth it. SC Magazine also offers news but if you are ever trying to get your head around a vulnerability, I always recommend checking SC Magazine to see if there is any papers on the exploits.

3. Malware Bytes Blog — This should’ve been first on my list, as the blog by Malware bytes has an amazing tagline, “We research, you level up!” and it is true on so many levels. For many tests where I may not have the resources to perform at home, Malware Bytes have it covered and will also drop so much information in their posts. A great place to keep up to date with threats. They also do a weekly post titled, “A week in Security” which is perfect to read as a catch up if you’re having a busy week.

4. /R/NetSec— If you ever need to find out what’s really going, R/Netsec is an excellent community to ask questions and find out what is going on within the community on Reddit.

Find jobs!

An excellent read on graduate jobs that I recommend reading is by Careers blogger René on “What you should be looking for when looking for a graduate job.” In fact, you should check out her latest post on 5 Career lessons to bring into 2018.

Job hunting on LinkedIn lately seems like a Developer honeypot where every recruiter is looking for .Net, Ruby and Java developers. But somewhere in there, there are excellent recruiters who post regular roles in InfoSec. I’ve found messaging them for opportunities helps build relationships. If you are unsure where to find these people, start joining groups on LinkedIn. You can ask for advice or see recruiters posting roles.

Sending a polite message explaining the role you are looking for, and if they have any open vacancies that match your profile, you would be happy to discuss. This is how I first secured my infosec role, being proactive and communicating with companies.

Cyber Security Jobsite — Having an account here and setting up weekly emails is a great way to find out about roles matching your level. You will find big companies looking for Junior SOC Analysts, Threat Intelligence and sometimes Grad schemes. One of my lecturers told me about this site in my final year, and I’ve had a weekly alert setup since.

Indeed— The Google of all jobs! It crawls most major job boards and the UI is very user-friendly. You can search without making an account and you are also able to set up regular emails about new roles in your area.

Glassdoor — Utilising feedback platforms like Glassdoor during your job hunt is a good way to communicate back with a company and to also check what other people are saying about the company. If you interview for a company, you should give feedback, even if it’s not the desired outcome, it could help the next person. Sounds weird I know, helping someone else get the role you couldn’t get. Well, it’s a cycle, you’ll get to a point where you are researching a role, and stumble upon someone’s feedback that could calm your nerves or potentially tell you more about the company. You are able to research a company through their employee’s anonymous feedback and decide for yourself if you should apply. Some companies have excellent social media presence but when you read what the employees are really saying, it could put you off as some have a terrible work culture.

It is also worth utilising CV checking services offered by Universities and attending any interview seminars or events near you. Practice makes perfect, so any opportunity to improve your interview skills you should be making time for.

The Digital Cyber Academy

A free option worth noting is the Digital Cyber Academy — powered by Immersive Labs. They offer to full or part-time students in the UK, USA, Singapore and Australia free access to their browser-based cyber labs. Lab topics range from:

  • Ethical hacking infrastructure
  • Threat hunting
  • Malware analysis
  • Digital forensics & incident response (DFIR)
  • Wireshark

What makes this site unique is jobs can be unlocked by completing tasks. So the more tasks you complete, the more exposure you get to jobs whilst showcasing your talent through a high score board sorted by University, area and against everyone on the platform.

New labs are regularly added and content is always relevant!

HackerHouse: Hands on Hacking

“Make.Break.Do!”

In 2017, I stumbled upon the awesome @HackerFantastic on Twitter. Co-Founder & Director of @myhackerhouse, a cybersecurity company providing offence security solutions & training. At the time there had an upcoming 4-day Hands-on Hacking course. I tried the practice module and it was really engaging so I got myself a ticket for the Manchester date. Topics covered included:

  • Making use of data leaks and open source intelligence
  • Identify and exploit widespread vulnerabilities
  • Reviewing web applications to find vulnerabilities
  • Make use of open-source tools to enhance your system security
  • Crack passwords, steal data and understand how hackers target networks
  • Hack into networks… ethically, without going to jail
  • Learning the tools of the trade used by ethical hackers

7 months later and I am still using the skills learnt in the 4 days including the labs. Whenever I need a refresher course, I have all the material from the course and I can just set up the environment and get to work. 2018 is going to be a big year for them. They’ve recently announced 2 dates in the UK for their in-demand courses in London and I highly recommend students get in touch with the team as they may offer you a student price. Check out their training module and try it out, and if you’re available, try make some of their newest dates!

The tools above have really helped me in my job search but also having a support network of people to look up to and ask questions has really helped. I’m always happy to answer questions or offer advice to anyone looking to break into Cyber Security.

Stephen Chapendama, founder of BantuTech.com

Cybersecurity
Careers
Infosec
University
Hacker News
Recommended from ReadMedium