- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Sql: That is a pretty good answer. All the major platforms have some sort of explain capability. I'm constantly shocked at the number of supposedly senior people that can't give me this answer. You get full credit.
Java: synchronized keyword is pretty decent. Wait and notify are used for general thread coordination, not coordination inside a synchronized block. It generally wouldn't make sense the wait within a synchronized block, because that thread is holding a mutex until it leaves the synchronized block. Half credit.
Unix/Linux: In my live interview, I would have tried to steer you a little to the answer I was looking for. Encrypted passwords are stored as hashed values within /etc/passwd, a world readable file. This file can be copied and cracked offline. By moving the password into a root readable shadow password file, it is more difficult to attack offline. No credit.
JDBC: True, Callable Statement extends PreparedStatement and supports output parameters. I also wanted to hear "used for calling stored procedures that return scalar values or a mix of result sets and scalars." Again, in a live interview I would have tried to prompt you a little. Half credit.
You scored 50%. I probably would not move the process forward. However, in a live situation I would have been trying to prod you a little. My guess is that you have gotten full credit on the JDBC and half on the Unix/Linux qustion for an overall score of 75%. I would likely move forward.
I should point out that I do this interactively. I'm not trying to trip someone up, but honestly evaluate both what they know and how they react when they don't know something. I can't deal with loss of credibility. If someone doesn't know an answer, says "I don't know - does it have something to do with...", and makes an intelligent guess they can remain in consideration. On the other hand, if someone tries to b.s. me they are eliminated.
Admin
Dude your blog rocks. You and I are listed on the same page on google !!!
Admin
However, there is a high positive correlation between those who understand both logic,and dependancy with those who can program effectively.
Admin
> There is no correlation, positive or negative, between having a CS degree and being able to program effectively.
Some days you just really need a good mod system like slashdot... -1 Flamebait
Admin
-1 Insubordination
Admin
Actually, while I don't agree necessarily with his implemetation or with his "philosphical reasoning", there is good reason to do such a thing, such as within a function, when you dont want to refactor every single friggin thing within the function.
Admin
The bigger boolean is $are_tickets_available. if not, this whole exercise is pointless.
Admin
He was a CS major, but didn't finish the full Bachelor of Science degree, so he has something an associate degree.
Oh, and Miguel is a friend of mine, to whom I told this story, and who submitted it.
--
Live and Learn
Crash and Burn
Admin
Oh. My bad. I thought an "associate" degree was supposed to be an impressive degree.
Admin
Maybe the developer was a firm believer in Linear logic? Because in such logics, a value can be used only once in teh proof of a proposition, and therefore s/he needs to reassert the value of $canProcess before it is used again.
Admin
That was the first thing I wondered about too. And where does the 1000 come from ?
Don't they sell tickets bigger then 1000 even if there is enough credit ?
Admin
There is yet another problem with the world readable /etc/passwd file: Not only can it be copied and cracked offline, it can also be cracked online faster. The original crypt routine is deliberately slow, to slow down brute force attacks. The world readable /etc/passwd allows usage of (much!) faster implementations of the crypt algorithm.
This is especially relevant when malware somehow gets into the system (e.g. through a classical trojan horse) but cannot communicate with the internet yet.
Admin
Hmmm... Is there a correlation between not knowing what correlation means but using it anyway and programming ability?
Take a random sample of CS grads and people who are not CS grads: CS grads 5% able to program, not CS grad 0.1%
Admin
A perfect example of how not to conduct an interview. You should give credit based on how accurate an answer is, not based on how close it is to the pre-canned answer you were expecting. The answer given is absolutely accurate: the use of a weak hash is a major security flaw, and the use of a stronger hash algorithm with salt is a standard way of combatting it. Therefore, it is a correct answer to your question. Therefore, it deserves credit.
In addition, the technique which you rate as "no credit" is a generally useful security measure which should be applied to ALL forms of password validation, while "the answer you were looking for" is domain-specific.
Given the choice between a candidate who knows only about shadow passwords, and a candidate who knows only about salted hashes, I'd take the one with a pinch of salt. Domain-specific knowledge is easy to pick up if you have the theoretical foundations to lay it on, but being able to spout trivia on demand doesn't mean you understand the first thing about security.
Admin
C'mon, now. I announced what I was doing. If anyone got too riled up it is their own fault. I'm just arguing for sport.
Which brings up an interesting philosophy question: Can someone who openly declares that they are trying to initiate a flameware (or for that matter openly announces that they are trolling) actually cause a flamewar?
Admin
And my question asked about a specific domain.
You may be correct for your job. The jobs I'm hiring for need to be able to troubleshoot installation problems. Practical knowledge of how things fit together is critical.
Admin
That doesn't matter.
Well, I don't know about the exact numbers, but you don't know jack about statistics.
You're making the wrong test. The claim that "CS degrees are correlated with competent programming" would mean "the chances that a person with a CS degree is a competent programmer are higher than the chances that a person without such a degree is a competent programmer".
You have committed a gross sample space error by checking only among programmers! Obviously, people who are making a living programming are preselected to be above the societal average skill level at programming.
However, of "all people, whether or not they are currently programming", and "all people, whether or not they are currently programming, who have CS degrees", you will find much better programming skills among the latter set; thus, degrees correspond to skill in the field.
What you seem to be trying to state is that, given two programmers, one of whom has a degree and one of whom doesn't, there's not much likely advantage for the guy with the degree. You may even be right... But it's not the same as no correlation at all, which is what you said. In practice, I think it's probably untrue. I have definite disadvantages in programming compared to my friends who have CS degrees. Yes, I can learn a lot on my own, but I would benefit a lot from a good well-structured overview, as there are substantial gaps in my understanding of the field, and I frequently miss perfectly obvious techniques or algorithms because I just haven't got the background to know where to look. I'm probably better than average anyway, but I had unusually good mentoring and support. But, when I'm stumped on a programming problem, the first two people I call both have CS degrees. (In my defense, when they're stumped, I'm one of the first people they call, too.)
Admin
I read your desired answer but a different (IMO valid) answer could be:
Usernames and passwords are stored in /etc/passwd resp. /etc/shadow; the flaw is that they have to be replicated to each machine; the fix is the use of LDAP.
Admin
That is a very good answer. I'd probably give full credit. Part of the reason I like these questions is they can trigger conversations that allow me to probe the candidate's skills.
Admin
True, but probably the most important thing about CallableStatement is that it provides a a stored procedure SQL escape syntax that allows stored procedures to be called in a standard way for all RDBMSs. (Taken from the documentation, emphasis added)
Admin
Much of what you say is correct. However, I did not in any way commit a gross error. I deliberately left the sample space undefined because my stated goal was to have a little fun with a flamewar. :) You and many others have committed the gross error by assuming a sample space rather than immediately addressing the fact that I failed to specify one.
What I actually believe is that, among people who program professionally, a CS degree holder is no more or less likely to be particularly competent or rise to senior developer/architect roles than others. I think everyone would agree that this is at least plausible. Of course starting with a plausible statement is less likely to provide the entertainment that we have all enjoyed for the last day.
Admin
On the value of CS degrees: there are many bad programmers who have the paper, and good programmers who do not. However in all cases if you take someone who is a good programmer and make them get the paper (that is do all the course work, actually graduating from a university is optional) they will be better programmers.
I have seen many smart people with degrees in something else who program. They often write better code than average, but there are also many instances where as a programmer with the degree I see a better way that is obvious, but only if you have the background the degree gives you.
Doing all the exercises in Knuth is probably better than getting the real degree, but most people (other than those with a CS degree already) do not do this, so I'm not sure.
If you are a good programmer and get the CS degree from a real university you are likely to hang out with the good programmers (as opposed to those just skating by), and learn from their mistakes and the general folklore of computing. Both of these will make you better. I read this site for much that reason.
I'm afraid to go back and read my early code. However I'm confident that because I was learning the general folklore from my peers, I at least avoided a lot of stupid mistakes.
Admin
I'll agree to the latter, but I'm not sure about the former.
The problem is we have two different sets. We have the competent, and the incompitent. We also have the degree and degreeless. They overlap, but the incompetent who don't have a CS degree are generally much easier to weed out because they don't know how enough to sneak by, whoe thise with the degree can hold their own long enough to program for a few years before you catch on.
So there tend to be few incompetents with out the degree, and that biases the sample.
If you take the competent without the degree, and make them get the degree (turning them into competent with degrees) they become better programers. (Read my other post, I'm going to repeat it) So the best with the degree are better than the best without, but also the worse with the degree are worse than the worst without.
However when you look to move up, someone with a music major, who might be only barely competent as a programmer, is more likely to have the social skills needed to deal with management and customers. So I would want these people in the more visible roles. They can cross the line, dealing with purely technical people (like me - I'm well aware that I have poor social skills), and also management. (Which is a mystery to me. Though I'm smart enough to know I can't ignore it)
Admin
Mostly true for newcomers. On the other hand, there are "legacy" programmers in IT departments who have
aquired too much knowledge about the system to be replaced, but lack proper skills. Unfortunately, because of the many years
of their work, they have probably f*cked up the internals of their systems so badly that an outsider has a hard time trying to understand it. Since these systems mostly work (though neighter performant nor flexible), managers hesitate to do something
about it.
Yet to be proved, but at least someone who knows the theory is more likely able to communicate with other programmers (because he knows the names of abstract concepts like patterns, coding styles etc.) and in general, many self-taught programmers only live in their code and don't use design tools like UML etc.
Admin
Ack, negative half-credit for you. It most certainly does make sense to wait inside a synchronized block: not only is that a basic requirement of calling wait()/notify() in Java but atomically releasing the object lock and going to sleep is exactly what wait() is for!!
Your assessment of the synchronized keyword answer is also poor: "synchronized" does not define any objects. All objects in Java have locks, and the synchronized(obj) {} syntax merely specifies that the lock for obj must be acquired upon entry and released upon exit of that block. synchronized methods are syntactic sugar for synchronized(this) { } wrapping the method body (more or less, there's actually a small compilation difference). Hmm, that only took a few minutes, not hours/days to explain.
Maybe it's just real hard to figure out which wrong answer you're looking for.
Admin
I was one of the best programmers in my CS department in school. I could have written 'that' logic in a single statement my first semester (CS1). As a math scholar I already knew logic from taking both discrete maths before any programming. I say programming is a natural ability and you either have it or you don't. After that, it's up to you to refine it.
Admin
You know - I was going to reply to this statement and make a suggestion about evaluating talent but then I looked at some of your other posts. You've been really obnoxious throughout this thread. I don't see any point in trying to have a discussion with you about any of what you're saying. All you'd do is give a rude reply and act superior.
You're wrong and you're not superior. Have a nice day.
Sincerely,
Richard Nixon
Admin
Thanks for backing me up on how wait and notify need to be in synchorinzed blocks. Namely, to call wait or notify on an object, you must do so within a block of code which is synchronized on that object. As for the hours/days to explain, I was talking about the semantics of synchronized, the possibility of out-of-order execution (broken double-lock checking for the singleton), and the possibility of shared memory being cached locally on thread, the problems of dirty reads, non-repeatable reads, and phantom reads. There are subtle and possibly platform-specific nuances and semantics around the synchronized keyword that baffle all but the best and I'm certainly not one of the best. All I can do is talk the talk - not walk the walk.
I'd say that a better question would be to ask what tecniques there are to avoid the need to use or understand synchronization. Immutable objects, local variables / parameters rather than instance variables, separating stateless or unchanging logic objects (like servlets which can be shared between threads) from stateful objects (like HttpRequest where concurrent requests would go to the same servlet instance but with different request instances). Then if you absolutely must have concurrent access, try to use Doug Lea's threading framework or some canned library classes which do the job of a Latch, Pool, or Queue worry about the nitty gritty of synchronization and then hopefully other classes will never have to use wait notify or synchronize. Now, going into the nitty-gritty use of synchronized on those three classes could take a while.
I don't know threading well but I'm convinced that anyone who knows threading better than me would either run screaming in terror from the thought of using it or bow down with reverence when I mentioned the hallowed name of Doug Lea (or both).
Admin
Let me answer your philosophy question with another question:
which is correct:
public void startFlamewar() {
}
OR
public void startFlamewar()
{
}
Admin
>I don't know that there is universal rule like * comes before +.
Sure there is. 'and' comes before 'or'.
In fact, in some non-programming-language notations, one writes 'and' as a multiplication sign (including maybe omitting it) and 'or' as an addition sign. So,
PQ+R is readily understood as P and Q or R
This isn't merely notation. At some level, 'and' and 'multiply' are the same concept. I once new enough mathematics to explain that a little better.
Anyway: any language which doesn't make 'and' have a higher precedence that 'or' is broken, unless maybe it's a language with no operator precedence at all, like APL.
Admin
And I once knew enough typing to type properly.
Admin
At some point in time, someone arbitrarily decided that TRUE should be 1 and FALSE should be 0. This convention makes AND like the multiplication and OR - to some extend - like the addition.
On the other hand, there is a symetry between AND and OR that is not reflected in the mathematical concept of addition and multiplication.
Let's compare:
a*(b+c) = (a*b) + (a*c)
a AND (b OR c) = (a AND b) OR (a AND c)
but also
a OR (b AND c) = (a OR b) AND (a OR c)
If TRUE was 0 (like in Unix return codes) and FALSE was 1, then OR would look like the multiplication while AND would - somehow - represent addition.
Admin
I think that guy were right about the code. But said wrong thing. Anyway? Why in the hell the code was PHP?
Exactly I wonder why it weren't written like this:
if ($hasOverride)
$canProcess = true;
else if ($ticketAmount < 1000)
{
if ($avaiableCredit >= $ticketAmount)
$canProcess = true;
}
if ($canProcess)
ProcessTransaction($ticketId);
else
RejectTransaction($ticketId);
or:
if ($hasOverride || (($ticketAmount < 1000) && ($availableCredit >= $ticketAmount)))
ProcessTransaction($ticketId);
else
RejectTransaction($ticketId);
I prefer both as alternatives, But I think they doesn't noticeably change code to anything from original. Both versions are good but php sucks. ;)
In the code I like about style to use canProcess as replication of writing boring function call ProcessTransaction with parameter $ticketId over and over again, greatly reducing nonnecessary code replication.
Also I don't understand this were a daily wtf, there's not much special things in this.
Maybe I misunderstood and the daily wtf is the use of PHP. lol.
Admin
I still remember a bit of math. If you restrict the set of numbers to the set {0,1}, the multiplication operator becomes the same as the and operator. If you make 2=0 (yes, this is fairly typical mathematical procedure), then the addition operator becomes the exclusive-or which has very low precedence.
Admin
About the code up, WTF! I think this system doesn't like about && mark || mark or >= marks :)
Admin
She knew Boolean logic [AND] lap dances!
Is that
or
because #1 is a lot more interesting than #2.
Admin
Sorry, you are wrong. That analogy is only because you assign 0 to FALSE.
Time for a little game:
You find this artefact from an alien civilication. You know it's about logic but you don't know which symbol means TRUE and which symbol means FALSE; likewise you don't know which is AND and which is OR.
But you have the following table:
Z means NOT, that's for sure. Now tell me with more than 50% confidence what 2, ß, # and % mean.
Admin
The truth IS how you define it.
Admin
Yea. I graduated back in the day with a Philosophy degree, and ended up doing nothing but coding, so I went back and got my CS degree, along with another guy who'd dropped out of engineering school, and had a couple of years more programming experience than me.
Worked on a senior project with him, and two other guys. The two other guys were in another CS core class with me (Principles of Programming Languages: or, how to write 14 programs in 12 languages in one semester). So the first project comes around, and it's five parts. I did two, my friend did two, and the other jokers worked on the 5th part, and the PPL work the entire time (the project for that class was always due the day after the OS Design project). So while I felt bad for my friend, who was not in that class, I didn't mind so much for myself because how could they object to letting me have a copy of their work? I'll be honest here, I was so overloaded that semester, I didn't even care.
So I get a copy of their program, go home, and I can't get it to compile. Fiddle with it for a while, still can't get it to compile. So I worked on it over the weekend, and turned it in for 40% off the following week. We ended up getting 80% on the Os design project, because their piece didn't function at all, and I ended up getting a 58 on my PPL program, which I didn't mind so much because the class average turned out to be a 7. Almost everyone got a 5, which basically meant that your variable declarations were right.
What did the guys who gave me their code get? A 5. Did they ever turn in worthwhile code, for either class? No. We ditched them halfway through the semester, and they ended up getting terrible grades for the rest of the projects, while ours miraculously stayed the same.
Definitely was an eye-opener. Some dumb CS grads out there (they did graduate). I'd far rather stick with someone who can write good code, over someone who has a degree, though I admit, self-taught coders are often very sloppy. They don't necesarrily understand the whys, so stuff goes awry.
Admin
Boy, there's a bold statement. You fail to say anything meaningful whatsoever with the above. Let's examine it, shall we?
Now, we're looking at a situation where you are given a choice between working with two different people. The first person, you quite clearly note, writes "good code." Alright, we know that about Coder A. We don't know whether Coder A has a degree or not but, let's assume that he does not. So you're picking Coder A over Coder B. But who is Coder B?
Well, you say Coder B has a degree. Does he write "good code"? We don't know. All we know is that he has a degree.
Let's first assume that Coder B does have a degree. So, Coder A is a competant programmer and doesn't have a degree and Coder B is an incompetant programmer and does have a degree. So you're taking Coder A. Of course, removing the degree stipulations from the equation, you want someone who can code over someone who can't BIG SURPRISE!
Now let's look at the other possibility, Coder B can code and has a degree. Are you still taking Coder A over Coder B? If so - why?
Your statement is quite mysterious and under-thought. You may wish to expand upon it.
Sincerely,
Richard Nixon
Admin
Richard -- I immediately fire people clearly don't understand when certain things are implied and are not capable of understanding a statement in its context.
Admin
damn these typos ... see the correction, above.
Admin
I give up ..... [:$]
Admin
I immediately fire morons.
Sincerely,
Richard Nixon
Admin
My point (I guess I didn't state it that well) is that if the implication is that the guy with the degree can't code well, then the degree doesn't make a difference. The most important aspect of any programmer is the ability to code. That trumps everything. So saying, I want someone who can code over someone who can't code is just as true (and just as worthless a statement to make) as I want someone who can code and does not have a degree over someone who can't code and does have a degree.
I am going to get the kung-fu guy to fight you for the lack of understanding you've shown.
Sincerely,
Richard Nixon
Admin
hmmm ... you tell me
>>So saying, I want someone who can code over someone who can't code is just as true (and just as worthless a statement to make) as I want someone who can code and does not have a degree over someone who can't code and does have a degree.
But you just before that (and you were not quoting) you made that very "worthless" statement yourself:
>>The most important aspect of any programmer is the ability to code.
Come on , Richard ! I know you're doing your best, but I think even you can do better than this!
(see how annoying it is when people act as anal as you?! By the way ... You're fired ! And take your mayo with you!)
Admin
Ha. If you think you're doing a good impression of me with that post, you have a lot to learn. I will accept you as my protege. I was using that statement of simple fact (and worthless merit) to point out the larger thesis of my post - that the original post was saying something trivially obvious with ambiguous language that nullified even the limited merit of that triviality.
But we're getting away from the point. I made this observation and you replied and said basically that I am stupid for not seeing the implications in the original statement to which I was replying. Now, my statement in response to that was that assuming the implication, the statement is worthless. Do you disagree with that?
I know your whole day revolves around taking me down a peg but let's try to have a civilized discussion. Perhaps you'd like to meet at a cafe tonight to discuss this? I could use some coffee.
Sincerely,
Richard Nixon
Admin
True enough.
At what point do you expect someone to have caught on to how boolean expressions work? At what number of projects do you expect him to code boolean expressions effectively? For me, the answer is zero. He should have learned while he was learning about boolean expressions in his program.
Sincerely,
Gene Wirchenko
Admin
Well, I would say it is worthless to say that a statement which everyone knows is worthless, is worthless. Wouldn't you? So, therefore, the very thing which you were denouncing, you were doing!
HA!
Admin
There are companies and other employers where HR managers have no clue what "ability to code" really means so they just look at the degree.