quinta-feira, 17 de fevereiro de 2011

New Interview Questions for Senior Software Engineers

New Interview Questions for Senior Software Engineers: "

I'm putting together some practice interview questions for a friend who lost his job. I thought it'd be useful to crowd-source some questions from you, Dear Reader.

These questions should be more software design focused, less technical trivia like my previous two lists of interview questions:

Here's what I have so far.

  • What is SOLID?
  • Why is the Single Responsibility Principle important?
  • What is Inversion of Control? How does that relate to dependency injection?
  • How does a 3 tier application differ from a 2 tier one?
  • Why are interfaces important?
  • What is the Repository pattern? The Factory Pattern? Why are patterns important?
  • What are some examples of anti-patterns?
  • Who are the Gang of Four? Why should you care?
  • How do the MVP, MVC, and MVVM patterns relate? When are they appropriate?
  • Explain the concept of Separation of Concerns and it's pros and cons.
  • Name three primary attributes of object-oriented design. Describe what they mean and why they're important.
  • Describe a pattern that is NOT the Factory Pattern? How is it used and when?
  • You have just been put in charge of a legacy code project with maintainability problems. What kind of things would you look to improve to get the project on a stable footing?
  • Show me a portfolio of all the applications you worked on, and tell me how you contributed to design them.
  • What are some alternate ways to store data other than a relational database? Why would you do that, and what are the trade-offs?
  • Explain the concept of convention over configuration, and talk about an example of convention over configuration you have seen in the wild.
  • Explain the differences between stateless and stateful systems, and impacts of state on parallelism.
  • Discuss the differences between Mocks and Stubs/Fakes and where you might use them (answers aren't that important here, just the discussion that would ensue).
  • Discuss the concept of YAGNI and explain something you did recently that adhered to this practice.
  • Explain what is meant by a sandbox, why you would use one, and identify examples of sandboxes in the wild.
  • Concurrency
    • What's the difference between Locking and Lockless concurrency models?
    • What kinds of problems can you hit with locking model? And a lockless model?
    • What trade offs do you have for resource contention?
    • How might a task-based model differ from a threaded model?
    • What's the difference between asynchrony and concurrency?
  • Are you still writing code? Do you love it?
  • You've just been assigned to a project in a new technology how would you get started?
  • How does the addition of Service Orientation change systems? When is it appropriate to use?

Your thoughts? I'll add good questions from the comments throughout the day.



© 2011 Scott Hanselman. All rights reserved.



"

domingo, 13 de fevereiro de 2011

What All This MD5 Hash Stuff Actually Means [Technology Explained]

What All This MD5 Hash Stuff Actually Means [Technology Explained]: "

md5 hashIn a recent article about checking whether you were affected by Gawker’s hacking incident, one of the steps involved converting your email address into an MD5 hash.

We had a few questions from readers asking exactly what was going on, and why this process was necessary. It’s not our style to leave you guys asking questions, so here’s a full run-down of MD5, hashing and a small overview of computers and cryptography.

Cryptographic Hashing

MD5 stands for Message Digest algorithm 5, and was invented by celebrated US cryptographer Professor Ronald Rivest in 1991 to replace the old MD4 standard. MD5 is simply the name for a type of cryptographic hashing function Ron came up with, way back in ’91.

The idea behind cryptographic hashing is to take an arbitrary block of data and return a fixed-size “hash” value. It can be any data, of any size but the hash value will always be fixed. Try it for yourself here.

md5 hash

Cryptographic hashing has a number of uses, and there are a vast number of algorithms (other than MD5) designed to do a similar job. One of the main uses for cryptographic hashing is for verifying the contents of a message or file after transfer.

If you’ve ever downloaded a particularly large file (Linux distributions, that sort of thing) you’ll probably have noticed the hash value that accompanies it. Once this file has been downloaded, you can use the hash to verify that the file you downloaded is in no way different to the file advertised.

The same method works for messages, with the hash verifying that the message received matches the message sent. On a very basic level, if you and a friend have a large file each and wish to verify they’re exactly the same without the hefty transfer, the hash code will do it for you.

Hashing algorithms also play a part in data or file identification. A good example for this is peer to peer file sharing networks, such as eDonkey2000. The system used a variant of the MD4 algorithm (below) which also combined file’s size into a hash to quickly point to files on the network.

what is md5 hash

A signature example of this is in the ability to quickly find data in hash tables, a method commonly used by search engines.

Another use for hashes is in the storage of passwords. Storing passwords as clear text is a bad idea, for obvious reasons so instead they are converted to hash values. When a user inputs a password it is converted to a hash value, and checked against the known stored hash. As hashing is a one-way process, provided the algorithm is sound then there is theoretically little chance of the original password being deciphered from the hash.

Cryptographic hashing is also often used in the generation of passwords, and derivative passwords from a single phrase.

Message Digest algorithm 5

The MD5 function provides a 32 digit hexadecimal number. If we were to turn ‘makeuseof.com’ into into an MD5 hash value then it would look like: 64399513b7d734ca90181b27a62134dc. It was built upon a method called the Merkle–Damgård structure (below), which is used to build what are known as “collision-proof” hash functions.

what is md5 hash

No security is everything-proof, however and in 1996 potential flaws were found within the MD5 hashing algorithm. At the time these were not seen as fatal, and MD5 continued to be used. In 2004 a far more serious problem was discovered after a group of researchers described how to make two separate files share the same MD5 hash value. This was the first instance of a collision attack being used against the MD5 hashing algorithm. A collision attack attempts to find two arbritary outputs which produce the same hash value – hence, a collision (two files existing with the same value).

Over the next few years attempts to find further security problems within MD5 took place, and in 2008 another research group managed to use the collision attack method to fake SSL certificate validity. This could dupe users into thinking they are browsing securely, when they are not. The US Department of Homeland Security announced that: “users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use“.

md5 hash

Despite the government warning, many services still use MD5 and as such are technically at risk. It is however possible to “salt” passwords, to prevent potential attackers using dictionary attacks (testing known words) against the system. If a hacker has a list of random often-used passwords and your user account database, they can check the hashes in the database against those on the list. Salt is a random string, which is linked to existing password hashes and then hashed again. The salt value and resulting hash is then stored in the database.

If a hacker wanted to find out your users’ passwords then he would need to decipher the salt hashes first, and this renders a dictionary attack pretty useless. Salt does not affect the password itself, so you must always choose a hard-to-guess password.

Conclusion

MD5 is one of many different methods of identifying, securing and verifying data. Cryptographic hashing is a vital chapter in the history of security, and keeping things hidden. As with many things designed with security in mind, someone’s gone and broken it.

You probably won’t have to worry too much about hashing and MD5 checksums in your daily surfing habits, but at least now you know what they do and how they do it.

Ever needed to hash anything? Do you verify the files you download? Do you know of any good MD5 web apps? Let us know in the comments!

Intro image: Shutterstock


Do you like MakeUseOf articles? Don’t forget to share our articles with others! It’s really important to us.


Similar MakeUseOf Articles



"

Where and What Is U.S. Trading Internationally?

Where and What Is U.S. Trading Internationally?: "

The Commerce Department reported today that U.S. trade rebounded strongly in 2010. The following charts detail who we’re trading with, and what we’re trading.














"

How To Check If Someone Is Stealing Your WiFi – And What You Can Do About It

How To Check If Someone Is Stealing Your WiFi – And What You Can Do About It: "

wifi stealingWiFi running a bit slow lately? If your router is still using old security methods such as WEP, then there’s a very real possibility that someone has hacked in to steal your WiFi. In my article on Cool WiFi Devices You’ve Probably Never Heard Of, I showed you a $100 commercially available router that would automatically hack your WEP-protected WiFi network in less than half an hour. Apart from the obvious fact that your internet will be slower, the hacker might be using your internet to do nefarious evil things – all of which could easily be traced back to you. So how you can find out if someone is using your WiFi, and perhaps more importantly – what exactly can you do about it?

Check the devices associated with your router

This method is 100% guaranteed to see any devices registered on your network, but not every router contains this valuable info. Log in to your router by typing it’s IP address directly into the browser address bar. In most setups, either http://192.168.0.1 or http://192.168.1.1 should work, or it may be written on the router itself, along with the username and password you need to log in with. If you can’t find a password anywhere, and don’t remember changing it, then check the database of default passwords here, or phone your ISP (assuming they gave you the device).

Once logged in, look around a section called Attached Devices or Device List. On DD-WRT flashed routers, this is under the Status -> Wireless screen. You will find a list of all the IP addresses currently being used.

wifi stealing

On my standard Virgin Media router, I found a list under the IP filtering section.

monitor wifi network use

Of course, not all your devices will have helpful names, so you’ll need to figure out the IP address of each computer and WiFi device you own in order to cross-check them against the list. I covered how to find your IP address a few days ago when I showed you how to control your torrent client from your mobile. Don’t forget that an iPhone or Android phone will also have it’s own IP address if it’s using your WiFi, so you’ll need to account for those too.

Track Them Down Physically

This may be taking it a little far, but running the MoocherHunter live CD tracking suite will enable you physically hunt them down by triangulating network signals. Scary stuff, indeed. You’ll a directional antenna for this to work best.

What to do about it

Basic Security – Stop using WEP

Any router purchased in the last 5 years or so should be able to support a more secure authentication protocol, so log in to your router again and find the Wireless Settings screen.

Change the security options to either WPA or WPA2. WPA2 is more secure, but I find it’s incompatible with some of the devices on my network so I chose the option that allows for both. Don’t choose the Enterprise option as it is designed for companies with authentication servers. When choosing your password, make sure it is at least 15 characters long, includes upper and lower case letters, numbers, and punctuation.

monitor wifi network use

There are some other methods that people will typically advise you to take, but put simply – they don’t work:

Hiding your SSID: You can hide your network name so it won’t be seen, but freely available hacking tools such as Backtrack will reveal them instantly.

IP filtering: This blocks out a specific IP, but changing IP is as simple as refreshing the connection.

MAC filtering: More secure since it blocks a device via the unique hardware address that is given out when it’s manufactured, but again, anyone trying to steal your WiFi can easily “spoof” their MAC address.

Funny – Turn their internet upside down

For anyone with a spare PC or who doesn’t mind messing with the command line, you could create an open WiFi network specifically for these freeloaders, and run everything through a Linux proxy. The proxy can setup to cut directly into their internet stream, and one interesting outcome is that you can turn all their images upside down.

monitor wifi network use

Profit – Run a paid WiFi portal

If you install the open source DD-WRT, you can run a paid WiFi Hotspot portal. Set your own rates, never worry about payment processing (they handle everything), then just collect your check if someone has used your hotspot – you’ll get 75% of the money paid. Remember, you’ll need to live in a big city for this to be viable with lots of potential customers. I’ll look at this option more at a later date to show you exactly how you can set one up if you’re interested.

wifi stealing

Conclusion:

So your WiFi is feeling a little sluggish? The truth is that someone probably isn’t stealing your WiFi. More likely your computer is running slowly, or your router needs rebooting. You could also try boosting the WiFi signal.

Oh, and let us know in the comments if you’ve found people stealing your WiFi before, or have any amusing WiFi stories to tell.

Image Credit: ShutterStock


Hey Facebookers, make sure to check out MakeUseOf page on Facebook. Over 24,000 fans already!


Similar MakeUseOf Articles



"

Minha lista de blogs