Re: [ACFUG Discuss] Choosing a person with adequate CF skills
My first question would be are you hiring for an entry level, mid-level, or senior position? If you're hiring a senior position, none of the questions you outline is going to be worth a hill of beans for choosing the right candidate in my opinion. I come at this problem from the point of view of having been on many hundreds of interviews, having interviewed people a significant number of times as well, and making hiring decisions based on those interviews a number of times both successfully and unsuccessfully. In my humble opinion the technology world concentrates entirely too much on technology in an interview for a developer (or, for that matter, for a network engineer, DBA, etc., etc.) A few basic questions to decide whether or not the candidate is simply lying through their teeth on their resume are certainly in order. Maybe a few things like, What's the difference between == and ===? or Explain to me how a CFC differs from the Custom Tag of yore? or something that roughly targets the functional awareness you're targeting. Also, maybe a question or three about basic, non-language specific programming techniques are helpful. Some examples might be Can you explain to me some design patterns you've had experience with and why they were or were not the right choice in those situations? or Can you tell me what the difference is between a class and an object? Beyond about 20 or 30 minutes worth of this type of discussion, however, and all you're doing is showing off, or asking the candidate to show off, arcane and trivial knowledge. Developing software (web-delivered or otherwise) is not an eyes-closed operation, and any specific knowledge an employee needs to complete a task is readily available online, or in a book, or at a co-worker's desk, or in the company wiki, or...you get my point. So, knowing that a Java candidate, for example, knows off the top of his or her head what the differences between final, finally, and finalize is, is completely immaterial to whether or not he or she would be a good fit for your team. Here are what I consider the questions that one should have answers to at the end of a job interview, from the point of view of the interviewing agent (in order of increasing importance): 1) Is the candidate basically competent in the general skill set required? That is, for a software developer, do they have experience developing software in SOME language, do they understand BASIC concepts and can they apply those concepts. 2) Can the candidate express themselves well, professionally and competently? That is, do they speak clearly, do they explain things well enough but not TOO well? Do they understand the differences between site-specific knowledge and global knowledge? Do they grasp the language I use and understand what I'm saying, or, barring that, eloquently ask for clarifications that are logical and understandable? 3) Does the candidate's personality mesh well with the team they're going to be working with and will they likely enjoy being on the team? Will the team likely enjoy them being there? The great truth, at least in my experience, is that any competent developer can fairly quickly get up to speed on a new language or platform. However, to quote a good friend of mine (pardon the language) you can't fix asshole. I'll give you an example: It's been probably a decade since I did any significant ColdFusion work. I would seriously have to have a syntax book beside me for a week if I started writing it today. I've got a ton of Flex experience, though, and very recent experience using it. Would I be a good candidate for your position? Well, the answer is maybe. If I came into the interview and you asked me some question like, Can you tell me the difference between a class and an object? and I gave you the following answer: Well, um, [drums fingers on table] a class is like...you know...how something IS, like...you know...how like, all of them are made up and stuff...but...um...[drums fingers again] an object is like just one of them, like...just a single one, you know...like...[taps knuckles on chair arm]...you know what I'm saying? then the answer might change from maybe to no. However, if I said, Well, a class is the how an object-oriented design defines a real-world concept in code, and then an object is a single instance of that class that one can then do work on. the answer might start looking closer to yes. If you look at both answers closely it will become clear they ultimately say the same, or a very similar, thing. However, one shows much better communication and a much greater ability to express one's self than the other. Additionally, if you and I are sitting in the conference room with several senior members of your team, and someone cracks a joke. Let's say I mentioned something about when I was first learning to code and how I relied on a bunch of senior folks to help me along or something, and one of your team says, Well, if you can run, you walk, and if
Re: [ACFUG Discuss] Choosing a person with adequate CF skills
To answer the question directly, I would say that the most use from those more nuts bolts-oriented interviews is gained during interviews for entry-level folks. Folks who are the most likely to be in denial about their own abilities, and folks most likely to have serious deficiencies in their skill set. To answer it in a more lengthy fashion I'd say that your point that [you] estimate most companies do that(focus on language competence, algorithms, data-structures, Computer Science concepts like concurrency etc) is absoloutely true, and, in fact, the very thing I find problematic about interviewing in general. I think focusing on that type of interview is likely to get you an employee who is well-versed in interviewing, rather than someone who's a good fit for your team and a skilled, problem-solving developer. You go on to state that if someone has worked in CF for 3-4 years, he/she can get things done lot quickly in CF than someone who is a skilled developer in C/C++, but new to CF is generally only true for the first 2-4 weeks. After that the developer who was skilled in another language/platform is probably not even having to look at syntax documentation any more. So, if we all agree that the first month to 90 days of an employee's time on your team is the time period where they're relatively unproductive and a cost rather than an asset then it becomes an irrelevant distinction. Of course, if we don't agree on that timespan between hiring and actual productivity, your mileage will vary. I like Frank's point a lot about writing actual code versus looking at code on a page. I've used that technique a number of times to weed out candidates for entry-level or mid-level positions who were...let's call it optimistic about their skill set. Ultimately you've got to do whatever you feel is best for your team, and what you can feel confident about within the parameters your superiors have given you. For example, the CS degree requirement, which I didn't mention earlier (I assumed it came from on high), but one I feel is egregiously short-sighted as Dawn alluded to. My approach may not work well for you in the structured, vetted, everything-provable-on-paper environment at a University, but hopefully there was some insight there that helps in some way. At the very least, what I'd most like to see you take away from the discussion is that exposing a candidate to your whole team, or at least senior members of it, and getting their gut-feeling reactions afterwards is pretty important. The last thing you want to do is spend several thousand dollars hiring someone, then spend several MORE thousand on their salary and benefits and access cards and so forth, only to find out that that person grates on the very last nerve of five other employees and, while being able to quote the Gang of Four chapter and verse, lowers your overall productivity by virtue of incompatibility. At any rate, good luck to you! ~Jason On Tue, Mar 12, 2013 at 3:02 PM, Chris h_chris...@yahoo.com wrote: Thanks Jason. Position would be a bit mid-level since it expects 3-4 years in Flex/Coldfusion. Do you feel the questions are pointless now or are they too easy for mid-level position? 1, 2, 3 you listed are something most applicants might have today since each opening in the technology field attracts lot of well qualified candidates in today's market. I went through the books by Careercup, programming interviews exposed to get a feel of how developer interviews are done today and I estimate most companies do that(focus on language competence, algorithms, data-structures, Computer Science concepts like concurrency etc). The idea of language competence comes from if someone has worked in CF for 3-4 years, he/she can get things done lot quickly in CF than someone who is a skilled developer in C/C++, but new to CF. I imagine this is why lot of start-ups want people with N years of experience in the language/tool/database they are using. I appreciate your comments and suggestions. -- *From:* Jason Vanhoy jpvan...@gmail.com *To:* discussion@acfug.org *Sent:* Tuesday, March 12, 2013 2:11 PM *Subject:* Re: [ACFUG Discuss] Choosing a person with adequate CF skills My first question would be are you hiring for an entry level, mid-level, or senior position? If you're hiring a senior position, none of the questions you outline is going to be worth a hill of beans for choosing the right candidate in my opinion. I come at this problem from the point of view of having been on many hundreds of interviews, having interviewed people a significant number of times as well, and making hiring decisions based on those interviews a number of times both successfully and unsuccessfully. In my humble opinion the technology world concentrates entirely too much on technology in an interview for a developer (or, for that matter, for a network engineer, DBA, etc., etc.) A few basic
[ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG D iscuss] WT Heck is this character? �
It's this: http://www.fileformat.info/info/unicode/char/fffd/index.htm Hex value is FFFD On Wed, Dec 9, 2009 at 10:25 PM, Derrick Peavy derr...@derrickpeavy.comwrote: Yes and yes. But let me refine the question - WHAT IS THE CHARACTER??? I cannot find a way to trap it and I don't know the ASCII or other chr() * _* *Derrick Peavy* derr...@derrickpeavy.com 404-786-5036 * * *“Innovation distinguishes between a leader and a follower.” -Steve Jobs* *_* On Dec 9, 2009, at 10:20 PM, Dean H. Saxe wrote: trap? Do you mean prevent it from getting in your app? Use a whitelist. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Dec 9, 2009, at 7:09 PM, Derrick Peavy wrote: Can you see this character? It's a diamond with a question mark � How in the hell does one trap that? * _* *Derrick Peavy* derr...@derrickpeavy.com 404-786-5036 * * *“Innovation distinguishes between a leader and a follower.” -Steve Jobs* *_*
[ACFUG Discuss] Re: [ACFUG Discuss] RE: [ACFUG Discuss] Re: [ACFUG D iscuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] WT Heck is t his character? �
It's the unicode character used to replace an incoming character that the reading system has no idea how to handle. On Thu, Dec 10, 2009 at 9:17 AM, Troy Jones t...@dynapp.com wrote: I see this character sneak into code when I open something in Eclipse that was originally edited using some other editor or the file was originally created on a Mac. [image: da_logo_70x263]* ** ___ ** * *Troy Jones* | Director of Technical Services | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com http://www.dynapp.com/ | facebook.com/dynapp http://www.facebook.com/dynapp *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Jason Vanhoy *Sent:* Thursday, December 10, 2009 7:52 AM *To:* discussion@acfug.org *Subject:* [ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] Re: [ACFUG Discuss] WT Heck is this character? � It's this: http://www.fileformat.info/info/unicode/char/fffd/index.htm Hex value is FFFD On Wed, Dec 9, 2009 at 10:25 PM, Derrick Peavy derr...@derrickpeavy.com wrote: Yes and yes. But let me refine the question - WHAT IS THE CHARACTER??? I cannot find a way to trap it and I don't know the ASCII or other chr() * _* *Derrick Peavy* derr...@derrickpeavy.com 404-786-5036 *“Innovation distinguishes between a leader and a follower.” -Steve Jobs* *_* On Dec 9, 2009, at 10:20 PM, Dean H. Saxe wrote: trap? Do you mean prevent it from getting in your app? Use a whitelist. -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On Dec 9, 2009, at 7:09 PM, Derrick Peavy wrote: Can you see this character? It's a diamond with a question mark � How in the hell does one trap that? * _* *Derrick Peavy* derr...@derrickpeavy.com 404-786-5036 *“Innovation distinguishes between a leader and a follower.” -Steve Jobs* *_* image001.jpg
Re: [ACFUG Discuss] SQL Injection
Another thing that one can potentially determine from examining the logs after such attempts is whether or not there's someone specifically interested in your data, or is it more likely they're looking for *any* data that's easy to access, and you just happened to come up in the list. On Fri, Nov 20, 2009 at 10:00 AM, Teddy R. Payne teddyrpa...@gmail.comwrote: What text was being used for the attack, when the attack occured, where did the attack come from, was the attack successful, is there another way they could exploit that part of the application, how localized or widespread is the attack, and what is the potential risk of all the above in the terms of revenue, developer time, private data, and public confidence. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Fri, Nov 20, 2009 at 9:56 AM, Rudi Shumpert shump...@gmail.com wrote: Doing most of that. Except for the analysis later part. Anything specific you look for in doing the analysis? On Fri, Nov 20, 2009 at 9:50 AM, Teddy R. Payne teddyrpa...@gmail.comwrote: You start off by trapping the error. Prevent the transaction. Record the error somewhere more persistent for review and analysis later. Display an error to the user that matches your site with a meaningful message. Creating error trapping that can specifically identify these types of attempts could also reduce your noise to sound ratio as well. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Fri, Nov 20, 2009 at 9:44 AM, Rudi Shumpert shump...@gmail.comwrote: the stuff I'm seeing is nothing really new, just was wondering if there are some best practices on what do to after to stop the attempt. -Rudi On Fri, Nov 20, 2009 at 9:27 AM, Mischa Uppelschoten mischa.uppelscho...@bankersx.com wrote: I probably missed something, but this article is almost a year and a half old... what specifically is attempted now? : Hey folks, : I saw Johns tweet earlier this week about a new wave of SQL Injection ( and : link to a great article on it : http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-again : st-sql-injection-and-xss), and sure enough Im seeing ahuge upswing in : attempts. Over 100 failed attempts last night alone. : : We have taken the steps to prevent damage / harm, but I was wondering what : folks are doing after they stop the attempt. What kind of message if any do : you provide ? Are people checking the logs, and blocking IPs of the worst : offenders? Or something else? : : -Rudi Mischa Uppelschoten VP of Technology The Banker's Exchange, LLC. 4200 Highlands Parkway SE Suite A Smyrna, GA 30082-5198 Phone:(404) 605-0100 ext. 10 Fax:(404) 355-7930 Web:www.BankersX.com Follow this link for Instant Web Chat: http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN --- *Original Message* --- *From:* Rudi Shumpert shump...@gmail.com shump...@gmail.com *To:* discussion@acfug.org *Date:* Fri, 20 Nov 2009 06:47:20 -0500 *Subject: [ACFUG Discuss] SQL Injection* Hey folks, I saw John's tweet earlier this week about a new wave of SQL Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), and sure enough I'm seeing a huge upswing in attempts. Over 100 failed attempts last night alone. We have taken the steps to prevent damage / harm, but I was wondering what folks are doing after they stop the attempt. What kind of message if any do you provide ? Are people checking the logs, and blocking IP's of the worst offenders? Or something else? -Rudi - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com-
