Re: job screening question
On Thu, Jul 5, 2012 at 10:02 AM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? I perused the thread but lots of people have mentioned mtu discovery but not what happens on TCP and an issue with mss but not what happens - if there is a smaller mtu along the path the receive window fills up on the host initiating the connection and then the connection just times out. 2. Is the question too vague? Is there a clearer way to word it? It is way to confusing and may be better in a two part question and work up to it. Instead of asking if all ICMP is blocked put into to Type/Code with out giving away that it's the Maybe for HR ask more text book stuff like name the tcp flags or describe the tcp connection closing or what field determines if a packet can be fragmented and then compare that to how it works in IPv6. How big is the TCP or IP headers? How many with options? etc... 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
(please excuse the top post) If you want a great analysis of how this happened before, check out Clanchy#39;s book _From memory to written record_ about the implications of the spread of literacy as a technology in England in the 1300s. David Barak
Re: job screening question
On Mon, 9 Jul 2012, Jeroen van Aart wrote: William Herrin wrote: This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. I would say that the ability to quickly understand, troubleshoot and find a solution to a problem (and document it) is a far better skill to have than having ready made answers to interview questions learned by heart. It should take a skilled person less than 30 minutes to find the answer to that question and understand it too. The importance of knowing many things by heart has become incredibly moot. If you are applying for a network position, you better know the *basics*. Having to look up the basics is not a good sign. Do you really want to hire someone who is going to have to look up basic networking concepts for 30 minutes every time they are in a meeting and asked a question? -Dan
Re: job screening question
On 07/10/2012 03:32 AM, goe...@anime.net wrote: On Mon, 9 Jul 2012, Jeroen van Aart wrote: William Herrin wrote: This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. I would say that the ability to quickly understand, troubleshoot and find a solution to a problem (and document it) is a far better skill to have than having ready made answers to interview questions learned by heart. It should take a skilled person less than 30 minutes to find the answer to that question and understand it too. The importance of knowing many things by heart has become incredibly moot. If you are applying for a network position, you better know the *basics*. Having to look up the basics is not a good sign. Do you really want to hire someone who is going to have to look up basic networking concepts for 30 minutes every time they are in a meeting and asked a question? -Dan Hence the reason he mentioned skilled person...
Re: job screening question
On 7/10/12 6:56 AM, Bret Clark wrote: Hence the reason he mentioned skilled person... Right. A skilled person knows not to commit to anything in a meeting, or to at least validate what they think before they open their mouth. Depends on the audience, of course. At least in my environment, there is not an expectation for someone to be able to rattle off technical specifics from memory on demand - I've got an iPad and Google for that. General concepts and functionality/limitations/whatever are great in that setting, but no one asks for the level of detail that takes 30 minutes to research and digest in a meeting. The ability to remember obscure command line arguments, or parts of a protocol header don't have much value, when you can look it about 10 seconds. Anyone else noticed their memory has gotten worse since Google came along? :) David
Re: job screening question
David Coulson da...@davidcoulson.net writes: Anyone else noticed their memory has gotten worse since Google came along? :) Huh? Hasn't Google always been there? Bjørn
Re: job screening question
I think Ivan covered that http://blog.ioshints.info/2012/03/knowledge-and-complexity.html And also about hiring in general http://blog.ioshints.info/2009/12/certifications-and-hiring-process.html Many says that everything happens in the first 5 minutes of interview, right chemistry if you like - the rest of the hiring process you're looking for reasons to hire the person you like or for the reasons to reject someone you don't like. On Tue, Jul 10, 2012 at 1:05 PM, David Coulson da...@davidcoulson.net wrote: On 7/10/12 6:56 AM, Bret Clark wrote: Hence the reason he mentioned skilled person... Right. A skilled person knows not to commit to anything in a meeting, or to at least validate what they think before they open their mouth. Depends on the audience, of course. At least in my environment, there is not an expectation for someone to be able to rattle off technical specifics from memory on demand - I've got an iPad and Google for that. General concepts and functionality/limitations/whatever are great in that setting, but no one asks for the level of detail that takes 30 minutes to research and digest in a meeting. The ability to remember obscure command line arguments, or parts of a protocol header don't have much value, when you can look it about 10 seconds. Anyone else noticed their memory has gotten worse since Google came along? :) David
Re: job screening question
On 07/10/2012 03:56 AM, Bret Clark wrote: On 07/10/2012 03:32 AM, goe...@anime.net wrote: On Mon, 9 Jul 2012, Jeroen van Aart wrote: William Herrin wrote: This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. I would say that the ability to quickly understand, troubleshoot and find a solution to a problem (and document it) is a far better skill to have than having ready made answers to interview questions learned by heart. It should take a skilled person less than 30 minutes to find the answer to that question and understand it too. The importance of knowing many things by heart has become incredibly moot. If you are applying for a network position, you better know the *basics*. Having to look up the basics is not a good sign. Do you really want to hire someone who is going to have to look up basic networking concepts for 30 minutes every time they are in a meeting and asked a question? -Dan Hence the reason he mentioned skilled person... This all has to be tempered with the zeitgeist as what is basic knowledge now, will be charming history at some point. All of it. No, a vampire tap has nothing to do with Twilight. No, the difference between 74 and 54 series logic is not 20. All of us oldsters would do well to try to keep up with what's new and hip coming out of schools and grill them in an intelligent fashion. Better yet, let them teach you something which shows if they understand or whether they're just parroting stuff back. MIke
Re: job screening question
On Fri, Jul 06, 2012 at 09:36:47PM -0400, William Herrin wrote: On Fri, Jul 6, 2012 at 9:22 PM, Steven Noble sno...@sonn.com wrote: I have talked to companies who have job openings many months old for people who absolutely exist in the silicon valley. The hiring company just thinks the people who apply are over or under qualified. I thought someone was overqualified once. My decision was overridden. I turned out to be very glad it was. He didn't fit the role I thought I needed but I was able to turn him loose with minimal supervision. And I was able to go on vacation. :) That was so much more valuable. I've seen people turned away for being overqualified, when I would have hired them in a heartbeat. The HR types seem unable to comprehend that overqualified is not a bad thing, especially in the current economic climate, and that it includes qualified. Being able to bring someone in and then take vacation time without having to worry about things going casters-up is very valuable indeed. Now I know: tell the candidate about the work, all the work not just the job you thought you would hire for, and let him tell you whether any of it is beneath him. As long as you get all the skills you need on the team you can juggle the tasking. Unless you have a policy that Slot A only does Slot A work stuffed up some orifice. I've been there, and it is both stultifying and limiting. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: job screening question
On 12-07-09 12:57 PM, Mike Andrews wrote: Unless you have a policy that Slot A only does Slot A work stuffed up some orifice. I've been there, and it is both stultifying and limiting. Further to the above wisdom, if you truly care about your work it will either drive you crazy as you force yourself to fix things that aren't your problem, or as you start to force yourself not to care about someone else's crappy work. -- Looking for (employment|contract) work in the Internet industry, preferrably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.com
Re: job screening question
William Herrin wrote: This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. I would say that the ability to quickly understand, troubleshoot and find a solution to a problem (and document it) is a far better skill to have than having ready made answers to interview questions learned by heart. It should take a skilled person less than 30 minutes to find the answer to that question and understand it too. The importance of knowing many things by heart has become incredibly moot. Greetings, Jeroen -- Earthquake Magnitude: 4.4 Date: Tuesday, July 10, 2012 04:06:53 UTC Location: Central Alaska Latitude: 63.4533; Longitude: -149.4308 Depth: 110.60 km
Re: job screening question
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Sat Jul 7 23:11:09 2012 Date: Sat, 7 Jul 2012 23:09:54 -0500 Subject: Re: job screening question From: Jimmy Hess mysi...@gmail.com To: Keith Medcalf kmedc...@dessus.com Cc: nanog@nanog.org nanog@nanog.org On 7/7/12, Keith Medcalf kmedc...@dessus.com wrote: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) Unemployment Office Is That Way - Is the only 5 word answer I could come up with. The correct answer invalid netmask, is only two words. 5 words = The netmask is not valid. Also acceptable response; A netmask must be contiguous. Subnet/Netmask is '/31'-equivalennt, unusable. Subnet too small/tiny/miniscule/{other synonyms} too use. Invalid netmask under CIDR rules (also transpose first two words) Invalid netmask according to RFC[mumble} (also transpose first two words) Too many hosts for subnet. Twelve hosts will not fit. You've _got_ to be kidding! Apparent bit-rot in questions database If _written_, I't be tempted to respond: A) Netmask is '/31'-equivalent, unusable B) Invalid netmask under CIDR rules C) Apparent bit-rot in questions database D) Question probably itended LSB 248. E) Not enough bits in subnet F) too many hosts for subnet G) all of the above respones and then circle G. *EVIL* grin
Re: job screening question
On 2012-07-08 00:58, Jimmy Hess wrote: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) I don't much appreciate these types of questions where you expect an exact answer based on your own phrasing/ideas. If running through a form with questions like this, leave space for open-ended answers to give the person a chance to phrase and explain in his own ways. Don't let the final pass or no pass fall to a HR person who can't fully appreciate or know the details and see the actual clue in an unexpected answer. You might lose a lot of really good candidates by being too harsh on that. Its benefical to build a team of clued people with the right personality, interest and mentality to what they do rather than seek people who has taught themselves how to answer certification tests in a way they know the creator of the test expects them. :) Hire for attitude, train for skill! -- /ahnberg.
Re: job screening question
On Jul 7, 2012, at 6:03 PM, Randy randy_94...@yahoo.com wrote: snip When a number received in an IP packet is presented in network byte order, and the host architecture is big endian, what must be done to convert the number into host byte order? (one word answer) My response would be to have a field-day with HR talking about MSB and LSB. Certainly wouldn't be a one-word answer. So HR disqualifies me? What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have a scientific calculator handy; and I will get back to you with the complete-list. Definitely not 5 words as required from the HR stand point. So I get disqualified again! ./Randy Oh, come on, 247 decimal is 0xf7... A single zero bit in the mask isn't enough for 12 hosts no matter where it is. If you need a scientific calculator and 2 hours for that, HR is right. Matthew Kaufman Sent from my iPad
Re: job screening question
On 7/8/12, Matthew Kaufman matt...@matthew.at wrote: On Jul 7, 2012, at 6:03 PM, Randy randy_94...@yahoo.com wrote: My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have See, I would advocate using the filter questions for sorting the apps, and tell the applicants We're expecting a 5 words or less answer, not a history lesson or technical explanation.; if more than 25% of applicants out of say 1000 get it correct, then the filter is considered valid, and the ones that pass the most filter questions are the least likely to not be a waste of time. I'm not sure which era exactly in which you consider it legal and kosher to assign to a network, but even if you relax all the rules that require contiguity, it is still an illegal network mask for end hosts, just like 255.255.255.254 is; if an applicant doesn't flag it out as bad/invalid subnet mask in this era, then they might fail the filter, even if they correctly observe that you can't fit that many hosts in. a scientific calculator handy; and I will get back to you with the complete-list. A what? Definitely not 5 words as required from the HR stand point. So I get disqualified again! ./Randy Oh, come on, 247 decimal is 0xf7... A single zero bit in the mask isn't enough for 12 hosts no matter where it is. Correct... it's not even enough bits for 1 end host; it's enough bits for 1 broadcast address. If you need a scientific calculator and 2 hours for that, HR is right. Matthew Kaufman Sent from my iPad -- -JH
Re: job screening question
On Sun, Jul 8, 2012 at 2:23 PM, Jimmy Hess mysi...@gmail.com wrote: I'm not sure which era exactly in which you consider it legal and kosher to assign to a network, but even if you relax all the rules that require contiguity, it is still an illegal network mask for end hosts, just like 255.255.255.254 is; if an applicant doesn't flag it out as bad/invalid subnet mask in this era, then they might fail the filter, Well, the correct answer is that it IS invalid (because the real world routers tell us so) and this should be the only acceptable answer, but, just to be sure, /31s are valid, can be used, and are used. -- William McCall
Re: job screening question
Mattias Ahnberg wrote: Its benefical to build a team of clued people with the right personality, interest and mentality to what they do rather than seek people who has taught themselves how to answer certification tests in a way they know the creator of the test expects them. :) Just came across this tidbit: Technical Terms of Computer Science #515: Certification: A business model that compresses hot air to paper, then trades it for currency.
Re: job screening question
Cheaper then a college degree and doesn't require you to 'know the right person.' Technical Terms of Computer Science #515: Certification: A business model that compresses hot air to paper, then trades it for currency.
Re: job screening question
On 06/07/12 9:06 PM, Matthew Palmer wrote: Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. The best path is to have HR report the answer verbatim for the hiring manager to do the assessing. Then the hiring manager can decide which candidates proceed to the next level of interviews. jc
Re: job screening question
On Sat, Jul 07, 2012 at 11:01:29AM -0700, JC Dill wrote: On 06/07/12 9:06 PM, Matthew Palmer wrote: Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. The best path is to have HR report the answer verbatim for the hiring manager to do the assessing. Then the hiring manager can decide which candidates proceed to the next level of interviews. Two problems there: * We've already had mention made in this thread of the problems associated with HR attempting to record, verbatim, an answer provided by a candidate. Unless all your HR phone screeners are experienced stenographers (who, I will note, can typically command salaries far in excess of HR associates), their chances of getting an accurate record of a candidate's statements is slim. * If you're going to have to carefully examine each candidate's answers *anyway*, why not just get on the phone screen with them in the first place, and get HR out of the picture? At least that way you're not wasting money paying for HR people, and you can do a far more in-depth interview because you're there, in real-time, to ask follow-up questions. - Matt -- MySQL seems to be the Windows of the database world. Broken, underspecced, and mainly only popular due to inertia and people who don't really know what they're doing. -- Peter Corlett, in the Monastery
Re: job screening question
On Jul 7, 2012, at 11:13 AM, Matthew Palmer mpal...@hezmatt.org wrote: On Sat, Jul 07, 2012 at 11:01:29AM -0700, JC Dill wrote: On 06/07/12 9:06 PM, Matthew Palmer wrote: Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. The best path is to have HR report the answer verbatim for the hiring manager to do the assessing. Then the hiring manager can decide which candidates proceed to the next level of interviews. Two problems there: * We've already had mention made in this thread of the problems associated with HR attempting to record, verbatim, an answer provided by a candidate. Unless all your HR phone screeners are experienced stenographers (who, I will note, can typically command salaries far in excess of HR associates), their chances of getting an accurate record of a candidate's statements is slim. * If you're going to have to carefully examine each candidate's answers *anyway*, why not just get on the phone screen with them in the first place, and get HR out of the picture? At least that way you're not wasting money paying for HR people, and you can do a far more in-depth interview because you're there, in real-time, to ask follow-up questions. - Matt Yeah. We tried write down verbatim - epic fail. This was why we spent man-months of top level consultant time coming up with ( and fixing and evolving ) lists of twentyish questions per discipline with only one right answer and an answer the recruiter could tell was right or not. It's not easy. If you screen a thousand plus people a year it's a super win. If you screen ten or twenty you may just want your techie interviewer to do the short screen rather than figure out how the recruiter can. George William Herbert Sent from my iPhone
Re: job screening question
On Sat, Jul 7, 2012 at 2:13 PM, Matthew Palmer mpal...@hezmatt.org wrote: * If you're going to have to carefully examine each candidate's answers *anyway*, why not just get on the phone screen with them in the first place, and get HR out of the picture? At least that way you're not wasting money paying for HR people, and you can do a far more in-depth interview because you're there, in real-time, to ask follow-up questions. I don't know about you but my brain doesn't switch on a dime. I have to *prepare* to conduct a phone interview. And afterward I have to spool back up on whatever task I was working on. If a screening question can cut many candidates who I'll know in 5 minutes aren't the one, that saves me a lot more time than just the 5 minutes on the phone. Plus, frankly, I don't enjoy conducting interviews. It's necessary but I find it stressful. Where I can avoid it with minimal risk of missing the individual I actually want to hire, that makes me happy. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On 7/7/12, Matthew Palmer mpal...@hezmatt.org wrote: * We've already had mention made in this thread of the problems associated with HR attempting to record, verbatim, an answer provided by a candidate. [snip] Conversation should be recorded, then they don't have to write out the full text :) Asking a HR agent to vet a candidate's technical credentials, beyond verification of identity/history/certs, is like asking a blind person to administer a vision test. Possibly it can be done, but only within a very rigid framework requiring very little flexibility or knowledge from the test administrator. The HR agent should make it clear that the question is a screening question, to be answered as-is to their ability, and a short easily-recordable answer is expected. The ideal screening question should be either presented as multiple choice, or a question where a one word or one-sentence answer is expected. That can be written down very easily, and correctness/incorrectness should be obvious. Instead of asking for a definition of TCP, provide the definition, and ask for the one word or one number answer. When a number received in an IP packet is presented in network byte order, and the host architecture is big endian, what must be done to convert the number into host byte order? (one word answer) What commonly used protocol uses IP datagrams to provide a reliable transport? (one word answer) What IP protocol number has IANA assigned protocol number 1 to? (one word answer) The TCP/UDP port numbers below what number are considered well-known, and can only be bound by administrative users? (one number answer) What version of the IP datagram protocol is most widely deployed? (one number answer) How many bits are there in an IPv4 address? (one two-digit number answer) Host bits in an IPv4 address correspond to the bits in the network mask set to what value? (one single-digit number answer) Is 192.168.0.256 a valid ip address for a host on a private intranet? (one yes/no answer) Is 172.16.12.3 ? (one yes/no answer) What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) What TCP header flag should be set on the first packet sent by a connection initiator as part of a 3-way handshake? (one word answer) What TCP destination port numbers should be allowed through the perimeter stateful firewall device to and from a mail server whose only purpose is to proxy SMTP mail from internal sources? (one number answer) -- -JH
RE: job screening question
What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) Unemployment Office Is That Way - Is the only 5 word answer I could come up with. The correct answer invalid netmask, is only two words. What TCP destination port numbers should be allowed through the perimeter stateful firewall device to and from a mail server whose only purpose is to proxy SMTP mail from internal sources? (one number answer) Short Answer: There is no answer to the question that can be expressed in one number. Outbound connections to TCP destination port 25 only. Returning traffic (including associated ICMP) should be automatically handled by your stateful inspection firewall. If not, you need to buy a better firewall. Any applicant who provides any answer should the rejected out of hand as (a) being unable to read (b) being a threat to security. Unless, of course, you have misphrased the question. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: job screening question
snip When a number received in an IP packet is presented in network byte order, and the host architecture is big endian, what must be done to convert the number into host byte order? (one word answer) My response would be to have a field-day with HR talking about MSB and LSB. Certainly wouldn't be a one-word answer. So HR disqualifies me? What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have a scientific calculator handy; and I will get back to you with the complete-list. Definitely not 5 words as required from the HR stand point. So I get disqualified again! ./Randy
Re: job screening question
On Sat, 07 Jul 2012 18:03:43 -0700, Randy said: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) I'm not sure if that's a typo or excessive evil on the part of the questioner. ;) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. Yes, but even if it was *legal*, the subnet doesn't contain 12 addresses answer applies. ;) pgpsJQlGsXZz8.pgp Description: PGP signature
RE: job screening question
What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have a scientific calculator handy; and I will get back to you with the complete-list. Definitely not 5 words as required from the HR stand point. So I get disqualified again! Hehehe. Ok. So if this was 1986 then the answer would be: No Hosts on the Network. There is only 1 host bit, and both available addresses would be reserved for the directed-broadcast and subnet-broadcast address respectively, leaving no space for an actual host, let alone 12 of them. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: job screening question
! He has a really big penis, okay?” Jen just blurted it out. Both Kimber and Tasha perked up immediately. “His whole package is gigantic, all right? It’s like freakishly, unbelievably massive. He wears the baggy pants to hide the fact that he’s huge.” She focused on preparing the food and tried to avoid their gaze, blushing furiously. “I knew it!” Tasha jumped around the kitchen. “I knew you liked guys that were totally hung! Whenever we were watching porn, you always acted like you weren’t staring when the really big studs were on screen, but I knewyou were staring at them. So, Chris is hung like those guys? Wow! Do you think he would let us see it?” Kimber grabbed a kitchen towel and snapped it at Tasha’s butt. “Would you shut up? Just because you are fixated on pics and videos doesn’t mean that everyone is. Anyway, you would know that Jen had a thing for well-endowed guys if you ever listened to her talk about Todd.” “Who?”, asked Tasha, rubbing her butt. “Todd, the guy she dated when she was a senior in high school. Jen complains about what a spineless creep he was, but she dated him all year. She said he was ‘pretty big’ more than once, so she must have been willing to put up with him for that. Is Chris as big as Todd was, Jen?” Jen snorted out loud. “Ha! As if! Chris is over twice as big soft as Todd ever was, hard!” Am I really that transparent about my size fetish? I thought I hid it pretty well. “Hang on, that doesn’t make sense.” Tasha scrunched up her face, remembering. “When we were partying Friday before last, you said that your ex was almost nine inches. If Chris is twice as big soft, he would be eighteen inches long before he had a hard on. Did you mean that Chris is twice as big hardas Todd was soft? No, that doesn’t sound very impressive. I’m confused.” There was no way around it. Jen bit the bullet. “I meant what I said. Chris is over twice as big softas Todd was hard. He’s nineteen inches.” Both Tasha and Kimber erupted in unison. “No freaking way!” “You have to be kidding. That’s impossible,” said Kimber, shaking her head. “Pics or it didn’t happen!”, cried Tasha. “No! No pics! No questions! No staring! “ Jen waved the wooden spoon in warning. “I told you; he’s really shy about this. I don’t want to have to smuggle him past you guys each time we come in. He’s going to come out here and have dinner and hang out with us. Nobody’s taking pictures of him, orvideo, Tasha, and nobody’s posting about it on their blog, or Facebook, or Twitter. I mean it, Kimber. If you make one tweet about this, I will never forgive you.” She took a deep breath. “I like Chris, and I want him to feel like he can be himself with me, and not put on an act like he has to on campus, okay?” Both girls reluctantly nodded their acquiescence. Oh, crap. I forgot to mention the other thing. Jen turned back to her roommates. “There’s just one other thing.” “What now?” cried Kimber. “He has twothings?!?” exclaimed Tasha, shortly before Kimber snapped the towel at her again. “Chris not only has a really big penis, but his testicles are really big, too. They are large normally, but when he hasn’t ‘expressed’ himself for a while, they get enormous. Please don’t tease him about it, okay?” She looked to her roommates for their agreement. From: Keith Medcalf kmedc...@dessus.com To: nanog@nanog.org nanog@nanog.org Sent: Saturday, July 7, 2012 6:26 PM Subject: RE: job screening question What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. If you so desire, give me about 2 hours since I do not have a scientific calculator handy; and I will get back to you with the complete-list. Definitely not 5 words as required from the HR stand point. So I get disqualified again! Hehehe. Ok. So if this was 1986 then the answer would be: No Hosts on the Network. There is only 1 host bit, and both available addresses would be reserved for the directed-broadcast and subnet-broadcast address respectively, leaving no space for an actual host, let alone 12 of them. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: job screening question
On Sat, 7 Jul 2012 valdis.kletni...@vt.edu wrote: On Sat, 07 Jul 2012 18:03:43 -0700, Randy said: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) I'm not sure if that's a typo or excessive evil on the part of the questioner. ;) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. Yes, but even if it was *legal*, the subnet doesn't contain 12 addresses answer applies. ;) It's just a mask...you can do all sorts of crazy things with netmasks. The results of using unusual ones is not typically predictable or desireable to those who might accidentally use them. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: job screening question
the shower curtain at the end of each stroke, pushing it outward slightly. He was too far gone to be concerned, however. Chris finally reached his third, volcanic orgasm with a loud, guttural grunt. His first spurt of cum shot out all over the shower curtain with an audible splash, followed by a second, and third, and so on, until, a dozen surges later, Chris had pumped another pint or so of cum all over the interior of the shower, accompanied by loud moans and grunts with each ejaculation. Oh, yeah! What do you guys think of that?Chris finally paused in his frenzied masturbation, and realized that the shower room was quiet, other than his own shower. There was no sound of others showering, and no other voices echoing against the tiles. From: Jon Lewis jle...@lewis.org To: valdis.kletni...@vt.edu Cc: nanog@nanog.org Sent: Saturday, July 7, 2012 6:34 PM Subject: Re: job screening question On Sat, 7 Jul 2012 valdis.kletni...@vt.edu wrote: On Sat, 07 Jul 2012 18:03:43 -0700, Randy said: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) I'm not sure if that's a typo or excessive evil on the part of the questioner. ;) My response would be: Discontiguous subnet masks were allowed in the pre-CIDR era. Yes, but even if it was *legal*, the subnet doesn't contain 12 addresses answer applies. ;) It's just a mask...you can do all sorts of crazy things with netmasks. The results of using unusual ones is not typically predictable or desireable to those who might accidentally use them. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: job screening question
On Jul 7, 2012, at 5:44 PM, Keith Medcalf wrote: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) Unemployment Office Is That Way - Is the only 5 word answer I could come up with. The correct answer invalid netmask, is only two words. LoL... Even if you allowed for discontiguous subnet masks, you'd need to use 255.255.255.243 and not 255.255.255.247 to achieve 12 hosts. Not sure what 5 word answer you're looking for, but Keith's answer and mine are the two most obvious issues I can think of. What TCP destination port numbers should be allowed through the perimeter stateful firewall device to and from a mail server whose only purpose is to proxy SMTP mail from internal sources? (one number answer) Short Answer: There is no answer to the question that can be expressed in one number. Sure there is, if you count none as a number. Outbound connections to TCP destination port 25 only. Returning traffic (including associated ICMP) should be automatically handled by your stateful inspection firewall. If not, you need to buy a better firewall. I'd allow 25 and 465 outbound, myself. No reason to block SSL if the remote side offers the capability. ICMP wouldn't be a TCP destination port number anyway. Any applicant who provides any answer should the rejected out of hand as (a) being unable to read (b) being a threat to security. LoL... Some truth to that. Owen
FW: job screening question
(now copied to list as well) On Sat 07 July, 2012 at 20:32, Owen DeLong wrote: What TCP destination port numbers should be allowed through the perimeter stateful firewall device to and from a mail server whose only purpose is to proxy SMTP mail from internal sources? (one number answer) Short Answer: There is no answer to the question that can be expressed in one number. Sure there is, if you count none as a number. None, NIL, NUL, NULL would be valid I suppose if nulls were permitted. 0 however is not correct. Outbound connections to TCP destination port 25 only. Returning traffic (including associated ICMP) should be automatically handled by your stateful inspection firewall. If not, you need to buy a better firewall. I'd allow 25 and 465 outbound, myself. No reason to block SSL if the remote side offers the capability. http://www.imc.org/ietf-apps-tls/mail-archive/msg00204.html SMTPS is deprecated and port 465 is no longer registered for SMTPS (SMTP over SSL), it is now for record nameurd/name protocoltcp/protocol descriptionURL Rendesvous Directory for SSM/description number465/number /record So even though many folks may still run SMTPS on port 465, you SHOULD be using STARTTLS on port 25. ICMP wouldn't be a TCP destination port number anyway. Very true. The again, there is a significant proportion of the same experts who think DNS only runs over UDP ... Any applicant who provides any answer should the rejected out of hand as (a) being unable to read (b) being a threat to security. LoL... Some truth to that. You would be surprised how many people think that if you permit tcp host x.x.x.x any eq 25 to let traffic out, then you need permit tcp any eq 25 host x.x.x.x as the inverse to permit returning traffic. This is more of a problem when using packet filtering than it is when configuring stateful inspection firewalls. Nonetheless, the question does ask what should be opened to and from in order to proxy SMTP mail from internal sources. It could of course just be a brilliant question designed to detect such problems ... Owen Keith --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
Re: job screening question
On 7/7/12, Keith Medcalf kmedc...@dessus.com wrote: What's the problem with using 255.255.255.247 as a subnet mask if you want to make a LAN subnet with 12 hosts? (5 word answer) Unemployment Office Is That Way - Is the only 5 word answer I could come up with. The correct answer invalid netmask, is only two words. 5 words = The netmask is not valid. Also acceptable response; A netmask must be contiguous. Short Answer: There is no answer to the question that can be expressed in one number. Acceptable answers: None, or 25 Unacceptable answers: any number other than 25, or anything other than a one-word answer. (After your rep has told them that you expect a one-word answer, of course.) -- -JH
Re: job screening question
On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote: --- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. Don't get HR to do that sort of screening. They suck mightily at it. I lack any sort of HR department to get in the way, and I'm glad of it -- I don't see the value in having someone who doesn't know anything about the job get in the way of finding the right person for it. Sure, get 'em to do the scutwork of posting job ads, collating resumes, scheduling things and sending the lolz no! responses, but actually filtering? Nah, I'll do that bit thanks. If you have to have HR do a filter call, make it *really* simple, like What does TCP stand for? -- sadly, you'll still probably filter out half the applicants for a senior position... - Matt
Re: job screening question
Ok, so I read over Williams OP... I have 25 years IT experience... I've applied for a few jobs in my time... I thought to myself I'll have a crack with a few comments!!!... then I read down the next 30 posts and decided that perhaps I didn't really know enough about networking to really comment... ...and perhaps I needed a bit more grey hair and eat more RFCs for breakfast... ...then I read down the next 30 posts and realised that I really didn't know enough about computing to comment ...and perhaps my problem wasn't lack of grey hair, but just to much hair... ...Talk about a bunch of intimidating uber geeks! :) I suspect that when I read down the next 30 posts I'll just back away from the computer slowly knowing that I'm just not smart enough to use this device. But seriously guys, great thread with tons of really interesting stuff and a bunch of history. D On 6/07/2012 5:02 a.m., William Herrin wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699
Re: job screening question
Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on the basis that any senior person who knows what they're doing should know all the options to ps!. No, you useless tit, anyone who knows what they're doing should know how to read a bloody manpage. Beyond that, if by Senior the role is the one the other tech people turn to when they're out of knowledge/skills/ability, there's just too much breadth to remember every detail about every tool. Quite the opposite from remembering every option to a tool, it's impossible to even keep track of every tool. The job as senior people is to figure out the stuff that we don't always know within that company. The main benefit of questions for HR to ask is the bozon filter: make sure it's actually someone who does network, or systems, or database, or whatever work. If one question (or even 10) could reveal the level of responsibility someone were capable of, we wouldn't need the interview process.
Re: job screening question
I agree. Let the person talk do a few probing questions based off what they say. If you yourself have any value you should be able to tell if they have a chance. Also I would prefer someone who says I don't know for sure but maybe something along these lines, and then wants to know the right answer. Passion is also important, if you are willing to hire someone who is in it for just a paycheck, save yourself the headache and get a contractor. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote: Diogo Montagner diogo.montag...@gmail.com writes: For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. Frankly, this feels a bit like asking what the 9th byte in an IP header is used for (it's TTL, but who's, uh, counting?) -- That's why God gave us packet analyzers should be counted as an acceptable answer. If not, you'll find yourself skipping over plenty of extremely well qualified candidates in favor of those who have crammed recently for some sort of exam in hopes of compensating for their short CV. Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on the basis that any senior person who knows what they're doing should know all the options to ps!. No, you useless tit, anyone who knows what they're doing should know how to read a bloody manpage. Trivia tests get you hiring people who know trivia. Knowing trivia has it's productivity benefits, but if you can't apply it, it's useless. - Matt -- Politics and religion are just like software and hardware. They all suck, the documentation is provably incorrect, and all the vendors tell lies. -- Andrew Dalgleish, in the Monastery
Re: job screening question
A former manager of mine once told me you can gauge a persons understanding by the questions they ask and I personally agree with this statement. Most of us will be able to make a reasonable assessment of the person by listening to the content of their questions. I'm not looking for an immediate resolution, but trying to understand the thought process of the individual. I feel realistic scenarios provide some insight on the individual's analytical skills. A client cannot access the website http://xyz.com;. What do you do to troubleshoot this issue? Depending on the candidate, I've seen a variety of answers: 1) Can you ping the device? 2) Can you access the gateway? 3) What does the running config look like on the router 4) Is there a firewall in between I believe these questions may be asked in the right context provided there is enough information to isolate the issue to the network however the statement is devoid of anything useful that would make the network suspect. I would like to hear some questions such as: are other websites accessible? Or is the only website the client is experiencing issues with? was the website working previously? when did it start happening? what does the client see on their screen ? are they getting an error? These questions reflect the persons ability to accurately understand the problem before deep diving into the technical details. From there, you can get more technical. Client is receiving an HTTP 404 error. Great, rule out network since this is an application layer response... just my .02. On Fri, Jul 6, 2012 at 8:28 AM, joseph.sny...@gmail.com wrote: I agree. Let the person talk do a few probing questions based off what they say. If you yourself have any value you should be able to tell if they have a chance. Also I would prefer someone who says I don't know for sure but maybe something along these lines, and then wants to know the right answer. Passion is also important, if you are willing to hire someone who is in it for just a paycheck, save yourself the headache and get a contractor. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote: Diogo Montagner diogo.montag...@gmail.com writes: For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. Frankly, this feels a bit like asking what the 9th byte in an IP header is used for (it's TTL, but who's, uh, counting?) -- That's why God gave us packet analyzers should be counted as an acceptable answer. If not, you'll find yourself skipping over plenty of extremely well qualified candidates in favor of those who have crammed recently for some sort of exam in hopes of compensating for their short CV. Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on the basis that any senior person who knows what they're doing should know all the options to ps!. No, you useless tit, anyone who knows what they're doing should know how to read a bloody manpage. Trivia tests get you hiring people who know trivia. Knowing trivia has it's productivity benefits, but if you can't apply it, it's useless. - Matt -- Politics and religion are just like software and hardware. They all suck, the documentation is provably incorrect, and all the vendors tell lies. -- Andrew Dalgleish, in the Monastery -- -Matt Chung
Re: job screening question
On Fri, 06 Jul 2012 17:42:42 +1000, Matthew Palmer said: Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on Is that an African ps or a European ps? ;) pgprEsHT9Ps02.pgp Description: PGP signature
Re: job screening question
On 06/07/2012 16:12, valdis.kletni...@vt.edu wrote: On Fri, 06 Jul 2012 17:42:42 +1000, Matthew Palmer said: Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on Is that an African ps or a European ps? ;) I'll admit that I once asked a question like in an interview, but it was only because the candidate had said that he was an expert with the tar command. If you're going to be that full of poop on a CV, you should expect to be called up on it. [against my advice, the candidate was hired and was a disaster. I left the company shortly afterwards.] Nick
Re: job screening question
On Fri, Jul 6, 2012 at 11:50 AM, Nick Hilliard n...@foobar.org wrote: I'll admit that I once asked a question like in an interview, but it was only because the candidate had said that he was an expert with the tar command. If you're going to be that full of poop on a CV, you should expect to be called up on it. [against my advice, the candidate was hired and was a disaster. I left the company shortly afterwards.] That sounds like the guy who on his resume under training listed the 3-day course and certification he got in configuring Kentrox CSU/DSUs. The limited space one has on a resume to present oneself and that's what he chose to tell me. I understand that maybe his company made him do it but there are some things you just don't admit to. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
RE: job screening question
My response would be insufficient information provided for meaningful diagnosis. The following could be issues: ... the user does not have a computer ... the computer is not turned on ... the keyboard is not plugged in ... the user is a quadraplegic and cannot use the mouse or keyboard ... the user is blind and cannot find the computer ... the user has a computer but is not connected to a network ... the monitor is not turned on ... the brightness is turned down too far on the monitor ... the user is dead How does the user know that it cannot access the web site? --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org -Original Message- From: Matt Chung [mailto:itsmemattch...@gmail.com] Sent: Friday, 06 July, 2012 08:20 To: joseph.sny...@gmail.com Cc: nanog@nanog.org Subject: Re: job screening question A former manager of mine once told me you can gauge a persons understanding by the questions they ask and I personally agree with this statement. Most of us will be able to make a reasonable assessment of the person by listening to the content of their questions. I'm not looking for an immediate resolution, but trying to understand the thought process of the individual. I feel realistic scenarios provide some insight on the individual's analytical skills. A client cannot access the website http://xyz.com;. What do you do to troubleshoot this issue? Depending on the candidate, I've seen a variety of answers: 1) Can you ping the device? 2) Can you access the gateway? 3) What does the running config look like on the router 4) Is there a firewall in between I believe these questions may be asked in the right context provided there is enough information to isolate the issue to the network however the statement is devoid of anything useful that would make the network suspect. I would like to hear some questions such as: are other websites accessible? Or is the only website the client is experiencing issues with? was the website working previously? when did it start happening? what does the client see on their screen ? are they getting an error? These questions reflect the persons ability to accurately understand the problem before deep diving into the technical details. From there, you can get more technical. Client is receiving an HTTP 404 error. Great, rule out network since this is an application layer response... just my .02. On Fri, Jul 6, 2012 at 8:28 AM, joseph.sny...@gmail.com wrote: I agree. Let the person talk do a few probing questions based off what they say. If you yourself have any value you should be able to tell if they have a chance. Also I would prefer someone who says I don't know for sure but maybe something along these lines, and then wants to know the right answer. Passion is also important, if you are willing to hire someone who is in it for just a paycheck, save yourself the headache and get a contractor. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote: Diogo Montagner diogo.montag...@gmail.com writes: For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. Frankly, this feels a bit like asking what the 9th byte in an IP header is used for (it's TTL, but who's, uh, counting?) -- That's why God gave us packet analyzers should be counted as an acceptable answer. If not, you'll find yourself skipping over plenty of extremely well qualified candidates in favor of those who have crammed recently for some sort of exam in hopes of compensating for their short CV. Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on the basis that any senior person who knows what they're doing should know all the options to ps!. No, you useless tit, anyone who knows what they're doing should know how to read a bloody manpage. Trivia tests get you hiring people who know trivia. Knowing trivia has it's productivity benefits, but if you can't apply it, it's useless. - Matt -- Politics and religion are just like software and hardware. They all suck, the documentation is provably incorrect, and all the vendors tell lies. -- Andrew Dalgleish, in the Monastery -- -Matt Chung
Re: job screening question
On Jul 6, 2012, at 11:41 AM, Keith Medcalf wrote: My response would be insufficient information provided for meaningful diagnosis. The following could be issues: ... the user does not have a computer ... the computer is not turned on ... the keyboard is not plugged in ... the user is a quadraplegic and cannot use the mouse or keyboard ... the user is blind and cannot find the computer ... the user has a computer but is not connected to a network ... the monitor is not turned on ... the brightness is turned down too far on the monitor ... the user is dead I would argue that the fact the user filed a ticket/contacted the helpdesk/whatever to raise the issue indicates that the user probably isn't dead. The rest are semi-legitimate somewhat amusing answers, but you missed many possibilities. When providing such a list of answers, always include an etc. at the end so as to indicate your understanding that the list is not complete. ;-) How does the user know that it cannot access the web site? When did users become things? Probably a candidate that made this mistake should be dismissed from consideration on that basis alone. Owen -Original Message- From: Matt Chung [mailto:itsmemattch...@gmail.com] Sent: Friday, 06 July, 2012 08:20 To: joseph.sny...@gmail.com Cc: nanog@nanog.org Subject: Re: job screening question A former manager of mine once told me you can gauge a persons understanding by the questions they ask and I personally agree with this statement. Most of us will be able to make a reasonable assessment of the person by listening to the content of their questions. I'm not looking for an immediate resolution, but trying to understand the thought process of the individual. I feel realistic scenarios provide some insight on the individual's analytical skills. A client cannot access the website http://xyz.com;. What do you do to troubleshoot this issue? Depending on the candidate, I've seen a variety of answers: 1) Can you ping the device? 2) Can you access the gateway? 3) What does the running config look like on the router 4) Is there a firewall in between I believe these questions may be asked in the right context provided there is enough information to isolate the issue to the network however the statement is devoid of anything useful that would make the network suspect. I would like to hear some questions such as: are other websites accessible? Or is the only website the client is experiencing issues with? was the website working previously? when did it start happening? what does the client see on their screen ? are they getting an error? These questions reflect the persons ability to accurately understand the problem before deep diving into the technical details. From there, you can get more technical. Client is receiving an HTTP 404 error. Great, rule out network since this is an application layer response... just my .02. On Fri, Jul 6, 2012 at 8:28 AM, joseph.sny...@gmail.com wrote: I agree. Let the person talk do a few probing questions based off what they say. If you yourself have any value you should be able to tell if they have a chance. Also I would prefer someone who says I don't know for sure but maybe something along these lines, and then wants to know the right answer. Passion is also important, if you are willing to hire someone who is in it for just a paycheck, save yourself the headache and get a contractor. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote: Diogo Montagner diogo.montag...@gmail.com writes: For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. Frankly, this feels a bit like asking what the 9th byte in an IP header is used for (it's TTL, but who's, uh, counting?) -- That's why God gave us packet analyzers should be counted as an acceptable answer. If not, you'll find yourself skipping over plenty of extremely well qualified candidates in favor of those who have crammed recently for some sort of exam in hopes of compensating for their short CV. Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on the basis that any senior person who knows what they're doing should know all the options to ps!. No, you useless tit, anyone who knows what they're doing should know how to read a bloody manpage. Trivia tests get you hiring people who know trivia. Knowing trivia has it's
RE: job screening question
A client cannot access the website http://xyz.com; How does the user know that it cannot access the web site? When did users become things? Probably a candidate that made this mistake should be dismissed from consideration on that basis alone. How do you know that the client is a person? --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
RE: job screening question
DNA; Homo Sapien. Smart questions get smart answers. If you want HR to test technical knowledge just make a multiple choice test. (Course then you open a new can of worms). On Jul 6, 2012 3:16 PM, Keith Medcalf kmedc...@dessus.com wrote: A client cannot access the website http://xyz.com; How does the user know that it cannot access the web site? When did users become things? Probably a candidate that made this mistake should be dismissed from consideration on that basis alone. How do you know that the client is a person? Perhaps What language is the client written in, and what Operating System is it running on? would be a better response. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
RE: job screening question
I've dealt with: 1, (yes, no comp, tablet, game console, or other device, other than non-internet capable HDTV. They had also just purchased our fastest service package. They got irate said were switching to our competitor, who were cheaper anyway. Good news for them, we don't do minimum service contracts. Bad news for them, the competitor does. ) 2, 3, 6, 7, 8 also 'user has no power but computer is on UPS or generator and network gear is not'. More than once in most cases. Lots and lots of laptops with wireless card switch flipped to off accidently. And while I've never had a user call because they are unable to access a website because they are dead, I have had a non-user call/email about receiving NDR emails regarding email boxes belonging to one of our users we removed after notification that the owner was deceased. That's happened a few times. My call on dealing with that was something along the lines of 'That email address has either been changed or the account associated with it disconnected, and we are not at liberty to discuss the issue further due to customer privacy policies' which is exactly what I say when the other possibilities are true. Actually I had something similar to 'the user is dead'. Guy calls in to complain his internet is down. We dig through our system, no record he's a customer. After lots of hemming and hawing, admits he leeches unsecured wireless connection off next door neighbor. Next door neighbor's next of kin just had cable/internet turned off as she passed away, left power on while the move stuff out of house, so wireless signal was still present. For a while I had 3 businesses in the same building that shared the same internet connection; However only one was listed on the account/paid the bill. Problem A) slow internet (metrics showing that their inbound or outbound is pegged, also the company paying bought the cheapest package available) Problem B) Cross business compromising of information, printing stuff in other offices (two of them were even direct competitors, effectivly) sharing drives across bussinesses, a virus outbreak that kept respreading through the network because one office didn't seem to care they had a worm, and C) company that owned/paid for connection had a tendancy to ignore late notices, because of billing schedule stuff the cutoff's would happen on Thursday, the person at that company with the authority to write checks only worked Mon-Wed From: Owen DeLong [o...@delong.com] Sent: Friday, July 06, 2012 1:53 PM To: Keith Medcalf Cc: nanog@nanog.org Subject: Re: job screening question On Jul 6, 2012, at 11:41 AM, Keith Medcalf wrote: My response would be insufficient information provided for meaningful diagnosis. The following could be issues: ... the user does not have a computer ... the computer is not turned on ... the keyboard is not plugged in ... the user is a quadraplegic and cannot use the mouse or keyboard ... the user is blind and cannot find the computer ... the user has a computer but is not connected to a network ... the monitor is not turned on ... the brightness is turned down too far on the monitor ... the user is dead I would argue that the fact the user filed a ticket/contacted the helpdesk/whatever to raise the issue indicates that the user probably isn't dead. The rest are semi-legitimate somewhat amusing answers, but you missed many possibilities. When providing such a list of answers, always include an etc. at the end so as to indicate your understanding that the list is not complete. ;-) How does the user know that it cannot access the web site? When did users become things? Probably a candidate that made this mistake should be dismissed from consideration on that basis alone. Owen -Original Message- From: Matt Chung [mailto:itsmemattch...@gmail.com] Sent: Friday, 06 July, 2012 08:20 To: joseph.sny...@gmail.com Cc: nanog@nanog.org Subject: Re: job screening question A former manager of mine once told me you can gauge a persons understanding by the questions they ask and I personally agree with this statement. Most of us will be able to make a reasonable assessment of the person by listening to the content of their questions. I'm not looking for an immediate resolution, but trying to understand the thought process of the individual. I feel realistic scenarios provide some insight on the individual's analytical skills. A client cannot access the website http://xyz.com;. What do you do to troubleshoot this issue? Depending on the candidate, I've seen a variety of answers: 1) Can you ping the device? 2) Can you access the gateway? 3) What does the running config look like on the router 4) Is there a firewall in between I believe these questions may be asked in the right context provided there is enough information to isolate the issue to the network however the statement is devoid of anything
Re: job screening question
--- d...@bowenvale.co.nz wrote: From: Don Gould d...@bowenvale.co.nz I have 25 years IT experience... I've applied for a few jobs in my time... I thought to myself I'll have a crack with a few comments!!!... then I read down the next 30 posts and decided that perhaps I didn't really know enough about networking to really comment... snip But seriously guys, great thread with tons of really interesting stuff and a bunch of history. --- Sure as heck had me going to search engines to make sure I knew the answers... ;-) And, yes, it was an interesting thread. scott
Re: job screening question
On Jul 6, 2012, at 12:23 PM, Tyler Haske wrote: DNA; Homo Sapien. Smart questions get smart answers. If you want HR to test technical knowledge just make a multiple choice test. (Course then you open a new can of worms). One of my employers did exactly this. I provided the answers I believed to be most likely what they were looking for in addition to a set of corrections to the questions. Owen
Re: job screening question
On Fri, 6 Jul 2012, Nick Hilliard wrote: On 06/07/2012 16:12, valdis.kletni...@vt.edu wrote: On Fri, 06 Jul 2012 17:42:42 +1000, Matthew Palmer said: Ugh, I know someone (thankfully no longer a current colleague) who ardently *defends* his use of questions like what does the -M option to ps do? on Is that an African ps or a European ps? ;) I'll admit that I once asked a question like in an interview, but it was only because the candidate had said that he was an expert with the tar command. If you're going to be that full of poop on a CV, you should expect to be called up on it. This is what baffles me. People keep putting stuff on their resume that they simply don't know anything about. TCP/IP expert, yet they don't know SYN/SYNACK/ACK or subnetting. HTTP expert but they don't know what a 200 response is. -Dan
Re: job screening question
On Fri, 06 Jul 2012 15:07:51 -0700, goe...@anime.net said: This is what baffles me. People keep putting stuff on their resume that they simply don't know anything about. TCP/IP expert, yet they don't know SYN/SYNACK/ACK or subnetting. HTTP expert but they don't know what a 200 response is. The Friday afternoon cynic in me says it's because it's a move with positive paybacks. There's 3 basic possibilities: 1) You send the puffed resume to a company with clue, it gets recognized as puffed, and you don't get the job. Zero loss, you weren't going to get that job anyhow. 2) You send a boring unpuffed resume to a company sans clue. They recognize it as boring because there's only 3 buzzwords on 2 pages, and you don't get the job. Loss. 3) You send a puffed resume, and the guy doing the hiring doesn't know what the 3-packet mating call of the Internet is *either*. Win. pgp1tJ6UtGzQB.pgp Description: PGP signature
Re: job screening question
Pascal's wager.. almost :) On Fri, Jul 6, 2012 at 7:25 PM, valdis.kletni...@vt.edu wrote: On Fri, 06 Jul 2012 15:07:51 -0700, goe...@anime.net said: This is what baffles me. People keep putting stuff on their resume that they simply don't know anything about. TCP/IP expert, yet they don't know SYN/SYNACK/ACK or subnetting. HTTP expert but they don't know what a 200 response is. The Friday afternoon cynic in me says it's because it's a move with positive paybacks. There's 3 basic possibilities: 1) You send the puffed resume to a company with clue, it gets recognized as puffed, and you don't get the job. Zero loss, you weren't going to get that job anyhow. 2) You send a boring unpuffed resume to a company sans clue. They recognize it as boring because there's only 3 buzzwords on 2 pages, and you don't get the job. Loss. 3) You send a puffed resume, and the guy doing the hiring doesn't know what the 3-packet mating call of the Internet is *either*. Win.
Re: job screening question
On 06/07/2012 23:25, valdis.kletni...@vt.edu wrote: The Friday afternoon cynic in me says it's because it's a move with positive paybacks. There's 3 basic possibilities: 1) You send the puffed resume to a company with clue, it gets recognized as puffed, and you don't get the job. Zero loss, you weren't going to get that job anyhow. 2) You send a boring unpuffed resume to a company sans clue. They recognize it as boring because there's only 3 buzzwords on 2 pages, and you don't get the job. Loss. 3) You send a puffed resume, and the guy doing the hiring doesn't know what the 3-packet mating call of the Internet is *either*. Win. or: 4) you get caught out in the interview as being puffed up, but the company hires you anyway despite strongly worded objections from the interviewer, causing the interviewer's eyes to spin in their sockets at the inanity of the decision. You then spend your entire employment at the company proving your ineptitude beyond all possible doubt. I think this is a win, is it? Nick
Re: job screening question
On Sat, 07 Jul 2012 00:07:57 +0100, Nick Hilliard said: 4) you get caught out in the interview as being puffed up, but the company hires you anyway despite strongly worded objections from the interviewer, causing the interviewer's eyes to spin in their sockets at the inanity of the decision. You then spend your entire employment at the company proving your ineptitude beyond all possible doubt. I think this is a win, is it? Yeah - it's a better gig than you would have landed otherwise, isn't it? :) pgp4We06zCtrV.pgp Description: PGP signature
Re: job screening question
On Fri, Jul 6, 2012 at 4:43 PM, Steven Noble sno...@sonn.com wrote: On Jul 6, 2012, at 4:16 PM, George Herbert george.herb...@gmail.com wrote: 6) Puffed it up a little (worked with Cisco routers, but in the 7200 era, and hasn't categorized skills as recent / older), but hasn't outright lied. The 7200 is still a heavily used platform today. It has no correlation with current skill sets IMHO. Would s/7200/2500/g be an adequate correction? I know of customers who still have 7200s as well, but in the context of ISP network engineering... Perhaps I'm wrong, but my impression is people on this list have generally moved on by now. Context matters. One can always point to lingering examples of older technology (if nowhere else, the Computer History Museum 8-). The question is whether the skill is relevant in context. I built a nationwide T-1 backbone out of Livingston IRXes once (in the early 90s) - the IRX left my resume by the late 1990s. I know of at least one still humming away in a closet, but it's not a relevant technology. I also learned (some) shell commands on a Vax 11/750 when they were new and used Apple II's when they were new, and so on. None of these are resume-appropriate now, unless I want a job at the Computer History Museum. If people don't bother to clean up the resume, either they don't understand what's relevant now, or they don't care, or they're trying to hide something. -- -george william herbert george.herb...@gmail.com
Re: job screening question
On Fri, Jul 06, 2012 at 04:18:21PM +1000, Matthew Palmer wrote: On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote: --- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. Don't get HR to do that sort of screening. They suck mightily at it. I lack any sort of HR department to get in the way, and I'm glad of it -- I don't see the value in having someone who doesn't know anything about the job get in the way of finding the right person for it. Sure, get 'em to do the scutwork of posting job ads, collating resumes, scheduling things and sending the lolz no! responses, but actually filtering? Nah, I'll do that bit thanks. If you have to have HR do a filter call, make it *really* simple, like What does TCP stand for? -- sadly, you'll still probably filter out half the applicants for a senior position... I've noticed a strong correlation between people who don't know what acronyms stand for, and competence. People who don't know anything try and figure out what the acronym stands for - people who want to understand things see it as just a place holder. Myself, I'm stumbling.. is TCP like GNU (GNU's Not Unix) and someting like TCP Control Protocol. Or is it Transmission Contrl Protocol? Or is it something else all together. Really at the end of the day - it doesn't matter. Maybe it's more significant to ask what the difference between TCP and UDP is. One thing people seem to like to bring up again and again is subnetting questions, which to me seem quite simple on the surface - but can get a little more complicated. Like when you have a /24 subnet routed to a customer, how many IP addresses can they use? 254? 253? To my thinking - if it's a routed subnet that means the gateway is on a different address, and it'd be prudent to still have the double broadcast addresses. It is also possible to utilise all 256 addresses. I think where the most significant differences lie isn't in how people can answer verbal or written questions with simple problems but in how quickly people can diagnose complicated of confusing situations. Although often there are steps people can take to mitigate against such, things like foreign DHCP server on the network. Someone stealing the gateway's IP address leading to intermittent connectivity, but still being able to ping the gateway, and other hosts on the network just not outside the network some of the time. Routing loops, incorrect subnet masks. (like when people stick a /24 netmask on a /27 then can't reach another adjacent /27) I think that anyone reasonable competent should be able to figure these things out - but by seeing how they approach these things, how quickly they can diagnose, and fix, and what level of disruption they cause trying to fix the problem are all significant. Like in the someone stealing gateway address - say there's a file server, printer etc on the local subnet, and people are busy working, then it's probably better not being able to access the larger network, and to keep the local connectivity, but some people seem to have the idea when things aren't working quite right that it's ok to disrupt what is working right. Ben.
Re: job screening question
On Jul 6, 2012, at 5:04 PM, George Herbert george.herb...@gmail.com wrote: On Fri, Jul 6, 2012 at 4:43 PM, Steven Noble sno...@sonn.com wrote: On Jul 6, 2012, at 4:16 PM, George Herbert george.herb...@gmail.com wrote: 6) Puffed it up a little (worked with Cisco routers, but in the 7200 era, and hasn't categorized skills as recent / older), but hasn't outright lied. The 7200 is still a heavily used platform today. It has no correlation with current skill sets IMHO. Would s/7200/2500/g be an adequate correction? I know of customers who still have 7200s as well, but in the context of ISP network engineering... Perhaps I'm wrong, but my impression is people on this list have generally moved on by now. Context matters. One can always point to lingering examples of older technology (if nowhere else, the Computer History Museum 8-). The question is whether the skill is relevant in context. I built a nationwide T-1 backbone out of Livingston IRXes once (in the early 90s) - the IRX left my resume by the late 1990s. I know of at least one still humming away in a closet, but it's not a relevant technology. I also learned (some) shell commands on a Vax 11/750 when they were new and used Apple II's when they were new, and so on. None of these are resume-appropriate now, unless I want a job at the Computer History Hi George, I sent the message too soon :( I meant to say more about how the equipment is not as important as the drive and willingness to work with what you have. I have talked to companies who have job openings many months old for people who absolutely exist in the silicon valley. The hiring company just thinks the people who apply are over or under qualified. All of the great coders, engineers, etc started somewhere. The main thing that separates them from the posers and acronym namers is the willingness to grow, learn and dig in. I like people who run 2500s in their house, or dd-wrt. It shows they are willing to try something and learn.
Re: job screening question
Die proxy arp die. (and that's not German). I've had a job or consulting gig or two that has inadvertently had this as the hidden glue making things work. (wha, you can't route that subnet out an Ethernet interface without a next hop? It's always worked) I fight with sysadmins to this day about the concept of a broadcast domain and subnet... If I hear another case of someone saying that switch is the 80 subnet when there are 3 co-existing /24s in that domain I may go crazy I've cleaned up a lot of poor host and network management and it's amazing how much a difference the hardware operates without the hacks. Jared Mauch On Jul 6, 2012, at 8:51 PM, Ben Aitchison b...@meh.net.nz wrote: Routing loops, incorrect subnet masks. (like when people stick a /24 netmask on a /27 then can't reach another adjacent /27)
Re: job screening question
On Fri, 06 Jul 2012 17:04:16 -0700, George Herbert said: If people don't bother to clean up the resume, either they don't understand what's relevant now, or they don't care, or they're trying to hide something. OK. I admit it. My resume still lists that I spent a few years hacking assembler code for OS/VS1 and HASP 30 years ago. But it's there as one endpoint, that wanders from there, to IBM's VM, to SunOS, and Sendmail, some AIX and 8 or 9 other Unix flavors (anybody else remember UTX/32? If so, we need to share a few beers and swap stories:), computer security, to supporting SGI virtual reality systems in the late 90s (IR2 graphics pipes, woo-hoo), to Linux (my code is in every Android phone out there. OK, only a few dozen lines, but still ;), helped build a top-5 supercomputer and a few other things along the way, and now I mostly do high-performance storage infrastructure. Oh, and a paper in the IEEE Transactions on Nuclear Science along the line. ;) So no. OS/VS1 isn't relevant now. What *is* relevant now is that I have 3 decades of experience at being tossed new stuff by the boss and getting up to speed on it fast. The day my boss walks into my office and says We've got this new... and I'm unable to get up to speed on it faster than anybody else in the shop is the day it's time for me to retire. ;) So the OS/VS1 reference stays. ;) pgpOyNNEUFMli.pgp Description: PGP signature
Re: job screening question
On Fri, Jul 06, 2012 at 09:19:48AM -0500, Matt Chung wrote: A former manager of mine once told me you can gauge a persons understanding by the questions they ask and I personally agree with this statement. Most of us will be able to make a reasonable assessment of the person by listening to the content of their questions. I'm not looking for an immediate resolution, but trying to understand the thought process of the individual. I feel realistic scenarios provide some insight on the individual's analytical skills. A client cannot access the website http://xyz.com;. What do you do to troubleshoot this issue? it's blocking icmp echo.. dns works.. with multiple regional dns servers.. the page loads for me.. has a modern tcp/ip stack, probably linux judging by an initial window size of 14600 .. hosted on amazon web services... I'd imagine that they're unlikely to be blocking icmp totally.. and just the echo.. but there's still that possibility... (yeah I know it's just an example) Depending on the candidate, I've seen a variety of answers: 1) Can you ping the device? 2) Can you access the gateway? 3) What does the running config look like on the router 4) Is there a firewall in between heh,.. think i've been on the internet too long. i think from the destination site not working and what could be wrong with it.. then work my way back to the client. of course i completely skipped in my thinking that maybe other sites don't work too, and that there could be malware... and i didn't actually try going to the site with anything other than curl... i suppose a big part of that particular problem is figuring out if it's at their end - a greater problem - or an actual problem getting to the site. I believe these questions may be asked in the right context provided there is enough information to isolate the issue to the network however the statement is devoid of anything useful that would make the network suspect. I would like to hear some questions such as: are other websites accessible? Or is the only website the client is experiencing issues with? was the website working previously? when did it start happening? what does the client see on their screen ? are they getting an error? yeah that's a good idea :) my order is probably assuming there may be a more complicated issue, when it could be a simple problem, which actually seems to be quite common from what i've experienced with technical people. oh! the network cable was unplugged! These questions reflect the persons ability to accurately understand the problem before deep diving into the technical details. From there, you can get more technical. Client is receiving an HTTP 404 error. Great, rule out network since this is an application layer response... Some of those type problems have got a lot more complicated. Like - that could be a transparent proxy caching an HTTP 404... or the web site could be hosted in multiple locations and not syncing between them properly, which could still require some level of debugging.. or someone somehow managed to advertise the hosts subnet with a more preferred route, then doesn't have the content. Or say someone's decided to do something fancy like give different IP's back from DNS but giving internal IP addresses back to the local farm.. but they've decided to use Amazon DNS servers.. and set them to give IP .. but the customer happens to be using Amazon DNS servers because they're hosting a web site on Amazon, and for some reason thought it'd be a good idea.. and then the internal IP address of course doesn't have the content. I suppose that's still application level to some points of view. It doesn't make the site magically work though, or figure out what's causing it. Also from my experience, I don't tend to find out one website's not working unless it is working on/off or for other people, and the most common situation seems to be some kind of load balancing with one mirror not working, and I find it helpful to check from a few locations. And sometimes doing dns lookups, on multiple DNS servers, and seeing a different IP and using curl -x ip:80 seems to be the easiest way to check this. But that's assuming a transparent proxied network, which tends to mean MTU issues show up as instead banking web sites aren't working. Which can show up sometimes when people change routers to one not doing MSS-clamping, and operate at 1492 MTU... The issue is significant enough, and the problem hard enough for helpdesk type people to diagnose that it's common for MSS clamping to be set at a network level for networks with a significant amount of people with 1500 MTU. Ben.
Re: job screening question
On Fri, Jul 6, 2012 at 9:22 PM, Steven Noble sno...@sonn.com wrote: I have talked to companies who have job openings many months old for people who absolutely exist in the silicon valley. The hiring company just thinks the people who apply are over or under qualified. I thought someone was overqualified once. My decision was overridden. I turned out to be very glad it was. He didn't fit the role I thought I needed but I was able to turn him loose with minimal supervision. And I was able to go on vacation. :) That was so much more valuable. Now I know: tell the candidate about the work, all the work not just the job you thought you would hire for, and let him tell you whether any of it is beneath him. As long as you get all the skills you need on the team you can juggle the tasking. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On Fri, Jul 6, 2012 at 8:51 PM, Ben Aitchison b...@meh.net.nz wrote: Like when you have a /24 subnet routed to a customer, how many IP addresses can they use? 254? 253? To my thinking - if it's a routed subnet that means the gateway is on a different address, and it'd be prudent to still have the double broadcast addresses. It is also possible to utilise all 256 addresses. There can be hidden down sides to trying that. I tried to use all 17 addresses from my Cox Business Internet /28 (the 16 in the /28 and the router's external address). Rigged it as a /24 inside and used proxy arp to move the outside addresses back out including the fake .1 default gateway that the router offered arp for but didn't hold. Only the first 16 of the 17 addresses worked. Which 16? Why, the first 16 the cable modem saw a packet from after power-on. Made for some interesting debugging. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On 07/06/2012 16:16, George Herbert wrote: On Fri, Jul 6, 2012 at 4:07 PM, Nick Hilliard n...@foobar.org wrote: On 06/07/2012 23:25, valdis.kletni...@vt.edu wrote: The Friday afternoon cynic in me says it's because it's a move with positive paybacks. There's 3 basic possibilities: 1) You send the puffed resume to a company with clue, it gets recognized as puffed, and you don't get the job. Zero loss, you weren't going to get that job anyhow. 2) You send a boring unpuffed resume to a company sans clue. They recognize it as boring because there's only 3 buzzwords on 2 pages, and you don't get the job. Loss. 3) You send a puffed resume, and the guy doing the hiring doesn't know what the 3-packet mating call of the Internet is *either*. Win. or: 4) you get caught out in the interview as being puffed up, but the company hires you anyway despite strongly worded objections from the interviewer, causing the interviewer's eyes to spin in their sockets at the inanity of the decision. You then spend your entire employment at the company proving your ineptitude beyond all possible doubt. I think this is a win, is it? There's also 5) Didn't have enough clue about the real world to know you were puffing your resume up. 6) Puffed it up a little (worked with Cisco routers, but in the 7200 era, and hasn't categorized skills as recent / older), but hasn't outright lied. 7) Were the beneficiary of some professional resume service/headhunter. You know how to spell 'aych-tee-tee-pee'? Let's list that! -- If you're never wrong, you're not trying hard enough
Re: job screening question
On Fri, 6 Jul 2012, George Herbert wrote: If people don't bother to clean up the resume, either they don't understand what's relevant now, or they don't care, or they're trying to hide something. Or they want to show they've been doing it long enough that they have experience working with older gear younger people may not have even heard of. I have experience with Portmasters, Pipelines, and home built Linux multiport dialup PPP servers. None are relevant today. IMO, at least the latter demonstrates some skills. Rolling your own 80-port dialup server in 1995 wasn't just yum install dialup-server :) I don't mention Portmasters or Pipelines on my resume, but I do have Livingston and Ascend in the list of [many obsolete] router brands I have experience with. Is that really totally irrelevant now? -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: job screening question
On Sat, Jul 07, 2012 at 12:51:55PM +1200, Ben Aitchison wrote: On Fri, Jul 06, 2012 at 04:18:21PM +1000, Matthew Palmer wrote: On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote: --- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. Don't get HR to do that sort of screening. They suck mightily at it. I lack any sort of HR department to get in the way, and I'm glad of it -- I don't see the value in having someone who doesn't know anything about the job get in the way of finding the right person for it. Sure, get 'em to do the scutwork of posting job ads, collating resumes, scheduling things and sending the lolz no! responses, but actually filtering? Nah, I'll do that bit thanks. If you have to have HR do a filter call, make it *really* simple, like What does TCP stand for? -- sadly, you'll still probably filter out half the applicants for a senior position... I've noticed a strong correlation between people who don't know what acronyms stand for, and competence. People who don't know anything try and figure out what the acronym stands for - people who want to understand things see it as just a place holder. [...] Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. In many ways, *that's* the tough bit of finding a good screening question. Finding good interview questions *in general* isn't all that hard. With a good senior candidate my interview questions could just be bringing up problems I've recently solved or am currently wrestling with, and having a 30 minute conversation on the problem. I'll get a very good idea of someone's domain knowledge and problem-solving skills by doing that. But there's no way I can ask HR to do that, because they don't know how to assess the answer, and as previously demonstrated (fragmented disks, indeed), you can't have HR act as scribe and relay the answer to you, because they'll get it wrong, and the interesting bit is the *conversation*, not the canned single-shot answer. That's my motivation for asking a question as inane as What does TCP stand for? -- it has an overwhelmingly obvious answer that can be verified in a second or two by someone who really doesn't know anything about what they're asking. Give a candidate 10 of those sorts of questions over the phone from an HR drone, if they score 8-or-better (for instance) they pass and you get to see their resume. That is, of course, assuming your organisation is so screwed up that they won't let you at candidates directly (which is still my preferred option -- leave HR to do the paperwork). - Matt -- The real art of conversation is not only to say the right thing at the right place but to leave unsaid the wrong thing at the tempting moment. -- Dorothy Nevill
Re: job screening question
On Jul 6, 2012, at 9:06 PM, Matthew Palmer wrote: On Sat, Jul 07, 2012 at 12:51:55PM +1200, Ben Aitchison wrote: On Fri, Jul 06, 2012 at 04:18:21PM +1000, Matthew Palmer wrote: On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote: --- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. Don't get HR to do that sort of screening. They suck mightily at it. I lack any sort of HR department to get in the way, and I'm glad of it -- I don't see the value in having someone who doesn't know anything about the job get in the way of finding the right person for it. Sure, get 'em to do the scutwork of posting job ads, collating resumes, scheduling things and sending the lolz no! responses, but actually filtering? Nah, I'll do that bit thanks. If you have to have HR do a filter call, make it *really* simple, like What does TCP stand for? -- sadly, you'll still probably filter out half the applicants for a senior position... I've noticed a strong correlation between people who don't know what acronyms stand for, and competence. People who don't know anything try and figure out what the acronym stands for - people who want to understand things see it as just a place holder. [...] Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. In many ways, *that's* the tough bit of finding a good screening question. Finding good interview questions *in general* isn't all that hard. With a good senior candidate my interview questions could just be bringing up problems I've recently solved or am currently wrestling with, and having a 30 minute conversation on the problem. I'll get a very good idea of someone's domain knowledge and problem-solving skills by doing that. But there's no way I can ask HR to do that, because they don't know how to assess the answer, and as previously demonstrated (fragmented disks, indeed), you can't have HR act as scribe and relay the answer to you, because they'll get it wrong, and the interesting bit is the *conversation*, not the canned single-shot answer. Not so much, if you ask it in a slightly different way If it isn't important that you get absolutely every packet, but it is vital that your packets be delivered without delay, would you prefer to use TCP or UDP? HR can ask that. HR can easily evaluate the answer... TCP: Wrong, UDP: Right. Other interesting selections: Please choose either TCP or UDP (with a note to the potential interviewer that this person may be very creative, very smart or may simply have difficulty following directions) Spending a little time crafting the questions can pay tremendous dividends. That's my motivation for asking a question as inane as What does TCP stand for? -- it has an overwhelmingly obvious answer that can be verified in a second or two by someone who really doesn't know anything about what they're asking. Give a candidate 10 of those sorts of questions over the phone from an HR drone, if they score 8-or-better (for instance) they pass and you get to see their resume. That is, of course, assuming your organisation is so screwed up that they won't let you at candidates directly (which is still my preferred option -- leave HR to do the paperwork). I think there are better questions and ways to ask them that work even for HR than acronym memorization. I say this as one who could both correctly configure a router _AND_ probably score nearly 100% on the acronym test. Owen
Re: job screening question
On Sat, Jul 07, 2012 at 02:06:58PM +1000, Matthew Palmer wrote: On Sat, Jul 07, 2012 at 12:51:55PM +1200, Ben Aitchison wrote: On Fri, Jul 06, 2012 at 04:18:21PM +1000, Matthew Palmer wrote: On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote: --- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. Don't get HR to do that sort of screening. They suck mightily at it. I lack any sort of HR department to get in the way, and I'm glad of it -- I don't see the value in having someone who doesn't know anything about the job get in the way of finding the right person for it. Sure, get 'em to do the scutwork of posting job ads, collating resumes, scheduling things and sending the lolz no! responses, but actually filtering? Nah, I'll do that bit thanks. If you have to have HR do a filter call, make it *really* simple, like What does TCP stand for? -- sadly, you'll still probably filter out half the applicants for a senior position... I've noticed a strong correlation between people who don't know what acronyms stand for, and competence. People who don't know anything try and figure out what the acronym stands for - people who want to understand things see it as just a place holder. [...] Maybe it's more significant to ask what the difference between TCP and UDP is. Yes, the difference between TCP and UDP is a much better question to ask, but having HR assess and act on the answer to the question is a whole hell of a lot harder. In many ways, *that's* the tough bit of finding a good screening question. snip Indeed. I was once filtered out of a sysadmin job at a big search engine company. They asked questions like: What system call does the ls command make? I didn't know, but said you could read the source or strace to find out. They asked me to describe what ARP is. I basically talked about what an ARP table is and went into detail about who-has requests for building the table etc... and more questions like that. They seemed lost and didn't seem to know what I was talking about. It was at this point I realized that I was talking to an HR screener. The conversation was awkward from this point on as I struggled to attempt to guess what might be on the piece of paper as The Right Answer. Needless to say I didn't hear back. Was I what they were looking for? Maybe, maybe not. But I was screened out before either of us could find out. Just as well, I'm much happier where I am now. :-) Finding good interview questions *in general* isn't all that hard. With a good senior candidate my interview questions could just be bringing up problems I've recently solved or am currently wrestling with, and having a 30 minute conversation on the problem. I'll get a very good idea of someone's domain knowledge and problem-solving skills by doing that. But there's no way I can ask HR to do that, because they don't know how to assess the answer, and as previously demonstrated (fragmented disks, indeed), you can't have HR act as scribe and relay the answer to you, because they'll get it wrong, and the interesting bit is the *conversation*, not the canned single-shot answer. Definitely. I like the describe difference between UDP/TCP question. Another fave of mine is Give me a list of various acronyms and its associated port and give them HTTP/80 as an example. Many interviews end shortly after this one. That's my motivation for asking a question as inane as What does TCP stand for? -- it has an overwhelmingly obvious answer that can be verified in a second or two by someone who really doesn't know anything about what they're asking. Give a candidate 10 of those sorts of questions over the phone from an HR drone, if they score 8-or-better (for instance) they pass and you get to see their resume. That is, of course, assuming your organisation is so screwed up that they won't let you at candidates directly (which is still my preferred option -- leave HR to do the paperwork). +1
job screening question
Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
RE: job screening question
My answer to that questionwould be No..why would I ever blanket block ICMP? If I'm that stupid, I shouldn't be deploying firewalls at all. I also assume I wouldn't get the job after answering that... Thomas York -Original Message- From: William Herrin [mailto:b...@herrin.us] Sent: Thursday, July 05, 2012 1:02 PM To: nanog@nanog.org Subject: job screening question Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 smime.p7s Description: S/MIME cryptographic signature
Re: job screening question
Seems fairly straightforward to me. It'll break path MTU discovery. I would hope someone applying for an IP expert position would know that. Could HR be mangling the question or something? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
That's a horrible question for a non-technical HR person to pose to a candidate - It's impossible for the candidate to ask clarifying questions to make sure they understand what you are looking for, plus you may have a strong candidate who gets it wrong (for whatever reason), but if they were talking to a technical person you would realize they were 99% of the way there. What if they said it would cause the generation of port-unreachable ICMP packets to cease, and applications may hang until they timeout? Not the answer you're looking for, but not wrong either. I leave HR to their standard screening stuff, and do the technical part myself. Less chance to skip over a good candidate, even if it takes a bit longer in the whole process. On 7/5/12 1:02 PM, William Herrin wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin
Re: job screening question
In a message written on Thu, Jul 05, 2012 at 01:02:08PM -0400, William Herrin wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? I suspect you're looking for Path MTU Discovery as an answer. 2. Is the question too vague? Is there a clearer way to word it? I believe if you understand ICMP, it could be considered to be vague. For instance, blocking all ICMP means that if the network breaks during communication and a Host/Net unreachable is generated the connection will have to go through a timeout rather than an immeidate tear down. Similarly, blocking ICMP source quench might break throttling in the 3 TCP implementations in the world that do that. :) 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? A firewall is configured to block all ICMP packets and a system administrator reports problems with TCP connections not transferring data. What is the most likely cause? ICMP Packet-Too-Big being dropped and breaking PMTU discovery is the correct answer. When I study for my CCIE Recert every 2 years I find myself relearning The Cisco Answer, rather than the right answer. It's not that the Cisco answers are often wrong per-se, but they teach the most likely causes of things and want them back as the right answer. Cribbing from their test materials and study guides puts the questions in familar terms that your candidates are likely to have seen, making them less likely to be thrown off by the question. Unless you want to throw them off. Depends on the level of folks you want to hire. I would answer your question with I would never implement a firewall that breaks all TCP. :) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpOZcMGR0mW6.pgp Description: PGP signature
Re: job screening question
On 7/5/2012 1:11 PM, Oliver Garraux wrote: Seems fairly straightforward to me. It'll break path MTU discovery. I would hope someone applying for an IP expert position would know that. Could HR be mangling the question or something? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 You would be surprised by some of the people I get off the street applying for senior network engineering positions who couldn't connect up a SOHO router and a dumb switch and make them work, let alone understand how PMTU discovery works. -- --- James M Keller
Re: job screening question
On Thu, Jul 5, 2012 at 1:11 PM, Oliver Garraux oli...@g.garraux.net wrote: Seems fairly straightforward to me. It'll break path MTU discovery. Since Bill said (not IP in general, TCP specifically), I don't think PMTUD breaking is what he's looking for. I'd venture more along the lines of lack of Destination Unreachables making things hang. -- Darius Jahandarie
Re: job screening question
+1 I have people waive the I'm Cisco Certified flag in my face all the time. Then proceed to ask me if we have a T1. To the point that it's no longer a valuable achievement in my eyes. I'm certified to perform CPR in the state of Florida... I should go apply for a surgeon position at the local hospital. Nick Olsen Network Operations (855) FLSPEED x106 From: James M Keller jmkel...@houseofzen.org Sent: Thursday, July 05, 2012 1:19 PM To: Oliver Garraux oli...@g.garraux.net, nanog@nanog.org Subject: Re: job screening question On 7/5/2012 1:11 PM, Oliver Garraux wrote: Seems fairly straightforward to me. It'll break path MTU discovery. I would hope someone applying for an IP expert position would know that. Could HR be mangling the question or something? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 You would be surprised by some of the people I get off the street applying for senior network engineering positions who couldn't connect up a SOHO router and a dumb switch and make them work, let alone understand how PMTU discovery works. -- --- James M Keller
Re: job screening question
On Thu, Jul 5, 2012 at 1:16 PM, David Coulson da...@davidcoulson.net wrote: That's a horrible question for a non-technical HR person to pose to a candidate - It's impossible for the candidate to ask clarifying questions to make sure they understand what you are looking for, plus you may have a strong candidate who gets it wrong (for whatever reason), but if they were talking to a technical person you would realize they were 99% of the way there. What if they said it would cause the generation of port-unreachable ICMP packets to cease, and applications may hang until they timeout? Not the answer you're looking for, but not wrong either. Hi David, To clarify: I asked HR to forward me the candidate's answer along with their resume. Just in case of answers like that one. Which would be more than enough to proceed to a phone screen directly with me. Regards, Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
Bill- So, I'm curious, and others probably are too. What's the most popular 'wrong' answer? :) David On 7/5/12 1:35 PM, William Herrin wrote: On Thu, Jul 5, 2012 at 1:16 PM, David Coulson da...@davidcoulson.net wrote: That's a horrible question for a non-technical HR person to pose to a candidate - It's impossible for the candidate to ask clarifying questions to make sure they understand what you are looking for, plus you may have a strong candidate who gets it wrong (for whatever reason), but if they were talking to a technical person you would realize they were 99% of the way there. What if they said it would cause the generation of port-unreachable ICMP packets to cease, and applications may hang until they timeout? Not the answer you're looking for, but not wrong either. Hi David, To clarify: I asked HR to forward me the candidate's answer along with their resume. Just in case of answers like that one. Which would be more than enough to proceed to a phone screen directly with me. Regards, Bill
Re: job screening question
On Jul 5, 2012, at 10:20 AM, Darius Jahandarie djahanda...@gmail.com wrote: On Thu, Jul 5, 2012 at 1:11 PM, Oliver Garraux oli...@g.garraux.net wrote: Seems fairly straightforward to me. It'll break path MTU discovery. Since Bill said (not IP in general, TCP specifically), I don't think PMTUD breaking is what he's looking for. I'd venture more along the lines of lack of Destination Unreachables making things hang. All of DU failing, path MTU discovery, and congestion control / source quench might be the right / expected answer, which makes this a not great question. DU doesn't break TCP per se but would hang sessions until timeout; path MTU isn't a TCP function per se, though it uses TCP as the probe. Source quench is only a small fraction of the TCP congestion control solution space now. My systems consulting company uses a HR prescreen of 20 questions. It took a team of senior consultants and HR some years to tune the questions in. They need to be clear, have unambiguously correct answers, the answer correctness needs to be obvious to the HR / recruiter who isn't technical. I think this one fails to have an unambiguously correct answer and an answer the non-tech recruiter / HR person will understand. So, probably time for a better question... George William Herbert Sent from my iPhone
Re: job screening question
On Thu, Jul 5, 2012 at 1:20 PM, Darius Jahandarie djahanda...@gmail.com wrote: On Thu, Jul 5, 2012 at 1:11 PM, Oliver Garraux oli...@g.garraux.net wrote: Seems fairly straightforward to me. It'll break path MTU discovery. Since Bill said (not IP in general, TCP specifically), I don't think PMTUD breaking is what he's looking for. No, path MTU discovery is the answer I'm fishing for. The stack notifies TCP of the fragmentation needed message and TCP handles it within the TCP stack. Managing path MTU discovery is specific to each layer-4 protocol even if the trigger message (destination unreachable, fragmentation needed but DF set) is the same. If a candidate gives me a more clever answer, I'd take that too. :-) This would block all IP traffic. is not a correct answer. It's not even a naively incorrect answer. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
This is exactly the issue comcast6.net is currently experiencing :). They seem to be blocking ICMP completely and that is causing my HE IPv6 tunnel to be unable to access their site from a browser. On Jul 5, 2012, at 1:41 PM, William Herrin wrote: On Thu, Jul 5, 2012 at 1:20 PM, Darius Jahandarie djahanda...@gmail.com wrote: On Thu, Jul 5, 2012 at 1:11 PM, Oliver Garraux oli...@g.garraux.net wrote: Seems fairly straightforward to me. It'll break path MTU discovery. Since Bill said (not IP in general, TCP specifically), I don't think PMTUD breaking is what he's looking for. No, path MTU discovery is the answer I'm fishing for. The stack notifies TCP of the fragmentation needed message and TCP handles it within the TCP stack. Managing path MTU discovery is specific to each layer-4 protocol even if the trigger message (destination unreachable, fragmentation needed but DF set) is the same. If a candidate gives me a more clever answer, I'd take that too. :-) This would block all IP traffic. is not a correct answer. It's not even a naively incorrect answer. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On Thu, Jul 05, 2012 at 01:45:54PM -0400, Derek Ivey wrote: This is exactly the issue comcast6.net is currently experiencing :). They seem to be blocking ICMP completely and that is causing my HE IPv6 tunnel to be unable to access their site from a browser. I've recently came across a dualstacked website which fails behind a SixXS tunnel (MTU=1280) but works fine with a native connection (MTU=1500). Having contacted their technical staff, we have diagnosed the issue down to the dualstacked load balancer (pretty well-known brand) SOMETIMES not reacting on ICMPv6 PTB errors. It's not always as easy as blocks all ICMPv6. For all the cases I've hunted down to root cause in the last decade, it was never a firewall blocking ICMPv6, but most times misbehaving load balancers, either due to bugs or plain not having implemented PMTUD on IPv6. Best regards, Daniel -- CLUE-RIPE -- Jabber: d...@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
RE: job screening question
On Thu, Jul 5, 2012 at 1:42 PM, William Herrin wrote: No, path MTU discovery is the answer I'm fishing for. The TCP specifically part of the question confused the heck out of me. PMTUD is an IP function in every way as far as I'm concerned. (If you're saying that the way it's actually coded makes it more like a TCP function, I'd still change the wording unless you're hiring people to write network drivers.) -Terry
Re: job screening question
I think if your goal is to see if they know that your shouldn't blindly filter ICMP for IPv6, and you're specifically looking for knowledge of PMTUD, then a better question would be Please list the problems that could occur if all ICMPv6 traffic is blocked between two host systems. Which should get you a minimum of neighbor discovery, and up into PMTUD for those who have some knowledge on the subject. If you just say ICMP your answers will be all over the place since blocking of ICMP outright for endpoints is rampant today in the IPv4 world. They might even know the answer but not think of it because of the lack of context. I generally try to stay away from any question that has a definitive answer, as that will only tell you if they happened to read and retain that piece of information somewhere along the way. In my experience, people who have an OK understanding of Layer-3, might not always have a good understanding of what happens below that. A better approach might be to have an open ended question that asks them to describe what events will take place for a pair of host systems to communicate in as much detail as they can. If you're asking the question you can leave it intentionally vague and use the questions they ask to evaluate their ability to work through problems; if it needs to be asked by HR then you can narrow it down to include more detail. A good applicant should be able to explain the ARP process at a minimum. If they can't they have no business being in networking in a question like this. I know it sounds trivial, but you'd be surprised how many experts I've met who go blank at a question like this. Even more telling than a correct answer is an incorrect answer. I'm always on the look-out for IT people who like to make stuff up; I have no tolerance for that. On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: job screening question
He might be thinking of the MMS adjustment as a result of PMTUD, which most people forget about BTW, but I agree: PMTUD isn't about TCP, so tossing TCP in there just makes it a very odd question. On Thu, Jul 5, 2012 at 4:04 PM, Terry Baranski terry.baranski.l...@gmail.com wrote: On Thu, Jul 5, 2012 at 1:42 PM, William Herrin wrote: No, path MTU discovery is the answer I'm fishing for. The TCP specifically part of the question confused the heck out of me. PMTUD is an IP function in every way as far as I'm concerned. (If you're saying that the way it's actually coded makes it more like a TCP function, I'd still change the wording unless you're hiring people to write network drivers.) -Terry -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
Re: job screening question
Isn't MTU discovery on IP and not TCP? On Thu, Jul 5, 2012 at 11:11 AM, Oliver Garraux oli...@g.garraux.netwrote: Seems fairly straightforward to me. It'll break path MTU discovery. I would hope someone applying for an IP expert position would know that. Could HR be mangling the question or something? Oliver - Oliver Garraux Check out my blog: www.GetSimpliciti.com/blog Follow me on Twitter: twitter.com/olivergarraux On Thu, Jul 5, 2012 at 1:02 PM, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. *What* *part of the TCP protocol (not IP in general, TCP specifically)* *malfunctions as a result?* My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Copyright 2012 Derek Andrew (excluding quotations) +1 306 966 4808 ICT University of Saskatchewan Peterson 120; 105 North Road Saskatoon,Saskatchewan,Canada. S7N 4L5 Timezone GMT-6 Typed but not read. [image: Description: Description: Description: Description: Description: cid:image002.png@01CCD52C.EA7400D0] http://www.usask.ca/ -- image002.png
Re: job screening question
-- Cc: nanog@nanog.org nanog@nanog.org Subject: Re: job screening question Date: Thu, 5 Jul 2012 15:05:01 -0600 Isn't MTU discovery on IP and not TCP? -- https://en.wikipedia.org/wiki/Path_MTU_discovery scott
Re: job screening question
On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? Isn't MTU discovery on IP and not TCP? If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet. This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
This type o question where the candidate can elaborate the answer should be asked by a techinal interviewer. For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. The point is that the candidate cannot deviate from the question, I.e., this question will not generate another question from the candidate to the interviewer asking for more details about the scenario in case. For example, you may ask: which IGP is more reliable under an IP DoS attack? The answer for this question can be very long or may require some sort of interaction between the candidate and the interviewer, which means it has to be asked by techinical people and not by non-techinical interviewers. Thanks On 7/6/12, William Herrin b...@herrin.us wrote: Hi folks, I gave my HR folks a screening question to ask candidates for an IP expert position. I've gotten some unexpected answers, so I want to do a sanity check and make sure I'm not asking something unreasonable. And by unexpected I don't mean naively incorrect answers, I mean oh-my-God-how-did-you-get-that-cisco-certification answers. The question was: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? My questions for you are: 1. As an expert who follows NANOG, do you know the answer? Or is this question too hard? 2. Is the question too vague? Is there a clearer way to word it? 3. Is there a better screening question I could pass to HR to ask and check the candidate's response against the supplied answer? Thanks, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Sent from my mobile device ./diogo -montagner JNCIE-M 0x41A
Re: job screening question
--- diogo.montag...@gmail.com wrote:\ From: Diogo Montagner diogo.montag...@gmail.com For screening questions (for 1st level filtering), IMO, the questions has to be straight to the point, for example: 1) What is the LSA number for an external route in OSPF? This can have two answer: 5 or 7. So, I will accept if the candidate answer 5, 7 or 5 and 7. Later on (the next level of the interview), a techinical interviewer will chech if the candidate understand the differences of LSA 5 and 7. --- How often do you use this in everyday netgeeking? Asking these types of questions will assure that you get someone with a vendor i-drank-the-kool-aid cert because they memorized the answers, but maybe not the best candidate for the position. However, with some of today's managers kool-aid certs are looked on as better than an engineering degree. Go figure... :-( scott
Re: job screening question
Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) Jason On 7/5/2012 5:18 PM, William Herrin wrote: On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? Isn't MTU discovery on IP and not TCP? If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet. This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
Something tells me you're suddenly going to find yourself with an influx of correct answers... On Thu, Jul 5, 2012 at 3:18 PM, William Herrin b...@herrin.us wrote: On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? Isn't MTU discovery on IP and not TCP? If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet. This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: job screening question
--- ja...@thebaughers.com wrote: From: Jason Baugher ja...@thebaughers.com Geez, I'd be happy to find someone with a good attitude, a solid work ethic, and the desire and aptitude to learn. :) --- Yeah, that. But how do you get those folks through the HR process to you, so you can decipher their skill/work ethic level? What can the HR person ask to find out if someone has these qualities? OSPF LSA type questions will not help. I definitely would rather work with a person willing to learn the nuances of the particular network, rather than someone that can spit out canned answers. scott
Re: job screening question
He'll have to come up with another weedout question, like what's a /27? I'm constantly amazed/disappointed when we interview candidates for a senior Linux admin job and they just don't know modern networking at all. Even better question, with multiple right answers, how many IPs are in a /32? You could probably have some fun with most applicants[1] when they answer 1, and then you ask would you like to expand on that answer? The small (sub /24) subnets are dealt with so frequently in an ISP/hosting provider environment, that IMO, anyone claiming to have experience in such an environment should just flat out know how many IPs and the subnet masks for /32 - /24 in IPv4, or be sufficiently comfortable with subnetting that they can figure these things out quickly enough to avoid awkward pauses during the interview if asked about them. 1) At least the few who get it right. On Thu, 5 Jul 2012, Mike Hale wrote: Something tells me you're suddenly going to find yourself with an influx of correct answers... On Thu, Jul 5, 2012 at 3:18 PM, William Herrin b...@herrin.us wrote: On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? Isn't MTU discovery on IP and not TCP? If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet. This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: job screening question
I would use questions such as the following: 1. How many end-sites can be numbered from a single /32. (Correct answers: IPv4 - 1, IPv6 - 65,536) 2. In what circumstance might you need to use IPSEC to secure OSPF instead of MD5 authentication? 3. How many /32s can be created from a single /24? (Hint, this answer is the same for IPv4 and IPv6) 4. What is the purpose of an IP address such as :::192.0.2.123? 5. What is the reason for the 100m distance limit within an ethernet collision domain? The essay questions can wait for the interview if they get past these basics. Owen On Jul 5, 2012, at 5:14 PM, Jon Lewis wrote: He'll have to come up with another weedout question, like what's a /27? I'm constantly amazed/disappointed when we interview candidates for a senior Linux admin job and they just don't know modern networking at all. Even better question, with multiple right answers, how many IPs are in a /32? You could probably have some fun with most applicants[1] when they answer 1, and then you ask would you like to expand on that answer? The small (sub /24) subnets are dealt with so frequently in an ISP/hosting provider environment, that IMO, anyone claiming to have experience in such an environment should just flat out know how many IPs and the subnet masks for /32 - /24 in IPv4, or be sufficiently comfortable with subnetting that they can figure these things out quickly enough to avoid awkward pauses during the interview if asked about them. 1) At least the few who get it right. On Thu, 5 Jul 2012, Mike Hale wrote: Something tells me you're suddenly going to find yourself with an influx of correct answers... On Thu, Jul 5, 2012 at 3:18 PM, William Herrin b...@herrin.us wrote: On Thu, Jul 5, 2012 at 5:05 PM, Derek Andrew derek.and...@usask.ca wrote: You implement a firewall on which you block all ICMP packets. What part of the TCP protocol (not IP in general, TCP specifically) malfunctions as a result? Isn't MTU discovery on IP and not TCP? If you want to overthink the question, the failure in the TCP protocol is that it doesn't adjust the MSS to match the path MTU. It continues to rely on the incorrect path MTU estimate, sending too-large packets which will never arrive. This happens because TCP doesn't receive a notification that the path MTU estimate has changed from the default because the lower layer PMTUD algorithm never receives the expected ICMP packet. This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: job screening question
On Thu, Jul 5, 2012 at 8:22 PM, Owen DeLong o...@delong.com wrote: I would use questions such as the following: 1. How many end-sites can be numbered from a single /32. (Correct answers: IPv4 - 1, IPv6 - 65,536) IPv6 - 16,777,216 to 268,435,456 :p 5. What is the reason for the 100m distance limit within an ethernet collision domain? What's an ethernet collision domain? Seriously, when was the last time you dealt with a half duplex ethernet? Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On Jul 5, 2012, at 5:32 PM, William Herrin b...@herrin.us wrote: 5. What is the reason for the 100m distance limit within an ethernet collision domain? What's an ethernet collision domain? Seriously, when was the last time you dealt with a half duplex ethernet? Last time I built a cluster; admin and some redundant ingress/egress methods do better with hubs than switches. Also last time I had to build a cheap redundant firewall. This is a corner case, but if you just know ether as a point to point it will eventually bite you. Having some spanning tree clue is much more relevant now, though. George William Herbert Sent from my iPhone
Re: job screening question
--- b...@herrin.us wrote: From: William Herrin b...@herrin.us 5. What is the reason for the 100m distance limit within an ethernet collision domain? What's an ethernet collision domain? Seriously, when was the last time you dealt with a half duplex ethernet? - Now if someone answered it that way, I'd definitely be interested while the HR person would just hang up... scott
Re: job screening question
apologies for top posting. Everyone, including me have addressed what/how/by who wrt question at hand. Bill- Another poster has already asked this question- Can you post a sample of the answers you have received; which prompted you the ask this question to begin with. ./Randy --- On Thu, 7/5/12, Scott Weeks sur...@mauigateway.com wrote: From: Scott Weeks sur...@mauigateway.com Subject: Re: job screening question To: nanog@nanog.org Date: Thursday, July 5, 2012, 5:50 PM --- b...@herrin.us wrote: From: William Herrin b...@herrin.us 5. What is the reason for the 100m distance limit within an ethernet collision domain? What's an ethernet collision domain? Seriously, when was the last time you dealt with a half duplex ethernet? - Now if someone answered it that way, I'd definitely be interested while the HR person would just hang up... scott
Re: job screening question
On Thu, Jul 5, 2012 at 7:01 PM, Randy randy_94...@yahoo.com wrote: --- On Thu, 7/5/12, William Herrin b...@herrin.us wrote: The less precise answer, path MTU discovery breaks, is just fine. Precisely! and if I understand correctly, a non-techinical person within HR is expected to hear this answer and relay it to you? That is more than a long shot. Unless of course they have photographic memories, are great typists or perhaps do short hand. So I get a garbled answer about disk fragmentation. I can't tell the difference between an answer garbled in transit and an answer that was flat wrong to begin with? The point of the question is to help me decide which people I want to spend half an hour on the phone with and which ones get a polite thank-you-not-it from HR while I do the parts of my job that don't involve interviewing folks. If there's any doubt about whether they belong in the not-it category, they proceed to the phone interview. Regards, Bill Herrin P.S. Yes, I got an answer about degrading DNS port unreachables and MTU disk fragmenting as well. I asked HR to set up a phone interview. If that wasn't an HR garble, I *really* want to hear the explanation. :D -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: job screening question
On Thu, 05 Jul 2012 15:05:01 -0600, Derek Andrew said: Isn't MTU discovery on IP and not TCP? AIX actually supported PMTUD for UDP. Not sure if it still does. Yes, it was bizarro even for AIX. No, I'm not aware of any actual UDP applications that were able to do anything useful with this info. ;) pgpggiBNgLdzO.pgp Description: PGP signature
Re: job screening question
On Thu, 5 Jul 2012, William Herrin wrote: On Thu, Jul 5, 2012 at 8:22 PM, Owen DeLong o...@delong.com wrote: I would use questions such as the following: 1. How many end-sites can be numbered from a single /32. (Correct answers: IPv4 - 1, IPv6 - 65,536) IPv6 - 16,777,216 to 268,435,456 :p 5. What is the reason for the 100m distance limit within an ethernet collision domain? What's an ethernet collision domain? Seriously, when was the last time you dealt with a half duplex ethernet? You've never (much less recently) seen a customer misconfigure their end of an ethernet handoff such that you end up with duplex mismatch? Granted, in that case, distance is irrelevant...but it is half half-duplex ethernet :) -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_