• @Potatos_are_not_friends
    link
    18810 months ago

    I used to make jokes to juniors/interns like the above. Then I watched a junior start typing my joke in terminal, and I freaked out and stopped.

    Sometimes I forget these jokes go over the heads of people.

    • @[email protected]
      link
      fedilink
      7610 months ago

      And this is exactly why I don’t make those jokes to people unless I know very well they’ll get it

    • @[email protected]
      link
      fedilink
      4010 months ago

      Same. I was working on a help desk years ago helping another agent with a call where the customer was being ignorant and I sent him a message that said something like “does he want us to wipe his ass for him too?” (Not that exactly but in the context of the situation it would have been similarly insulting). Next reply I get from the other agent was “he said no”.

      😬

    • @[email protected]
      link
      fedilink
      810 months ago

      I mean… it’s the best way to learn by being stupid and doing mistakes, but truly some mistakes are too much damage and does not help to learn or if we talk about other jobs can kill somebody.

    • @afraid_of_zombies
      link
      510 months ago

      I managed a homework help chatroom for EEs. One of them got a PI and was so happy. Another person suggested that they run that command. Later on the other person claimed they didn’t expect it to work.

      It took me and another mod way too long to help the other guy fix his PI. Wasn’t really happy about it. The new rule I came up with was if you must must make a joke do something harmless like “touch /this” and reference MC Hammer.

  • Admiral Patrick
    link
    fedilink
    English
    11810 months ago

    I love when cheaters fail to prosper.

    Back when I still used Reddit, so many posts were just CS students trying to get other Redditors to do their homework for them. I don’t think I ever came across any technical interview cheaters, but I’m sure there were some.

    • @CosmicTurtle
      link
      English
      7110 months ago

      I remember one interview I had with a candidate. It was for a database analyst position that required SQL.

      The first round was typically a phone screen where I chat with the candidate, get to know them a bit.

      Second round was code review. I asked them to do a SQL query that did x.

      The queries were simple. The goal was to get the candidate to walk through the query.

      I had one candid that, over screen share, wrote the query flawlessly. Then I asked them to explain what it was doing. The candidate froze.

      I can get understand getting nervous so I moved onto an insert statement. I had them write one and then do another without using certain terms (often leading to a sub query).

      Again, flawless. I asked what situations would you use one over the other.

      Again, they froze. I started to get suspicious that they were cheating and had them, instead of typing the answer, say the answer. When they couldn’t, I knew enough that it wasn’t going to work.

      • @stoly
        link
        3410 months ago

        I had an applicant very obviously read to me that Wikipedia article about Active Directory.

        • Possibly linux
          link
          fedilink
          English
          2010 months ago

          Knowing how to quickly look something up isn’t a bad skill. The problem is when that’s all they do

          • @[email protected]
            link
            fedilink
            710 months ago

            Sure, look up specific configuration points or architectures, but looking up AD is a bad sign.

            • @stoly
              link
              310 months ago

              Worse, it was just a generic question about exposure for a low-level position. I.E. Can you tell me what big thing this is used for?

          • @stoly
            link
            110 months ago

            deleted by creator

            • Possibly linux
              link
              fedilink
              English
              110 months ago

              It depends on the question being asked. However, good problem solving is critical and hard to find.

          • @[email protected]
            link
            fedilink
            110 months ago

            Ooo and there’s even a serious looking page “explaining” it as the first result when looking it up on Google

            I’m definitely stealing this idea

            • @[email protected]
              link
              fedilink
              210 months ago

              Steal away. An old boss knew the person who maintains that page. If I remember correctly it’s entire reason for being is for that one question.

      • @RegalPotoo
        link
        English
        2210 months ago

        A lot of the time I find “spot the bug” questions to be more informative, especially for junior roles. We stopped asking fizz-buzz - just about everyone has heard of it by now and it’s pretty easy to just rote learn a solution. Instead we give them the spec for fizz-buzz and a deliberately broken implementation and ask them to fix it. If they get flustered, just asking “what does this program output” usually give a pretty clear indication if they can reason about code in a systematic way.

        • @aksdb
          link
          510 months ago

          That’s fine if there are no weird pedantic ropes to fall over. I am not a compiler or linker, that’s what I have compilers and linkers for. Same with an IDE. I don’t know many details of the stdlib or other common libs, because why should I waste space in my brain for stuff code completion can show me…

          • @RegalPotoo
            link
            English
            710 months ago

            The kind of bugs I’m talking about are things like “the logical flow of the code is broken because the order of the if/else if/else branches is wrong”, “this program never finishes because you don’t increment that counter” and “you specified print the numbers 1 to 100, but that counter starts at 0”.

            I’m testing your ability to think logically, not your knowledge of stdlib trivia

          • @[email protected]
            link
            fedilink
            2
            edit-2
            10 months ago

            No, that approach is completely fine even if pedantic because you get the candidate to reason about their choices and their approach which tells you so much more about them than rote memorization. Being pedantic is the whole point of it.

            • @aksdb
              link
              2
              edit-2
              10 months ago

              That’s likely not what I mean by pedantic. If your code example has syntactic errors or calls functions with not enough or too many parameters and you expect them to notice, you want them to do, what a compiler does or to know technical documentation by heart. Which is completely academic and pointless.

              Concentrating on “algorithmic” solution at hand is fine, though. Unless you again expect them to recognize stuff like “hey this is almost Dijkstra’s algorithm but wrong”, because the interview should not be a university computer science test.

      • @[email protected]
        link
        fedilink
        2110 months ago

        I wonder why people do this. You wouldn’t apply to a welding job if you can’t weld. Why so many people apply to programming positions if they can’t actually code (or a database analyst position without knowing SQL)?

        • @[email protected]
          link
          fedilink
          English
          1510 months ago

          Some people seem to think you can just Google stuff or more recently use AI to do the coding, not knowing that being a dev is mostly about knowing what to search and that being a dev isn’t just coding.

          • Kühe sind toll
            link
            fedilink
            610 months ago

            I mean, Google and AI can be really helpful, but you should be able to do stuff without it. Google won’t help you if you have a problem with a customer/company specific problem that requires knowledge about the whole technical infrastructure.

          • @[email protected]
            link
            fedilink
            110 months ago

            Some people seem to think you can just Google stuff

            If you are a junior sysadmin - sure as hell you can and you will. Not everything has good manpages. Not every configuration of something is trivial to imagine, and it is useful to see what somebody else did.

        • @aksdb
          link
          610 months ago

          Money? Maybe the get the first pay until they get thrown out again.

        • @[email protected]
          link
          fedilink
          English
          210 months ago

          My current job just hired someone as a senior Salesforce admin with a bunch of certs who in reality lacks any Salesforce skills at all. He’s been here for 6 months now and is really just dead weight on the team, but the only reason he hasnt been let go yet is because middle managent above him has its own host of issues, and the only reason he’s on thin ice is because of some of my team has been very loudly forwarding complaints against him up the chain and clearly communicating that he’s not showing the competencies that are required for the role and that he claimed to have. I give it another 6-12 months before he either gets fired or bounces

      • Possibly linux
        link
        fedilink
        English
        410 months ago

        That’s where you refocus the conversation by saying “tell me what you do know”

      • @[email protected]
        link
        fedilink
        210 months ago

        I could freeze like that because of being only shy/nervous, just saying. Over things I knew.

        Say, “what it does” may bear different weight when you are autistic. You try to grasp the thing from iron to logic to computers to B-trees to database itself etc.

        To know that you only have to say a simple thing also requires experience which juniors may not have.

  • @[email protected]
    link
    fedilink
    9110 months ago

    Did they execute the command on localhost or the remote? Because hey if they had privileges to root-nuke the target that’s gotta count for something right? Lmao

    • Neshura
      link
      fedilink
      English
      6010 months ago

      The way this reads I think the company did not actually provide a good sandboxed environemt. So when they rm -rf /'d the thing they actually deleted a lot of stuff the recruiters still needed (likely the pentest environments for other candidates). Because imo that’s the only reason I can think of to just outright ban a candidate from applying for any other role at the company.

      • @[email protected]
        link
        fedilink
        3810 months ago

        You should ban anyone who tries this regardless of the outcome. There is always a small chance they did it on purpose trying to cause damage. There is no benefit by giving them another chance, you just riks giving them the possibility of doing more damage. If the thing was a mistake, the person will learn from it and find another job.

        • Kühe sind toll
          link
          fedilink
          2610 months ago

          If the task would have been to find general security risks this would have counted. I mean, he did some serious harm, but he was able to find a security issue.

          • @[email protected]
            link
            fedilink
            English
            410 months ago

            I think there is kind of an assumption that the scenario is “outside host gains privileged access” so there’s not really a security issue with some attacker deleting root on their own box.

            • Kühe sind toll
              link
              fedilink
              610 months ago

              If it has been done properly you’re right. If this also affected the host machine it is a security issue.

          • @afraid_of_zombies
            link
            210 months ago

            They did but it might have been a good idea to prove that the command works instead of actually doing it.

          • @joel_feila
            link
            110 months ago

            Yeah so is tossing a molotov on thier machines, “found a security issue not firproofing everything”

        • Phoenixz
          link
          fedilink
          210 months ago

          We’ll I’m this case too, if true, the person didn’t know anything about the job they were aplyiyfor and tried to cheat their way into the company. Also not really great.

      • @NocturnalEngineer
        link
        2210 months ago

        To be honest, considering the role they’re applying for, I would reject their job application too even if it occurred inside a sandboxed environment.

        They should know exactly what rm -rf does. The fact they didn’t and they still arbitrary ran the command anyway… massive red flags. Could even say he failed to twart a social engineering attack.

        • fkn
          link
          1310 months ago

          The two cases, they knew what it was and they did it maliciously. They didn’t know what they were doing and got socially engineered in the process. Both cases are cause for failure.

      • @extant
        link
        English
        1210 months ago

        To me it reads like the recruiter thought the person was a troll and banned them.

  • @[email protected]
    link
    fedilink
    8810 months ago

    How are you supposed to fine 7 vulernabilities in an hour anyways? No way they expect the applicant to actually find vulernabilities right? So you need to memorize a bunch and see if they are present, which doesn’t achieve anything other than testing your memorization abilities

    • Hyperreality
      link
      fedilink
      9810 months ago

      How are you supposed to fine 7 vulernabilities in an hour anyways?

      Threaten the interviewer with a knife until they give you at least 7 vulnerabilities. tapsheadmeme

    • fkn
      link
      8310 months ago

      Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.

      Kali basically has a library of known exploits and you just run the scanner on a target.

      This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”

      • @[email protected]
        link
        fedilink
        910 months ago

        Just saying that running automated tools and identifying those vulnerabilities is just the first step to learning hacking, but nothing more. To gain a proper understanding you must be able to find vulnerabilities manually or at least understand a certain exploit such as ETERNALBLUE which you won’t really look for manually.

        • fkn
          link
          810 months ago

          Sure. But for an entry level interview as a pen tester… Scanning with Kali should be an easy task.

    • @[email protected]
      link
      fedilink
      4010 months ago

      It’s going to be a system set up with known vulnerabilities that should be easy to locate using common tools already installed on Kali; a real world scenario should (at least in theory) not be that simple, but in a capture the flag pentest environment, that’s pretty normal

    • @Agent641
      link
      710 months ago

      A taser and 7 pairs of handcuffs

  • @mvirts
    link
    4910 months ago

    Sometimes you get what you deserve

      • @mvirts
        link
        710 months ago

        Probably didn’t want to tell them to their face, provide a clinical facade behind which to judge them.

  • TxzK
    link
    fedilink
    39
    edit-2
    10 months ago

    The only time when doing this shit is acceptable

  • @[email protected]
    link
    fedilink
    3410 months ago

    Hey, I know that princesses are ofter schooled in etiquette more than they get real education. unixqueen might not know shit about Unix / Linux. I find this completely believable, like how Queen Elizabeth didn’t know dick about math.

    • niftyOP
      link
      1010 months ago

      Haha fair, I don’t know anything about this poster other than this meme they made, and I didn’t want to post without attributing the original source.

  • @jimmydoreisalefty
    link
    30
    edit-2
    10 months ago

    edit: spacing, added -rf info

    The Linux rm Command: Everything You Need to Know

    There’s more to rm than meets the eye.

    https://www.howtogeek.com/858815/linux-rm-command/


    Use rm -rf to Delete Everything

    If you absolutely need to delete anything and everything, just use the command:

    rm -rf

    That combines the -f flag, which forces deletion, with the -r flag, which will delete folders recursively. We previously included the -v argument (to make it verbose), but it isn’t necessary. Just keep in mind that this is basically the nuclear option, and you shouldn’t use it unless you’re absolutely sure you want something gone forever.

    • niftyOP
      link
      11310 months ago

      Months 1-3: hey he’s new, just getting used to things

      Months 4-6: he’s not good, but maybe trainable?

      Months 7-9: he needs to be on a PIP so we can CYA and fire him

      Months 10-12: phase out and fire

      Rinse and repeat at new companies every year for 5 years, get hired as Engineering Manager at sixth job.

      • @RegalPotoo
        link
        English
        3110 months ago

        Before you become a master you must make one thousand mistakes; some people choose to make the same ten mistakes a hundred times each

        • fkn
          link
          110 months ago

          A thousand novel mistakes.

        • niftyOP
          link
          110 months ago

          No you get to live. But it’s your choice to suffer.

      • Tippon
        link
        fedilink
        English
        310 months ago

        Depending on the pay, that’s a nice little scam for someone.

        When I was in my mid 20s, the only jobs nearby were basic retail work, and mostly part time. As you can probably imagine, the pay wasn’t great. If remote work had been available then, I could see me being tempted to try this, even if it was just to tide me over for a while.

        I’m the kind of person who hates not being able to do something, so I’d probably burn myself out trying to learn how to do the job in between working it, but it would still be tempting.

        • niftyOP
          link
          310 months ago

          Nothing wrong with being a newbie. Be curious and willing to learn!

  • @superbirra
    link
    2510 months ago

    the amount of ppl taking those shots seriously (more or less, everybody) is simply flabbergasting omg lol

    • @superbirra
      link
      510 months ago

      not sure why you deem it necessary to point it out in this specific context, anyway yes, depending on system setup this definitely could show a warning

    • @[email protected]
      link
      fedilink
      English
      10
      edit-2
      10 months ago

      Chill out. They may be German or something where shit like that is concatenated into one word.

      • Enkrod
        link
        fedilink
        710 months ago

        At least -> zu mindest -> zumindest

        Checks out, +Comment+

    • bruhduh
      link
      3
      edit-2
      10 months ago

      Okay) now try to say that in that person’s native langage though, Canada is inclusive they said

  • @prime_number_314159
    link
    910 months ago

    Did they run it with no-preserve-root? Is Kali so old it doesn’t have they protection? Did they just see the command in history on a perfectly fine system, and decide never to hire on that basis?

    • @go_go_gadget
      link
      310 months ago

      Yeah sounds to me like the dude found the first vulnerability.