this post was submitted on 12 Feb 2024
755 points (97.5% liked)

linuxmemes

20880 readers
8 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 188 points 9 months ago (5 children)

I used to make jokes to juniors/interns like the above. Then I watched a junior start typing my joke in terminal, and I freaked out and stopped.

Sometimes I forget these jokes go over the heads of people.

[–] [email protected] 76 points 9 months ago (1 children)

And this is exactly why I don't make those jokes to people unless I know very well they'll get it

[–] derpgon 32 points 9 months ago (1 children)

I've seen frustrated senior start writing this. Sometimes it's just a different state of mind that pushes us over critical thinking edge into the void.

[–] [email protected] 19 points 9 months ago (1 children)

The same brain state that leads to chocolate milk mashed potatoes

[–] [email protected] 8 points 9 months ago (1 children)

Do I have to worry that I understand to what you're referring to?

load more comments (1 replies)
[–] [email protected] 40 points 9 months ago

Same. I was working on a help desk years ago helping another agent with a call where the customer was being ignorant and I sent him a message that said something like "does he want us to wipe his ass for him too?" (Not that exactly but in the context of the situation it would have been similarly insulting). Next reply I get from the other agent was "he said no".

😬

[–] [email protected] 16 points 9 months ago

Yeah, you don't want toddlers learning gun safety the hard way

[–] [email protected] 8 points 9 months ago

I mean.... it's the best way to learn by being stupid and doing mistakes, but truly some mistakes are too much damage and does not help to learn or if we talk about other jobs can kill somebody.

load more comments (1 replies)
[–] [email protected] 118 points 9 months ago (1 children)

I love when cheaters fail to prosper.

Back when I still used Reddit, so many posts were just CS students trying to get other Redditors to do their homework for them. I don't think I ever came across any technical interview cheaters, but I'm sure there were some.

[–] [email protected] 71 points 9 months ago (5 children)

I remember one interview I had with a candidate. It was for a database analyst position that required SQL.

The first round was typically a phone screen where I chat with the candidate, get to know them a bit.

Second round was code review. I asked them to do a SQL query that did x.

The queries were simple. The goal was to get the candidate to walk through the query.

I had one candid that, over screen share, wrote the query flawlessly. Then I asked them to explain what it was doing. The candidate froze.

I can get understand getting nervous so I moved onto an insert statement. I had them write one and then do another without using certain terms (often leading to a sub query).

Again, flawless. I asked what situations would you use one over the other.

Again, they froze. I started to get suspicious that they were cheating and had them, instead of typing the answer, say the answer. When they couldn't, I knew enough that it wasn't going to work.

[–] [email protected] 34 points 9 months ago (4 children)

I had an applicant very obviously read to me that Wikipedia article about Active Directory.

[–] [email protected] 20 points 9 months ago (4 children)

Knowing how to quickly look something up isn't a bad skill. The problem is when that's all they do

load more comments (4 replies)
load more comments (3 replies)
[–] [email protected] 22 points 9 months ago (4 children)

A lot of the time I find "spot the bug" questions to be more informative, especially for junior roles. We stopped asking fizz-buzz - just about everyone has heard of it by now and it's pretty easy to just rote learn a solution. Instead we give them the spec for fizz-buzz and a deliberately broken implementation and ask them to fix it. If they get flustered, just asking "what does this program output" usually give a pretty clear indication if they can reason about code in a systematic way.

load more comments (4 replies)
[–] [email protected] 21 points 9 months ago (3 children)

I wonder why people do this. You wouldn't apply to a welding job if you can't weld. Why so many people apply to programming positions if they can't actually code (or a database analyst position without knowing SQL)?

[–] [email protected] 15 points 9 months ago (2 children)

Some people seem to think you can just Google stuff or more recently use AI to do the coding, not knowing that being a dev is mostly about knowing what to search and that being a dev isn't just coding.

load more comments (2 replies)
load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 91 points 9 months ago (1 children)

Did they execute the command on localhost or the remote? Because hey if they had privileges to root-nuke the target that's gotta count for something right? Lmao

[–] [email protected] 60 points 9 months ago (4 children)

The way this reads I think the company did not actually provide a good sandboxed environemt. So when they rm -rf /'d the thing they actually deleted a lot of stuff the recruiters still needed (likely the pentest environments for other candidates). Because imo that's the only reason I can think of to just outright ban a candidate from applying for any other role at the company.

[–] [email protected] 38 points 9 months ago (2 children)

You should ban anyone who tries this regardless of the outcome. There is always a small chance they did it on purpose trying to cause damage. There is no benefit by giving them another chance, you just riks giving them the possibility of doing more damage. If the thing was a mistake, the person will learn from it and find another job.

[–] [email protected] 26 points 9 months ago (4 children)

If the task would have been to find general security risks this would have counted. I mean, he did some serious harm, but he was able to find a security issue.

load more comments (4 replies)
load more comments (1 replies)
[–] [email protected] 22 points 9 months ago (1 children)

To be honest, considering the role they're applying for, I would reject their job application too even if it occurred inside a sandboxed environment.

They should know exactly what rm -rf does. The fact they didn't and they still arbitrary ran the command anyway... massive red flags. Could even say he failed to twart a social engineering attack.

[–] [email protected] 13 points 9 months ago

The two cases, they knew what it was and they did it maliciously. They didn't know what they were doing and got socially engineered in the process. Both cases are cause for failure.

[–] [email protected] 12 points 9 months ago

To me it reads like the recruiter thought the person was a troll and banned them.

load more comments (1 replies)
[–] [email protected] 88 points 9 months ago (7 children)

How are you supposed to fine 7 vulernabilities in an hour anyways? No way they expect the applicant to actually find vulernabilities right? So you need to memorize a bunch and see if they are present, which doesn't achieve anything other than testing your memorization abilities

[–] [email protected] 98 points 9 months ago (3 children)

How are you supposed to fine 7 vulernabilities in an hour anyways?

Threaten the interviewer with a knife until they give you at least 7 vulnerabilities. tapsheadmeme

[–] [email protected] 66 points 9 months ago (1 children)

Once again proving social engineering is king.

[–] [email protected] 16 points 9 months ago

The biggest vulnerability is the user.

That being said, click this link to make an easy thousand dollars a day.

[–] [email protected] 18 points 9 months ago

They always forget about the rubber hose exploit.

[–] [email protected] 83 points 9 months ago (1 children)

Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn't have to exploit any of them 7 would be reasonably easy to find.

Kali basically has a library of known exploits and you just run the scanner on a target.

This isn't novel exploit discovery. This is "which of these 10 windows machines hasn't been updated in 3 years?"

[–] [email protected] 9 points 9 months ago (1 children)

Just saying that running automated tools and identifying those vulnerabilities is just the first step to learning hacking, but nothing more. To gain a proper understanding you must be able to find vulnerabilities manually or at least understand a certain exploit such as ETERNALBLUE which you won't really look for manually.

[–] [email protected] 8 points 9 months ago

Sure. But for an entry level interview as a pen tester... Scanning with Kali should be an easy task.

[–] [email protected] 40 points 9 months ago

It's going to be a system set up with known vulnerabilities that should be easy to locate using common tools already installed on Kali; a real world scenario should (at least in theory) not be that simple, but in a capture the flag pentest environment, that's pretty normal

[–] [email protected] 18 points 9 months ago

You can see that the first machine is at /dvwa which is the Damn Vulnerable Web Application and is made for practicing hacking. If you have a basic understanding of the vulnerabilities there finding 7 of them is easy peasy.

load more comments (3 replies)
[–] [email protected] 49 points 9 months ago (1 children)

Sometimes you get what you deserve

[–] [email protected] 39 points 9 months ago* (last edited 9 months ago)

The only time when doing this shit is acceptable

[–] [email protected] 34 points 9 months ago (1 children)

Hey, I know that princesses are ofter schooled in etiquette more than they get real education. unixqueen might not know shit about Unix / Linux. I find this completely believable, like how Queen Elizabeth didn't know dick about math.

[–] [email protected] 10 points 9 months ago

Haha fair, I don’t know anything about this poster other than this meme they made, and I didn’t want to post without attributing the original source.

[–] [email protected] 30 points 9 months ago* (last edited 9 months ago) (1 children)

edit: spacing, added -rf info

The Linux rm Command: Everything You Need to Know

There's more to rm than meets the eye.

https://www.howtogeek.com/858815/linux-rm-command/


Use rm -rf to Delete Everything

If you absolutely need to delete anything and everything, just use the command:

rm -rf

That combines the -f flag, which forces deletion, with the -r flag, which will delete folders recursively. We previously included the -v argument (to make it verbose), but it isn't necessary. Just keep in mind that this is basically the nuclear option, and you shouldn't use it unless you're absolutely sure you want something gone forever.

[–] [email protected] 37 points 9 months ago (1 children)

On modern Linux versions you need to add --no-preserve-root or it won't work as nicely

[–] [email protected] 7 points 9 months ago
[–] [email protected] 27 points 9 months ago (1 children)

What would happen to him if he where to miraculously pass the interview?

[–] [email protected] 113 points 9 months ago (10 children)

Months 1-3: hey he’s new, just getting used to things

Months 4-6: he’s not good, but maybe trainable?

Months 7-9: he needs to be on a PIP so we can CYA and fire him

Months 10-12: phase out and fire

Rinse and repeat at new companies every year for 5 years, get hired as Engineering Manager at sixth job.

[–] [email protected] 31 points 9 months ago (1 children)

Before you become a master you must make one thousand mistakes; some people choose to make the same ten mistakes a hundred times each

load more comments (1 replies)
[–] [email protected] 22 points 9 months ago

this is very accurate

load more comments (8 replies)
[–] [email protected] 25 points 9 months ago

the amount of ppl taking those shots seriously (more or less, everybody) is simply flabbergasting omg lol

[–] CyberDragonCore 24 points 9 months ago (1 children)

rm -rf /* This will not display warning messages.

load more comments (1 replies)
[–] [email protected] 9 points 9 months ago (1 children)

Did they run it with no-preserve-root? Is Kali so old it doesn't have they protection? Did they just see the command in history on a perfectly fine system, and decide never to hire on that basis?

load more comments (1 replies)
load more comments
view more: next ›