Jacob Baytelman - Web and mobile development

Technical assessment of software developers

It's normal to believe that an exam can help to qualify skills. It's poor to believe that theoretical multiple choice test can be a really valuable assessment means, at least in software development.

I remember my university professor saying "the best practice is theory", which is probably true in some circumstances but for his wisdom we prefer to treat him as our "queer old dean" rather than "dear old queen".

We realise how wonderfully someone plays piano when you enjoy the performance, not discussions about solfeggio. We have high regards for a doctor if he reliefs our pain, not if he chews about over correct treatment methods.

Multiple choice tests suck are particularly poor.

For example, if I am asked, which function in PHP returns the number of elements in an array: size, sizeof, length, I start hesitating. I simply do not remember. I've been coding in 10 different languages for several different platforms for more than 15 years already and I cannot keep in mind all these details. Simply there's no need to do it, because:

- we have code auto completion (hints), so we can always choose from the provided popups.

- we, developers, (I am probably telling you now our biggest secret) work in “write once-copy many times“ mode. We all have our own sets of libraries, codes, functions which we bring with us to each new project and simply copy-paste blocks of code from there

-we have compilers and error reporters. When there's a mistake in code (a wrong function or type or number of parameters), the code will not compile and you get an error with a pointer to exact line in code where you have this error.

But in a multiple choice test I have to choose, I cannot show my work process and cannot explain what I think.

Or another example, at you are shown some code and asked to find an error in it or say what it will output. If the code is quite simple, it's ok. But if we have an SQL script with several joins and cases in conditions, it's really annoying. I have no compiler in my head. When I write an SQL query I do it step by step, build simple blocks, test them on the database, see the errors and fix them. Finally I have a big chunck of code, quite efficient in work but hard for human reading.

So I put there comments. Comments help me remember what this piece of code is about and if I come back to it in 3 years, I will know exactly what it is. Or if someone else has to deal with my code, my comments provide the context in a human-friendly format. But I have never seen multiple choice tests with in-code comments.

Even worth, tests give you codes with meaningless methods, variables and classes: something like
B = A->foo(c);

If in real life someone writes such code, he deserves been fired immediately.

Development skills must be tested on a real task, in a real working environment: computer + internet (to be able to check the syntax if needed) + compiler or web server to see immediately how you code works. An alternative is to have a discussion so the tester can see how you react, think, approach problems.

Another good area is object oriented. Don't forget, it has been a holy war field for ages and the sords are still sharp on the both sides. I still remember the times when object-oriented was not so much in fashion (and somehow complex software solutions for space ships worked without object oriented implementations).

Some of my products were written in a procedural approach (though the languages allowed object-oriental) and they were delivered in time and on budget. Some “theory-savvy” guys laughed at me and my ignorance, but my products are still online while theirs failed initial tests and were rejected.

Of course, a candidate has to understand the principles of encapsulation, inheritance and polymorphism, but why on Earth should I test him for these if the project he is going to do has no hierarchy of objects, everything is quite “flat”?

Now here are my questions for a web developer tests:

1. You have a string of values, separated by commas, how to convert it to an array?
I am happy to hear: there're explode and implode functions, I do not remember which is which, but there's php.net and I can check it in 5 secs.

2. Is PHP case sensitive?
I am happy to hear: yes and no. Variables are yes, functions are not. But to be on the safe side, let's write the code as if everything is case sensitive. The same for any other language. Just for the sake of the discipline.

3. What is an SQL injection and how to prevent it?
I am happy to hear: it is when through user input some malicious code is sent and then it appears in the SQL request and is executed with it. In order to prevent it, we have to filter all user inputs on the server side (even if it's already validated on the client side), and for my personal paranoia, also each incoming parameter to each function must be also validated. And we should check the data types (cast if necessary), check for the reasonable length (and trim), filter out dangerous characters (slashes, quotes, etc). And we have to implement our own logs and log all incoming data and outgoing results (surely we need to have a switch to turn the logs on and off when needed).

4. What happens if 2 simultaneous processes try to update the same database record? And what to do with it?
I am happy to hear: depends on the database and its settings. The second one can wait (good - they both will work, bad - the execution time sufferrs). Or there might be a dead lock and in this case there might be data losses, uncommitted reads and execution time suffers again. Transactions can help and isolation levels. And all this is good to do in stored procedures.

5. What to do if you work with WordPress and some theme for it and you need to do some customization or found a bug in this theme?
I am happy to hear: for customization we need to create a child out of this theme and do the changes in the child. If the original theme is updated, our changes will not suffer.

6. How to post a request from a php script to a remote server and get the result, assume, it's XML and then parse it?
I am happy to hear: there's CURL library, quite powerful, it supports POST and GET methods, caching and sessions and we can even simulate user login to a remote site and then parse the data we receive and in case of XML we have in php XML parser. I do not remember details, but I am not banned on php.net.

7. Imagine we have 2 web servers with our PHP application and they sit behind a load balancer. A user logins successfully and then in some point in time he is refused in further actions with “you are not authorised” message. We checked all the system in the test environment, everything is ok. What to do?
I am happy to hear: probably in your test environment there's no load balancer. The problem is that the load balancer can send 1st request to the 1st server and the 2nd to the 2nd, so the 1st request is login and a session is created for this user on the 1st server, but the second request comes to the 2nd server where there's no his session. This happens because by default PHP stores sessions in files. A quick and simple fix is to modify the session management so that it would work with the database, after all the 2 web servers “speak” with the same database.

8. What is AJAX, please show me you implementation?
I am not happy: to see AJAX example based on jQuery and other libraries. It might be good at work, but I want to see native JS code.

I am happy to see something like this:
	var xmlhttp;
	if (window.XMLHttpRequest){
		xmlhttp=new XMLHttpRequest();
		xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
		if (xmlhttp.readyState==4 && xmlhttp.status==200){
			alert (xmlhttp.responseText)

9. If you develop a widget for a web site an you need jQuery, but there might be already loaded some version of jQuery (by other widgets or by the site itself), so conflicts are possible. What to do?
I am happy to hear: wrap my code in its own namespace.

10. Tell me about your work environment.
I am happy to hear: I have a LAMP somewhere on a cheap / free hosting (e.g. Amazon free tier). I access via ssh and at least know some basic Linux commands .I can adjust php.ini and restart apache, analyze the logs, can see the load (at least see top command), I can create cronjobs and schedule some tasks with them. Regarding the client side, I can do some basic image processing with Photoshop, can pick needed layers and cut graphics. I user Chrome -> right click -> Inspect element and can play with css settings and when I get to the needed values I copy-paste them into my css file.

11. Show me some examples of your work.
I am happy to see:
- infinite scroll in native JS
- stretchable design (not different CSS for different screen resolutions and devices) clear and meaningful names of variable and objects.
- reusable code wrapped in short functions
- each functions no longer that 40 lines of code (to be able to see it all without scrolling)
- validations wherever possible e.g.:

var o = document.getElementById (“div_loading”);
if (o){
	o.style.display = "block";
	o.innerHTML = “Loading”;

var o = document.getElementById (“div_loading”);
o.style.display = "block";
o.innerHTML = “Loading”; 
// this code will fail if there's no  div_loading on the page

So these questions and 30 minutes of talk help me understand whether it's worth working with this candidate or not. I am ready to give a chance them to learn or refresh in memory details. It's important to see how they think and work, not what they learned by heart.


My projects