Interviewing at Google

Yesterday I had two technical interviews for a software engineering internship position at Google. This article is an attempt to motivate people to apply and tell them what to expect. So, here we go.

The first Google engineer called me around 14:30. The connection was not optimal from the interviewers side so instead of a phone interview we had a Google Hangout interview. We shared a Google word document where I should write all my code (yes, a plain and simple Google doc).

The interviewer was nice to talk to, his first question was : “What made you apply at Google ?”. Well, everybody knows that I am an Android geek/enthusiast/dreamer. So that was my answer. Also, interning at Google will give you experience in the field which you can impossible learn in school. Things like for example : scaling of systems, coping with huge datasets, an extremely large codebase, etc. After that we proceeded towards the first question, which was something like this :

Question 1 : Assume you have a sentence represented by a string-object. Write a function (in Java) that will swap all vowels with a vowel at the end of the sentence. So for example : “United States => “Enated Stitus”.

Basically the approach here, is to work with an array of characters and work your way down the sentence using 2 pointers. One pointer points to a vowel on the left half of the string, the other to the right half of the string. If the right pointer is smaller than the left pointer, work is done and you can return the string.

I did OK on this question, had a little bug with my pointers that were incremented in the wrong place. But the interviewer pointed me to it, and I resolved it rather quickly.

Question 2 : Write a class called CollectionsIterator that is capable of iterating over a set of iterators. Make sure this class can hold Iterators of any type.

The interviewer thought this was the difficult question but I found it rather easier than the string traversal. Approach is again, rather easy. Create a class that implements the Iterator<E> interface. Use a field for a current_iterator and a field for the main_iterator. The main_iterator will loop over all the iterators and the current_iterator is the one that is providing the elements of a certain collection in the set of collections. Sounds easy, but tricky when implementing the hasNext() method. In the end, my first solution was perfect and that concluded the end of the first interview.

After a 15 minutes break I got the second interview. This one was by phone and again on a shared Google doc. This interview was not as good as the first one. The question was also more difficult than the first one.

Question 3 : Write a function that has as input a list of strings and will print to stdout strings that are rotational equivalent line per line. So all strings on one line are rotational equivalent.

I struggled the most with this question, due to the fact the interviewer started with the question : “Do you have any experience with rotation ciphers ?”. Sure I do know what they were, but never really implemented one so I didn’t know all the details about them. This threw me off a bit, but in the end you didn’t need to know exactly how they work. Just the notion how a string can be rotated over the alphabet.

So the approach I took for this question was looping over the strings and computing their fingerprint. Basically the fingerprint(String s) function should be a function that returns the same string for every rotational equivalent string. This can be achieved by using the convention that the first character of every string should be ‘a’. So we calculate the distance from the current first char to ‘a’. (only taking into account the chars a->z) and we rotate the whole string over this distance. We then use a HashMap to store a mapping “fingerprint -> set<rotational equivalent strings>”. In the end we write a prettyPrint() method which will iterate over the set and print out one set of rotational equivalent strings per line.

I needed some help, the interviewer for example pointed out to use a fingerprint method. After this I came up with the whole solution. A last question was what I thought was good/bad about my approach. At this point I perfected my code and told why I used some data-structures (like hashmaps and sets).

In the end it was a pleasant experience, much better than interviewing at Facebook. I have a good feeling, but if I don’t make it now , I can’t really be sad as I couldn’t do much more. At least I’m chasing dreams, as everybody should do !

Cheers,

H4

I am hacked, so what ?

Often I hear people say they don’t really bother with security on their computers or smartphones. Very often those people use arguments as “I don’t have important information” or “I know what I do, I don’t need protection”.

Now, what truly bothers me is the fact that people don’t look beyond their own interest. They don’t know that once one of your accounts is hacked, your friends are vulnerable for cyber crimes too. Since the uprising of social networks, a certain hack is widely used and has always been the most exploited, it’s called social engineering.

Proof of concept : Imagine your Facebook account gets hacked. The attacker controls your login and can use your entire account. At this point, if you got no personal information on your account because you’re just using it to browse Facebook, you’re lucky. But the chances of that being true is, well let’s face it, very small. Everybody that has a Facebook account puts certain private information online, for (hopefully if you used the correct settings) all of your friends to see.

The cracker has now enough information to take over your identity, combined with other information coming from search engines. He monitors your Facebook account and sees your friend updating his status “Excited, just bought a new laptop online”. Chances are the attacker will sent your friend an e-mail, impersonating the staff of PayPal or some creditcard company. A lot of people are fooled to give up their CC info by this method called ‘phishing’. In particular your friend is vulnerable as he as just bought something online, so for him it’s easy to assume something went wrong with his payment, and hence answers the mail.

The attacker goes on and sends something to your friend. ‘Hi man, check out this photo from you, took it last night at the party.’ Chances are your friend is now infected with a trojan horse or a keylogger.

Hope the bigger picture becomes clear, once an account of yours gets compromised, you don’t only risk your own identity and safety but also the ones you’re connected to. As the attacker has now the ability to use your trusted reputation to perform his attacks.

Some tips :

- Never, ever, ever, …. , surf to unencrypted sites when using a public AP. Always use the https:// prefix when supported. This gives some protection against sniffing your passwords.
- Never, ever, ever, …. , give up CC info in mails. Company’s will never ask you that. The same holds for login credentials.
- Never, ever, ever, …. , follow a link without checking the URL. A link like http://fcebook.com is probably a trap.
- Always use a firewall. Experience crackers can circumvent this, but at least you’re protected against script kiddies.
- Always use anti-virus in the unfortunate event you’re bound to use a Windows system ( :p ).

Maybe a more technical post is coming in the future that explains how crackers can circumvent your firewalls and anti-virus systems.

Cheers,

H4

Why I didn’t get the Internship at Facebook

So last Friday I had a big opportunity to get an internship at Facebook. Made it to the final round and had to do one last technical interview.
Those are not the most fun to do, but hey I took a shot. It was pretty clear that the data structures I learned about in my first bachelor year needed some dusting.

I had my first exam Friday morning and was stressed to the max, afterwards I tried to prepare for the interview by doing some exercises from “Cracking the Coding Interview”. Excellent book, I would really recommend it. In the evening at 21.16 an American landline number showed up on my cell screen. Jup, there it was.

Interview started rather chill and the engineer (awesome guy btw) at the other end of the line asked about: what drives me for becoming a software engineer, and what I considered were the less fun parts of being a software engineer (CLASS DIAGRAMS !). We continued on to the technical part, oh boy stress was building up.

So the question was :

Consider a professor that wants to check two paper assignments from two different students on cheating. Design a function hasCheated(String s1, String s2, int N) that returns true if the two papers, represented by the strings, have a common content of at least length N.

I think I went into a limbo. The first 5 minutes I had it visualized what I wanted to do, but it felt like I forgot how to code. The engineer calmed me down and said to just start with a naive approach. So I started and came up with an O(n^3) approach, worst algorithm I had ever written. But now I started to feel confident again, and I improved the code to an average linear complexity. The engineer then told me to imagine that the String.contains() and String.substring() do not exist in Java and you only have an array of characters. Implement these functions and reflect again on your complexity.

After 30 minutes of coding we stopped and he asked if I had questions for him, about his work,life,..

Hell yeah ! How often do you get a chance to speak with a Facebook engineer. So I asked him how they handle the massive scaling issues at Facebook (he is on the memcache-team) and how a typical day at the office looks like. After that my time was up, was on the phone for about 50 minutes. Pretty exhausted and glad the day ended.

And about half an hour ago I got a message that my technical skills we’re not quite of the level they expect from their interns. But the engineer stated that he would certainly recommend to re-apply next year as I finish my masters degree then. (I can go straight to the last round, jeej !) I don’t feel I could have done more, maybe on a day where I didn’t had an exam and I had to only stress about the interview, the conditions could be better. As I look back now, I could implement this without a problem and choose better data structures than the ones I used during the talk. But things went how they went, and I’m already glad I had this huge experience !

Prior to Facebook, I already had an awesome offer in Switzerland which is more security related than I would be doing at Facebook. So I’ll spend my summer in Switzerland, which is also very cool, especially doing an internship that contains all aspects of my (cyber) passions : Android and Security !

Cheers,

H4

Why dreams are worth chasing in 2014.

Exams exams exams, yet writing a blog post is ideal for taking a break from the books. What follows is maybe something people did not expect to read from me, as it is a rather personal blog post.

Last couple of weeks a lot changed and a lot is happening in my life. Some things are changing for the good, others I wished I saw changing differently. But what became apparent is the fact we should build our own happiness.

Sure, you could wish somebody a happy 2014. But in the end what are you really wishing him ? You’re wishing the person that he can do stuff which makes him feel happy. For me the ideal way to make me feel happy is to work and try to achieve dreams. You make your own opportunities for achieving your dreams, don’t wait and think “Wish I could do that” or “In order to achieve my dreams, X has to happen”. Yeah you’ll fail one time, two times, maybe even a hundred. But in the end isn’t that better than not trying at all ?

For me, one thing is sure. Coming week is one big step towards a personal dream and I’ll take every chance, I worked hard for it and sacrificed at lot of things/moments for it. Yes, the chances are not really in my favor, but hell at least I can say I tried.

Work on dreams, and make yourself happy. Nobody else will do it for you. Now back to my books !

Cheers,

H4

Android systems , secure or not ?

By the end of this current year, 1.4 billion smartphones will be in use: 798 million of them will run Android, 294 million will run Apple’s iOS, and 45 million will run Windows Phone, according to a new study by ABI Research.

Source: BusinessInsider

This is an incredible number of smartphone users which are connected to the big wide web. But how secure are they ? Is it possible for a mobile operating system to be secure ? Or is it insecure from the roots up ?

As you already might guess I will only be covering the Android part, not surprisingly they have the bigger marketshare. So, how do you ‘test’ a secure mobile system ?

A system can be locked down extremely but this can have an impact on the user friendliness, where do you draw the line ? How do we test if a given Android system is secure. Do we forget the user friendliness or are we considering the bigger picture : a secure , user friendly, Android system. I think considering the bigger picture is a more realistic impact as it includes the user’s behavior, which makes up a great part of the system’s security.

Let’s take a look at the security mechanisms Android has implemented for save distribution of applications. Android applications are shared through the Google Play Store. Android has two important security mechanisms which involve distribution and installation of apps in order to protect the installing user from malicious actions.

  • applications need to be signed
  • applications need permissions to access phone functions

Applications need to be signed with a special unique key that a developer can obtain. The signing of an application can be thought of as providing the application of a digital certificate. With this certificate Android aims on establishing trust relationships between applications. For example consider an app which we call “AppX”. If “AppX” is first installed, it is signed with a specific private key. If the developer upgrades “AppX” to “AppX2″, he needs to use the same key which he used to sign “AppX”. This creates a trusted relationship between “AppX” and “AppX2″, because only the developer that holds the key for “AppX” can develop an upgrade for the app. But is this waterproof ?

Probably u know the answer already because else I wouldn’t have hinted it. Well, no this is not waterproof. A rather invasive bug was found in the signing process.

The core issue is that Android package (APK) files are parsed and verified by a different implementation of “unzip a file” than the code that eventually loads content from the package: the files are verified in Java, using Harmony’s ZipFile implementation from libcore, while the data is loaded from a C re-implementation.

The way that these two implementations handle multiple files with the same name occurring in the zip file differs. The way the Java implementation reads the file is that it goes through the “central directory” and adds each entry to a LinkedHashMap. The key the entry is stored using is the name of the file.

Later, the PackageParser goes through each entry in the zip file, verifying that the file was signed with a consistent signature. This code iterates over the LinkedHashMap. The result is that only the last entry with a given name is considered for signature verification: all previous duplicates are discarded.

Source : Saurik

This is a rather technical explanation of the bug, so a more noob explanation follows. As .APK files are nothing more than JAR files, this is where the problem lies. Where a JAR stands for Java ARchive, a sort of folder with all your Java code. If you want to ensure the integrity of a JAR as a self-contained entity such as an Application then the ability to sign individual files is not a requirement. In fact it is difficult to see in what circumstances the ability to sign individual files and only individual files could be a requirement.

Because it is only possible to sign individual files, a signed JAR is really nothing more than a collection of files which may or may not be signed and the verification of a signed JAR is a very convoluted way of determining into which category each file belongs. All of which leads us to question of what signed JARs are actually for ?

The ability to package files in this way was presumably considered useful when the specification was produced but it is clear that it is a decidedly sub-optimal way of attempting to ensure the integrity of an Application made up of a number of files which have been packaged as a ZIP file.

While signed JARs undoubtedly constitute a flexible mechanism for doing something, its just not clear what, they do so at a cost.

As we have seen the cost is the complexity of the verification process and the inconclusiveness of the result.

The process of verification is ridiculously complicated and consequently dangerously error-prone which is not what you want from something which is a key part of ensuring the security of your platform. (Source : Simon Lewis)

Now, what can a user do about this ? Nothing much actually. The bug is known for some time now, the only actions Google has taken so far was to change something in the .APK submission in the play store. A fix to the devices is coming with Android 4.3 . Older devices need to install the CyanogenMod custom ROM. They have included the 4 LINE BUGFIX, which google failed to deliver OTA.

Next up on the list was “Permissions”. Every app needs specific permissions to access phone functions. As an example I will include permissions my currently developing app needs :


<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_INTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_LOGS"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />

These permissions look like they’re asking a lot, but the only access they give to the phone are :

  • The use of internet
  • Ability to write to SD card(= caching images) and internal memory (= for settings)
  • Read error log on crash to send back a detailed error log to me
  • Google Cloud Messaging service
  • Accessing the network state , to check if there’s an internet connection
  • And wake lock, my app uses a service that needs to run with or without the app running , so the services needs a wake lock

These permissions will be shown to the user upon install. So this is the part where the user’s common sense plays a big part. If you want to play a game and the game asks for a whole list of permissions, the game is usual spyware. It will collect as much info as it can and will send it back to a server. The maintainers of this server will use the information to sell to advertising companies. So reading through the permissions is not time lost, as they can be pretty invasive on the privacy of the phone user.

So I did not reach a conclusion, as it as a whole research on its own (maybe a master thesis ? ;-) ). But I hope I gave some pointers that there’s a huge gap between user friendliness and optimal security of a mobile system. Any comments or questions, shoot !

Help, my child is on Facebook !

Often I get the question : “What is your view on online privacy with all those social networks invading it ?”. Well, in short I usually answer it with : “Dangerous if you don’t know how to use it. Easy,awesome and interesting when used correctly.” I will only focus on the dangers, because I think everybody knows how awesome and interesting social networks are when used safe.

Connected with the world

People usually forget they are connected with the internet, by extend to almost the whole world. Internet is rather a dark place. However you should not fear it, but you should travel it with a torch in your hand. How does this relate to Facebook you may ask ? Well, Facebook is connected through the internet, without internet Facebook would not exist. I find it ridiculous how a ten year old can make an account and connect with almost 2 billion people with some clicks on a button. Aight, I hear you, it’s not Facebook’s fault. I agree, but some things must change in society’s view on social networks.

Dark corners of Facebook

Parents should be aware of the dangers a social network can have. Children are the weakest to fall for phishing attacks. Hackers are constantly sharking on children’s forums trying to get login information. A sentence often used “Omg, is this you on this photograph ?! http://www.ishouldneverclickthis.com”, sounds familiar ? Hackers are interested in this information for the sole purpose of selling it to a criminal organization. More specifically, to child traffickers. They use the info from these profiles to generate false passports. Nowadays a Facebook profile is almost a blueprint of someone’s life. This is dangerous in many ways. Not to forget for personal attacks on victims or robbery’s.

Children should be taught how to use social networks. Chances are if you ask children in a classroom : “Who has a Facebook profile ?” that almost everybody puts their fingers up.

I am disgusted

I am disgusted with the educational organization in my country, Belgium. Mainly, we have two kinds of schools. Public state schools and Catholic schools. I was shocked by the latter. They cancelled the IT course and defend it by saying it should be integrated into the other courses. I agree with the fact that it should be integrated in different courses. But I am strongly, STRONGLY recommending to have additional hours of IT course. LEARN CHILDREN TO USE A COMPUTER. What better way to learn children about the dangers on social networks than in schools ? They should know how to safely use a computer in general. Children should not be the victim of a retarded ideology (Yes! I am looking at you, Catholic education).

I simply cannot understand how a society, so entangled with computers, does not educate their children appropriate when it comes to cyber security. *sarcasm* The fact I had to teach my IT teacher what PHP was in my 3th year of secondary school is totally out of the picture. */sarcasm*

It’s our duty

It’s our duty, as a parent, brother, sister, teacher to educate our children. People should understand what impact computers can have in our life. Privacy is a valued thing, that needs, nay demands protection. The era that computers were for the rich is past us. Almost everybody has access to a computer, yet few have an appropriate basic understanding on how to use it safe. Reach out to me with any questions or comments. Please share this idea with other, whoever you think should know this.

BBJam 10 : Day 1

Hi guys, what up !? First blog post in a long time, will be a short one though. Here’s what happend today :

First up  we took the Eurolines bus that took us to Amsterdam after a 3.5 hours busride. After that we arrived at the Sarphati hostel and dropped our bags. (I get a free room the next time I come if I mentioned them in my blog ;-) )

The BlackBerry Jam 10 reception and TweetUp started around 5 p.m. , here we talked with several BlackBerry partners along with a beer. Some interesting partners were there , with a lot of interesting content. For example :

Marmelade : A framework to port any C++ code to Android,iOS,BlackBerry or Windows. Without overhead or less performance, they claim. Hard to believe, but okay.CAM00085

Application Developer Alliance : A community where you find everything you need to know about building,funding and distributing webapps or mobile apps. Free membership for now, so subscribe!

Further there were also : Sencha, Unity 3D, Evernote,TenCode and many more.

This took pretty much the whole evening, and was interesting. Excited to start the real work tomorrow at 10.30 a.m. more coverage to come ! Keep an eye out on twitter if you want to know my thoughts and things live on BlackBerry 10 Jam Europe 2013, Amsterdam.

Cheers !

@h4oxer

Privacy. My view.

Privacy. Government point of view : ” If you aren’t doing anything illegal, why bother if we see everything you do online ? ” 

My point of view : ” Why checking and screening what I do online ? I am not doing anything illegal.” Privacy is a fundamental human right. Privacy is the key to find some rest, away from the eyes of the community. It doesn’t make a difference if we search for privacy on the internet or other places. If internet traffic should be screened , why don’t hang camera’s in every home ? Put taps on every phone ? Privacy is the key to a free opinion, a free mind. 

The internet is no one’s property. It doesn’t belong to a private corporation, it doesn’t belong to a government.

The day we lose our privacy, our free will. Is the day we stop being human. 

Demand your privacy, be anonymous.

[SHORT OPINION] Windows vs Mac OS X

Since one month and a half I am the owner of a MacBook Pro 13,3 inch mid 2012. This came as a shock to myself and some people around me. I felt like I needed a change from the Windows machines I was used to for 13 years now. What you’re about to read is a personal opinion about the two different machines.

Durability

For my studies I wanted a machine that could handle the task. My 3 years old Acer Aspire did quite a good job although I had to replace the battery and RAM memory. However the keyboard was a real pain in the buttocks :-). I have to give this one to the MBP. Not only do I love the keyboard, the fact that the body is made out of aluminium really gives it a sturdy look and feel.

However, for me personally, I think the MBP is overpriced. Some say you pay for the durability and quality that comes with an Apple product. Maybe it’s true, I’ll give you an update on that in less than 3 years !

OS Comparison

Well. I have mixed feelings about this.

Mac OS X is, by far, the most stable OS I’ve ever used. It looks nice, it feels nice. Windows on the other hand gave me a lot of the famous BSOD. But what annoys me on the Mac OS X is the fact it uses a fregging high amount of RAM. Right now, I am running Chrome,Spotify,Tweetdeck , Sparrow and Agenda : RAM left = 262 MB. Upgrading the RAM is the first thing I’ll do.

 

Will I ever be an Apple fanboy ? Hell no ! I love Android to much for that to happen. However I’ve got to admit the MBP sure is one piece of engineering. Especially the trackpad. They should give a medal to the engineers that designed it.

Rather short opinion, but hey exams are on the way ;) Any other Windows/Mac users want to share their experience ? Comment below !

Hacktivism

Hacktivism is a word you see surfacing a lot in the news lately. You must have been living on Mars if you did not heard once about Anonymous. What is this new movement ? Why are they doing this ? Is this legal , or just ethical justified ?

Hacktivism

Hacktivism is the use of computers and computer networks as a means of protest to promote political ends.

This is the definition for hacktivism according to Wikipedia. Hacktivist use their knowledge about computer technology and cybersecurity to fight for an idea. They feel an authority is treating them unfair. Anonymous , the example for hacktivism, fights for the right on information freedom, a more equal division of money. These are considered their main fighting cause.

Some say, information freedom is dangerous. For example : the Wikileaks documents are considered a threat for the soldiers still fighting in the war-zones : Iraq, Afghanistan, … True , some information can be dangerous and are not for terrorist eyes to be seen. But, it is a price you pay as a government for decades of  cover-up operations. How can people trust their governments , if they are not honest towards their people.

A lot of people do not know what soldiers are doing in those foreign war countries, murdering innocent people. A couple of graphical hints :

http://wikileaks.org/wiki/Collateral_Murder,_5_Apr_2010

Be warned : these videos are not for the faint hearted.

Ethics

Is this legal ? No, this is not legal. Most information is obtained by breaking into secured computer systems. Is this ethical justified ? Well, this question should be answered by everybody individual.

After Mastercard, Visa , Paypal closed all accounts owned by Wikileaks, Anonymous stood up. They found it was not ethical justified to cut the funds Wikileaks has the right to receive. The result : Anonymous put up an incredible big offensive. They gathered with over 4000 anons, sympathisants,.. to DDOS the servers of these company’s. This resulted in the sites not being accessible ranging from a couple of hours to 1-2 days. I see this as a cyber sit-in. When you protest on the streets you can deny access to a building by sitting with a whole group of people in front of the entrance. DDOS does exactly the same, only it’s over the internet. The servers are flooded with requests until they shut down and need to be reset. No information is being leaked in the process, nor damage other than economical damage is being made.

It’s a personal question wether or not you find it ethical justified to use cyber force to fight for a cause. Share your thoughts in the comments below.. keep it friendly and clean :)

An idea is bulletproof.

Greetz, H4