Wierd interview questions from eweek

I was browsing EWeek Wierd Job Interview Questions 2010 which I would like to answer … well come of it that I find interesting…. here are the quetions.

1. “Given the numbers 1 to 1000, , what is the minimum number of guesses needed to find a specific number if you are given the hint ‘higher’ or ‘lower’ for each guess you make.”

Quickest answer is at least 1. right? If the question want the worst case, the minimum guest can be computed from an = a0 r n. Where a0 is 1000 numbers to choose from, a1 is 500, and so on dividing by 2, so r should be 1/2. Solving for n, we can compute it a n = log(1/1000) / log(1/2) which gives us 9.97 or say 10 guess!

2. “There are three boxes, one contains only apples, one contains only oranges, and one contains both apples and oranges. The boxes have been incorrectly labeled such that no label identifies the actual contents of the box it labels. Opening just one box, and without looking in the box, you take out one piece of fruit. By looking at the fruit, how can you immediately label all of the boxes correctly?”
– Asked for a software QA engineer position at Apple

The answer should be, we should pick the box labelled apple and orange. We would either get an apple or an orange. If apple, the box label for apple should be on this box and the apple and orange label should be on the third box and the box formerly labelled apple should be the orange one.

Orig Label Apple case Orange case
Apple Orange Apple/Orange
Orange Apple/Orange Apple
Apple/Orange Apple Orange
3. “How do you weigh an elephant without using a weigh machine?”
– Asked for a software engineer position at IBM

We can place him on a boat and calculate the water volume displaced. With water density at 1 kg/liter, the volume of water is equal to the weight of the elephant in kg.

4. “You have 8 pennies, 7 weigh the same, one weighs less. You also have a judge’s scale. Find the one that weighs less in less than 3 steps.”
– Asked for a systems validation engineer position at Intel

I love this question. But it can be better. We can find the lighter coin with only two weighing. How? you say? Take 6 coins and weigh them, 3 on each side. If the stack of 3 coins are balanced. Weigh the 2 coins that was left and you instanly have the lighter coin! If one side is lighter than the other, take 2 coin from that stack and weigh that. If it’s balanced, the one you did not weigh is the lighter coin. If one is lighter, you got your coin! See! Only two measurement!

5. “A train leaves San Antonio for [Houston] at 60 mph. Another train leaves [Houston] for San Antonio at 80 mph. [Houston] and San Antonio are 300 miles apart. If a bird leaves San Antonio at 100 mph, and turns around and flies back once it reaches the [Houston] train, and continues to fly between the two, how far will it have flown when they collide?”
– Asked for a software engineer position at USAA

This is just a simple algebra problem we can solve based with the formula Distance = rate x time. the time for the 2 trains to collide is T = 300 / (60+80) = 15/7 hours. During which time the bird have flown D = 100 x 15/7 = 1500/7 = 214 and 2/7 miles.

6. “Out of 25 horses, pick the fastest 3 horses. In each race, only 5 horses can run at the same time. What is the minimum number of races required?”
– Asked for a software developer position at Bloomberg LP Financial

I also like this question. First batches will have 5 races. Take the top 3 on each of that races. The 6th race will be the race of 5 of the 1st place horses and the winner is obviously the fastest horse. The second and the third place is a candidate for the top 3 fastest horses. The 7th race will be for 5 of the 2nd place horses. The top 2 horses will have a chance to be the top three of the whole group. And the 8th race will be for the5 of the 3rd place horses. Get the 1st placer for this race and combine with the 2nd and 3rd of the 1st place race, and 1st and 2nd place of the 2nd place race. The 9th race will give us the second fastest and the 3rd fastest horse of the 25.

First Round Races

Race a Race b Race c Race d Race e
1a 1b 1c 1d 1e
2a 2b 2c 2d 2e
3a 3b 3c 3d 3e

Second Round Races

Race entries 1st 2nd 3rd
Race f 1a, 1b, 1c, 1d, 1e 1ST 2f 3f
Race g 2a, 2b, 2c, 2d, 2e 1g 2g 3g
Race h 3a, 3b, 3c, 3d, 3e 1h 2h 3h
Final Race 2f, 3f, 1g, 2g, 1h 2ND 3RD 4TH

So we can determine the top 3 fastest with just 9 races.

Posted in Uncategorized | 1 Comment

HP Enterprise Virtual Array

Wow … I now have to opportunity to work with HP EVA. So I need to catch up on how this thing works in the coming days … so far, I am learning that it supports 3 types of replicated data.

1. Snapshot
2. Snapclone
3. mirrorclone

So what’s the deal with these replicated data type…

Snaphots are dependent point-in-time copy of a virtual disk. This is usually used when you need a temporary copy of the data for cutting to tape. It allocates a space to contain the metadata and pointers to the original source and copies the original content only when it is overwritten on the source. Hence it consumes the least amount of space. If you need data intensive access, this will affect the performance of the original source as it shares the data with this snapshot copy.

Snapclones are independent point in time copy of the virtual disk. It is a byte by byte copy of the original. Intensive data access to this copy with not impact performance of the original source disk so this makes it good for data mining or data warehousing and doing some intensive number crunching. Software development teams can make a snapclone copy of the live data and do testing without affecting the production users.

Mirrorclones are linked copy of the virtual disk. It is much link a snapclone but it can resynch with the source. Not a one shot deal. It have different states which can be modified by commands to the system. When it is first create, it is said to be in a “Synchronized” state. Any changes to the source disk is also replicated to the mirrorclone. When you need a point in time copy like a snapclone, a mirrorclone can be “fractured” from its source. At this state, any changes to data on the original will no longer be replicated to the mirroclone. You can also resynch the mirrorclone from its source. Doing so will put it in to “Synch in progress” state and once complete, it will return tobe in a “Synchronized” state. You can restore from a mirrorclone to your original source. This command will put the disk into “Restore in progress” state until it becomes fully synchronized. Mirrorclones can also be dettached which makes it a normal virtual disk and ceases to be a mirrorclone.

Posted in Storage | 3 Comments

Connecting Cisco 2801 Voiceports

Here two approach of connecting a Cisco 2801 voice port to Cisco Unified Communication Manager (CUCM).

1. Configure the voice port directly which make it use H.323 protocol and add them to the CUCM server
2. Add the routers voice port to be manage directly from CUCM and set the router to download the config from CUCM

Let’s look at the first approach. MGCP-to-H.323

1. Configuring H.323 on the voice port of the 2801Voice
2. ``` 2801voice(config)#dial-peer voice 1101 pots 2801voice(config-dial-peer)#destination-pattern 1101 2801voice(config-dial-peer)#port 0/0/0 2801voice(config-dial-peer)#exit 2801voice(config)# ```

3. Configuring H.323 to connect to MGCP (CUCM)
4. ``` 2801voice(config)#dial-peer voice 1000 voip 2801voice(config-dial-peer)#destination-pattern 10.. 2801voice(config-dial-peer)#session target ipv4:10.30.100.15 ```

5. Add the 2801Voice router as H.323 gateway in CUCM

6. At this stage, the 2801Voice connected phone can call to the CUCM managed IP phones but not vice versa.

7. We need to add RoutePattern to make all work

8. Now the calls can be initiated both ways. From CUCM managed IP Phones to the POTS or vice versa.

Posted in Cisco, Cisco Voice | 1 Comment

Securing Administrative Access on a Cisco Router

Routers are a key component in our network. Controlling access to the router and monitoring or reporting on activity going on the router is essential in maintaining security of our network. And for Cisco routers, we have different options on securing access to the router. Below are some of our choices:

1. Do we want to use `aaa new-model` or not.
2. To use line passwords or use the local database.
4. Whether we want to use AAA like RADIUS or TACACS.

For most cases, local database is preferred to secure the router instead of line passwords. And views can be used if you want to give access to a junior network administrator and limit the commands you allow them to access. Note that if you want to use views, then you also need to use `aaa new-model`. For large enterprises, they might prefer to use AAA either with RADIUS or Cisco’s ACS for TACACS which would give them more granular control on which commands are allowed as they would normally have many different network administrators.

Here’s my approach to securing cisco routers. It may not be the best, but it works for me.

Step 1. I would set the hostname and domain name of the router and disable ip look up which could make the router unresponsive when entering wrong commands.

```Router(config)#hostname Router-HK Router-HK(config)#ip domain name my-domain.com Router-HK(config)#no ip domain-lookup```

Optionally, we can also configure the router as a DNS proxy which forwards request to a DNS server. When your computers use the router as their DNS server, the DNS queries are passed to the name server you configure as below:

```Router-HK(config)#ip name-server 4.2.2.2 4.2.2.3 Router-HK(config)#ip dns server```

Step 2. I would set the privileged mode secret and enable password encryption.

```Router-HK(config)#enable secret My\$ecretP@\$\$w0rd Router-HK(config)#service password-encryption```

It is also a good idea to set a minimum password length and display a warning for unauthorized access to the router as a deterrent by entering the below command:

```Router-HK(config)#security passwords min-length 8 Router-HK(config)#banner motd \$Unauthorized access is strictly prohibited and will be prosecuted to the full extent of the law.\$```

Step 3. I would create at least 2 users, one with privilege level 15 as admin and another ordinary user. Usually I set the admin secret same as enable secret as it is easier to remember. Creating the local user database before enabling the aaa new-model is important. If you forgot, you might be locked out of your router.

```Router-HK(config)#username admin privilege 15 secret My\$ecretP@\$\$w0rd Router-HK(config)#username user01 secret MyUser\$ecret Router-HK(config)#aaa new-model```

now you can login using telnet to the vty line using the local user database which is the default.

Step 4. We can further enhance the security of the router by logging synchronously with the console and set a time out if the user is idle for a certain number of minutes and seconds. We can also apply this to the aux and vty lines. Notice that since we are using aaa new-model, local user database is use and any line password or login setting we set before we issue the aaa new-model has now been removed. Below, we set the timeout for the console, aux and vty lines to be 5 minutes and 0 seconds. We also specify ssh as the secure login for the vty and telnet will not be used as it is not as secure and connect in the clear text.

```Router-HK(config)#line console 0 Router-HK(config-line)#exec-timeout 5 0 Router-HK(config-line)#logging synchronous Router-HK(config-line)#line aux 0 Router-HK(config-line)#exec-timeout 5 0 Router-HK(config-line)#line vty 0 4 Router-HK(config-line)#transport input ssh Router-HK(config-line)#exec-timeout 5 0 Router-HK(config-line)#exit Router-HK(config)#```

Step 5. To enable ssh, we need to set a rsa crypto key on the router. Once we have generated the rsa key, we can use ssh to connect the the vty lines. Below is how to zeroize existing rsa keys.

`Router-HK(config)#crypto key zeroize rsa`

Note: if no key exist, you will get rhis message: `% No Signature RSA Keys found in configuration`

And here’s how to generate a general rsa key with modulus of 1024.

`Router-HK(config)#crypto key generate rsa general-keys modulus 1024`

Once the key is generated, ssh will now be enabled and you can connect to the vty lines using ssh. You can use PUTTY on your PC to connect via ssh to the router. You can gooogle PUTTY and download it from the internet. It’s free software.

Step 6. We can protect the router from login attacks such as dictionary attacks and denial of service attacks by limiting the login. And we can also log the successful and failed login with the following commands:

```Router-HK(config)#login block-for 60 attempts 2 within 30 Router-HK(config)#ip ssh time-out 90 Router-HK(config)#ip ssh authentication-retries 2 Router-HK(config)#login on-success log Router-HK(config)#login on-failure log every 3```

You can verify the login and the ssh settings as below:

```Router-HK#show login Router-HK#show ip ssh```

Step 7. We also need to configure an IP address and gateway to our router’s interface if we expect it to route packets or let you ssh into the router. As most modern WAN connections comes in RJ45 10/100Mbps connection, I will assume the LAN and WAN link are both fast ethernet. say Fa0/0 is the LAN and Fa0/1 is the WAN. Here’s how we do it.

```Router-HK(config)#interface FastEthernet 0/0 Router-HK(config-if)#ip address 192.168.5.1 255.255.255.0 Router-HK(config-if)#no shutdown Router-HK(config)#interface FastEthernet 0/1 Router-HK(config-if)#ip address 200.200.200.1 255.255.255.252 Router-HK(config-if)#no shutdown Router-HK(config-if)#exit Router-HK(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.2```

Step 8. Keeping time on the network is important in loggin and tracing events. We can set the first router as NTP source and the other devices on the network can use it as their NTP server. To check the time setting on the router, we can issue this command:

`Router-HK#show clock`

If it is not accurate we can set the time and time zone and giving it a name such as HKT for Hong Kong Time and an offset from UTC. We set the timezone first before setting the time. This can be done in config mode as below:

```Router-HK(config)#clock timezone HTK +8 Router-HK(config)#exit Router-HK#clock set 08:30:00 Nov 11 2010```

We can then make this router as the ntp master and give it stratum number. any ntp client syncing their time with this router will have their stratum set 1 higher then the stratum of this router. Let’s say this is stratum 3. Below will be the command.

`Router-HK(config)#ntp master 3`

For other router that will use NTP client to sync their time, we can use the below command specifying the IP of the NTP source.

```Router-HK(config)#ntp server 10.1.1.1 Router-HK(config)#clock timezone HTK +8```

Step 9. We create different views for different admins, if we need to grant access to other Jr admins or tech support guy. We enable the root view by using the enable secret password.

`Router-HK#enable view`

Once the root view is activated, we can create different view for admin2.

```Router-HK(config)#parser view admin2 Router-HK(config-view)#secret @dm1n2Pa\$\$ Router-HK(config-view)#commands exec include all show Router-HK(config-view)#commands exec include all config terminal Router-HK(config-view)#commands exec include all debug Router-HK(config-view)#end```

We can create a view for a jr admin which we do not want to change the config of the router but can view only. from the root view, go to config and enter the following:

```Router-HK(config)#parser view jradmin Router-HK(config-view)#secret jr@dm1nPa\$\$ Router-HK(config-view)#commands exec include all show Router-HK(config-view)#end```

And if we want to limit the show command to less sensitive information on need to know basis, we can include only subset of the show command for our tech support guy as below:

```Router-HK(config)#parser view techsupport Router-HK(config-view)#secret \$upp0rtPa\$\$ Router-HK(config-view)#commands exec include show version Router-HK(config-view)#commands exec include show interfaces Router-HK(config-view)#commands exec include show ip interface brief Router-HK(config-view)#commands exec include show parser view Router-HK(config-view)#end```

Step 10. And lastly, don’t forget to save your hard work to startup-config. You can use this to save the running-config to the startup-config:

`Router-HK#copy running-config startup-config`

or use thedeprecated command

`Router-HK#wr`

or short for

`Router-HK#write`

Congratulation, you have now secured the router for administrative access!

Posted in Cisco, Security | 1 Comment

Windows 7 God Mode?

I found this from certcollection.org and I think this is cool!

Although it is easy to just click the start button and enter a partial name of the application in the search box and Windows 7 will help you narrow down to the application you need, this trick is quite useful as it list all what you can do…as the original post says, GOD MODE!

You just need to create a new folder anywhere on your desktop and rename it to `GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}` and the icon will change to the control panel icon. the code in the brackets {} must be exactly the same as above, you can name your folder whatever name you want. I called mine SuperPanel and entered `SuperPanel.{ED7BA470-8E54-465E-825C-99712043E01C}` and this is what I got:

Here’s another christmas song from Jose Feliciano, Feliz Navidad … midi and the PNG for this song are all created using MuseScore from www.musescore.org

Here’s the MIDI file here

Good read! Emotional Intelligence for Managing Results in a Diverse World.

I have been reading a book by Lee Gardenswartz, Jorge Cherbosque and Anita Rowe entitled “Emotional Intelligence for Managing Results in a Diverse World.” I recommend you read this book if you haven’t read it yet! Great insights on discovering yourself, what makes you tick, what’s you biases and hot buttons, how to get a handle of your feelings, how to understand others from different cultures and not pushing our values to theirs, how to have better communication and how to resolve conflicts especially in a diverse cultural settings. I liked the Emotional Intelligence and Diversity Model as well as the Diversity Layer to help understand how different dimension in our lives affects who we are.

In the process, Change is inevitable. I find it useful that when we are confronted by change, we have three A’s as possible courses of action:
1. Alter the Situation and make the it more favourable;
2. Alter our behavior to better cope with the change; and
3. Accept the Change and try to see the positive aspect of the change.

And another useful tool or approach I learn from the book is the 4 Steps for Heart-of-the-Matter Conversations when conflicts arises. The four steps are:
1. Sensory conversation – where we describe the situation or behavior causing the conflict (FACTS)
2. Brain conversation – where we describe our interpretation of the situation or behavior (ASSUMPTIONS)
3. Feeling conversation – where we describe our feelings or reaction to the situation or behavior (EMOTIONS)
4. Soul conversation – where we articulate what we would like or expect as an outcome (EXPECTATIONS).

White iPhone 4

The difference between the Black iPhone 4 and the White iPhone 4 is just a paint job or is it?

It looks like apple has delayed the white version because of potential problem with the white iPhone 4 leaking light through the glass back cover which ruins the camera shot which will end up with overexposed photos. Hmmm, is this true? Maybe they want to put more resource in getting the next iPhone (5 or 4GS?) out instead of fixing the white iPhone4 issue…so my friend will be disappointed for not being able to buy the white iPhone 4!

Posted in Uncategorized | 1 Comment

Anti Software Keylogger

Most of us know that Anti-malware programs usually detects keyloggers  and will disable or remove it from your PC.  However, for new keyloggers that are not in the signature file of the anti-malware application, it will not be detected and exposed us to risk leaking sensitive data such as our online banking password!