tags:

views:

98

answers:

2
+2  Q: 

Performing Damage Control on Code Samples for an Interview?

While interviewing for a company, I was asked to submit several code samples that highlight my "best" work. I was pinged back with several questions regarding a specific code sample, one of which alluded to a bug.

The code sample was a WCF Web service that uses AES to encrypt an opaque blob. The blob is used by the service to identify all resources for a specific service request. The bug was that the .NET RijndaelManaged class was used with CBC mode, without properly setting the IV. The RijndaelManaged class will autogenerate an appropriate IV during class instantiation, which in the code sample, occurs during first usage of encryption, and is persisted for the life of the ASP .NET Application. Since ASP.NET applications can be restarted for a variety of reasons, it's possible that a these opaque blobs would be "invalidated" from one service call to the next because of a new IV value generated during App startup (the bug).

The question itself was "where is IV set for decryption?"

My response is already to admit that this is a bug; but since they asked for my "best" work, am I SOL on this position for having submitted a sample with a bug? Is there more I can say?

I'm hesitant to outline the situation because I don't want to seem like I'm making an excuse, but the encryption code was turned off while our service was in pre-alpha, and the project was killed before we ever went into production.

+2  A: 

I would basically just state exactly what you said here. Stating your understanding of the bug, why it's a bug, what its effects would be, and its solution is the best way to reassert your competence as a programmer.

jdmichal  2010-08-01 05:07:52
+6  A: 

Everyone writes bugs. Part of your job as a programmer is how you deal with those bugs. I would try outlining the situation, fixing the bug, and resubmitting your code, just like you would at the job. After that, it depends on the company and how they make their hiring decisions. If it were me, however, and you showed initiative and took responsibility by following up on and fixing the bug, I don't know if it would be a deal breaker. In fact, it could turn a negative into a positive.

VirtuosiMedia  2010-08-01 05:13:37

related questions

Survey: How do you define the term "bug"?
Install PHP on XP / IIS 5.1?
Do you use special comments on bug fixes in your code?
How to work around the [1] IE bug while saving an excel file from a Web server ?
Are bugs easier to produce in one language than in another?
What was your best heroic moment?
Which is better: shipping a buggy feature or not shipping the feature at all?
Do I have a gcc optimization bug or a C code problem?
Strategy for Fixing Layout Bugs in IE6?
Perl: Use of uninitialized value in numeric lt (<) at /Date/Manip.pm
IE7 CSS Scrolling Div Bug
Do you know a service like uservoice.com for bug reports?
bug in linq Contains statement - is there a fix or workaround?
Bug template in Bugzilla
Why doesn't Oracle tell you WHICH table or view does not exist?
Where can I find and submit bug reports on Google's Chrome browser?
How do you enforce or maintain the quality of the bug reports in your bug tracker?
Are Python threads buggy?
When should assertions stay in production code?
Bug Repository
What bug tracking software do you use?
Solve the IE select overlap bug
Eclipse : Class file name must end with .class exception in Java Search
What is the difference between a bug and a change request in MSF for CMMI?
SIMPLE Bug Tracking Suggestions?