Solve this puzzle, get a job

by brian d foy

Related link:

A recent post to the Perl Jobs list asks candidates to solve a puzzle to demonstrate their Perl skills. The clever and devious candidate can solve this without knowing Perl though.

In case the job post disappears or changes, I cite the relevant text:

If your resume alone doesn't indicate that you're a totally kickass hacker, you'll have a much better chance of getting a response if you attach a solution to the following question:

Given a string of arbitrary length, write a perl program that will print out the palindrome(s) of longest length in the string. Assume there are no special characters, so "!c aba c!" would be considered a palindrome; also, in "abcbb", "bcb" would be considered a palindrome. Assume the string is coming in via STDIN.

The devious solution is much like the hack to get around these websites that ask you to look at an image and type in the word that you see in it. Those websites want to ensure that real people are submitting the form, and they want to block 'bots. For instance, people should not be able to write 'bots to gobble up all of the tickets to the next big concert.

But what if you wanted to get past this? Just present the problem to someone else. You create another website where you get people to register, and you expect high traffic. (Temporary Adult-content sites are just the ticket, and you only need the site for the duration of the exploit). You get the image from the form you want to subvert and display it to the person trying to register on your own high traffic website. They type in the answer, which you then use as your answer to the original website. I'm not aware of a formal name for this technique, but I call it either "Man on the side" or "Innocent bystander".

But, back to the original job posting. A poster calling himself only "BUU" on Perl Monks posted the problem without reference to its source, and he got a lot of replies. Now, he may have just flubbed this by forgetting to include that he saw this on a job posting, but it still illustrates the possible danger: he could solve the problem without being qualified for the job that asked for its solution.

I thought at first that the job posting had a new, cool way to filter candidates, but the devious ones (like the ones who put 4 years experience with Perl 6 but aren't either Damian Conway, Larry Wall, Allison Randal, or Dan Sugalski) can still get past the filter, and they may be that cause more headaches than the patently unqualified because they appear like good candidates at first. The interviewer still has all of the screening burden he had before.

In this case, everything seems to turn out not so badly. The job poster actually reads Perl Monks, so they know which solutions people suggested. But that brings to mind another devious angle: what if I had to solve a problem and I posted it as part of a fake job posting? There is only the promise of reward, and one that I don't even have to deliver!