Elance “Skills Assessment” Tests — HA!

UPDATE 1 JULY 2019:  Elance has long since gone the way of the dinosaurs as the company merged with former competitor oDesk, creating the conglomerate, Upwork.  It was announced last week that, as of 9 July, 2019, they will be ending support for all tests (known on Elance as “Skills Assessments”), and even going so far as to remove them from user profiles.  According to the announcement:

Beginning July 9, we will be retiring all skill tests and removing the option to take them on Upwork. As part of this change, results from previous tests you’ve taken will no longer display on your profile.

Skill tests were launched as a way to measure expertise in a skill against a common standard so freelancers could better market their services. However, we’ve heard from our community that these tests aren’t an accurate measure of their talents, and that tests quickly become outdated as skills evolve and answers are shared in online forums. We’ve also heard from clients that multiple choice tests do not help them reliably predict future job success. For these reasons, we will no longer support the skill test program.

It’s just a shame it took them this long to realize how useless these “tests” were from the beginning.

(Original article follows.)

Sometime in 2000 or 2001, I was asked to create a skills assessment for senior-level relational database management systems experts for a very young Brainbench. I was not alone: the company selected a total of four of us, all given the assignment of coming up with forty-five multiple-choice problems related to the general concepts of RDBMS. It took me about two days to complete the task, and a few weeks later, when the test went into a public beta, folks could take the test and vote on the quality of the questions. The results of the votes were not shown to the public, and we (the consultants who created the questions) were not privy to the voting statistics either. Several weeks after that, the test became official, and I aced it: every one of the forty-five pages were from my packet.

Despite being rather proud of myself for a relatively small accomplishment, I was actually really surprised; the quality of the submissions from the other consultants was all – in my opinion – very, very good. In fact, I felt more as though some of my own paled in comparison. It seemed that all of the other submissions were by folks who really understood the topic thoroughly, and were masters in their field. In fact, I did later learn that I was the only one of the four hired who did not have a computer science degree. Talk about humbling.

Today I decided to take a few skills assessment tests on Elance – a leading online freelance marketplace – on a variety of technical subjects. Included in the ones I took were tests to evaluate one’s comprehension of Linux and Amazon Web Services.

I was disgusted.

The grammar was horrible. The content was filled with fluff and trash. The questions weren’t representative of someone’s working knowledge on the subject — in fact, some even took text from “About Us” sections that described the company, not the service provided. And in the Linux test specifically, there were cases of areas where multiple answers were correct, but only one could be chosen; other times where no answer was technically correct, but a choice had to be selected. The most appalling of it all: questions on obscure, unnecessary things like “Which of the following software packages is used to create a closed-circuit television system?” I had to look that one up after the fact. I didn’t take a test on how to set up a video system, I took a test on Linux skills. I highly doubt the MSCE or MVP tests ask for the steps of motion tweening in Flash.

It was quite obvious that the tests were created by folks with limited knowledge on the subject matter. In fact, it was probably completed – at least in majority – by the lowest bidder, who may very well have been a non-native-English administrative assistant. Hell, nowadays, anyone with Internet access thinks they have the skills and marketability to work as a professional freelancer. Some do…. most – and I really mean MOST – do not. These so-called “skills assessment” tests were proof-positive of that; they’re a joke, and folks serious about testing the skills of others would be ashamed to have them as the representation of their own knowledge on a given subject.

Granted, I can’t speak for all of the tests. There are many available, and on a wide variety of topics. I’m sure that some are much better than others, and that some of those may actually be very good at gauging an individual’s skill on the matter. Now they just need to try to get that same quality across the board.

Because if I can take a test on something of which I admittedly have almost zero knowledge, be more confused by the spelling and sentence structure of almost every single question and option, score a barely-passing 65%, yet still be in the “Top 10%” of all test-takers, something must be wrong.


Broken `apt-get update` Due To AppStream Error

Over this past weekend, I was trying to update my office desktop to the latest Ubuntu version, and hit a snag. It was giving an error on AppStream, so I tried to remove it using apt-get remove, but that, too, gave me errors, as you can see here:

Fetched 3,222 kB in 1s (1,836 kB/s)                           AppStream system cache was updated, but problems were found:
Metadata files have errors: /var/cache/app-info/xmls/fwupd.xml
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > /dev/null; fi'
E: Sub-process returned an error code
# apt-get remove libappstream3
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libappstream3

A quick realization made me change libappstream3 to libappstream4, but that gave me a bit of a startling result:

# apt-get purge libappstream4
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  gnome-software-common lib32gcc1 libcuda1-384 libebur128-1 libegl1-mesa:i386 libgtkspell3-3-0 libidn11:i386 libpython3.6-minimal libsnapd-glib1 libstemmer0d libva-wayland1 nvidia-headless-390
  nvidia-opencl-icd-384 python3.6-minimal rename snapd-login-service xserver-xorg-legacy
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  appstream* gnome-software* gnome-software-plugin-snap* libappstream4* ubuntu-software*
0 upgraded, 0 newly installed, 5 to remove and 1932 not upgraded.
After this operation, 2,199 kB disk space will be freed.
Do you want to continue? [Y/n]

Whoa, there, champ. Hold your horses. I don’t feel like having my finally-working four-head Gnome display configuration getting hosed and having to do it all over again. So instead of removing, I tried reinstalling over top of the existing install:

# apt-get install --reinstall libappstream4
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  lib32gcc1 libcuda1-384 libebur128-1 libegl1-mesa:i386 libidn11:i386 libpython3.6-minimal libva-wayland1 nvidia-headless-390 nvidia-opencl-icd-384 python3.6-minimal rename xserver-xorg-legacy
Use 'apt autoremove' to remove them.
The following packages will be upgraded:
1 upgraded, 0 newly installed, 0 to remove and 1936 not upgraded.
Need to get 0 B/97.2 kB of archives.
After this operation, 33.8 kB of additional disk space will be used.
(Reading database ... 349307 files and directories currently installed.)
Preparing to unpack .../libappstream4_0.12.0-3ubuntu1_amd64.deb ...
Unpacking libappstream4:amd64 (0.12.0-3ubuntu1) over (0.10.6-2) ...
Setting up libappstream4:amd64 (0.12.0-3ubuntu1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

Boom. Good to go. Now apt properly updates, and I can continue merrily on my way.


Importing Existing Keys and SSL Certificates Into Apache Tomcat

I rarely use Tomcat, but one of my clients is a Java guy and, as makes logical sense, uses Tomcat to serve the applications he writes. One of which required an SSL certificate. It’s no problem to create a new key, CSR, and import the certificate and certificate authority chains, but what if we already have an existing key and certificate for the same domain?

In our case, we had Apache serving the non-application stuff (in PHP, natch) on ports 80 and 443, with Tomcat on 8000 and 8443 (take that, Plesk!), and already had a certificate issued for the domain on the Apache side. Since the stuff used by Apache was in PEM format, I’ve added one of the steps required to convert it to PKCS12, which is what we’ll use for the Java keystore. These instructions are taken from a CentOS box, so you may need to make some modifications for other operating systems. It’s only here to serve as a guideline (and for my own future reference, primarily, because I know damned well I’ll forget again next year).

First, we need to concatenate the key, certificate (granted us by the CA) and the CA bundle into one single file. This is done most simply like so:
cat your_domain.key your_domain.crt your_ca_bundle.crt > your_domain.key_crt_bundle.pem

Next, we convert the concatenated PEM data into PKCS12:
openssl pkcs12 -export -out your_domain.key_crt_bundle.p12 -in your_domain.key_crt_bundle.pem

Create a password for the resultant PKCS12 file, and remember the password for a moment. Because you’ll need it when you import this PKCS12 into your Java keystore using the following command:
keytool -importkeystore -srckeystore your_domain.key_crt_bundle.p12 \
-srcstoretype pkcs12 -destkeystore your_domain.key_crt_bundle.jks -deststoretype jks

You’ll need to create a new password for the keystore, and then enter the password for the PKCS12 you created two steps back.

Then, edit your Tomcat server.xml file and define the full path and filename of the newly-created keystore, as well as your keystore’s password. In our case, the default location was /etc/tomcat6/server.xml. If you don’t know how to configure Tomcat6 for SSL at all, that’s beyond the scope of this particular post, and you will need to do some research. Also, do not pass GO!. Do not collect $200. And may God have mercy on your soul.

Finally, restart Tomcat doing the good ol’-fashioned service tomcat6 restart (or equivalent), and you should be good to go. And, if not…. sucks to be you.


Ubuntu Not Recognizing Changes To /etc/hosts

A moment ago, I finally figured out why changes to /etc/hosts on my local Ubuntu desktop were not being honored. In the past, it worked just fine, as expected, but this morning, it refused to recognize changes. I searched all over the web and found lots of people with the same problem, but no solutions. Plenty of helpful suggestions, mind you, but nothing would work for the folks who tried them. So, the solution? My NSCD was caching it. Perhaps there was a default value change recently, or maybe I just somehow never noticed it before because I’d add the entry prior to trying to work with the host. Not sure the ultimate reason, but the fix is in:

sudo vim /etc/nscd.conf

enable-cache hosts yes
…. to:
enable-cache hosts no

And then restart NSCD:

sudo service nscd restart

Voila! Finally, I can get on with my work for the day.


shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

A few moments ago, while trying to restart the Postfix service on a client’s system, I was getting the following error:

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

Some strace runs later, I found that my pwd had been removed and recreated, so I was essentially in a state of limbo as far as the system was concerned. Quick fix:

cd && cd -

Brings me to my ~ directory, then back to the original pwd, and – most importantly – no more errors.


Horribly Slow Speeds On USB Stick, Ubuntu 12.04LTS (100KB/s?!?)

I just finished building a new server for the house here and downloaded the latest build of Ubuntu Server 12.04LTS. My desktop is running an upgraded version of the same (but Desktop, not Server edition). Trying to create a USB boot disk to install on the new box was painfully slow: it was going to take 2.5 days.

After searching all over the web to see what others thought, checking the USB settings in my BIOS, and even rebooting for the sake of a potential fix chalked-up to voodoo, I realized the answer. Checking the USB stick’s partition, it was – unsurprisingly – FAT32. Once I dropped the partition (the stick was brand-new, just opened the package) and created a new ext4 partition in its place, I created my new USB boot disk in 38 seconds. That’s much more like it.


Custom sudo Login Prompt: Confuse Your Coworkers and Friends!

Quick way to have fun with Bash and sudo on a boring day. Insert the following into your /etc/bashrc, /etc/bash.bashrc, or similar file (as is appropriate for your distro and version):

alias sudo='sudo -p "Congratulations, %p! You are the one-millionth user to attempt to sudo to %U! Enter your password to see what you've won. "';

More info, from man sudo:

%H  expanded to the host name including the domain name (on if the machine's host name is fully qualified or the fqdn option is set in sudoers(5))
%h  expanded to the local host name without the domain name
%p  expanded to the name of the user whose password is being requested (respects the rootpw, targetpw and runaspw flags in sudoers(5))
%U  expanded to the login name of the user the command will be run as (defaults to root unless the -u option is also specified)
%u  expanded to the invoking user's login name
%%  two consecutive % characters are collapsed into a single % character
The prompt specified by the -p option will override the system password prompt on systems that support PAM unless the passprompt_override flag is disabled in sudoers.


British PHP? Cheers!

Several minutes ago, one of the regular and long-term contributors to the PHP community, a gentleman by the name of Daevid Vincent, posted a link to a blog post on the PHP General mailing list. (Enough links yet? Hang on, there’s more to come.)

The blog post, If PHP Were British, was something I enjoyed — despite my apparently inferior dialect of English, the bastardized American version. So I figured, what the hell? We got the land (after we, as Redcoats, knocked off a few million of those pesky Indians), so why not offer a peace treaty in the form of a few lines or reworked PHP core?

After about fifteen minutes of work, the result: BPHP (lifted straight from their comments section). It’s based upon the latest stable of the 5.4 branch as of this writing (5.4.4), and has the changes requested specifically by the main article, as well as few other related changes. Nothing serious, but it shows that, yes, most Americans are willing to reach out and be friendly and helpful world citizens, regardless of how we may appear to the rest of the nations around the globe.

Want to give it a test drive? Go ahead and download it in .tar.gz or in .tar.bz2 format.

You’ll no doubt see errors and such, but have no fear — I have absolute no intention of supporting this release, nor providing bug fixes, or really even acknowledging that I did, in fact, spend several minutes of my evening doing this.

I should probably mention that I did this in my own free time (I have about an hour before another client is re-running on the ABC network TV show “Shark Tank,” and finished some other work ahead of time), and not as part of the PHP team. And of course, it is licensed under the actual PHP license, is intended only for entertainment purposes, and neither myself (acting alone) nor the PHP Group, community, or anyone else is responsible for any damage, incompatibilities, et cetera. Just in case there are any future BPHP users out there who are lawyers. ;-P

Happy Friday…. mates.


2012 php.net Redesign Proposal

Please view it here and send feedback to php-webmaster@lists.php.net.


PHP Saturation Survey

For the last few years, I’d wanted to write a spider that would crawl the web and gather some statistical information.  Specifically, I wanted to see how many sites reported being capable of serving PHP pages.  Finally, about two hours ago, I sat down to write the system that would collect this data, and within about 25 minutes, I had it doing my dirty work for me.  After I finished writing the core of the system, I then added a quick reporting tool to give me real-time statistics, because I was far too impatient to wait a few days, weeks, or even months before I could look at some numbers.

Keep in mind the following:

  • The spider gathers hostnames dynamically; it started by spidering the Google homepage (not search results), and went from there.
  • The recursion algorithm is not only imperfect — it’s impatient.  If a site doesn’t respond within 5 seconds, it’s omitted (uncommon).
  • Only homepages (indexes) are spidered.  This is still very effective, but will limit the results.
  • The recursion algorithm skips /^www[0-9]?/ subdomains, but will crawl others.
  • The system does not care if one site resides on the same physical or virtual server as any of the others.
  • The stats collection engine only gathers what the server is configured to tell it
  • We only check the HTTP headers; we do not spider the site itself to see if it links to any PHP scripts within itself.

This initial crawl will probably take at least a couple of weeks to reach some useful numbers.  Spidering sites to grab new URLs, check the database, ignore dupes, and recurse into the index to do it all again takes an average of 1.7 seconds per hostname.  Grabbing header data and recording statistics eats up about 3.0 seconds per host, and only works in chunks of hosts per run.

Since all you likely care about – much like myself – are the numbers themselves, you can find them here.  (Statistical data is no longer available.)  The text file will be updated there every five minutes.  If you’re interested in the latest figures and that file seems to be stale (i.e. – >10 minutes old), send me an email and I’ll go kick the crap out of the server and remind it who’s boss (until it becomes sentient, that is).

Over the next couple of days and weeks, I’ll spend a few more minutes here and there to improve the collection times, but the actual data itself is quite obviously of the most value in this project.  For now, all I care about is PHP market saturation, but I’m also collecting data on rival languages, web server software, cookies, page caching, OS and version information, and more.  Sure, other folks collect the same kind of information, but look at me…. do I look like them?  Then shut up.


Quick: How Many Potential Key Combinations Exist In 4096-bit Encryption?

Quite simple, glad you asked! That number is 24096. Or, in decimal format (forgive the lack of commas):