# Microsoft Interviews Just read [this article](http://www.sellsbrothers.com/fun/msiview/#myInterview) about a Microsoft interview. I also had an interview for a job at Microsoft a few years ago now (in my case, a PM job in one of the server groups). I met [Mark Anders](http://www.4guysfromrolla.com/webtech/MarkAnswers.asp) in the book shop at the 1999 ASP professional conference in Islington, London (I'll miss those Wrox conferences!) and we got to talking about some security stuff - he was pretty high up in the ASP.NET group at the time -it was totally embryonic back then and he was still investigating what people's view were on some things.... Anyway, long story short, I was invited over to Redmond. So, I flew over, got to spend a few days in Seattle, had a nice tour of Microsoft and eventually got badgered for a day. One of my major problems is that I'm VERY Scottish - you may not understand what this means for direct, vocal communication - but imagine if you will, Billy Connolly at twice the speed (though I have a Barry Whitesque baritone :-)) - very drunk and with a bag of marbles in his mouth - that's pretty close. Add to this the fact that I was very nervous - had just discovered Starbucks (6 large espressos!) and was still jet-lagged well, I would have appeared to be talking some odd lost language. So, during a single day I met 8 separate people in several different buildings - a few coding questions (simple things like writing a search and replace algorithm...the usual), which I was pretty good at. There were some 'invention' and creative questions - again pretty good. Then came the [problems](http://www.sellsbrothers.com/fun/msiview/default.aspx?content=question.htm)! I am what's technically called absolutely bloody appalling at maths, and especially maths puzzles when under stress - coupled with that fact that I has started speaking Serbo-Coratian did not bode well. There were questions about flow rate of cars over a bridge ;at this speed, how many cars pass across in 2 minutes, one about balancing balls (which I got the answer to through lateral thinking, not the maths approach). Anyway, I was asked if I'd consider a job in testing - said no...and basically decided that I'd had it with large development groups. This really coloured my view of Microsoft - it also helped me understand a bit of how it works... They were looking for Maths Geeks - in this instance at least - I'm not one, I'm more of the old school hacker (in the correct sense :-)) I like thinking about the code I write and shaping into a product people want to use - for me it's not a mathematical exercise, lots of people hate this approach - and most of the people I met at Microsoft didn't seem to understand it. Lacking creative thinking is a major problem for security in web based systems and over the years, testing, writing and analysing these systems, it seems to be one of the major reasons problems occur in such systems. Developers need to think more creatively about their applications, place yourself in the context of a person trying to break / subvert the security of your code, set limits for points where user input has all been validated - the application firewall - that's your safety zone. It is really fairly easy to do this, if you set limits on what your application accepts as input. 1. Validate all the time, client and server. 2. Check for bounds in testing (what happens if you  enter too many characters in a form field?). 3. Catch every error everywhere you accept input from outwith the application - be it from the user or from the database (they can go down!) . 4. Set sensible error codes for later code to check - lots of applications fall over simply because they fall out of sequence - with some essential method having not returned the correct value. Set break points in code where if a condition is bet, some abort sequence takes place (reporting the error to the user, a redirect...etc...) 5. Simplify - this is THE MOST IMPORTANT THING! Complex code hides it's problems, keep your code readable,make your variable names obvious, insert comments indicating expected pathways and occurrences into the source. Make single class files with names the same as their contained class. Just keep it simple! Anyway, enough rambling....later...