• 短信验证码轰炸的技术目的by Aline Lerner 通过艾琳·勒纳(Aline Lerner) 您将随机轰炸技术面试。 每个人都做。 这是数据。 (You will randomly bomb technical interviews. Everyone does. Here’s the data.) ...


    by Aline Lerner

    通过艾琳·勒纳(Aline Lerner)

    您将随机轰炸技术面试。 每个人都做。 这是数据。 (You will randomly bomb technical interviews. Everyone does. Here’s the data.)

    When you listen to hundreds of technical interviews day in and day out, you start to notice patterns. Or in this case, a lack of patterns.

    当您日复一日地聆听数百次技术采访时,您会开始注意到各种模式。 或者在这种情况下,缺少模式。

    I did find one thing that’s pretty consistent, though, and used it as the basis of a drinking game:


    • Every time someone thinks the answer to an interview question is a hash table, take a drink.

    • And every time the answer actually is hash table, take two drinks.


    But don’t try this game. I almost died playing it.

    但是不要尝试这个游戏。 我玩游戏快死了。

    The reason I spend my days listening to technical interviews is because a couple years ago I co-founded interviewing.io, an interviewing platform where people can practice technical interviewing anonymously and, in the process, find jobs.

    我花我的天听技术面试的原因是因为几年前我共同创立interviewing.io ,一个面试平台,在这里人们可以练技术匿名采访,并在这个过程中,找到了工作。

    As a result, I have access to a ton of data on how the same people perform from interview to interview. And I’ve discovered so much volatility that it makes me question the reliability of single-interview outcomes altogether.

    结果,我可以访问大量有关同一个人从一次访谈到另一次访谈的表现的数据。 而且我发现波动很大,这使我完全质疑单次面试结果的可靠性。

    我们如何获得所有这些数据 (How we got all this data)

    When an interviewer and an interviewee match on our platform, they meet in a collaborative coding environment with voice, text chat, and a whiteboard and jump right into a technical question.


    Interview questions on the platform tend to fall into the category of what you’d encounter at a phone screen for a back-end software engineering role. Interviewers typically come from a mix of large companies like Google, Facebook, and Yelp, as well as engineering-focused startups like Asana, Mattermark, KeepSafe, and more.

    平台上的面试问题通常属于您在电话屏幕上遇到的后端软件工程角色的类别。 采访者通常来自Google,Facebook和Yelp等大型公司,以及Asana,Mattermark,KeepSafe等专注于工程的初创公司。

    After every interview, interviewers rate interviewees on a few different dimensions, including technical ability. Technical ability gets rated on a scale of 1 to 4, where 1 is “meh” and 4 is “amazing!” On our platform, a score of 3 or above has generally meant that the person was good enough to move forward.

    每次面试后,面试官都会在几个不同方面对受访者进行评分,包括技术能力。 技术能力的等级为1到4,其中1表示“ meh”,4表示“ amazing!”。 在我们的平台上,满分3分或以上通常意味着该人足够优秀,可以向前迈进。

    At this point, you might say, that’s nice and all, but what’s the big deal? Lots of companies collect this kind of data in the context of their own pipelines.

    在这一点上,您可能会说,这很好,但有什么大不了的? 许多公司都在自己的管道中收集此类数据。

    Here’s the thing that makes our data special: the same interviewee can do multiple interviews, each of which is with a different interviewer and/or different company. This opens the door for some pretty interesting and somewhat controlled comparative analysis.

    下面是使我们的数据的特殊的东西: 同样的受访者能做到多方采访,每一个都是用不同的面试官和/或其他公司。 这为进行一些非常有趣且有些控制的比较分析打开了大门。

    发现1:您在面试之间的表现不稳定 (Finding 1: Your performance from interview to interview is volatile)

    Let’s start with some visuals. In the graph below, every person icon represents the mean technical score for an individual interviewee who has done 2 or more interviews on the platform.

    让我们从一些视觉效果开始。 在下图中,每个人的图标代表在平台上进行了2次或更多次采访的单个受访者的平均技术得分。

    One thing we don’t show in this graph is the passage of time, so you can see people’s performance over time. It’s kind of a hot mess.

    我们在此图中未显示的一件事是时间的流逝,因此您可以看到人们随时间的表现 。 有点混乱。

    The y-axis is standard deviation of performance, so the higher up you go, the more volatile interview performance becomes.


    As you can see, roughly 25% of interviewees are consistent in their performance, and the rest are all over the place.


    If you look at the graph above, despite the noise, you can probably make some guesses about which people you’d want to interview.


    But keep in mind that each represents a mean. Let’s pretend that, instead, you had to make a decision based on just one data point. That’s where things get dicey.

    但是请记住,每个代表一个平均值 。 让我们假设,您必须仅基于一个数据点来做出决定。 那就是事情变得轻松的地方。

    To really drive this point home, you should visit the really cool interactive version of this graph. There you can expand everyone’s performance and see just how each person did in each interview. The results might surprise you! For instance:

    为了真正理解这一点,您应该访问该图的非常酷的交互式版本 。 在这里,您可以扩展每个人的表现,并查看每个人在每次采访中的表现。 结果可能会让您感到惊讶! 例如:

    • Many people who scored at least one 4 also scored at least one 2.

      许多得分至少为1 4的人也至少得分为2。
    • If we look at high performers (mean of 3.3 or higher), we still see a fair amount of variation.

    • Things get really murky when we consider “average” performers (mean between 2.6 and 3.3).


    ? Visit the really cool interactive visualization ?


    We were curious to see if volatility varied at all with people’s mean scores. In other words, were weaker players more volatile than strong ones? The answer is no. When we ran a regression on standard deviation vs. mean, we couldn’t come up with any meaningful relationship (R-squared ~= 0.03), which means that people are all over the place — regardless of how strong they are on average.

    我们很好奇,看看波动率是否随人们的平均得分而变化。 换句话说,弱者比强者更具动荡性吗? 答案是不。 当我们对标准差与平均值进行回归时,我们无法得出任何有意义的关系(R平方〜= 0.03),这意味着人们无所不在-不管他们的平均水平如何。

    To me, looking at this data — then pretending that I had to make a hiring decision based on one interview outcome — felt like peering into some beautiful, lavishly appointed parlor through a keyhole. Sometimes you see a piece of art on the wall, sometimes you see the liquor selection, and sometimes you just see the back of a couch.

    对我来说,看这些数据,然后假装我必须根据一个面试结果做出招聘决定,感觉就像是从钥匙Kong里窥视一些漂亮,布置豪华的客厅。 有时您会在墙上看到一件艺术品,有时会看到酒的选择,有时甚至会看到沙发的背面。

    So, in a real life situation, when you’re trying to decide whether to advance someone to onsite, you’re probably trying to avoid two things — false positives (bringing in people below your bar by mistake) and false negatives (rejecting people who should have made it in).


    Most top companies’ interviewing paradigm is that false negatives are less bad than false positives. This makes sense right? With a big enough pipeline and enough resources, even with a high false negative rate, you’ll still get the people you want.

    大多数顶级公司的采访范式是,误报不如误报坏。 这有道理吧? 有了足够大的渠道和足够的资源,即使误报率很高,您仍然可以找到想要的人。

    With a high false positive rate, you might get cheaper hiring, but you do potentially irreversible damage to your product, culture, and future hiring standards in the process. And of course, the companies setting the hiring standards and practices for an entire industry are the ones with the big pipelines and seemingly inexhaustible resources.

    假阳性率高的话,您可能会得到更便宜的聘用,但是在此过程中,您的产品,文化和未来的聘用标准可能会遭受不可逆转的损害。 当然,为整个行业制定招聘标准和惯例的公司拥有庞大渠道和看似资源不竭的公司。

    The dark side of optimizing for high false negative rates, though, rears its head in the form of our current engineering hiring crisis. Do single interview instances, in their current incarnation, give enough signal? Or amidst so much demand for talent, are we turning away qualified people because we’re all looking at a large, volatile graph through a tiny keyhole?

    但是,针对高假阴性率进行优化的阴暗面以我们当前的工程招聘危机的形式抬头。 在目前的情况下,单个采访实例是否发出足够的信号? 还是在对人才的需求如此之大的情况下,我们是在通过一个微小的钥匙Kong来查看大型的,易变的图表,所以放弃了合格的人才?

    So, hyperbolic moralizing aside, given how volatile interview performance is, what are the odds that a good candidate will fail an individual phone screen?

    因此,抛开双曲线的道德, 考虑到面试表现如何不稳定,一个好的候选人将无法通过单个电话屏幕的可能性是多少?

    发现2:根据过去的表现,您一次面试失败的几率 (Finding 2: Your odds of failing a single interview based on past performance)

    Below, you can see the distribution of mean performance throughout our population of interviewees.


    In order to figure out the probability that a candidate with a given mean score would fail an interview, we had to do some stats work.


    First, we broke interviewees up into cohorts based on their mean scores (rounded to the nearest 0.25). Then, for each cohort, we calculated the probability of failing, i.e. of getting a score of 2 or less. Finally, to work around our starting data set not being huge, we resampled our data.

    首先,我们根据受访者的平均得分将他们分为几组(四舍五入至最接近的0.25)。 然后,对于每个队列,我们​​计算了失败的概率,即得分不超过2。 最后,要解决我们的初始数据集不是很大的情况,我们对数据进行了重新采样

    In our resampling procedure, we treated an interview outcome as a multinomial distribution. In other words, we pretended that each interview was a roll of a weighted, 4-sided die corresponding to that candidate’s cohort.

    在我们的重采样过程中,我们将采访结果视为多项分布。 换句话说,我们假装每次面试都是一卷加权的四面骰子,与该候选人的队列相对应。

    We then re-rolled the dice a bunch of times to create a new, “simulated” dataset for each cohort and calculated new probabilities of failure for each cohort using these data sets. Below, you can see the results of repeating this process 10,000 times:

    然后,我们将骰子重新滚动很多次,以为每个队列创建一个新的“模拟”数据集,并使用这些数据集为每个队列计算新的失败概率。 在下面,您可以看到重复此过程10,000次的结果:

    As you can see, a lot of the distributions above overlap with one another. This is important because these overlaps tell us that there may not be statistically significant differences between those groups (e.g. between 2.75 and 3).

    如您所见,上面的许多分布相互重叠。 这很重要,因为这些重叠告诉我们,这些组之间可能没有统计学上的显着差异(例如,在2.75和3之间)。

    Certainly, with the advent of lot more data, the delineations between cohorts may become clearer. On the other hand, if we do need a huge amount of data to detect differences in failure rate, it might suggest that people are intrinsically highly variable in their performance.

    当然,随着更多数据的到来,同伙之间的delineations可能会变得更加清晰。 另一方面,如果我们确实需要大量数据来检测故障率的差异,则可能表明人们内在行为具有很大的可变性。

    At the end of the day, while we can confidently say that there is a significant difference between the bottom end of the spectrum (2.25) versus the top end (3.75), for people in the middle, things are murky.


    Nevertheless, using these distributions, we did attempt to compute the probability that a candidate with a certain mean score would fail a single interview:


    The fact that people who are overall pretty strong (e.g. mean ~= 3) can mess up technical interviews as much as 22% of the time shows that there’s definitely room for improvement in the process. And this is further exacerbated by the general murkiness in the middle of the spectrum.

    整体上非常强大的人(例如,均值〜= 3)可以使技术面试的混乱率高达22%,这表明在此过程中肯定还有改进的余地。 频谱中部的一般性杂音进一步加剧了这种情况。

    那么面试注定要失败吗? (So is interviewing doomed?)

    Generally, when we think of interviewing, we think of something that ought to have repeatable results and carry a strong signal. However, the data we’ve collected tells a different story.

    通常,当我们考虑面试时,我们会想到应该具有可重复结果并带有强烈信号的事物。 但是,我们收集的数据却讲述了一个不同的故事。

    And that story resonates with both my anecdotal experience as a recruiter and with the sentiments we’ve seen echoed in the community.


    Zach Holman’s Startup Interviewing is F***** hits on the disconnect between interview process and the job it’s meant to fill.

    扎克·霍尔曼(Zach Holman)的初创面试是F ***** ,因为面试过程与其要完成的工作之间存在脱节。

    The fine gentlemen of TripleByte reached similar conclusions by looking at their own data.


    One of the more poignant expressions of inconsistent interviewing results recently came from rejected.us.


    You can bet that many people who are rejected after a phone screen by Company A — but do better during a different phone screen, and ultimately end up somewhere traditionally reputable — are getting hit up by Company A’s recruiters 6 months later.


    And despite everyone’s best efforts, the murky, volatile, and ultimately stochastic massage circle of a recruitment process marches on.


    So yes, it’s certainly one possible conclusion is that technical interviewing itself is indeed doomed and doesn’t provide a reliable, deterministic signal for one interview instance. Algorithmic interviews are a hotly debated topic and one we’re deeply interested in teasing apart.

    因此,是的,肯定有一个可能的结论是,技术面试本身的确注定要失败,并且不能为一个面试实例提供可靠的确定性信号。 算法面试是一个热门话题,我们非常有兴趣分开讨论。

    One thing in particular we’re very excited about is tracking interview performance as a function of interview type, as we get more and more different interviewing types/approaches happening on the platform. Indeed, one of our long-term goals is to really dig into our data, look at the landscape of different interview styles, and make some serious data-driven statements about what types of technical interviews lead to the highest signal.

    令我们特别兴奋的一件事是,随着平台上发生越来越多的不同类型的采访,跟踪采访绩效随采访类型的变化而变化。 的确,我们的长期目标之一是真正地挖掘我们的数据,了解不同访谈风格的景象,并就由哪种类型的技术访谈导致最高信号做出严肃的数据驱动性陈述。

    In the meantime, however, I am leaning toward the idea that drawing on aggregate performance is much more meaningful than a making such an important decision based on one single, arbitrary interview.


    Not only can aggregative performance help correct for an uncharacteristically poor performance, but it can also weed out people who eventually do well in an interview by chance or those who, over time, submit to the beast and memorize Cracking the Coding Interview.

    综合表现不仅可以纠正表现异常差的表现,而且还可以剔除那些最终在偶然的采访中表现出色的人,或者随着时间的推移而顺从野兽并记住“ 破解编码面试”的人

    I know it’s not always practical (or possible) to gather aggregate performance data in the wild. But let’s say a candidate’s performance is borderline — or where their performance differs wildly from what you’d expect. It might make sense to interview them one more time, focusing on different material, before making the final decision.

    我知道在野外收集汇总性能数据并不总是可行(或可行)。 但是,假设某位候选人的表现处于临界点,或者他们的表现与您的期望有很大出入。 在做出最终决定之前,可能需要再多采访一次他们,关注不同的材料。

    We’ve collected a ton more interview performance data not yet included in this analysis, so if you’re curious to see whether interview performance is still arbitrary, stay tuned!


    Want to become awesome at technical interviews and land your next job in the process? Join interviewing.io.

    想要在技术面试中变得很棒,并在此过程中找到下一份工作吗? 加入采访

    翻译自: https://www.freecodecamp.org/news/you-will-randomly-bomb-technical-interviews-everyone-does-heres-the-data-44475806e32/


  • 同时用S05GK产品来讲解短信验证码程序的实现。 工具/原料 电脑 速达S05GK系统 方法/步骤 第一步注册 第二步填写图形验证码。填写手机号码,登录密码和图形验证码,这块没有直接出现获取手机验证码是...








    第二步填写图形验证码 。填写手机号码,登录密码和图形验证码,这块没有直接出现获取手机验证码是为了防止恶意的攻击,按照S05GK产品的安全描述,一般需要在提交前做图像验证。图像不通过就无法注册成功。



    第三步短信验证   点击获取验证码,输入收到的短信验证码。这边就是直接调用短信接口实现下发,比如S05GK产品的http接口就可以实现,程序只需要往接口提交接收方的手机号以及短信的内容就行,根据S05GK产品安全描述,这个验证过程还需要对提交的手机号进行判断,判断是否段时间多次提交等恶意行为。















  • 社区提供了一个交流平台...同时以S05GK产品来讨论短信验证码程序的实现。 工具/原料 电脑一台 速达S05GK产品 方法/步骤 第一步注册 第二步填写图形验证码。填写手机号码,登录密码和图形验证码,这块没有...








    第二步填写图形验证码 。填写手机号码,登录密码和图形验证码,这块没有直接出现获取手机验证码是为了防止恶意的攻击,按照S05GK产品的安全描述,一般需要在提交前做图像验证。图像不通过就无法注册成功。



    第三步短信验证   点击获取验证码,输入收到的短信验证码。这边就是直接调用短信接口实现下发,比如S05GK产品的http接口就可以实现,程序只需要往接口提交接收方的手机号以及短信的内容就行,根据S05GK产品安全描述,这个验证过程还需要对提交的手机号进行判断,判断是否段时间多次提交等恶意行为。









  • 微博提供了一个信息交流平台,网站的手机...同时以速达S05GK产品来讨论短信验证码程序的实现。 工具/原料 电脑 速达系统 步骤 第一步搜索新浪微博 第二步点击注册 第三步填写注册信息 第...





























  • 思路:采用APP前端签名加密,后台验证. 方法: 密钥key:前后台私下约定的一个长度大于8位的随机字符串. ...就可以向手机号码mobile发送验证码了,否则返回特定值. 这个方法的好处,前端页面不需要通过图片验证
  • 短信验证码接口非常容易遭受互联网恶意攻击——“短信轰炸”,该攻击通过循环利用不同业务中的无需注册即可向任意手机号发送短信验证码的正常业务需求(如用户注册、密码修改等),向多个手机号码同时连续发送大量的...
  • 短信轰炸就是指一些人用特殊的软件越过前端进行无限制获取短信验证码,对于这块需要做一些防止的措施来避免短信轰炸。 1,第一种方式,使用图形验证码进行来防止攻击 使用图形验证码时,无论安全监测进行怎么样攻击...
  • #短信防洪轰炸# 其他热门文章: 《腾讯防水墙滑动拼图验证码》 《百度旋转图片验证码》 《网易易盾滑动拼图验证码》 《顶象区域面积点选验证码》 《顶象滑动拼图验证码》 一丶解析验证码组成 从上面三张图来看,极...
  • 企业短信防火墙【新昕科技】+短信验证码【中昱维信】Java应用实例一、企业短信防火墙的实现1.1 简介1.2 第一步:获取防火墙帐号密钥1.3 第二步:下载防火墙服务器1.4 第三步:业务系统前后端接入1.5丰富可视化实时...
  • 企业短信防火墙【新昕科技】+短信验证码【中昱维信】Java应用实例一、企业短信防火墙的实现1.1 简介1.2 第一步:获取防火墙帐号密钥1.3 第二步:下载防火墙服务器1.4 第三步:业务系统前后端接入1.5丰富可视化实时...
  • 短信验证码服务

    2016-02-06 16:00:54
    短信验证码服务的设计流程: 从第三方找个插件,发送短信。 写个服务,用来生成验证码。 写个服务,用来发送短信验证码验证码 写一个服务,用来validate...不然就会短信轰炸。 用验证码的方式来解决这个问题。
  • 验证码常见漏洞总结

    千次阅读 2018-04-03 15:00:13
    0X00 前言 手机验证码在web应用中得到越来越多的应用,...常见的手机验证码漏洞如下: 1、无效验证2、客户端验证绕过3、短信轰炸4、验证码爆破5、验证码与手机号未绑定0X01 无效验证 有验证码模块,但验证模块...
  • 验证码识别平台推荐

    千次阅读 2016-11-11 09:45:20
    现在的网民们对于验证码并不陌生,验证码的类型有各种各样的有的是图片验证码,有的是短信验证码。但是对于网龄比较大的用户来... 雅虎在最开始要处理用户几乎是每天都遇到的数以百计的垃圾邮件的轰炸,但是他们的免费
  • 0X00 前言  手机验证码在web应用中得到越来越多的应用,通常在用户登陆,用户注册,密码重置等业务模块用手机验证码进行身份验证。...3、短信轰炸 4、验证码爆破 5、验证码与手机号未绑定 0X01...
  • Burpsuite识别图片验证码

    千次阅读 2020-08-31 20:59:49
    0X00 背景介绍最近几天在做测试的时候,发现有一处短信轰炸漏洞。但是在发送短信验证码之前需要验证图形验证码,并且图形验证码使用后就过期了,这给验证带来了一点麻烦。使用burpsuite...
  • 浅谈验证码

    千次阅读 2012-02-21 16:05:15
    先扯一段历史,最早的验证码来自于反垃圾邮件,据说是美国一家免费邮件供应商,饱受邮件轰炸的困扰,然后他们找到了卡内基梅隆大学Luis von Ahn,这位年仅21岁的天才(当然,也有说是卡内基梅隆大学的Luis von ...
  • 当然有必要,这里我们来聊一个恶意短信验证的案例,通过这个案例我们就能更好理解短信验证码和图片验证码这两者的关系了。 讨论防止恶意短信验证之前,我们先来看看什么是恶意短信验证及出现的原因。 恶意短信验证,...
  • python生成图片验证码

    2020-05-08 12:37:06
    互联网时代早期免费邮件提供商雅虎为了解决用户们每天遇到的数以百计的垃圾邮件轰炸而引入的 他们找到一位当时刚刚21岁的卡内基梅隆大学的计算机天才路易斯(路易斯·范·安),也是后来的验证码之父, 他提出让计算机...



1 2 3 4 5 ... 7
收藏数 134
精华内容 53