Web questions for schools Interview

I help maintain some 'bits and bobs'.

Joomla is horrible, but tends to be the staple school CMS. Have a look through the existing site and see if it has a decent theme or is it tired-looking. DO the colours reflect the school badge/uniform? Are there sufficient sections included such as a calendar, recent letters, e-safety and all that stuff. Does it have a hero gallery (rotating images with news stories)? How about 'awards' sections?, school records for sports events, etc etc. Department Pages?

Moodle, I would say is essential - especially if the school is already using it. Will they ask you to maintain that? Again Moodle is pretty horrible and poorly designed.

You may be asked to link network accounts with Moodle e.g. LDAP.

How about school e-mail?

Google Educational Account? Share documents - good for group work, etc.

Do you think they might ask me about active directory and exhange server?

I googed educational account and share documents but didn't get much back... Anything in particular I'm looking for?

Do you think they might ask me about active directory and exhange server?

You might be asked about IIS, but I strongly doubt that a webmaster would be expected to maintain the local network if it's not explicitly stated that you're interviewing for a dual webmaster/sysadmin position.

^^Yeah, I don't think I'm going to be asked about that either...

In the job description the only thing they've got is:

'Supporting the staff payment scale.'

Whatever the fook that means? Hmmm.

@diafol the website looks tired, extremely tired compared to other college websites. Anyway...

Joomla: have a look at a few themes. Grab the school badge and teak the colour scheme accordingly. You could even get a mockup done - although, school interviews (from my experience) aren't all that hot on portfolios. But, it could show initiative. RocketThemes has some nice ones - but may cost £50.

Supporting the staff payment scale makes no sense to me whatsoever.

If the role is more sysadmin that webdev/design - you'll be introduced to a number of different systems. In the UK, one of the main players is 'Capita' who produce 'SIMS'. This 'system' can deal with many aspects, often relying on modules: registration, personal data on staff and pupils, examination results, assessments, timetabling (e.g. NOVA-T module), setting up options for GCSE, A-level, maintaining class members. Ordering systems are also employed in addition to funding programs, often particular a local authority.

Unfortunately, a single school may have many disparate systems, many of which do not talk to each other, leading to duplication of data stores.

In addition, the school may rely additional bespoke or in-house solutions, e.g. I produced a staff portal for booking the school minibus and computer suites and for booking science equipment for lessons. This system also allowed staff to log work to be completed by the site manager/caretakers and the IT technician. We also use a bespoke solution for collating assessment results and for writing school reports.

It may sound daunting, but bespoke solutions are usually supported by that company if there is an on-going subscription.

Thanks buddy, I'm going to a quick overview of SIMS...

I rang up this morning but the lady (presumably in HR) didn't have a clue when I asked what questions might I be asked from a techie POV -(If you can it doesn't hurt to ask the question [for anyone else going for a job]). Kinda sucks because normally I'm thorough when it comes to prep.

As opposed to asking which questions may be asked, perhaps it would be better to ask for greater clarification of the job description and foreseeable duties that fall under the jurisdiction of said job.

Unfortunately, many Senior Leadership Teams (guys at the top, in other words) tend to be extremly computer illiterate - so it's feasible that they don't have much of an idea themselves, just that they need an 'IT guy' to 'make the website work' and to 'ensure that the network doesn't keep on going down'. :(

Is this a permanent post? If so, I can't imagine that any school would be looking to employ a web dev/designer full-time - must be more to it.

Unfortunately, I can't ask any more questions as I have already confirmed the times and such, but that's definitely something to bear in mind for next time.

Yeah, I'd imagine I'm going to interviewed by someone in HR who doesn't have a clue about the web, so if I land the job I'm pretty much going to be left to my own devices.

It says permanent post on the job description, but it is pro-rata, so it's probably half the hours of a normal working week, definitely not enough to live on, but if I land this it will give me a platform to build upon, whilst giving me the time to pursue a few other things in my life. Ideal IMO.

Ta

so if I land the job I'm pretty much going to be left to my own devices.

You think? If you land the job, insist on a job description which outlines your duites in full, and if possible where your duties end. Ideally, you will not be at the beck and call of every Tom, Dick and Harry that hasn't worked out how to turn his PC on, which will definitely stop you from completing the work for which you're being paid. Have a few questions of your own for the interview - it never hurts to know what you're letting yourself in for! Who knows, depending on the answers you get, it may be you that turns down the position.

Hope that helps.

Bit of a nightmare interview.

They had multiple persons they were interviewing which I guess is to be expected. Your bog standard HR questions - do you work well in a team, blah blah blah.

The technical test was a nightmare... A situation where you know the tech team have no idea what they're looking for.

They wanted me to create an xhtml document with two parts one left container and one right container, with a list on the left and text on the right... without using the internet for reference? Seriously they expect me to memorise the xhtml doctype, come on.

Then the test asked about what the <dt> tag is for, another daft question to do with xhtml? ... Anyway, I saw what the guy before did and his xhtml looked pretty spot on, he must have used the internet but I couldn't be sure.

Meh. Not holding out for this one. Game on I guess. Or maybe I do need to study and memorise some html and .css?

I think it's reasonable to assume that you should be able to write HTML and CSS from memory, however remembering the older doctypes isn't easy, nor reasonable IMO.

You could have always used the HTML5 doctype: <!DOCTYPE html>. That's easy to remember. However, in that situation, if they wanted specifically XHTML, I would have simply added a HTML comment saying: <!-- doctype required --> and said that you couldn't recall it off hand. At least then they know that you know you need one.

Yeah, I guess maybe I do need to memorise basic .css and stuff.

It's the kinda thing when you get back and you realise how to do it with your favourite book.

They're looking perhaps for using % instead of pixels and floating left, neither of which I did and I even got the class ids mixed up so that the layout is fluid.

But the <dt> tag was just plain stupid. Either you know what it is or don't depending on how much you read.

The funny thing was hardly any mention was to do with web design, during the interview they were more interested if I knew how to manage MS sharepoint, and moodle which is php + SQL, most the styling is taken care of in the templates...

But yeah.

They also asked would I salt my passwords, to which I replied no I would just run it through an MD5 one time hash and ensure on the client side javascript was used to ensure the password was such and such a length with characters and numbers in the password.

Is salting passwords even necessary? I was thinking maybe for credit card/ debit card info, but passwords?

My thinking was if an attacker got access to your site surely your salted string would be stored somewhere, thereby rendering the point of salting passwords pointless, as the attacker would be able to generate a new rainbow table attack based on knowing what the salt was.

Is salting passwords even necessary?

I consider it necessary and would question anyone who doesn't, given how easy it is to add a salt and the security boost of doing so.

OK I'm not denying that but

My thinking was if an attacker got access to your site surely your salted string would be stored somewhere, thereby rendering the point of salting passwords pointless, as the attacker would be able to generate a new rainbow table attack based on knowing what the salt was.

Is that not a case for ensuring the client side javascript password checking is sufficiently long (8 or more characters) and complex?

The point being the user could still create an incredibly daft password such as 'password.' And in general if the site's access is breached surely one of the php files will contain the salted string so the attacker would then regenerate said rainbow tables and easily acquire the password.

Now if the password was secure to begin with, i.e using client side javascript authentification it would take care of itself... I guess you could then also salt it for further security???

Or am I just clutching at straws? Haha

Or am I just clutching at straws? Haha

You make valid points, but those points are akin to saying that it's simple enough to kick a door in so you may as well leave it unlocked. The harder you make it to break the system, the less inclined attackers will be to attempt it. Also, the harder it is to break into the system, the more time you have to identify an attack and attempt to stop it.

There are also ways to obfuscate the salt, by storing it outside the html/ftp root, and telling php where to look with includes. On top of that, the salt could be appended to the front or back of the password, making it a bit harder to rainbow hack the passwords, even if the salt is known.

Lastly, the way you salt the passwords, and how you salt/hash them is important. It's probably not enough to salt/hash the password once or twice. 10 times, using the right algorithm including the salt in each pass would be sufficient to piss off most hackers.

Thanks guys, that information is definitely useful.

Ima chalk this one up as a lost cause but another learning experience.

It sounds like a weird interview to me. Did the interviewer read some random stuff on web design/development before drawing up his questions? It could be argued that you should know the XHTML DTD from memory - but I don't - not even when I was using it full-time before html5. I really for the life of my can't see how this would be a valid question. <dt> is an obscure one that I can only remember using a handful of times - for terminology glossaries mainly - which have a totally different structure to other lists (ul/ol). That's really bizarre. Perhaps they fleeced a few questions for the lamentable W3Schools test?

My 2p - p/w should always be salted - I tend to double dip mine with mixed case and number substituions. I keep this info in a file above the document root along with db details / other security vars. If a malicious user gets above your docroot, you're buggered anyway. :)

Anyway.
If you're not successful this time but you still have an interest in working in a school:

Moodle admin is something I would encourage you to bone up on as more and more schools are 'investing' in it. And as I noted previously - implementation of LDAP (real pain with Moodle!). If you don't have any experience of setting up this system from the point of view of an institution, a course or a visit to a school may be very beneficial. The setup can be pretty confusing, especially when you look at how departments relate to umbrella faculties. Moodle 2 was a major upgrade and transition was fraught with problems with uploded files being orphaned and certain filetypes not being able to be viewed/downloaded. Courses had to be renamed. Security settings were changed (inexplicably) which led to a lot of head-scratching when features failed to work.

@iamthwee

Does it required a licenses for that position?

I'm from the states not familiar with UK requirement working at a school but when I did apply for a IT position at a school a few years back, they require a Network + certification and MCSE certification plus they do a extensive background check (history) before being employed.

erm... nvm. I read your post backwards. Thought you said you were from the UK. My bad!

Thanks guys @lastMitch, no they don't necessarily require MCSE certificates. Frankly, experience counts more than anything but this is how the world works in general.

@diafol, In hindsight, I've been a bit harsh with my criticism. To be honest, they were good questions to ask and really anyone who uses HTML,css should know how to do it. I think the xhtml was probably just a example they might have downloaded of the internet. Like you said, in schools when they're interviewing it's because no one there knows much about the position they're interviewing for.

I guess I'm going for the jack of all trades master of none, but I don't see how else to look at it. I mean when you know a bit of c/c++, c#,vb.net, python, matlab, actionscript, javascript, jquery, flex, java, php, and at any moment you don't know which technology you're going to use, it makes no sense to learn them all well?

I just simply google it or look it up in a book. But the interviews I've been to they want you to specifically know how to do this from memory type questions.

So do I try to learn all those above languages from memory? .net jobs seem just as popular as php and come to think of it there are a few java jsp jobs out there as well. I've thought about it I'm not sure how long that might take. But needless to say, HTML and .css should be known. I'm just putting it off.

Working in schools isn't really what I'm intending. TBH it was just a web job which happened to cater for schools. So I'm not sure learning moodle from scratch would be useful unless I was only interested in working for schools.

I don't know. A few moments ago I was certain I was damn close at landing a coding job position, but now I feel like I'm a bit out of my depth and coming from me that's something as I usually parade around these forums like a big know it all ahaha.

Hmmm, lots to think about.

@LastMitch I also think you're thinking about this from a local sysAdmin POV. The position was not for local sysadmin.

@iamthewee:
In regards to "why specialize" it's because it is expected that a certain degree of expertise is known, based on what technology is already in place. Now, there are places that are willing to train the hell out of you and are open to code slingers and keyboard monkeys. However, these are usually corporate jobs. From my experiences, government/school jobs, or companies that work specifically for those bodies, generally know what they are doing, what they are looking for, and are willing to weed the hell out of someone who doesn't know it right out the gate. They make a TON of money off these government contracts, and they need someone who is going to be able to maintain their accounts while building new software (regardless of your "expertise").

If you know PHP, you should know HTML/CSS. They go hand in hand, and you really don't often use one without the other. So, if you are lacking in HTML/CSS, you are lacking in PHP and its core usage and deployment model. This is much the same as someone saying I know Python, but I have no understanding of the Python VM. Sure, you can use Python as a compiled laungauge - but it's not meant for that... yet ;)

To sum up, and to give a TL;DR:
You are at a point where you are learning that you need to keep learning. This was not meant to be, but it doesnt mean the next one is, too. Keep learning, love what you do, and keep on coding! :)

@iamthewee

I also think you're thinking about this from a local sysAdmin POV. The position was not for local sysadmin.

Yes, I was thinking form sysAdmin POV. Sorry for the confusion. You know the education system is different from the state than from UK. Most school in the state has a sysAdmin and a technician in the school. So I don't even know what job requirement in UK to work at a school as IT profession. Base on what I read so far from your thread it's really close to technician position. Just doing maintenance and updates and knowing certain languages.