Last December I participated in the first Vancouver Iron Hacker. It was my second hackathon, and also was the first event I went to that had online programming challenges that you had to successfully complete just to register.
It turns out that hackathons are a great way of informally interviewing potential new hires. At the time I was the lead on PlayRank Basketball (iOS second-screen social sports app), and had one contract engineer helping me out. We needed another one, so Adrian and I thought participating in a hackathon would be a good way of getting a sense of the technical and collaboration skills a person has. I met Aaron in person for the first time (all the work on PlayRank was done remotely) at the event, and we worked together for our entry. The hackathon served as the perfect interview – we both had fun, and I could see first hand that he was a great candidate. This was proved in the months following the event, when we successfully shipped PlayRank together. (It also turned out we had lots in common, and collaborated well)
Once we were told the theme for the challenge, which was “password authentication sucks”, we started brainstorming. Various ideas were bounced around, from voice, image, or video recognition, to “1password” master key type solutions. We also quickly tried to prove out some physical prototypes for a capacitive ‘id card’, like some newer CCGs (collectible card games) are doing with capacitive ink. You can place the card on a modern smartphone or tablet, and the touchpoints are detected, and recognized as a unique card. We thought we could apply that to a passcard system – however our physical prototypes just didn’t work. We tried using business cards with tin foil we found in the kitchen, with staples, in all sorts of configurations to no avail. We had to keep things moving for the sake of time so we moved on to some of our other ideas.
Since we both had a background in game development, we also brainstormed some ideas about implementing a mini game that your unique solution would act as your ‘master password’, and it would unlock a vault of logins that would be stored behind it. We even thought about making some sort of ‘boss battle’ that would act as the challenge. However, due to the limited time we thought that a game would be out of scope so we moved on to other ideas.
We eventually arrived at the idea of doing some sort of QR Code + password hashing solution for storing and generating a password.
There were a few side challenges during the day, and I managed to win one of them. The challenge was to find a hidden message running on a hidden webserver on the main event website, and whoever tweeted the message first, won. So I fired up nmap and a few seconds later found all the hosted services on the machine, including the hidden webserver. It was hosting a single html file which contained the message. Then I tweeted it.
Thoughts on Iron Hacker
So I came in expecting cross site scripting exploit finding and fixing, or buffer overrun opportunities, but instead it was ‘build a web app as fast as you can’. I wasn’t quite prepared for that challenge, but in the end it was still a fun day, and well worth participating as a team building exercise with Aaron.
The second-ever Iron Hacker in Vancouver taking place on May 11th, 2013. I am unable to go for scheduling reasons, but I encourage anyone who is even slightly interested to go for it! It will be fun, you will meet like-minded people, and those two things go great together.
NOTE: I’m not sure why, but the main website has no link to the event registration, and it lists May 4th as the date. It has been moved to the 11th and maybe the registration hasn’t gone live to the public yet.