After the first episode of The Java interview questions you should not ask in 2022, I’m back again with more questions.
Roasting interview questions
Here we go again. I found a couple more really bad questions online from the top 3 Google hits to Java interview questions. Let’s see why they’re really bad to ask.
Why is the character array preferred over string for storing confidential information?
Maybe it’s me, but even I wouldn’t be able to answer this question with a decade of experience. And it’s not because the answer is hard but it’s so specific to a certain environment.
If you don’t know the answer, well, don’t feel bad. I’m gonna give you a short summary.
You know, String is immutable in Java. It’ll be stored in the String pool until it gets removed by the garbage collector, i.e. indefinitely.
If an attacker acquires access to the memory, they could do a memory dump which will contain the value of the Strings in the pool. If this string is a database username/password, then yeah, they can stole them.
While with a character array – since it’s a mutable structure – you can fill it up with data, use it, then override the character array with some irrelevant characters. That way, the attackers won’t be able to stole this info.
Now, going back to reality. I was always amazed how much people can sometimes care about random security practices in a regular Java environment; and I’m not saying it’s not important but hear me out.
Imagine your Java app running in Docker. Imagine the containers are running in a K8S cluster on AWS or whichever cloud provider. I want you to think about an attacker granting access to your Java application and it’s memory.
Do you think doing a memory dump is your biggest problem when your cloud infrastructure is compromised? When an attacker has access to containers in your K8S cluster?
In my opinion, you have bigger things to worry about in this situation. If somebody gets a memory access to your app. Well dude, you’re fundamentally f**ked.
On the other hand, this question might make sense if it’s a security-critical environment where you know application security is no. 1 priority.
What are the differences between JVM, JRE and JDK in Java?
Are you trying to test if the candidate has watched the first 5 minutes of a Java 101 course?
What is the importance of reflection in Java?
Reflection. Do you expect to deal with reflection problems from a regular Java backend developer? If so, why?
Reflection is often used for frameworks, like Spring. I hate to say but I personally don’t like when engineers start building a spacecraft for a single problem that’s costly to maintain. I remember when I was on a microservice project and there was this general requirement to support backend error localization based on the language of the user.
One of the devs started to come up with this idea to create a library that applies a special Spring filter and we put the localization data into a thread local variable and we create a custom microservice just for handling this and it got so complicated really quickly. Even talking about it was complex as hell. Don’t get me wrong, the idea could’ve worked but it’s a balance question. Complexity and cost.
Anyway, my point is a regular Java backend dev doesn’t need to be an expert on reflection. If there’s a need to deal with it, trust me they can learn it.
What are the different ways of threads usage?
The answer to this question according to the author is to use the Thread and Runnable class and interface. And even with Runnable, the author says to use it with the Thread class.
So, my question to the Java engineers out there. Hands up, when did you use the Thread class? I bet it was like 10 years ago.
It’s literally not used anymore. Even if you wanna go with regular JDK threading, at least you use an ExecutorService, but not a plain Thread.
We have to evolve with reality. Demand and supply. We can’t continue to ask these type of questions when generally we’re implementing normal APIs that are serving some data from the database. That’s the harsh truth.
If we take the approach to insist that this is an important question, we could even ask what Object#wait and Object#notify is; or any other question from the 90s.
What are the differences between constructor and method of a class in Java?
What is this question. Does anybody seriously ask this?
Perhaps you could also ask:
- What are the differences between static and final?
- What are the differences between public and static?
- What are the differences between garbage collection and heap?
How to not allow serialization of attributes of a class in Java?
I remember the time I was at university and we were doing some practices to do RPC calls. If you haven’t heard about RPC, don’t worry. It’s the acronym for Remote Procedure Call.
At the time when JSON wasn’t that famous and often XML was used as a communication format between components, there was the idea of RPC.
RPC seemed like a regular method call but under the hood it was transformed into a remote call to a remote JVM.
It was a wonderful idea to simplify things but in reality, it was barely usable. Instability issues all the way through, the classes had to be the same on both side. So for example if you passed a POJO to a method that was a RPC, the POJO had to be the same on both sides. How that was verified? Simple, there was the serialVersionUID attribute on the POJO class which defined the version number for that particular class. If they didn’t match, that’s an error.
private static final long serialVersionUID = 42L;
Serialization and the Serializable interface in Java is a way too old concept. Nobody uses it yet it’s a recurring interview question.
To be honest with you, I also needed to read the answer to this one. In Java there’s a keyword called transient to prevent attributes from being serialized but come on. When was the last time you used or heard about it?
Throughout my entire career, I haven’t used the keyword, ever.
Stop asking this question. In the world of JSON it doesn’t make sense.
What happens if the static modifier is not included in the main method signature in Java?
Dude, you gotta stop drinking. Why would you do that? The first thing they teach you on every single Java course is the psvm (public static void main).
I don’t think I ever tried this scenario so far. But again, this will not test anything about the candidate’s ability to write functionally correct and maintainable code.
Plus, if you use Spring or any other project starter, you most probably don’t deal with main classes directly anyway, because they pre-generate them (start.spring.io).
What happens if there are multiple main methods inside one class in Java?
Same deal, why would you even try this? Even worse, why would you even expect a candidate to be able to answer this?
What do you understand by Object Cloning and how do you achieve it in Java?
What the hell? Serializable first and now Cloneable? This gotta be a freaking joke.
And the worst part is, the author actually answers this question without telling the dear reader that Cloneable is a really bad idea to use.
This is a stupid question again from the Java 1.0 era. Just stop. Please.
Takeaway & next up
I’m seriously questioning the ability of these articles to suggest a reasonable question pool to new/potential interviewers; or worse, guide candidates to the wrong direction what they should know for an upcoming interview.
The takeaway should be:
- Don’t ask these questions
- Try to think about questions that are testing the candidate’s thought process rather than the lexical knowledge
Hope you liked it, follow me on Facebook/Twitter if you want to and share it with others in the hope of stopping the madness of asking these questions.
Next up, I’ll bring some questions that I think are really good for assessing candidates.