Now, if you were to browse Facebook through a proxy that always tampered with this result in transit to say you were an employee... might some stray client-side code do anything interesting because it trusted that response?
That's cute but it's not accurate. I interviewed there over two years ago and I appear to be blacklisted, since whenever I look at any of their job descriptions I get this:
"Hey, we have reviewed your application and unfortunately don't have an opening for you."
That sounds like a bug - from what I'm told by a recruiter, you should be able to apply again by now. You can also start the process by emailing the address in the text at the bottom of job once you click on "Apply for this position".
I think this is_fb_employee variable is to check if they should be running the internal testing version of Facebook. Facebook has a subdomain which, in their offices everyone is redirected to. It's something like 'preview.facebook.com'. It houses the latest testing build of Facebook. This way all the employees are testing Facebook just by being on it, and they have other people testing their new builds for short periods of time (~2 weeks). Chances are, the server checks if the user is at an IP of a Facebook office, and that's the only condition where this is true. This would make sense because if they just redirect users to Facebook.com in their offices to preview.facebook.com, then nearly anyone could do it. This would also help prevent leaking of new features as well, because employees wouldn't be able to access them outside of Facebook.
Actually, we do know when you are on the Facebook corp network and can filter by that, but we rarely gate on that. We have a system we call gatekeeper for controlling the launch of new features. If I'm coding up something new I'll usually just add my own user ID (we call GUIs in Facebook FBIDs) first. The gatekeeper system is a very full featured roll-out system. I can launch to just employees, 1% of users world wide, Facebook users in Peru, viral growth mechanism, etc..
We also maintain a robust employee list that is cached in APC on every web host that you can always call an is_employee style function for any user ID on. The careers site in particular has some employee only functionality that this endpoint is probably checking.
I don't understand. If they're proxying requests, what would this variable ever be used for? This is at an endpoint for a client or their javascript to consume (or just as a recruiting-marketing tool). That would be redundant if they're proxying requests and insanely silly if it's the only way (instead of proxying) that they flex new features on... as they'd be visible in the javascript and it would be trivial to spoof the response to be "yes".
I have no doubt that their internal employees or a subset of them are using a different build of Facebook, and maybe I'm missing something, but I don't understand how this is related.
"I looked into it more deeply and I found that apparently what happened is that yid was laid off five years ago and no one ever told him about it; but through some kind of glitch in the payroll department, he still gets a paycheck. So we just went ahead and fixed the glitch."
It appears that this web service has a rather obvious defect, the Content-Type is set to "text/html; charset=utf-8" yet, the response body seems to be JSON rather than HTML. The proper Content-Type should be "application/json" with Content-Disposition to "inline". Perhaps they didn't do this since some browsers ignore the Content-Disposition with this Content-Type, and prompt to download the content regardless.
Even so, "text/html" is still wrong. Since the content actually isn't intended for a JSON parser, but, a human, "text/plain" would be the most conservative (and not wrong).
Not sure how much data facebook have of other websites for categorizing majority of the websites in to different domain, but i feel Google can do much better with the same concept.
I hope there isn't a flash app on Facebook that is using just that to decide whether to show an employee/admin interface.. Will be quite easy to spoof the result of that page if it is client-side.
My own id is quite high, however... About a year ago I wrote a script to scrape Facebook users and their friendship information. I wanted to get the social graph of my university (Warwick), so I seeded it with me and a few random friends from the same school, and coded it expand nodes already well-connected to the network. It turns out that university students form a fairly tight international network, so my script starting scraping people from other universities, including some colleges in the US. Anyway, when I only had a few thousand users in the database, I noticed there was one with FBID 7 - Mark Zuckerberg's old roommate. Pretty cool how few hops were needed to get to him (and shows how FB managed to grow so quickly amongst the uni market).
I'm < 50,000 ... I have old screen shots of thefacebook.com too somewhere. In fact, I have an outstanding friend request from the early days that I've never clicked on, just for fun. I think this was either 2004 or 2003.
[+] [-] slug|14 years ago|reply
[+] [-] onedognight|14 years ago|reply
[+] [-] hjalle|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] helloburin|14 years ago|reply
If I open a new window and copy/pasta the URL, it'll say false :)
[+] [-] gojomo|14 years ago|reply
[+] [-] goldmab|14 years ago|reply
"Hey, we have reviewed your application and unfortunately don't have an opening for you."
I can't really square that with "Maybe soon?"
[+] [-] nbm|14 years ago|reply
[+] [-] Jarred|14 years ago|reply
They mention this in the Facebook Effect (http://www.amazon.com/Facebook-Effect-Inside-Company-Connect...). Or, at least the part about an subdomain for testing their website in-house. Everything else was me analyzing that.
[+] [-] bbillings|14 years ago|reply
We also maintain a robust employee list that is cached in APC on every web host that you can always call an is_employee style function for any user ID on. The careers site in particular has some employee only functionality that this endpoint is probably checking.
[+] [-] mitchty|14 years ago|reply
[+] [-] drivebyacct2|14 years ago|reply
I have no doubt that their internal employees or a subset of them are using a different build of Facebook, and maybe I'm missing something, but I don't understand how this is related.
[+] [-] ry0ohki|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] yid|14 years ago|reply
[+] [-] hugh3|14 years ago|reply
[+] [-] base2john|14 years ago|reply
[+] [-] hugh3|14 years ago|reply
[+] [-] csomar|14 years ago|reply
[+] [-] ry0ohki|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] taylorbuley|14 years ago|reply
{"is_fb_employee":"maybe soon? https://www.facebook.com/careers/department.php?dept=enginee...}
[+] [-] clarkevans|14 years ago|reply
Even so, "text/html" is still wrong. Since the content actually isn't intended for a JSON parser, but, a human, "text/plain" would be the most conservative (and not wrong).
[+] [-] swapsmagic|14 years ago|reply
Even if you are logged out.
I am not an facebook employee so if i just paste the url in address bar and enter it, it shows: is_fb_employee: false with my UID.
If i logged out, it shows UID: 0 with is_fb_employee: false.
It's a nice idea to attract ppl from different site and based on the site domain, give them relevant career page url. (May be an intern project)
So for HN, it's engineering career page, if the referral site is relevant to some other domain (i.e. sales/marketing) then they will give http://www.facebook.com/careers/department.php?dept=sales.
Not sure how much data facebook have of other websites for categorizing majority of the websites in to different domain, but i feel Google can do much better with the same concept.
[+] [-] pettazz|14 years ago|reply
[+] [-] jannes|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] richchan|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] dreamdu5t|14 years ago|reply
I mean, I already assumed FB had a staging server. Why does this interest people so much?
[+] [-] Shenglong|14 years ago|reply
[+] [-] Shenglong|14 years ago|reply
[+] [-] hugh3|14 years ago|reply
"Hey Mark, am I a facebook employee?"
"Not any more!"
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] mahmud|14 years ago|reply
[+] [-] the_cat_kittles|14 years ago|reply
[+] [-] flyt|14 years ago|reply
Here's the full history of how FB UID's have been assigned over time: http://www.quora.com/What-is-the-history-of-Facebooks-user-I...
[+] [-] IsaacL|14 years ago|reply
[+] [-] martingordon|14 years ago|reply
Assuming similar adoption rates at the 4 other "second wave" schools, I'm probably one of the first 5-10k users of Facebook.
[+] [-] jforman|14 years ago|reply
[+] [-] kristopolous|14 years ago|reply
[+] [-] myared|14 years ago|reply
[+] [-] juiceandjuice|14 years ago|reply
[+] [-] shadered|14 years ago|reply
[+] [-] h00k|14 years ago|reply
No facebook account here. Do I win?
[+] [-] samyzee|14 years ago|reply
[deleted]
[+] [-] gammarator|14 years ago|reply
[+] [-] hammock|14 years ago|reply
How many people here realize they are outing themselves by posting the whole number?