Hacker News new | past | comments | ask | show | jobs | submit login

I think this is_fb_employee variable is to check if they should be running the internal testing version of Facebook. Facebook has a subdomain which, in their offices everyone is redirected to. It's something like 'preview.facebook.com'. It houses the latest testing build of Facebook. This way all the employees are testing Facebook just by being on it, and they have other people testing their new builds for short periods of time (~2 weeks). Chances are, the server checks if the user is at an IP of a Facebook office, and that's the only condition where this is true. This would make sense because if they just redirect users to Facebook.com in their offices to preview.facebook.com, then nearly anyone could do it. This would also help prevent leaking of new features as well, because employees wouldn't be able to access them outside of Facebook.

They mention this in the Facebook Effect (http://www.amazon.com/Facebook-Effect-Inside-Company-Connect...). Or, at least the part about an subdomain for testing their website in-house. Everything else was me analyzing that.

Actually, we do know when you are on the Facebook corp network and can filter by that, but we rarely gate on that. We have a system we call gatekeeper for controlling the launch of new features. If I'm coding up something new I'll usually just add my own user ID (we call GUIs in Facebook FBIDs) first. The gatekeeper system is a very full featured roll-out system. I can launch to just employees, 1% of users world wide, Facebook users in Peru, viral growth mechanism, etc..

We also maintain a robust employee list that is cached in APC on every web host that you can always call an is_employee style function for any user ID on. The careers site in particular has some employee only functionality that this endpoint is probably checking.

Why not just setup a proxy.pac file and proxy all internal ip's to the test domain?

not sure what a .pac file is, but yes, this is how it works.

Just a javascript script file that tests for where ip-wise the user originates from and determines if you use a proxy for the site or connect directly.


I don't understand. If they're proxying requests, what would this variable ever be used for? This is at an endpoint for a client or their javascript to consume (or just as a recruiting-marketing tool). That would be redundant if they're proxying requests and insanely silly if it's the only way (instead of proxying) that they flex new features on... as they'd be visible in the javascript and it would be trivial to spoof the response to be "yes".

I have no doubt that their internal employees or a subset of them are using a different build of Facebook, and maybe I'm missing something, but I don't understand how this is related.

Perhaps an iphone / ipad / android client that makes this request to decide what skin to wear. Just sayin'

I might not know enough about this to say anything, but that would make sense for the Facebook iPad app because I would assume people rarely use their iPads while working (http://techcrunch.com/2011/07/25/facebook-ipad-app-pictures/)

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact