I see this in a lot of websites i visit.
I usually inspect them just out of curiosity.
Some of them get pretty clever,
like a hidden element that says something funny
The funniest thing I saw, is I was looking at an API from a top-tier tech company and the person who wrote the software had message in it containing words of frustration. Like swear words.
But, the weirdest thing I usually see is how the flagship of some top tech company can't make their website responsive when all you have to do is change a few of lines of code.
Or when they upgrade their UI/UX and they just broke a lot of features.
I haven't seen any of these yet, but ironically, working for the company is probably the last thing on my mind if I'm looking at HTTP headers from a site since I usually do that when I must use it for some reason and need to figure out why it's not working or how to more easily access it (it is often a SPA which shouldn't be, or otherwise something designed with "Chrome is the only browser you should use" mentality.)
That is probably because you are occasionally looking at the headers using browser developer tools, but it’s a whole different experience when you are running something like Snort or Wireshark.
I remember several years ago when I still had a Reddit account I found internship opportunity advertisements in web socket payloads. I asked about that on the reddit channel on Freenode, I think, and was politely told to not mention it on r/JavaScript.
>>That specific header seems to be a "default" one if you host your site on WordPress VIP, the enterprise WordPress hosting solution managed by Automattic.
It's pretty clever advertising really. I don't imagine that having noticed an HTTP header would really give an applicant much of a boost in the interview process, but to some it probably feels like finding a ticket to Willy Wonka's factory and may motivate them to apply in the first place.
Just telling people to apply to domain.com/jobs is pretty lame. So, basically the same door that anyone else goes through when they click the "Careers" link in your site's footer?
Reminds me of when I solved one of the CTF challenges for a website only for my reward to be "We're hiring! Apply at jobs.example.com!"
Has Google even bothered with Foobar for like past 2-3 years? It appears so frequently on non-incognito searches that surely every developer must have seen it by now.
I've never seen it, but other people in my (non-US) country claim to have seen it. I always assumed it was either my taste in porn or the fact that I'm usually logged out and regularly clear tracking cookies.
I've never got it and I've been googling programming stuff for almost a decade now.
However, maybe I'm remembering wrong, but a few years ago I was reading an article about it and someone showed a search term that brought it up for them and I tried that term and got it. Dont remember what the search term was, but I think it was something related to one of the popular leetcode-esque algorithms I've never had to do in my hobbyist or professional work.
FooBar is still being considered. I solved some problems few months ago and was contacted by their recruiter one month after that, they did mention FooBar as the main signal.
I’ve never seen it, live in the US, and I google developer things all the time. Maybe it’s because I work in Ruby and not one of the more googley languages?
> Just telling people to apply to domain.com/jobs is pretty lame. So, basically the same door that anyone else goes through when they click the "Careers" link in your site's footer? Reminds me of when I solved one of the CTF challenges for a website only for my reward to be "We're hiring! Apply at jobs.example.com!"
That reminds me of MI5’s Coding Challenge [1][2][3].
One of the defence agencies in Australia made a puzzle quite a long time ago; I can't find it now. It was a bunch of hex in a banner advert; the hex was actually x86 assembly, which if 'run' would write a string into memory.
The string was just the URL of their recruitment portal. I was so disappointed, once I got it running I was hoping to hear helicopters or a knock on the door!
The point is that if you crack it, they should send you to some unique link. Even if it's not super hard, it at least proved some level of technical competency and do should allow you to prioritised interview access (maybe at least skipping initial screening).
I assume the solutions to these can be found publicly pretty quickly. So your secret bypass first filter loses utility after the first couple of people.
The reason you put this riddles online is to get to know people who love this kind of challenge. This is still the case if the solutions are available online, even though I would include a plead into my job ad not to post solutions online for fairness with respect to other potential applicants who mananged to solve the riddle.
When in a job interview, it should be very easy to find out whether the person found the solution online or he "cheated"; simple ask some detailed questions how the person came up with this and that part of the approach.
Perhaps filtering out the people who can neither solve it nor Google it is enough of a filter by itself. Not suggesting it should bypass more than initial screening, naturally.
sure, but how much of the actual job will be solving puzzles? Seems unlikely to be representative of the work so the people who enjoy the actual work might begrudge the interview and the people who enjoy the interview might not enjoy the work.
Not everyone is working on awesome stuff at an intelligence agency. They still need people to work on their 20 year old hellscape of an ERP system in hated language(java,ada,cobol, etc).
A perfect "be sure to drink your Ovaltine" moment! If anyone is unfamiliar, it refers to the movie "A Christmas Story". The moment here: https://www.youtube.com/watch?v=zdA__2tKoIU
I first saw that movie a only a couple years ago and quickly realized how many pop culture references come from it. It does such a good job of capturing a period of time in North America. Even before I saw the movie, eating out at a Chinese restaurant was a thing for me and my family. I had no idea it may have been related! Also... one day I'll own that lamp.
This is great, thanks. I haven't seen this movie or heard of it. This scene is delivered very well and really explains the 'be sure to drink your ovaltine' concept
Growing up in the 90's my family would make it a point to watch this every year around the holidays, good times. If you are ever in Cleveland, OH, you can actually tour the house they filmed most of it in.
Seems meta. As far as references to ads in movies I enjoy Demolition Man. I loop the classy cover of the jingle for Jolly Green Giant from time to time to endear me to my (close) colleagues. It's burnt deep, whelp time for a listen.
Fascinating aside on Demolition Man: some versions have all restaurants as Pizza Hut rather than Taco Bell [1]. The version I saw as a kid was Pizza Hut, so when I said “in the future all restaurants are Pizza Hut”, a friend said “you mean Taco Bell” and we both learned something :).
> For some non-American releases, references to Taco Bell were changed to Pizza Hut. This includes dubbing, plus changing the logos during post-production. Taco Bell remains in the closing credits. In the Swedish release the subtitles still use Taco Bell while the sound and picture has been altered as above. The original version released in Australia (on VHS) contained Taco Bell, yet the newer version on DVD was changed both in logo and dubbing to Pizza Hut (in the scene where the restaurant patrons are looking through the glass windows to the fight scene outside, Taco Bell can be seen etched into the glass, even in the modified version).
Indeed, in my youth I downloaded a version that had this and I was alarmed at first. Some further research showed that it was an international release as Pizza Hut has a broader brand globally. The scene in San Angles where Westley Snipes attacks a bunch of police and he learns of his programming was filmed in Irvine, CA. I've got a few photos of the location and now would be a good time to take some shots since it isn't as busy. Also tripped out that the Mall scene in Kindergarten Cop was shot at the Main Place Mall in Santa Ana.
The movie was a childhood staple, but the book is even better - literally LOL'ed, snorted, etc.
"In God We Trust: All Others Pay Cash" by Jean Shepherd.
There are lots of additional short stories there not featured in the movie.
'Ovaltine was developed in Bern, Switzerland, where it is known by its original name, Ovomaltine (from ovum, Latin for "egg", and malt, which were originally its key ingredients).' [1]
Ha, as a Swiss, from the Bern region, I was thinking whether this strange sounding Ovaltine has anything to do with Ovomaltine and was about to look it up.
In Switzerland, Ovomaltine is among the products with highest brand recognition ever and has a cult status because of their advertisement in the 80s and 90s.
I am from South America and I drink Ovomaltine every day. It has a lot less sugar than the local brands, which is a plus in my book. More actual taste than just sugary overload.
Used to be pretty big in Italy in late 70s/early 80s, then Nestlé destroyed all competition with their Nesquick. You can still find Ovomaltine in large supermarkets but it's clearly a bit player.
I had a similar idea for financing Open Source software projects. The contributing sponsors would get their URL and add-text into a comment at the top of the source-code. The bigger your sponsorship the higher up in the list your company will be.
The adds would of course be targeted at hackers, such as come work for us, since only hackers read source-code. So it would be a very targeted ad (like the http-header thing).
I don't know if this has been tried out in practice but why not, if even HTTP-headers are used for a similar purpose?
He's speaking from experience. But, if your circumstances aren't exactly the same, the outcome may be different.
Credits pages in software, accessible from the main UI, used to be very common, and having names there -- or embedded in source code -- doesn't violate a user expectation.
Server software sending 'Server:' headers also doesn't violate user expectation, though some people prefer to turn these off.
Custom headers that cannot be turned off have a higher likelihood of violating user expectation.
To the OP: in open source projects, some users will attempt to remove undesired behavior, within the rights afforded by the license, but these exercises of copyright can interact adversely with trademarks and other brand protections, and with the surrounding (human) infrastructure and information-space around a project (e.g. names, URLs, references to services, secrets).
Your attempts to reconcile such a situation are nontrivial, and both inaction and action have a high likelihood of resulting in bad press (e.g. user confusion about fork, or heavy-handed enforcement). The harm will persist long after the original situation has been resolved or mitigated.
> some users will attempt to remove undesired behavior,
Surely. But a link in a comment to a supporter who helped finance the project is not really "behavior" is it? It is not part of the program that executes.
So it is not "undesired behavior" since it is not behavior at all.
But is it "undesired" in other ways?
If you put in a copyright notice into the source code, that is a kind of advertising for whoever's name is in it. Often comments contain links to the website of whoever maintains the source-code. Is that undesired? If not then what would be so undesirable about putting in a link to the website of whoever supported the project financially.
And if they paid for that, they would be supporting the project financially. And in the end isn't that what we want, financial support for Open Source projects?
Other than the Caddy debacle, there was a short-lived attempt to run ads in the output of npm install, which also backfired spectacularly: https://news.ycombinator.com/item?id=20786981.
I think if there was a magic button to remove any and all advertising from the internet, most people would press it, consequences be damned. You really need to think hard before hitching your cart to that horse.
maybe I'm behind the times, but is 'hacker' now colloquial to mean 'anyone who codes'? Plenty of normal software engineers / devs, who are by no means 'hackers' (myself included) read the source code.
"crackers" or "security hackers". I'm sure most people on this site would consider themselves to be some form of "hacker", after all, this is "Hacker News".
My understanding of hacker is specifically someone who exploits vulnerabilities in code. Regular programmers are like building architects, hackers are like people holding up a mask so that the facial recognition powered NEST lock will let them inside the building.
Every programmer of course reads some source-code because they must read their own source-code. But such a programmer might use an Open Source library without reading its course. Whereas if you are truly hacker you are interested in how things work and you would more likely be reading such source.
I agree that definition of "hacker" is somewhat vague but mostly people understand it the same way depending on context.
I assume that reason dedicated programmers are called hackers is that earlier the the word "hack" referred to writers.
Can someone share what header the author added to their site? I only have my iPhone for the next 6 days. Anyone know of a way to see headers on an iPhone out of curiosity?
For headers alone, use a HEAD request with `curl --head`, short form `curl -I`. `curl -D-` emits the body as well, which is just noise if you’re only interested in the headers.
A HEAD request doesn’t necessarily return the same headers as the corresponding GET request. Just use -o/dev/null to suppress the body (which I omitted for brevity).
I found one in my favorite niche streaming audio site. I actually went through the process - there were actually a few steps to get to the actual email address. I sent them an email even though I wasn’t on the market :-)
Is anyone else annoyed this is being publicized? It pretty much destroys any value that noticing the header might have as a signal. Granted the signal strength was probably pretty low already, as other commenters have pointed out, but blog posts like this must decrease it even further.
It didn't have any value to begin with, honestly. Websites have the exact same message in their code simply by inspecting source or opening a console, and that certainly doesn't show you have any sort of skill or curiosity.
It's not like the sites are offering you a job, they're saying you should interview with them. I have not heard of anyone getting hired because of this.
No, because all these headers just lead to the stock standard hiring page. It literally has no effect.
I first noticed these kinds of "hidden" hiring messages almost 10 years ago. I thought it was cool for like 20 seconds until I realised that it is no different than just applying normally on their normal hiring page.
So the fact that more people find out about this, is like people discovering that a hiring page exists on companies websites. Which they already knew.
What I'm actually annoyed by is that companies are still doing this stupid thing.
Low signal strength for sure - all it says is "I know how to open Dev Tools." Rather than worry about trying to retain some value, I looks at these posts as an educational opportunity. They can encourage people who don't know how the web works to dig deeper, learn more.
177 comments
[ 5.5 ms ] story [ 324 ms ] thread- https://www.baidu.com/
- https://www.zhihu.com/
- https://www.douban.com/
- https://www.jd.com/
...
Some of them get pretty clever, like a hidden element that says something funny
The funniest thing I saw, is I was looking at an API from a top-tier tech company and the person who wrote the software had message in it containing words of frustration. Like swear words.
But, the weirdest thing I usually see is how the flagship of some top tech company can't make their website responsive when all you have to do is change a few of lines of code.
Or when they upgrade their UI/UX and they just broke a lot of features.
Now thats terabytes of data moving around :)
Reminds me of when I solved one of the CTF challenges for a website only for my reward to be "We're hiring! Apply at jobs.example.com!"
Real "be sure to drink your Ovaltine" moment.
However, maybe I'm remembering wrong, but a few years ago I was reading an article about it and someone showed a search term that brought it up for them and I tried that term and got it. Dont remember what the search term was, but I think it was something related to one of the popular leetcode-esque algorithms I've never had to do in my hobbyist or professional work.
That reminds me of MI5’s Coding Challenge [1][2][3].
[1] https://cixtor.com/blog/mi5-coding-challenge
[2] https://www.mi5.gov.uk/careers/opportunities/coding-challeng...
[3] https://www.mi5.gov.uk/sites/default/files/styles/puzzal_ima...
The string was just the URL of their recruitment portal. I was so disappointed, once I got it running I was hoping to hear helicopters or a knock on the door!
They probably need a lot of people with some tech knowledge. This way they can probably gain the widest audience that is still useful.
If it's too hard to crack, it's unlikely your investment of time in this recruitment measure will actually yield results.
When in a job interview, it should be very easy to find out whether the person found the solution online or he "cheated"; simple ask some detailed questions how the person came up with this and that part of the approach.
I first saw that movie a only a couple years ago and quickly realized how many pop culture references come from it. It does such a good job of capturing a period of time in North America. Even before I saw the movie, eating out at a Chinese restaurant was a thing for me and my family. I had no idea it may have been related! Also... one day I'll own that lamp.
> For some non-American releases, references to Taco Bell were changed to Pizza Hut. This includes dubbing, plus changing the logos during post-production. Taco Bell remains in the closing credits. In the Swedish release the subtitles still use Taco Bell while the sound and picture has been altered as above. The original version released in Australia (on VHS) contained Taco Bell, yet the newer version on DVD was changed both in logo and dubbing to Pizza Hut (in the scene where the restaurant patrons are looking through the glass windows to the fight scene outside, Taco Bell can be seen etched into the glass, even in the modified version).
[1] https://tacobell.fandom.com/wiki/Demolition_Man
The mug is round. The jar is round.
They should call it Roundtine.
'Ovaltine was developed in Bern, Switzerland, where it is known by its original name, Ovomaltine (from ovum, Latin for "egg", and malt, which were originally its key ingredients).' [1]
[1] https://en.wikipedia.org/wiki/Ovaltine
[1] https://www.ovomaltine.com/country-locator
In Switzerland, Ovomaltine is among the products with highest brand recognition ever and has a cult status because of their advertisement in the 80s and 90s.
Never knew it was a thing outside of Switzerland
The adds would of course be targeted at hackers, such as come work for us, since only hackers read source-code. So it would be a very targeted ad (like the http-header thing).
I don't know if this has been tried out in practice but why not, if even HTTP-headers are used for a similar purpose?
People will hate you for it... and never, ever let you live it down. :-/
Credits pages in software, accessible from the main UI, used to be very common, and having names there -- or embedded in source code -- doesn't violate a user expectation.
Server software sending 'Server:' headers also doesn't violate user expectation, though some people prefer to turn these off.
Custom headers that cannot be turned off have a higher likelihood of violating user expectation.
To the OP: in open source projects, some users will attempt to remove undesired behavior, within the rights afforded by the license, but these exercises of copyright can interact adversely with trademarks and other brand protections, and with the surrounding (human) infrastructure and information-space around a project (e.g. names, URLs, references to services, secrets).
Your attempts to reconcile such a situation are nontrivial, and both inaction and action have a high likelihood of resulting in bad press (e.g. user confusion about fork, or heavy-handed enforcement). The harm will persist long after the original situation has been resolved or mitigated.
Surely. But a link in a comment to a supporter who helped finance the project is not really "behavior" is it? It is not part of the program that executes.
So it is not "undesired behavior" since it is not behavior at all.
But is it "undesired" in other ways?
If you put in a copyright notice into the source code, that is a kind of advertising for whoever's name is in it. Often comments contain links to the website of whoever maintains the source-code. Is that undesired? If not then what would be so undesirable about putting in a link to the website of whoever supported the project financially.
And if they paid for that, they would be supporting the project financially. And in the end isn't that what we want, financial support for Open Source projects?
I think if there was a magic button to remove any and all advertising from the internet, most people would press it, consequences be damned. You really need to think hard before hitching your cart to that horse.
The only question would be whether it should be used only for non-transferable "moral" authorship or transferable as the author chooses.
maybe I'm behind the times, but is 'hacker' now colloquial to mean 'anyone who codes'? Plenty of normal software engineers / devs, who are by no means 'hackers' (myself included) read the source code.
http://www.catb.org/jargon/html/
I agree that definition of "hacker" is somewhat vague but mostly people understand it the same way depending on context.
I assume that reason dedicated programmers are called hackers is that earlier the the word "hack" referred to writers.
https://en.wikipedia.org/wiki/Hack_writer
What the hack, there's even a pub called "Old Hack"
https://www.tripadvisor.com/Restaurant_Review-g188644-d10512...
For example, I was setting up a sieve-based filter for Groupon emails and there was this x-recruiting header.
That was nice.
https://beta.shodan.io/search?query=x-recruiting
https://beta.shodan.io/search?query=x-hacker
You can also find tributes to people such as Terry Pratchett:
https://beta.shodan.io/search?query=x-clacks-overhead
It's not like the sites are offering you a job, they're saying you should interview with them. I have not heard of anyone getting hired because of this.
I first noticed these kinds of "hidden" hiring messages almost 10 years ago. I thought it was cool for like 20 seconds until I realised that it is no different than just applying normally on their normal hiring page.
So the fact that more people find out about this, is like people discovering that a hiring page exists on companies websites. Which they already knew.
What I'm actually annoyed by is that companies are still doing this stupid thing.
I don't know about annoyed, but I wouldn't want to talk about any movies I haven't seen with the author, or involve them in planning a surprise party.
There was a whole thread on reddit about it a decade ago when someone first discovered the drop table header: https://www.reddit.com/r/programming/comments/c0m9v/reddits_...
http://www.cypherspace.org/adam/shirt/spook.html