The other day I did a security workshop at a firm here in Sydney and one of the things we did was a proxy a bunch of traffic and inspect what was going on behind the scenes. Among the expected hilarity that always ensues from these sorts of exercises (you can find heaps more of this in my Hack Your API First course), one of the guys at the event found this in the response headers of Airbnb: X-Hi-Human: The Production Infrastructure team added this header. Come work with us! Email [email protected] Awesome – an HTTP response header designed for humans! Of course it’s only special humans that actually go to the trouble of reading response headers behind mobile APIs (although it looks like any requests to airbnb.com return it), special humans the likes of which may actually have the chops to work at a place like Airbnb building software. It seems that Kevin is a genuine bloke at Airbnb too and not just a HR contact, but an Engineering Manager. Nice. I didn’t think much more about it the time, then the other day I was peeking through how Microsoft’s Azure portal is put together and came across this: A little less personal than Kevin’s approach, that’ll land you on the Microsoft Careers page with jobs related to Azure. Stumbling upon these two in short succession made me curious – is this a thing? Who else does this? Turns out Flickr does: What strikes me as interesting with this one is that it’s a fair whack of ASCII art in the source code of a top tier website and it’ll be seen by a tiny percentage of its users. I wonder if anyone has done the ROI on successful hires versus bandwidth costs?! I found these curious, what else have you found in source code or headers that’s sparked your interest? Continue reading...
