X-Clacks-Overhead(xclacksoverhead.org)
xclacksoverhead.org
X-Clacks-Overhead
https://xclacksoverhead.org/home/about
73 comments
That's really nice. I hope you don't mind, but I run this website https://climbing-history.org/ and have borrowed your idea, except for climbers who have passed away.
Not in the slightest! Do it, it helps the names of those who are no longer with us never be forgotten.
Seeing Kris Nóva in that list hit hard. It is a beautiful idea, thank you Xe.
Love this idea. Maybe I'll make a gem or something to make enabling that easier.
The code is pretty trivial but in case it helps: https://github.com/Xe/site/blob/main/internal/clackset.go
Minor nit, but you've spelt Stephen Hawking's name wrong in the clackset. It's "Stephen", not "Steven".
The thing that struck me about "GNU John Dearheart" was how it feels like it _really_ deeply captures hacker culture, like Pterry wasn't just referencing the culture, but that he really got it. Which is remarkable, because he gave me that impression about many, many topics. Such a loss.
Terry loved his characters in a way that's hard to express - unless they were pure evil (and he had a few) he did his best to understand their motivations in such a way that he came to portray them sympathetically.
This is most noticeable in his caricatures that became characters that became badasses over multiple novels; the Watch has a few of these, but there are others.
This is most noticeable in his caricatures that became characters that became badasses over multiple novels; the Watch has a few of these, but there are others.
Yup. Vimes going full-on berserker mode while screaming "Where is my cow?" should, by all rights, be extremely silly. Instead, it sent shivers down my spine.
When clacks got introduced, the description of people who just enjoyed being there and spending time on coding messages and talking to unknown remote people.. well, it felt like early internet, fidonet, perhaps AM radio amateurs.
It really seemed like Pratchett knew something of this niche cultures, way more than I expected.
It really seemed like Pratchett knew something of this niche cultures, way more than I expected.
On the flip side it is so crushing that the Cluely guys go to fancy school to help people cheat and, essentially, get away with not reading. I can't imagine an ethos so short sighted, not least because the technology they use was made by people who love science fiction and did a lot of extremely difficult homework their whole lives. These guys are the opposite of hackers, they're just hacks.
And to what end? To make less money than their moms do in internal medicine?
And to what end? To make less money than their moms do in internal medicine?
> In Terry Pratchett's science-fantasy Discworld series, "The Clacks" is a network infrastructure of Semaphore Towers, that operate in a similar fashion to telegraph - named "Clacks" because of the clicking sound the system makes as signals send.
Surely named "Clacks" because of the clacking sound the system makes.
Surely named "Clacks" because of the clacking sound the system makes.
The Clacks is a copy of an optical telegraph system that was used in Sweden
https://en.m.wikipedia.org/wiki/Abraham_Niclas_Edelcrantz
Also UK used a system close to that. And a lot of countries along Europe developed their networks with different signaling devices.
https://en.m.wikipedia.org/wiki/Abraham_Niclas_Edelcrantz
Also UK used a system close to that. And a lot of countries along Europe developed their networks with different signaling devices.
Sorry; it's more likely they were named in tribute to the Chappe telegraph towers of France.
https://en.wikipedia.org/wiki/Chappe_telegraph
The stations were more elaborate and there is even a recorded instance of a secret signal being passed on illicitly:
https://blog.franceinfo.fr/deja-vu/2017/10/10/le-piratage-du...
https://en.wikipedia.org/wiki/Chappe_telegraph
The stations were more elaborate and there is even a recorded instance of a secret signal being passed on illicitly:
https://blog.franceinfo.fr/deja-vu/2017/10/10/le-piratage-du...
A good related book written by Gerard Holzmann and Bjorn Pehrson:
The early history of data networks https://archive.org/details/earlyhistoryofda0000holz
The early history of data networks https://archive.org/details/earlyhistoryofda0000holz
It makes for an interesting subplot in the (unabridged) version of The Count of Monte Cristo, which is mentioned in the Wikipedia article above.
Sorry, it's more likely he named them after the noise of navy signal lamps that use shutters: here's a video with the sound
https://m.youtube.com/watch?v=c2G0wu-jbko
https://m.youtube.com/watch?v=c2G0wu-jbko
No, it really was France, I'm afraid.
https://terrypratchett.com/explore-discworld/the-modernisati...
https://terrypratchett.com/explore-discworld/the-modernisati...
"We're obligated to inform you that this site uses cookies to do things like maintain your session and deliver personalised content. We also use third-party services from partners such as Google, who may also place cookies on your computer.
Without cookies this site cannot function correctly. Please allow cookies from this website, otherwise features may not work."
Amusingly, that's not true. The only cookie they send is Google Analytics, which has zero value to the user. The site works fine with it blocked.
Amusingly, that's not true. The only cookie they send is Google Analytics, which has zero value to the user. The site works fine with it blocked.
Absolutely. It is a disrespectful, shameful lie by the authors of the site.
Chill. This is the defacto statement, they probably just copied it from somewhere.
GA was the only way to get a simple page count view without setting up a database or a backend system before we switched to serverless cloud step function lambda craziness.
Seems like a passion project, and they just wanted to know if their work was used. I give people the benefit of the doubt on all of this when it's a small site.
GA was the only way to get a simple page count view without setting up a database or a backend system before we switched to serverless cloud step function lambda craziness.
Seems like a passion project, and they just wanted to know if their work was used. I give people the benefit of the doubt on all of this when it's a small site.
>they probably just copied it from somewhere.
It would be nice if people read and meant something even if they copied it from somewhere.
It would be nice if people read and meant something even if they copied it from somewhere.
No it's not. It's dealing with the red tape of EU cookie legislation.
Do you want to know how many human years my last company had to devote to regulation? We could have built a hundred startups with all that effort.
I'm not saying GDPR right to be forgotten and data dump/portability isn't important, but it comes with a steep cost that everyone pays everywhere. So much time and money was spent on it. Easily billions of dollars.
And the cookie stuff? How useful has that been?
Do you want to know how many human years my last company had to devote to regulation? We could have built a hundred startups with all that effort.
I'm not saying GDPR right to be forgotten and data dump/portability isn't important, but it comes with a steep cost that everyone pays everywhere. So much time and money was spent on it. Easily billions of dollars.
And the cookie stuff? How useful has that been?
Have you read the EU cookie legislation? It actually requires you to not lie to users about what your cookies are for. Whatever the reason for a message like this, you can't blame EU legislation.
ePrivacy and GDPR compliance are cheap. Trying to rules-lawyer them to keep illegal business models going, while dodging regulatory scrutiny, is expensive.
ePrivacy and GDPR compliance are cheap. Trying to rules-lawyer them to keep illegal business models going, while dodging regulatory scrutiny, is expensive.
> ePrivacy and GDPR compliance are cheap.
Try running a business that has to maintain GDPR compliance and KYC / AML / FINRA compliance. That is not cheap.
Try running a business that has to maintain GDPR compliance and KYC / AML / FINRA compliance. That is not cheap.
GDPR article 6.1(c) has you covered: no additional costs are incurred, if you're doing things properly. Did you have a specific issue complying with this legislation?
Regulation is a moat. It costs money to build systems that comply.
Building compliance is not building for your customers direct asks and requirements. Especially software that does not originate in the EU. How many startups are building data export to comply with data export regulations?
I spent nearly a year plumbing through complex microservices to satisfy GDPR at my last company. We collected an enormous amount of PII and KYC data from payments processing, and there were so many downstream services impacted. And I was just one engineer from amongst dozens of impacted teams that had to deal with it.
Regulatory compliance is not free.
Regulatory compliance is frictionful.
I'm not saying regulation is bad, but that it is a cost of doing business and a tax on engineering. Especially for startups looking to go toe to toe with bigger incumbents that have already paid for compliance and that can afford to pay fees to ignore compliance to go fast.
Building compliance is not building for your customers direct asks and requirements. Especially software that does not originate in the EU. How many startups are building data export to comply with data export regulations?
I spent nearly a year plumbing through complex microservices to satisfy GDPR at my last company. We collected an enormous amount of PII and KYC data from payments processing, and there were so many downstream services impacted. And I was just one engineer from amongst dozens of impacted teams that had to deal with it.
Regulatory compliance is not free.
Regulatory compliance is frictionful.
I'm not saying regulation is bad, but that it is a cost of doing business and a tax on engineering. Especially for startups looking to go toe to toe with bigger incumbents that have already paid for compliance and that can afford to pay fees to ignore compliance to go fast.
If it took "nearly a year" to satisfy GDPR, then your company's practices were, frankly, irresponsible (and perhaps still are), and it's a good thing you were forced to do that work. (Either that, or you misunderstood the legislation, and wasted thousands of hours when you could've just spent 3 hours reading it.)
GDPR-compliance in a greenfield project is cheaper than dirt, up until someone makes a GDPR request, at which point it's slightly more expensive than dirt because you had to take 15 minutes out of your day to satisfy the request. By your third or fourth GDPR request, it's perhaps worth taking time to implement an automated flow, but having that many customers is a lovely problem to have!
GDPR-compliance in a greenfield project is cheaper than dirt, up until someone makes a GDPR request, at which point it's slightly more expensive than dirt because you had to take 15 minutes out of your day to satisfy the request. By your third or fourth GDPR request, it's perhaps worth taking time to implement an automated flow, but having that many customers is a lovely problem to have!
Asking marketing people not to lie. Good luck with that. Might as well ask water not to be wet.
You're being downvoted, but you're right. At this point, I think it would be interesting if somebody did an analysis of the total cost spent for GDPR compliance against, say, a massive education campaign across the entire EU about how cookies work.
GDPR goes way beyond cookies so that dichotomy is nonsensical.
I'm being downvoted because people like privacy regulations. And of course -- I do too.
But my point is orthogonal to liking the regulation.
But my point is orthogonal to liking the regulation.
I'm downvoting you because you don't include the costs for not having the regulation at all. Complaining about it is like complaining that safely disposing of hazardous materials incurs costs to your business and how much stuff would've been possible if you were just allowed to throw it down the river.
What are those costs?
It's been a while I heard about X-Clacks-Overhead. I added it to my own page to commemorate everyone I lost along the way. After reworking my site from a custom blog engine to plain web, I forgot to re-add the custom headers. Thanks for the reminder today!
There are also browser extensions, which show when a website broadcasts the "X-Clacks-Overhead" - header.
There are also browser extensions, which show when a website broadcasts the "X-Clacks-Overhead" - header.
I added it to all the sites at my old workplace when I was there after a discussion on HN.
One day I noticed that it disappeared, but then it returned, so someone on the inside cared and brought it back, that made me smile :)
One day I noticed that it disappeared, but then it returned, so someone on the inside cared and brought it back, that made me smile :)
My cynical mind would assume someone was trying to debug an unrelated issue and saw this header in a last known good version.
I tried making "real" clacks https://www.secretbatcave.co.uk/2025/03/12/gnu-terry-prachet...
I need more time and motivation to make a full network though.
I need more time and motivation to make a full network though.
That is really quite a cool project and write-up.
I think you're right; I suspect Terry would have been tickled by the header, but if there were any physical world implementations I think he would have been overjoyed. One of my favourite Terry stories is of him making his sword, which feels similar.
(I used to administer a laser link. go on, ask me why they aren’t very popular)
I spent a lot of time working out how to create low powered laser transducer, capable of working on something battery powered.
This is my favourite part; very real.I think you're right; I suspect Terry would have been tickled by the header, but if there were any physical world implementations I think he would have been overjoyed. One of my favourite Terry stories is of him making his sword, which feels similar.
for a while I thought I might go to one of those uniquely nerdy colleges where they let you fuck around with dorm infrastructure.
i back-of-napkin'd a whole packet-over-laser relay system based conceptually on the clacks that'd give every room/station its own serial-interfacible (up|down) link. you could link buildings out of windows and stuff. horribly impractical and prohibitively expensive, but the kind of thing that could only happen in a university on-campus environment.
i back-of-napkin'd a whole packet-over-laser relay system based conceptually on the clacks that'd give every room/station its own serial-interfacible (up|down) link. you could link buildings out of windows and stuff. horribly impractical and prohibitively expensive, but the kind of thing that could only happen in a university on-campus environment.
This is obviously the most important HTTP header, but HTTP is application-level, and clacks is a packet routing system.
Perhaps something like IPv6's Hop-by-Hop Options can be used to pass names with every packet?
Or, even better, we can use LoRa repeaters for something close to the actual clacks network.
Perhaps something like IPv6's Hop-by-Hop Options can be used to pass names with every packet?
Or, even better, we can use LoRa repeaters for something close to the actual clacks network.
Someone drafted a RFC some
years ago, for Clacks-over-HTTP:
https://github.com/clacks-overhead/clacks-protocol
https://github.com/clacks-overhead/clacks-protocol
I love the idea! But to be true to the original, shouldn't the message be self-propagating?
> [...] header that can be transmitted from server to server [...]
How so? In HTTP, there's always one client and one server. Am I missing some way to make this sticky or self-propagating, e.g. browsers or other clients that will cache received headers and then send them to other servers?
> [...] header that can be transmitted from server to server [...]
How so? In HTTP, there's always one client and one server. Am I missing some way to make this sticky or self-propagating, e.g. browsers or other clients that will cache received headers and then send them to other servers?
Around 40,000 services on the Internet are currently including the header:
https://www.shodan.io/search/report?query=x-clacks-overhead+...
For some reason, a lot of honeypots are also using that header so I filtered those out. The number of services has slowly increased over time:
https://trends.shodan.io/search?query=x-clacks-overhead+-tag...
https://www.shodan.io/search/report?query=x-clacks-overhead+...
For some reason, a lot of honeypots are also using that header so I filtered those out. The number of services has slowly increased over time:
https://trends.shodan.io/search?query=x-clacks-overhead+-tag...
The result is very strange. It's saying that South Korea has the most number of websites with the header and yet I don't see ANY search result in Korean. No writeup or whatsoever. Wonder what those websites would be.
Flying by the seat of my pants, this page of information has details which we can guess at - 27,799 are South Korea, 27,690 are Korea Telecom (so close that I'll say it's a 1-to-1 match). Wikipedia tells me as of 2015, KT ran more than 140,000 Wifi hotspots.[1]
Further down the info, we see 28,587 (almost the same number as above) HTTP titles are "Gargoyle Router Management Utility" - which is an opensource variant of the OpenWRT world which patches the code to include the Clacks header.[2]
I'm going to conclude that there's a direct correlation in this data (it all being one and the same endpoint/device pattern) and that 30,000 KT Wifi hotspots across South Korea have their management UI open on the public interface and not locked to the internal network or a VPN, etc. running this Gargoyle patch.
[1] https://en.wikipedia.org/wiki/KT_Corporation
[2] https://github.com/ericpaulbishop/gargoyle/blob/master/patch...
Further down the info, we see 28,587 (almost the same number as above) HTTP titles are "Gargoyle Router Management Utility" - which is an opensource variant of the OpenWRT world which patches the code to include the Clacks header.[2]
I'm going to conclude that there's a direct correlation in this data (it all being one and the same endpoint/device pattern) and that 30,000 KT Wifi hotspots across South Korea have their management UI open on the public interface and not locked to the internal network or a VPN, etc. running this Gargoyle patch.
[1] https://en.wikipedia.org/wiki/KT_Corporation
[2] https://github.com/ericpaulbishop/gargoyle/blob/master/patch...
Interesting. Thanks for the insight.
I'm almost to this one in my read through! I'm excited to get to the "information age" arc
mozilla.org doesn't do it anymore:
< x-clacks-overhead: GNU Terry Pratchett
< HTTP/2 301
< server: nginx
< date: Sat, 05 Jul 2025 13:36:11 GMT
< content-type: text/html
< content-length: 162
< location: https://www.mozilla.org/
< strict-transport-security: max-age=60; includeSubDomains
< x-backend-server: TS
< cache-control: max-age=3600
< via: 1.1 google
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Edit: Nope. I was wrong, if you follow that 301 it does:< x-clacks-overhead: GNU Terry Pratchett
[deleted]
I saw this header recently while profiling headers from feature phones. I think Opera Mini or another browser might’ve injected this header, which is odd because it’s meant to reduce bandwidth and sending it with each request goes against that
I try to add this to every project I work on.
I always read this as something that would need to be done at a lower level, like forwarding some arbitrary information in a BGP update.
If you happen to nominate or vote on the Hugo Awards, you may have seen this turn up.
great idea, just added it to my site
xg15(4)
I figured this was one of the best ways to do it. That way I'm letting people that were significant to me live on forever, one random HTTP response header at a time.