MondaySundaySaturdayFridayThursdayWednesdayTuesday

X-Clacks-Overhead

weinzierl 253 points xclacksoverhead.org
Animats
"We're obligated to inform you that this site uses cookies to do things like maintain your session and deliver personalised content. We also use third-party services from partners such as Google, who may also place cookies on your computer. Without cookies this site cannot function correctly. Please allow cookies from this website, otherwise features may not work."

Amusingly, that's not true. The only cookie they send is Google Analytics, which has zero value to the user. The site works fine with it blocked.

MagnumOpus
Absolutely. It is a disrespectful, shameful lie by the authors of the site.
echelon
No it's not. It's dealing with the red tape of EU cookie legislation.

Do you want to know how many human years my last company had to devote to regulation? We could have built a hundred startups with all that effort.

I'm not saying GDPR right to be forgotten and data dump/portability isn't important, but it comes with a steep cost that everyone pays everywhere. So much time and money was spent on it. Easily billions of dollars.

And the cookie stuff? How useful has that been?

wizzwizz4
Have you read the EU cookie legislation? It actually requires you to not lie to users about what your cookies are for. Whatever the reason for a message like this, you can't blame EU legislation.

ePrivacy and GDPR compliance are cheap. Trying to rules-lawyer them to keep illegal business models going, while dodging regulatory scrutiny, is expensive.

echelon
ePrivacy and GDPR compliance are cheap.

Try running a business that has to maintain GDPR compliance and KYC / AML / FINRA compliance. That is not cheap.

wizzwizz4
GDPR article 6.1(c) has you covered: no additional costs are incurred, if you're doing things properly. Did you have a specific issue complying with this legislation?
echelon
Regulation is a moat. It costs money to build systems that comply.

Building compliance is not building for your customers direct asks and requirements. Especially software that does not originate in the EU. How many startups are building data export to comply with data export regulations?

I spent nearly a year plumbing through complex microservices to satisfy GDPR at my last company. We collected an enormous amount of PII and KYC data from payments processing, and there were so many downstream services impacted. And I was just one engineer from amongst dozens of impacted teams that had to deal with it.

Regulatory compliance is not free.

Regulatory compliance is frictionful.

I'm not saying regulation is bad, but that it is a cost of doing business and a tax on engineering. Especially for startups looking to go toe to toe with bigger incumbents that have already paid for compliance and that can afford to pay fees to ignore compliance to go fast.

wizzwizz4
If it took "nearly a year" to satisfy GDPR, then your company's practices were, frankly, irresponsible (and perhaps still are), and it's a good thing you were forced to do that work. (Either that, or you misunderstood the legislation, and wasted thousands of hours when you could've just spent 3 hours reading it.)

GDPR-compliance in a greenfield project is cheaper than dirt, up until someone makes a GDPR request, at which point it's slightly more expensive than dirt because you had to take 15 minutes out of your day to satisfy the request. By your third or fourth GDPR request, it's perhaps worth taking time to implement an automated flow, but having that many customers is a lovely problem to have!

apricot
Asking marketing people not to lie. Good luck with that. Might as well ask water not to be wet.
shadowgovt
You're being downvoted, but you're right. At this point, I think it would be interesting if somebody did an analysis of the total cost spent for GDPR compliance against, say, a massive education campaign across the entire EU about how cookies work.
echelon
I'm being downvoted because people like privacy regulations. And of course -- I do too.

But my point is orthogonal to liking the regulation.

gostsamo
I'm downvoting you because you don't include the costs for not having the regulation at all. Complaining about it is like complaining that safely disposing of hazardous materials incurs costs to your business and how much stuff would've been possible if you were just allowed to throw it down the river.
shadowgovt
What are those costs?
harperlee
GDPR goes way beyond cookies so that dichotomy is nonsensical.
junon
Chill. This is the defacto statement, they probably just copied it from somewhere.

GA was the only way to get a simple page count view without setting up a database or a backend system before we switched to serverless cloud step function lambda craziness.

Seems like a passion project, and they just wanted to know if their work was used. I give people the benefit of the doubt on all of this when it's a small site.

rcxdude
they probably just copied it from somewhere.

It would be nice if people read and meant something even if they copied it from somewhere.

xena
My website returns a random person in a list for every X-Clacks-Overhead response header: https://github.com/Xe/site/blob/877872b4d7db92b602683ecb4e99...

I figured this was one of the best ways to do it. That way I'm letting people that were significant to me live on forever, one random HTTP response header at a time.

  $ curl https://xeiaso.net --head | grep clacks
  x-clacks-overhead: GNU Satoru Iwata
WJW
Love this idea. Maybe I'll make a gem or something to make enabling that easier.
xena
The code is pretty trivial but in case it helps: https://github.com/Xe/site/blob/main/internal/clackset.go
remus
That's really nice. I hope you don't mind, but I run this website https://climbing-history.org/ and have borrowed your idea, except for climbers who have passed away.
xena
Not in the slightest! Do it, it helps the names of those who are no longer with us never be forgotten.
skowalak
Seeing Kris Nóva in that list hit hard. It is a beautiful idea, thank you Xe.
philbo
Minor nit, but you've spelt Stephen Hawking's name wrong in the clackset. It's "Stephen", not "Steven".
pdpi
The thing that struck me about "GNU John Dearheart" was how it feels like it _really_ deeply captures hacker culture, like Pterry wasn't just referencing the culture, but that he really got it. Which is remarkable, because he gave me that impression about many, many topics. Such a loss.
bombcar
Terry loved his characters in a way that's hard to express - unless they were pure evil (and he had a few) he did his best to understand their motivations in such a way that he came to portray them sympathetically.

This is most noticeable in his caricatures that became characters that became badasses over multiple novels; the Watch has a few of these, but there are others.

pdpi
Yup. Vimes going full-on berserker mode while screaming "Where is my cow?" should, by all rights, be extremely silly. Instead, it sent shivers down my spine.
doctorpangloss
On the flip side it is so crushing that the Cluely guys go to fancy school to help people cheat and, essentially, get away with not reading. I can't imagine an ethos so short sighted, not least because the technology they use was made by people who love science fiction and did a lot of extremely difficult homework their whole lives. These guys are the opposite of hackers, they're just hacks.

And to what end? To make less money than their moms do in internal medicine?

riffraff
When clacks got introduced, the description of people who just enjoyed being there and spending time on coding messages and talking to unknown remote people.. well, it felt like early internet, fidonet, perhaps AM radio amateurs.

It really seemed like Pratchett knew something of this niche cultures, way more than I expected.

pdpi
It really seemed like Pratchett knew something of this niche cultures, way more than I expected.

He was definitely an early adopter of the internet, (and e.g. very active on alt.fan.pratchett), so that's no big surprise.

bregma
He was active on Usenet. I remember seeing his messages.
masfuerte
In Terry Pratchett's science-fantasy Discworld series, "The Clacks" is a network infrastructure of Semaphore Towers, that operate in a similar fashion to telegraph - named "Clacks" because of the clicking sound the system makes as signals send.

Surely named "Clacks" because of the clacking sound the system makes.

rfmoz
The Clacks is a copy of an optical telegraph system that was used in Sweden

https://en.m.wikipedia.org/wiki/Abraham_Niclas_Edelcrantz

Also UK used a system close to that. And a lot of countries along Europe developed their networks with different signaling devices.

rhet0rica
Sorry; it's more likely they were named in tribute to the Chappe telegraph towers of France.

https://en.wikipedia.org/wiki/Chappe_telegraph

The stations were more elaborate and there is even a recorded instance of a secret signal being passed on illicitly:

https://blog.franceinfo.fr/deja-vu/2017/10/10/le-piratage-du...

jihadjihad
It makes for an interesting subplot in the (unabridged) version of The Count of Monte Cristo, which is mentioned in the Wikipedia article above.
rfmoz
A good related book written by Gerard Holzmann and Bjorn Pehrson:

The early history of data networks https://archive.org/details/earlyhistoryofda0000holz

robocat
Sorry, it's more likely he named them after the noise of navy signal lamps that use shutters: here's a video with the sound

https://m.youtube.com/watch?v=c2G0wu-jbko

shakna
lxgr
I love the idea! But to be true to the original, shouldn't the message be self-propagating?

[...] header that can be transmitted from server to server [...]

How so? In HTTP, there's always one client and one server. Am I missing some way to make this sticky or self-propagating, e.g. browsers or other clients that will cache received headers and then send them to other servers?

riffraff
There isn't, it's just the people in the loop who can make it self propagating. But then, so did they in the original clacks.
lxgr
Fair point, I guess I now have to add the header to my web servers :)
MrGilbert
It's been a while I heard about X-Clacks-Overhead. I added it to my own page to commemorate everyone I lost along the way. After reworking my site from a custom blog engine to plain web, I forgot to re-add the custom headers. Thanks for the reminder today!

There are also browser extensions, which show when a website broadcasts the "X-Clacks-Overhead" - header.

kawsper
I added it to all the sites at my old workplace when I was there after a discussion on HN.

One day I noticed that it disappeared, but then it returned, so someone on the inside cared and brought it back, that made me smile :)

sublinear
My cynical mind would assume someone was trying to debug an unrelated issue and saw this header in a last known good version.
achillean
Around 40,000 services on the Internet are currently including the header:

https://www.shodan.io/search/report?query=x-clacks-overhead+...

For some reason, a lot of honeypots are also using that header so I filtered those out. The number of services has slowly increased over time:

https://trends.shodan.io/search?query=x-clacks-overhead+-tag...

zipping1549
The result is very strange. It's saying that South Korea has the most number of websites with the header and yet I don't see ANY search result in Korean. No writeup or whatsoever. Wonder what those websites would be.
styanax
Flying by the seat of my pants, this page of information has details which we can guess at - 27,799 are South Korea, 27,690 are Korea Telecom (so close that I'll say it's a 1-to-1 match). Wikipedia tells me as of 2015, KT ran more than 140,000 Wifi hotspots.[1]

Further down the info, we see 28,587 (almost the same number as above) HTTP titles are "Gargoyle Router Management Utility" - which is an opensource variant of the OpenWRT world which patches the code to include the Clacks header.[2]

I'm going to conclude that there's a direct correlation in this data (it all being one and the same endpoint/device pattern) and that 30,000 KT Wifi hotspots across South Korea have their management UI open on the public interface and not locked to the internal network or a VPN, etc. running this Gargoyle patch.

[1] https://en.wikipedia.org/wiki/KT_Corporation

[2] https://github.com/ericpaulbishop/gargoyle/blob/master/patch...

zipping1549
Interesting. Thanks for the insight.
cyberpunk
mozilla.org doesn't do it anymore:

    < HTTP/2 301
    < server: nginx
    < date: Sat, 05 Jul 2025 13:36:11 GMT
    < content-type: text/html
    < content-length: 162
    < location: https://www.mozilla.org/
    < strict-transport-security: max-age=60; includeSubDomains
    < x-backend-server: TS
    < cache-control: max-age=3600
    < via: 1.1 google
    < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Edit: Nope. I was wrong, if you follow that 301 it does:

< x-clacks-overhead: GNU Terry Pratchett

atemerev
This is obviously the most important HTTP header, but HTTP is application-level, and clacks is a packet routing system.

Perhaps something like IPv6's Hop-by-Hop Options can be used to pass names with every packet?

Or, even better, we can use LoRa repeaters for something close to the actual clacks network.

MrGilbert
Someone drafted a RFC some years ago, for Clacks-over-HTTP:

https://github.com/clacks-overhead/clacks-protocol

KaiserPro
I tried making "real" clacks https://www.secretbatcave.co.uk/2025/03/12/gnu-terry-prachet...

I need more time and motivation to make a full network though.

Normal_gaussian
That is really quite a cool project and write-up.

   (I used to administer a laser link. go on, ask me why they aren’t very popular)
    I spent a lot of time working out how to create low powered laser transducer, capable of working on something battery powered.
This is my favourite part; very real.

I think you're right; I suspect Terry would have been tickled by the header, but if there were any physical world implementations I think he would have been overjoyed. One of my favourite Terry stories is of him making his sword, which feels similar.

kurisufag
for a while I thought I might go to one of those uniquely nerdy colleges where they let you fuck around with dorm infrastructure.

i back-of-napkin'd a whole packet-over-laser relay system based conceptually on the clacks that'd give every room/station its own serial-interfacible (up|down) link. you could link buildings out of windows and stuff. horribly impractical and prohibitively expensive, but the kind of thing that could only happen in a university on-campus environment.

protocolture
I always read this as something that would need to be done at a lower level, like forwarding some arbitrary information in a BGP update.
offbyone
If you happen to nominate or vote on the Hugo Awards, you may have seen this turn up.
podlp
I saw this header recently while profiling headers from feature phones. I think Opera Mini or another browser might’ve injected this header, which is odd because it’s meant to reduce bandwidth and sending it with each request goes against that
marviel
I'm almost to this one in my read through! I'm excited to get to the "information age" arc
bonezed
great idea, just added it to my site
gardnr
I try to add this to every project I work on.