This is cool. I am a total hypocrite; I say I blog for the love of it and being a slave to analytics is terrible but in reality I love the sense of immediate feedback when I see a bunch of hits on a project I spent hours on.
I did end up implementing a simple hit counter on my site just to satisfy my craven need for validation without resorting to full analytics. It doesn't beep at me, but maybe it should.
I did my part and manually reloaded the page about once a second for 5 minutes so that Andrew could get their dev validation beep quota in for the day (unless it's not naive hits, and unique user based, in which case this has a been a fantastically hilarious waste of time).
Ok, I played Voyage of the Marigold for a little bit now. Is it possible to get out of the shoals? Also can you beat the dreadnaught near the last two sectors with 1 torpedo and lasers, or do you need 2 torpedoes?
Thank you for playing my game. Yes, it is possible to make it to the top right sector and deliver your cargo. It is not easy - I recommend choosing the option to take extra fuel right at the start since running out of fuel is usually what kills most runs.
The dreadnaught is tough but not impossible. Torpedoes will help but a few lucky hits with lasers will also do the job.
Ink is such a cool language. I worked really hard on that game and entered it into an interactive fiction competition last year. It didn't come close to winning (I didn't expect it to) but people seemed to like it, especially if they grew up watching Star Trek.
I picture this like the classic Garfield comic where Jon just stares in increasing frustration at his rotary phone for multiple panels, to finally shout JUST RING ALREADY.
(His cat adds some dry remark which I have forgotten)
Now see I'm curious, would it be better if we had no context on what the comic _is supposed_ to be? Or is this only hilarious in comparison to the typical "i hate mondays, how many pieces of flair", type schtick the original goes for. Honestly i think it's the latter, cause after 20 of these or so they kind loose the appeal except for the very occasional guffaw. Though, is that still a higher laugh count than the original? I'm not about to read Garfield to find out
Actually no. My hit-counter uses javascript which filters out almost (but not quite) all of the bots. It probably misses some real users that have javascript turned off.
This is what I did as well. Not wanting to take away my users privacy I built my own simple counter in 2022. I wrote about The Raspberry Pi 400 in My Bedroom on my blog at the URL below.
I just downloaded a click sound and I think I'm going to see if adding it drives me crazy.
Good question, it is not bad to enjoy attention for a project you worked on.
But I feel that, if unchecked, that same impulse can lead to deliberately doing projects specifically for validation which leads to low quality click-bait and vapid self-promotion. I think a healthy indifference for the public at large is a good thing.
That is one of the reasons I got rid of detailed, real-time analytics in favor of a simple hit counter (the other is privacy). If I really stuck to my principles I wouldn't even do that but I am a hypocrite.
When I was hosting a site run on bespoke PHP pages, I had a hit counter that used straight text files under the hood. It was surprisingly effective and a fun experience.
The Fish Doorbell would be a great use case for AI, but I'd rather live in a world where volunteers just watch the video and ring a bell whenever a fish wants to get through.
The point of the fish doorbell is educating people about what lives in the water. There would be much less resource-intensive ways of "solving" the problem, if that was the goal.
Just goes to show that even the most obscure comments can net thousands of views, considering only a small percent of people that have read the comment will actually engage, and that small percent was over 4k folks. Kind of puts things in perspective for me.
Fun. You can tell it's receiving some love right now
while true; do; sleep 5; curl http://susam.net:8000 ; done
curl: (1) Received HTTP/0.9 when not allowed
curl: (1) Received HTTP/0.9 when not allowed
curl: (7) Failed to connect to susam.net port 8000 after 11 ms: Couldn't connect to server
curl: (56) Recv failure: Connection reset by peer
curl: (7) Failed to connect to susam.net port 8000 after 8 ms: Couldn't connect to server
curl: (1) Received HTTP/0.9 when not allowed
curl: (7) Failed to connect to susam.net port 8000 after 8 ms: Couldn't connect to server
curl: (1) Received HTTP/0.9 when not allowed
curl: (7) Failed to connect to susam.net port 8000 after 10 ms: Couldn't connect to server
curl: (7) Failed to connect to susam.net port 8000 after 11 ms: Couldn't connect to server
curl: (56) Recv failure: Connection reset by peer
curl: (56) Recv failure: Connection reset by peer
curl: (1) Received HTTP/0.9 when not allowed
You might want to add the --http0.9 flag to curl, to tell it that getting a response of just "ok" (HTTP 0.9 style, body only without headers) isn't an error.
Here's a more advanced - and 'ancient' (2000) - version of this idea: Peep (The Network Auralizer): Monitoring Your Network With Sound [1].
I ran this for a number of months back in the day, it made my living room sound like a jungle. Running the same setup nowadays would probably make it sound like the gates of hell given the increase in network traffic.
You can still find it at Sourceforge but it will need some work or maybe a VM running an older Linux distribution:
Sometime circa 1998 there was a group looking for new technical hires for startups they invested in. They posted somewhere, perhaps /., that they were accepting résumés via SMTP on a non-standard port, as a filter mechanism.
I never heard back, although I ended up working for one of their companies the next year anyway.
Around the same time people sometimes posted job openings in the html source of their websites. I never answered any, 'cause I wasn't looking for technical jobs at the time, but it always seemed clever to me.
Any, and only, nerds who were interested in web development incessantly "View Source"ed on every page that looked interesting. It was a major vector by which early-web frontend techniques spread themselves, and it was great: you could cut-and-paste the html, direct download the .css and other resources, and get an offline model of their site running for you to tinker with to learn their secrets. All the magic was out in the open (for those who cared to pull back the curtain), and the future seemed limitless.
> At first, I fought back manually, feeding them fake data. But that got old fast. So I deployed my secret weapon: a zip bomb.
> When their bot accessed my site, I served it a tiny compressed file. Their server eagerly downloaded and decompressed it, only to unleash several gigabytes of chaos. Boom. Game over.
How did you know their bot would decompress it? I thought a bot would copy the HTML content of your article, maybe the images, and paste them on their own website. At no point does it involve editing or decompressing files?
Impressive animation, by the way—the number of bots is staggering.
As soon as bots reach a page with the compressed payload, they never make another request. That's how I know it worked. Also curl, wget, or most libraries automatically decompress gzip content.
Of course, Some bots just post spam without ever reading the content back, which defeats my scheme.
> The other party can use whatever client they have to connect to port 8000 of my system, e.g., a web browser, nc HOST 8000, curl HOST:8000, or even, ssh HOST -p 8000, irssi -c HOST -p 8000, etc.
Now I feel a bit like writing some tool to automatically follow your posts (easy with existing HN replies) do a semantic analysis on them to determine when you will make that misstake again and give some alert (the hard/expensive part).
I put an unsecured open FTP server on the internet about 20 years ago, just to see what would happen.
Within half a day I had some pirate "marking" his claim to my FTP server, then he/she started uploading a game. I deleted everything and left it open again.
It was a long time ago, so I don't remember all the details, but all the pirates would create directories inside directories, upload files, then mark it with their mark. All of this was scripted I gather.
After a while, I set up a file system watcher that deleted subdirectories. This gave me an FTP server I could use for anything. I shut it down a few months later.
When this gets popular, what does the author do at night? Sleep as far away as possible from the terminal so that the beeping doesn’t keep them awake? Or is the terminal at work? HN needs to know this vital information!
This has been the way it is for a long time, even before the AI startups got going. Seems everyone and their mother has built some sort of HN-aggregator with builtin link scraping.
Totally. Most websites where you show and vote for a product (HackerNews, ProductHunt, etc) are ridden with bots.
For example, one person here offers:
> Our AI generates relevant, useful replies to selected mentions, that aim to genuinely help the original poster, and that include a subtle mention of your product.
I didn't expect it to get much attention, so I went with four beeps. I felt that a set of four beeps spread over three seconds would be long enough to grab my attention, even if I was busy with something else.
Also, as another commenter pointed out, a sequence of four beeps is distinctive enough that it doesn't get lost among the stray, ordinary beeps I might hear while working in a terminal or Emacs (like from hitting backspace or pressing ctrl+g, etc.).
i clicked the link to see why it was the hug of "death", only to then realize after reading, it was hug of "deaf". i wonder what the unique user count was.
In the current graphs, the x-axis represents the hour of the day in UTC. For example, the first graph shows 43 connections between 10:00 UTC and 11:00 UTC, 407 connections between 11:00 UTC and 12:00 UTC, and so on.
Previously, the first graph showed the number of hours elapsed since the experiment began (which started at 10:14 UTC). That's likely what you saw earlier today. After reading your question, I updated the graph to display the actual hour of the day (in UTC) instead of elapsed time, making the time of the day clearer. Thanks for the great question!
This is cool. I am a total hypocrite; I say I blog for the love of it and being a slave to analytics is terrible but in reality I love the sense of immediate feedback when I see a bunch of hits on a project I spent hours on.
I did end up implementing a simple hit counter on my site just to satisfy my craven need for validation without resorting to full analytics. It doesn't beep at me, but maybe it should.
Just to prove I am degenerate, I just threw a quick one-line shell script together that beeps when my hit counter triggers:
Now if only somebody would visit my site.It's https://sheep.horse/
I did my part and manually reloaded the page about once a second for 5 minutes so that Andrew could get their dev validation beep quota in for the day (unless it's not naive hits, and unique user based, in which case this has a been a fantastically hilarious waste of time).
Ok, I played Voyage of the Marigold for a little bit now. Is it possible to get out of the shoals? Also can you beat the dreadnaught near the last two sectors with 1 torpedo and lasers, or do you need 2 torpedoes?
Good stuff. Cheers.
Thank you for playing my game. Yes, it is possible to make it to the top right sector and deliver your cargo. It is not easy - I recommend choosing the option to take extra fuel right at the start since running out of fuel is usually what kills most runs.
The dreadnaught is tough but not impossible. Torpedoes will help but a few lucky hits with lasers will also do the job.
Your latest post about Google results inspired me to write on this too with a link back to your article! Google Search Results are Increasingly Disappointing as AI Results Are Pushed at https://rietta.com/blog/google-search-results-decline-with-a...
I had fun with the game show quiz. Thanks.
I clicked to satisfy the earnest request for attention. I even read some of the blog once I got there!
oh a game that uses Ink? super cool!
Ink is such a cool language. I worked really hard on that game and entered it into an interactive fiction competition last year. It didn't come close to winning (I didn't expect it to) but people seemed to like it, especially if they grew up watching Star Trek.
Just visited!
I picture this like the classic Garfield comic where Jon just stares in increasing frustration at his rotary phone for multiple panels, to finally shout JUST RING ALREADY.
(His cat adds some dry remark which I have forgotten)
You probably already know this, but that comic is substantially improved without the cat.
https://garfieldminusgarfield.net/
Now see I'm curious, would it be better if we had no context on what the comic _is supposed_ to be? Or is this only hilarious in comparison to the typical "i hate mondays, how many pieces of flair", type schtick the original goes for. Honestly i think it's the latter, cause after 20 of these or so they kind loose the appeal except for the very occasional guffaw. Though, is that still a higher laugh count than the original? I'm not about to read Garfield to find out
I think they mostly work as a derived work / commentary.
Hey, it's not like that at all. I don't have a rotary phone or a cat.
It beeps when Googlebot visits, too?
Actually no. My hit-counter uses javascript which filters out almost (but not quite) all of the bots. It probably misses some real users that have javascript turned off.
cool, i just visited. Did you hear it!?
This is what I did as well. Not wanting to take away my users privacy I built my own simple counter in 2022. I wrote about The Raspberry Pi 400 in My Bedroom on my blog at the URL below.
I just downloaded a click sound and I think I'm going to see if adding it drives me crazy.
https://joeldare.com/private-analtyics-and-my-raspberry-pi-4...
Your solution looks very similar to what I implemented; only logging the page and time with no identifying data. I don't even have a real database.
I really hate that modern websites include multiple trackers - there is really no need for invasive analytics.
Why is wanting validation on something you spent hours on a bad thing to you?
Good question, it is not bad to enjoy attention for a project you worked on.
But I feel that, if unchecked, that same impulse can lead to deliberately doing projects specifically for validation which leads to low quality click-bait and vapid self-promotion. I think a healthy indifference for the public at large is a good thing.
That is one of the reasons I got rid of detailed, real-time analytics in favor of a simple hit counter (the other is privacy). If I really stuck to my principles I wouldn't even do that but I am a hypocrite.
When I was hosting a site run on bespoke PHP pages, I had a hit counter that used straight text files under the hood. It was surprisingly effective and a fun experience.
Instead of ringing Susam's bell, you should be watching the Fish Doorbell, and let them know if you see a fish waiting to get through
https://visdeurbel.nl/en/
The Fish Doorbell would be a great use case for AI, but I'd rather live in a world where volunteers just watch the video and ring a bell whenever a fish wants to get through.
The point of the fish doorbell is educating people about what lives in the water. There would be much less resource-intensive ways of "solving" the problem, if that was the goal.
Nothing is stopping someone from rigging it up to continue the absurdity.
My obscure answer on an obscure comment buried in a regular HN thread made it into an article \o/
Just goes to show that even the most obscure comments can net thousands of views, considering only a small percent of people that have read the comment will actually engage, and that small percent was over 4k folks. Kind of puts things in perspective for me.
Yes I’ve had that too. Linked to a blog of mine and saw traffic spike in the Cloudflare dashboard.
Talking about that, I have a great blog that…
Just kidding
Yet nobody visits my website! ;-(
Fun. You can tell it's receiving some love right now
Well you're really helping the sitch here, ain'tcha…
It's like when you are in a traffic jam. It's the other drivers fault, not you!
You might want to add the --http0.9 flag to curl, to tell it that getting a response of just "ok" (HTTP 0.9 style, body only without headers) isn't an error.
FYI, next time try `watch -n 5 <cmd>`
What benefit does running another program offer when the program running the command (shell) already provides that functionality?
That logic seems to apply to quite a few basic utilities. For that matter, the shell is turing complete so ...
Watch also clears the terminal between runs
I guess that'd be a detractor, as he wouldn't've been able to make his post showing his results over time.
I'd've said the benefit is that it's simply a concise single command instead of a "while true" loop and a "sleep 5" command.
"At the end of the day, this was a fun experiment. Pointless, but fun!"
The best kind of experiments. And sometimes huge innovations/inventions/medicine/progress/more fun will arise from it.
A phrase I heard someone say once is "useless is not worthless" and I love that phrase.
One day you’re just trying to figure out if there’s any fresh coffee in the break room down the hall, the next day you’ve invented the webcam.
https://en.m.wikipedia.org/wiki/Trojan_Room_coffee_pot
Cool! Reminded me of this gem:
https://github.com/NARKOZ/hacker-scripts
Here's a more advanced - and 'ancient' (2000) - version of this idea: Peep (The Network Auralizer): Monitoring Your Network With Sound [1].
I ran this for a number of months back in the day, it made my living room sound like a jungle. Running the same setup nowadays would probably make it sound like the gates of hell given the increase in network traffic.
You can still find it at Sourceforge but it will need some work or maybe a VM running an older Linux distribution:
https://sourceforge.net/projects/peep/
[1] https://www.usenix.org/legacy/publications/library/proceedin...
Sometime circa 1998 there was a group looking for new technical hires for startups they invested in. They posted somewhere, perhaps /., that they were accepting résumés via SMTP on a non-standard port, as a filter mechanism.
I never heard back, although I ended up working for one of their companies the next year anyway.
Around the same time people sometimes posted job openings in the html source of their websites. I never answered any, 'cause I wasn't looking for technical jobs at the time, but it always seemed clever to me.
Any, and only, nerds who were interested in web development incessantly "View Source"ed on every page that looked interesting. It was a major vector by which early-web frontend techniques spread themselves, and it was great: you could cut-and-paste the html, direct download the .css and other resources, and get an offline model of their site running for you to tinker with to learn their secrets. All the magic was out in the open (for those who cared to pull back the curtain), and the future seemed limitless.
I recall a similar company that advertised their jobs through DNS. I think they had a TXT record that suggested how to actually apply.
Was the port documented, or did you need to do a scan?
We needed to scan. If 30-year-old memories can be trusted, it was on port 666.
TIL: HTTP/0.9 responses (no headers, just text) still work in modern browsers. Neat!
Hopefully forever. Its useful for small projects.
Slightly relevant, I made an animation of the HN traffic I got from a #1 post.
https://idiallo.com/blog/surviving-the-hug-of-death (sorry not mobile friendly)
There is a surprising number of bots. It will be fun to setup something like this whenever I get hn traffic.
> At first, I fought back manually, feeding them fake data. But that got old fast. So I deployed my secret weapon: a zip bomb.
> When their bot accessed my site, I served it a tiny compressed file. Their server eagerly downloaded and decompressed it, only to unleash several gigabytes of chaos. Boom. Game over.
How did you know their bot would decompress it? I thought a bot would copy the HTML content of your article, maybe the images, and paste them on their own website. At no point does it involve editing or decompressing files?
Impressive animation, by the way—the number of bots is staggering.
As soon as bots reach a page with the compressed payload, they never make another request. That's how I know it worked. Also curl, wget, or most libraries automatically decompress gzip content.
Of course, Some bots just post spam without ever reading the content back, which defeats my scheme.
Alright. Thanks.
Given that http://susam.net:8000 has stopped responding, I suspect that there will be a lot more beeps today.
I got an ok!
Did not get one. Somehow I'm relieved, I would have hated to torture the poor man with beeps :)
Same here. Did a bunch of F5's in a browser and always 'ok'
You do know each of those was 4 beeps? :D
Yes i do know that. :D
Got 2 ok's out of about 14 attempts. ;)
It's not an http server. Try with something like nc or telnet, and you should get an 'ok' response before it disconnects.
From the article:
> The other party can use whatever client they have to connect to port 8000 of my system, e.g., a web browser, nc HOST 8000, curl HOST:8000, or even, ssh HOST -p 8000, irssi -c HOST -p 8000, etc.
Oops, that'll teach me to read articles properly before commenting, rather than just skimming.
Now I feel a bit like writing some tool to automatically follow your posts (easy with existing HN replies) do a semantic analysis on them to determine when you will make that misstake again and give some alert (the hard/expensive part).
Maybe the alert could be four beeps on your terminal
And then I write a blog post about it. But maybe I find something more novel. (And I have, but maybe I can actually use it for the task above)
To get an OK I had to force curl to use http 0.9
> curl -v --http0.9 susam.net:8000
I put an unsecured open FTP server on the internet about 20 years ago, just to see what would happen.
Within half a day I had some pirate "marking" his claim to my FTP server, then he/she started uploading a game. I deleted everything and left it open again.
It was a long time ago, so I don't remember all the details, but all the pirates would create directories inside directories, upload files, then mark it with their mark. All of this was scripted I gather.
After a while, I set up a file system watcher that deleted subdirectories. This gave me an FTP server I could use for anything. I shut it down a few months later.
Interesting though.
TIL '\a' is bell on POSIX. That's neat to me all by itself.
It's character 0x7 in ascii and has existed since before ascii was even standardised.
You can type it in a terminal with ctrl-g. It won't be displayed in most cases and if you've configured your terminal like me won't make a sound.
When this gets popular, what does the author do at night? Sleep as far away as possible from the terminal so that the beeping doesn’t keep them awake? Or is the terminal at work? HN needs to know this vital information!
The terminal is at home. I simply turn down the volume.
Ah! For some reason my mind went back to the days when a terminal bell was an actual buzzer and had no volume control.
I feel like this is really to the heart of "your vibe attracts your tribe".
It's kinda risky to but something like this in the comments, what if nobody ever sees it? What if it never beeps?
It's just weird enough people (like myself) would do it. I would have if I saw it, but I missed it.
I also made something similar, time to time I get tones people play when they interact with it. https://trails.aeonax.com/
It does not listen on IPv6 address!
Such a shame susam.net still has not adopted IPv6 in 2025 :-Q
I would like to see a followup on that graph in a few days :)
Now it will be 5k connections from HNers and 45k connections from "AI" crawlers.
This has been the way it is for a long time, even before the AI startups got going. Seems everyone and their mother has built some sort of HN-aggregator with builtin link scraping.
Hitting common ports looking for poorly configured drupal/wordpress/django installs is a thing I've seen bots doing for as long as I can remember.
Malicious bots looking for security issues are actually a lot nicer to your bandwidth than "AI" scraper bots.
Probably also bots
Totally. Most websites where you show and vote for a product (HackerNews, ProductHunt, etc) are ridden with bots.
For example, one person here offers: > Our AI generates relevant, useful replies to selected mentions, that aim to genuinely help the original poster, and that include a subtle mention of your product.
and ProductHunt: https://wakatime.com/blog/67-bots-so-many-bots
Let’s test this. D0 n0t r3ply!!!
Hi everyone, my VPN is running slow. Anyone have any tips?
Have you tried HeadOn? Simply apply it directly to the forehead!
[dead]
But why 4 times? Is this something random to write about a higher number of total beeps or is there a reason?
> But why 4 times?
When I originally shared this in 2022, it was just a comment here: https://news.ycombinator.com/item?id=30146019#30146451
I didn't expect it to get much attention, so I went with four beeps. I felt that a set of four beeps spread over three seconds would be long enough to grab my attention, even if I was busy with something else.
Also, as another commenter pointed out, a sequence of four beeps is distinctive enough that it doesn't get lost among the stray, ordinary beeps I might hear while working in a terminal or Emacs (like from hitting backspace or pressing ctrl+g, etc.).
thanks! that was my suspicion, but was not sure if i did not get a unix insider joke that has to do with 4.
There are four lig...beeps!
The cadence and consistency of it would differ from pressing backspace too many times.
He got less than 5,000 visits, it seems like far less than the number he logically would be getting.
Read between the lines: OP did this prove HN is botted. Look how well they circumvented the mods.
i clicked the link to see why it was the hug of "death", only to then realize after reading, it was hug of "deaf". i wonder what the unique user count was.
What motivated choosing 4 as the number of beeps to occur?
Is a `beep in terminal` just the system alert sound (4x)?
If you read the article, you'll get the answer :P
I may just be blind but I don’t think I see it referred to as anything besides “terminal beeps” throughout the entire article.
> Here is the exact command I ran on my server: ...
Look at the quoted command, there it is.
He's printing BEL (or \a), which could result in almost any sound depending on how the terminal is configured.
Try it out, open a terminal and type `for i in 1 2 3 4; do printf '\a'; sleep 1; done`
So it's indian timezone? right?
It's in UTC. The previous data from 2022 is available here: https://gist.github.com/susam/159c7d92659b3185eb0b0d683998a3...
In the current graphs, the x-axis represents the hour of the day in UTC. For example, the first graph shows 43 connections between 10:00 UTC and 11:00 UTC, 407 connections between 11:00 UTC and 12:00 UTC, and so on.
Previously, the first graph showed the number of hours elapsed since the experiment began (which started at 10:14 UTC). That's likely what you saw earlier today. After reading your question, I updated the graph to display the actual hour of the day (in UTC) instead of elapsed time, making the time of the day clearer. Thanks for the great question!
Saw the title and immediately guessed it was something playing sounds when a local server is accessed which then exploded in popularity.
[dead]