[mschuster91]

On the other side, a lot of it wasn't sustainable. Just how many forums just vanished all of a sudden as the owner died, ran out of money or was simply fed up moderating bullshit and infights, not to mention the ever increasing compliance workload/risk (yeeting spam, warez and especially CSAM)?

A lot of the early-ish Internet depended on the generosity of others - Usenet, IRC, Linux distros or SourceForge for example, lots of that was universities and ISPs - and on users keeping to the unwritten contract of "don't be evil". Bad actors weren't the norm, especially as there were no monetary incentives attached to hackers. Yes, you had your early worms and viruses (ILOVEYOU, remember that one), you had your trolls (DCC SEND STARTKEYLOGGER 0 0 0), but in general these were all harmless.

Nowadays? Bad actors are financially motivated on all sides - there's malware-as-a-service shops, bitcoin and other cryptocurrencies attract both thieves and money launderers, you can rent out botnets for a few bucks an hour that can take down anyone not hiding behind one of the large CDNs. CSAM spreaders are even more a threat than before... back in the day, they'd fap off in solitude to teen pageants, nowadays virtually every service that allows UGC uploads has to deal with absurd amounts of CSAM, and they're all organized in the darknet to exchange tips about new places / ways to hide their crap in the clearnet because Tor just is too slow.

And honestly it's hard to cope with all of that, which means that self-hosting is out of the question unless you got a looot of time dealing with bad actors of all kinds, and people flock to the centralized megapolises and walled gardens instead. A subreddit for whatever ultra niche topic may feed Reddit and its AI, but at least Reddit takes care about botnets, CSAM and spam.

I think that Shodan and LetsEncrypt (or rather, Certificate Transparency) are partially to blame for the rise of cybercrime. Prior to both, if you'd just not share your domain name outside your social circle, chances were high you'd live on unnoticed in the wide seas of the Internet. But now, where you all but have to get a HTTPS certificate to avoid browser warnings, you also have to apply for such a certificate, and your domain name will appear in a public registry that can, is and will be mined by bad actors, and then visited by Shodan or by bad actors directly, all looking for common pitfalls or a zero-day patch you missed to apply in the first 15 minutes after the public release.

[morkalork]

I remember when admins of phpBB boards asked for PayPal donations to pay server bills every 6 months! I feel like running the same forums now should cost almost nothing for infrastructure. The moderation is still a killer though.

[surgical_fire]

I don't disagree that it was not really sustainable outside that small-ish timeframe of mid-90s to mid-00s. The change for the worse was perhaps an unavoidable change for the worse. And there are things that changed for the worse that neither you nor me talked about. For example, I really miss how online gaming worked back in the early 2000s (no matter how janky it was), qhen there was no real monetary incentive of companies trying to keep people playing on their online platforms.

Maybe the fact that I recognize that the way things changed were unavoidable fuels my general disdain internet culture nowadays, and my skepticism to tech innovations in a broader sense. Oh well.

[mschuster91]

> For example, I really miss how online gaming worked back in the early 2000s (no matter how janky it was), qhen there was no real monetary incentive of companies trying to keep people playing on their online platforms.

I'd also blame rampant cheating for that. It's damn expensive to keep up with pirates, but cheaters are an entirely different league... the most advanced cheats these days are using dedicated PCI cards to directly manipulate memory with barely any ability for the host to detect or prevent it [1]. From the grapevines, there are developers charging hundreds of dollars per month to develop and maintain these things.

On top of that, up until the late '00s no one cared too much about racist slurs, sexism or other forms of discrimination. Maybe you'd get yeeted off from a server if you'd overdo it. But nowadays? Ever since GTA SA and its infamous Hot Coffee mod, there are a loooooot of "concerned parent" eyeballs on gaming, there's advertisers/sponsors looking for their brand image, and game developers also don't want to be associated with such behavior. And so, they took away self-hosted servers so that they could moderate everything that was going on... and here we are now.

[1] https://github.com/mbrking/ceserver-pcileech

[skydhash]

> I'd also blame rampant cheating for that. It's damn expensive to keep up with pirates, but cheaters are an entirely different league

I'm not an avid gamer, but it's not hard to notice that multiplayer games nowadays means "all the player in the world". Most games don't have a local version to either play with multiple controllers or through LAN. They don't even want to allow custom groups to play with. Cheating is way easier to manage at small scale.

[Kye]

People certainly cared about racism, sexism, and other discrimination back then. They just put up with it because there was no movement to change it. It got worse any time I spoke up, so I learned to keep my head down.

Do not mistake my tolerating slurs and other insults for enjoying Nintendo games with being okay with it or the people who did it, or the people who did it and still remember being able to do it without consequence as a better time.

[surgical_fire]

Back in the day you didn't typically play in massivevly populated online servers with matchmaking against complete anonymous strangers.

You typically played with a small group of people. LAN houses with people that were there physically, or groups of friends (even if they were online friends).

Even for stuff such as bnet when I played Diablo 2 or WC3, you typically created a game instance, and over time you could recognize the people playing. You curated friends lists, so you would know to avoid the ones that behaved in a way that didn't jive with the rest of the group.

Perhaps it was not scalable, and a change for the worse was unavoidable. There was a simplicity in those interactions that is completely lost and may be impossible to capture again. An echo of a time long past.

[Kye]

Even then, it had the same problem you still face with in-person tabletop groups. If you find a good group that does a session 0 where everyone respects what's laid down, it's fantastic. If not, it's no better than a matchmaking lobby with the worst teenagers. In-person or online or with a small group makes no difference if the norms they all agree on are trash.

Things are better now because you can find that group that aligns with your values. You aren't stuck with the shitty guild that tolerates your differences (at best) because there are enough people online and gaming to where there's probably another that fits better. And it's even better offline because you can connect with those few people in your nowhere little town who aren't butts.

edit: for example

https://news.ycombinator.com/item?id=40347601

[surgical_fire]

Eh, I think things are much worse now. It's the reason why I seldom play online, and when I do I have absolutely no desire to communicate with anyone (when I play online the first thing I do is muting everyone else. I don't want to read what they write and much less listen to their voices).

There is no community, I am in a centralized server being matched against random people. And when there is a community, it's normally a cesspool where online interaction is at best meaningless. See Twitter for example (no matter if it before or after the retarded buffoon that acquired it, it was always a toxic dump).

Anyway, what is past is past. I talk about those times without much nostalgia (I was a broke teenager at the time, not really the happiest of times). I just rationalize about how things got worse since then.

[AStonesThrow]

I see that you are too young to remember MUDs, netrek, or hunt(6)

[johnisgood]

> the most advanced cheats

How do they work? I know that in a game (Red Dead Redemption 2, for example) cheaters have infinite health and so forth. How? The server is responsible for validating all actions performed by players to prevent cheating, such as verifying movement, health, ammunition, and other game variables. It is not supposed to accept health values sent by the client without verifying against expected game logic. The server is the authoritative source. It is not supposed to rely on the client for authoritative game state, and if it does, it is fundamentally and terribly flawed.

[okwhateverdude]

> The server is the authoritative source. It is not supposed to rely on the client for authoritative game state, and if it does, it is fundamentally and terribly flawed.

Indeed. Likely the client is responsible for certain state things and/or implicitly trusted with state updates. How this happens is that most of your game devs are not paid enough or given enough time to do it right. Engines are selected (generally not built) for their ability to get shit to market fast and multiplayer is an after thought, hacked on. And management just shrugs and says we'll force players to run anti-cheat ring0 nonsense.

[mschuster91]

Say you have a shooter with support for surround sound and immersive sound effects aka "an enemy comes from behind, so make the sound appear from rear left". For that to render properly the client needs to know where the enemy is positioned, which is information a cheat can read out from RAM and display it as an alert for the cheater. Or your average aimbot - the precise position of the enemy is (by definition) known to the client, so a cheat can "take over" keyboard and mouse when it sees an enemy and achieve a perfect headshot.

Or in racing games, extremely precise braking and steering assistance. Everything that a gamer can do, a cheat can also do.

[johnisgood]

In the case of aimbot: it is very easy to detect aimbot though, and you can always look for patterns, even in cases of triggerbot.

As far as assistance goes: I despise it. Modern games have "aim assist" which is just a built-in aimbot. sighs

[aleph_minus_one]

> On the other side, a lot of it wasn't sustainable. Just how many forums just vanished all of a sudden as the owner died, ran out of money or was simply fed up moderating bullshit and infights, not to mention the ever increasing compliance workload/risk (yeeting spam, warez and especially CSAM)?

But also lots of commercial social media sites and forums disappeared, because the company got bust or changed its focus.

[nickpsecurity]

“ And honestly it's hard to cope with all of that, which means that self-hosting is out of the question unless you got a looot of time dealing with bad actors of all kinds”

That doesn’t follow from the points you made. What follows is that you have to deal with whatever percentage of bad actors you get. If not, you have to contract someone to handle that part of the job or do the entire job. Plenty of opportunities on those sentences that look nothing like today’s feudalism.

For example, I have several sites I self-host on cheap VM’s with lighttpd and BunnyCDN. I can do anything I want with the whole site, including moving suppliers. They have no comments. I have both an email and Facebook messaging if they want to contact me.

For comments, the main problem is catching spam or illegal content. That just means a 3rd-party provider needs to see the content, make a decision based on customer’s needs, and customer’s server needs to post the edit they made. Disqus already implemented much of this concept but it could be modified for more owner control.

The stronger control some want over comment quality requires more time and controls. There’s tools to help with that. The Lobste.rs’s site had great moderation tools. MetaFilter added a cheap, paid system for account creation that filtered tons of spam. Most implementations just need laborers to enforce their view of social norms with might or might not be easy, and might not be right or worth keeping around either.

That leads to countering the last assumption some commenters have: the methods used should keep the sites around as long as Google or Facebook. Most, human activity is temporary. Much has little, long-term value. Many sites will serve their purpose for a specific time. Others might go up and down. These possibilities are fine for non-mission-critical uses. Life will go on.

[mschuster91]

> That doesn’t follow from the points you made. What follows is that you have to deal with whatever percentage of bad actors you get. If not, you have to contract someone to handle that part of the job or do the entire job. Plenty of opportunities on those sentences that look nothing like today’s feudalism.

Well, the "eternal september" problem... back in the '00s you could reasonably run a forum or a blog even if you're some high school kid, all you needed was your parents and 10 bucks a month for some shitty virtuozzo/UML VPS. No need to deal with stuff like setting up a CDN just to survive some random asshat thinking they can DDoS you off the 'net.

[nickpsecurity]

You’re right that the problems increased. Although, I needed a phone line tied up for as long as I was online. I used to DDOS myself.