> 2. Secure server software ($5000). This does not seem to be an absolute necessity; there are a lot of sites on the web where you can send your credit card number unencrypted, and to date there have been no reports of the numbers being stolen. But catalog companies may believe that a secure link is necessary, and spending this $5000 would give Webgen a much more professional look.
For those who were not around then yes you had to buy at the time for roughly that amount software to do SSL it was not like just installing openssl as is done now.
This part I found interesting in it's naivete even back then for one thing 'no reports of' does not equate to 'not happening': [1]
> and to date there have been no reports of the numbers being stolen.
> But catalog companies may believe that a secure link is necessary
This sounds even more like 'younger person willing to take chances older experienced person to risk adverse'.
[1] Even today I can say 'no reports of houses in my neighborhood being broken into' but I don't really have an accurate source for things going on in my area only ad hoc.
The size of the internet in 1995 was such that typical path for a web based credit card purchases used a toll-free call with a landline phone over POTS. Long distance was still charged per minute and so was cell service. So was most internet access. If people were online, it was probably through AOL or Compuserve.
There weren't older people experienced with internet sales. It was all brand new.
Looking back, unencrypted credit card information was probably less risky than it sounds twenty five years later. The technical risks are the same for sure, but in 1995 the vast majority of credit card transactions used carbon paper, the physical card, and an imprinter. To be really useful, a stolen credit card number would need to be made into a physical card. There weren't a lot of places to use a credit card online...that's why Viaweb grew. And there wasn't widespread internet access in the places where credit card fraud at scale became a black market industry.
It is hard to imagine the mindset back then if you didn't live though it (and even if you did). This was a time when people debated if anyone might even buy anything online, at all.
And somehow, despite all our security advancements we still use plain 16 digit credit card numbers in the U.S. with no passwords or any protections outside of a 3 digit code on the back. The day we change that everyone will say "now how did that work"?
I was a customer of Viaweb back then. It worked fine. They charged a fixed fee each month. Then they sold out to Yahoo and became Yahoo Store. Yahoo demanded a cut of the merchant's revenue. Dropped Yahoo Store.
It was written in LISP, incidentally. Only language back then that could represent an HTML tree easily.
Before Google was created (and for a few years after) you would have used other search engines/portals.
In my experience, the most common back then were (in no particular order): Yahoo, Lycos, Infoseek, Excite, Altavista, Webcrawler.
Also, internet service providers usually provided their own portal, to support less-experienced users.
As a company/site, you depended on - adding yourself - to the lists on these portals to be discovered by customers.
As a user, you depended on the listings on these portals/search engines to discover sites/companies you were interested in.
To add to the list you also had some modest Web advertising, trade show promotion and limited journal / newspaper / magazine ads & write-ups for websites circa 1995.
Of course not. That's silly. But search engines were terrible back then. I remember using the lot of them, and it was hard to find anything. Using Google for the first time was incredible in 1998/1999. It just showed you exactly what you were looking for.
Did not have that experience. Altavista and friends were good enough, and for a long time google’s ability to understand natural language searches was nothing more than a gimmick. Most of my discovery came from blogrolls, link sharing and portals. Until the SEO era began and the volume of noise became unbearable...
In 1995, search engines were both worse and better. They were worse because they tended to rely on word frequency, boolean search, and an inverted index. They were better for the same reason. The search engine returned results based on what was in the box. It didn't second guess the user.
Even when Google arrived, it was not clearly better (at least for me) because it was hard to drill down a search by refining the specific search terms. But it was more adaptable to the first generation SEO methods.
This was my experience too. A lot of the holdouts that stuck with Altavista etc. were those of us who had learned to use them properly.
Google became better for inexperienced users very quickly, but took a long time to become clearly better for those who could compose complex queries to find exactly what we wanted...
It was an interesting example of how power users can often become blind to major shifts because they've learned to work around the problems the newcomer solves.
Viaweb was not originally a payment gateway, just a catalog and shopping cart system. Merchants had to make their own credit card processing arrangements. I used Bank of America. This was so new to them I had to put down a $20,000 deposit. Getting all the parts of the credit card processing chain working properly was a big headache. But in the end, it all worked quite well.
For security, the commit command will use one-time passwords. This way, even if someone gets the ordinary password of a user, they can't modify the catalog that actually appears at the site.
Yet, it was another era....:
Secure server software ($5000). This does not seem to be an absolute necessity; there are a lot of sites on the web where you can send your credit card number unencrypted, and to date there have been no reports of the numbers being stolen.
To prove that I have a secret key, I encrypt something of your choosing, and you decrypt it with a public key. This is enough proof, and private parts remain unexposed.
That's funny and I agree that _some_ people are bad at using passwords, but I have a feeling whatever replaces them will be worse for everyone. It's like some people cut their fingers with knives so let's all use plastic knives instead.
I don't know anyone personally that are good at using passwords, myself included.
Often I get shocked to find highly tech savvy people taking crazy risks.
But even the most careful people I know occasionally reuses passwords or picks easy to guess ones out of convenience. Most of the time it is a calculated risk, but the problem is it is hard to tell when you accidentally create a chain of weaknesses that can be leveraged into something more substantial.
As a standalone method of authentication, insecure is more ways than I can list.
I didn't think this was controversial or obscure. Authentication on my work laptop is fingerprint + 2FA, then password and 2FA for VPN. Access to most other resources at that point is certificate driven.
I wish my bank would use certificates, for instance. I absolutely get the human (ultimately cost) factors involved, but my bank is one of the few entities with which I would go through the hassle of in-person key setup/renewal.
There was an old post by Bruce Schneier where he suggested people write down passwords on a piece of paper and keep them securely. This is something people have been already doing for centuries with wallets, keys, etc.
It’s interesting to see that what ever worked in the early days of the web, still works today. Viaweb —> Shopify, Squarespace, Wix, etc.
Myspace -> FB
IRC -> Slack
Aim -> WhatsApp
It seems that, to come up with a good startup idea, one can look at the early days of the internet and replicate it for today. Preferably for a specific niche audience first, then grow from there.
Some of you may be surprised how far back this chain goes. Back in the (pre-www) day we used the `finger` command and `.plan` / `.project` files as rudimentary versions of social profiles.
I'm not able to find anything that gives a decent sense of how these were used in practice but if you have no idea what I'm talking about there's an animated .plan demo at https://www.youtube.com/watch?v=xMFzspwuQZw.
I've always assumed that the MySpace (and later, Facebook) verb "poke" was inspired by `finger` but I have no evidence for that.
I used .plan in college. Email was provided by a telnet system, and you can update your own .plan account and see what your friends wrote by fingering their unix account.
It's kinda like how statuses were used in AIM/ICQ, or if tweets/fb messages only held the latest message. A good modern example are how people use twitter profile bylines. Something pithy and clever to show how cool and funny you are to your friends.
> I'm not able to find anything that gives a decent sense of how these were used in practice
Here you go, the id Software .plan reads on Blue's News. That's how a lot of people consumed id's .plan files back then (with id being one of the more famous publishers at the time). It's not pre-www, however it gives a pretty good sense (for those not exposed to them) of what .plan files were like to consume.
On the right side panel you can click through the emloyee names and then change the date with the "Archived Dates" select box above the names:
I can't give an exact year, but my memory from the mid 90s was that webrings were generally formed around themed content, like beanie baby webrings or coin collecting webrings, mostly run by individual fans/enthusiasts, and were used as a means for discovering others interested in the subject.
Ok. That's fair. That's basically the way I remember them too. I just see that more like a distributed "web directory" used for cross promotion than a social network, but I guess it kinda sits in between.
It was self-promotional but not in cynical or necessarily commercial way, kinda like social media before "influencer" became a job title.
E.g. the list of features that made webgen "the most sophisticated web catalog generator available" includes:
> 2. Webgen generates all the buttons [as images] in a site automatically.
> 3. Webgen creates all the thumbnail images itself.
> 4. Webgen has a wide variety of page styles. Our default [...] puts three thumbnails horizontally across each page. But there are already six other possible section styles.
I'm not saying they are wrong (this was only a year or two after browsers - actually probably _browser_ - supported inline images after all), but it's funny that "generates thumbnails" and similar were seen as killer features.
For those who were not around then yes you had to buy at the time for roughly that amount software to do SSL it was not like just installing openssl as is done now.
This part I found interesting in it's naivete even back then for one thing 'no reports of' does not equate to 'not happening': [1]
> and to date there have been no reports of the numbers being stolen.
> But catalog companies may believe that a secure link is necessary
This sounds even more like 'younger person willing to take chances older experienced person to risk adverse'.
[1] Even today I can say 'no reports of houses in my neighborhood being broken into' but I don't really have an accurate source for things going on in my area only ad hoc.