As a young man I spent lots of energy collecting and trading stolen credit cards on IRC. A large amount of what I was doing with them was carding local shell accounts so that I could avoid long distance charges by telnetting in to Compuserve and Genie. I of course carded my accounts there as well. I was hooked on an online airplane game and mechwarrior type arena game and still fondly look back on both those experiences. As you can imagine someone on that path without guidance life didn't go so hot and I still every now and then wish I could man a turret in a b17 on an airfield run and enjoy the simpler times.
I remember a lot of (porn) sites early on would accept credit card numbers from a generator. Didn’t even need a real one! Of course they’d later close the account for fraud when it wouldn’t bill but it was a surprising amount of places that didn’t actually validate anything beyond the digits being Visa or Mastercard etc.
How interesting! I wonder what happened behind the scene to require this. Companies in spaces like that usually require specific merchant banks that are willing to deal with "high risk" (or so seemed to be the search term). I wonder if this had advantages in bank selection or how it looked to the banks? Or perhaps a technical limitation?
I’ll admit it now: in the very early days of bird scooters they accepted visa and MasterCard test numbers. You could start rides and only after a week would they block your account. Of course, the only thing you needed back then to sign up was an email. If you had an android, you could just wipe the cache, enter a nonexistent email address off the top of your head, paste in a test card number and get going again. Fond memories.
I had a friend who carried around a canceled credit card to get free rides on the bus. The fare boxes accepted swipes and didn't/couldn't settle transactions until they were back in the barn. So they took any credit card that checksummed, I suppose.
They ceased this feature soon afterwards. I was appalled that they'd ever enabled it if it was so vulnerable. (I don't think public transit really cares about collecting fares as a priority.)
I think there was no realtime CC processing back then. In my last job I found artefacts like fax forms where they would write down collected credit card data (from online subscriptions) to be sent to their processor. To have at least _some_ safety they would just check [1] if the CC number is sound.
I remember Authorize.net was one of the first credit-card processor for eCommerce (Archive.org goes back to 1998: https://web.archive.org/web/19981206052326/http://authorizen... ), they were the Stripe.net of the dot-com boom - at-least insofar as FastCGI or ColdFusion could take you back then - this was before "XML" was a buzzword: systems were exchanging SGML (if you were lucky!) or EDI[1] (if you weren't so lucky)
Obviously big-players, established businesses, et cetera would have had a more direct relationship with the banks and/or card-processors, but smaller site operators ("webmasters", heh) I assume must have had to run nightly batch-jobs that sent flat-files of card-numbers to card-processors using a modem that called the processors directly - rather than over the Internet (I understand this was also how many brick-and-mortar retailers sent in CC details transcribed from those manual card-impression machines[2], though I assume most let their bank do it along with their cash-deposits?)
-----
Unrelated-but-related: Authorize.net definitely sat on their laurels: their platform, web-service, and even their marketing landing-page was basically frozen-in-time from the mid-2000s right through to around 2017, I know because that's when I was working on a side-gig to migrate a system from Authorize.net to Stripe - that was such a breath of fresh-air. Sometimes I go back through time in the repo's commit history to remind myself how bad things were back then so I appreciate that things sometimes do actually get better.
I worked for a company until 2011 that developed and licensed a shopping cart where Authorize.net was our most preferred processor. We could do others but Authorize.net had the best integration. Even in 2011 Authotize.net’s site and API just felt super old.
I worked for another company creditnet.com that started a bit before authorize.net basically wrapped ICVerify dialup verification using PGP to encrypt merchant to processor request/response.
I recall CC's being emailed via a form on the website and then input using the PDQ machine at the other end (what PCI?). For extra security they started sending it in two emails! I'd imagine some forgotten far flung corners of the internet still do janky stuff like that (or what was available/reasonable at the time at least)
I worked on a web site about 20 years ago where the form sent a PGP encrypted email. The credit card was then processed by hand. I'm guessing this isn't PCI compliant. ;)
In the 90's, we had something similar at another company. Except there, the email wasn't even encrypted. (Don't worry, the site used SSL.)
My former employer was a lot more YOLO than that. When I joined (in the mid 2000s) there was no https on the website, passwords stored in plain text, no backup strategy, etc. But they printed money with their system.
Hitting an invalid credit card just results in NO SALE, which the bank won’t care much about. What they don’t like are cards that go through and then get contested.
When your product is “infinitely cheap to reproduce” losing some to fraud that doesn’t cost you is just part of doing business.
Like the other post said, I assume they were manually sending the information to their merchant bank so there was a significant delay between when your account was created and when they discovered it wasn't real.
Additionally, at this time credit cards didn't have the 3 digit security code they have today so generating a 'valid' number was trivial.
Oh, the memories. There was a guy in my RuneScape clan who was known for doing exactly that. Walked me through setting up a vHost and bouncer on a shell account at one time so that I could be 1337 like him, or get us logins for obscure adult sites and say "use a SOCKS proxy, the other ones aren't any good".
He was like the cool older brother we never had. Hope he's alright now. Probably a major factor behind me choosing this career.
Also png ("pOrtable", "network", "graphics"). The `ing` diphthong in English is a very different IPA letter sequence than N or G in the corresponding words, and the "natural" vowel from the abbreviations is "o" rather than "i".
I'm from Genx. The whole pronunciation thing started as a joke but apparently most people didn't get it and it got out of hand. But maybe that's the hallmark of a really good joke. It just keeps delivering.
I'd never heard the hard-G pronunciation until the late 90s. I was assuming it was an internet newb thing due to correlation. And then one day in the early aughts when I heard someone who'd been a netizen for as long as I was.
Right? What's the closest English word to gif? Gift. Gifts, gifting. No other words beginning gif. And even words like girl aren't jirl just because giraffe is. Giraffe came from Arabic through Italian.
Inventers don't get to change the language just because they invent something.
Perhaps for English, but for Romance languages such as Italian and Latin, the "gi" digram means that the hard g softens to a /dz/ sound, so I'm perfectly comfortable with applying that rule here, and I think it sounds nicer.
The original programmer specified "peanut butter" in the original docs, but being the author of a format does not make you a linguist. If each component of Graphics Interchange Format is pronounced properly, it is hard-g gif, and not the peanut butter.
> If each component of Graphics Interchange Format is pronounced properly
That's simply not how acronyms work. Acronyms that form a pronounceable word typically coalesce into an agreed pronounciation that does not need to have anything in common with its components.
Take for example:
ANSI: neither "A" nor "I" is pronounced as their components.
CHAP: not sure how you'd murder this to fit a second "H" and the "A" isn't the same, either.
CIDR: "C" and "I" differ. I'd laugh at you if you tried to say "kidder"!
CMOS: I usually hear this as "see-mahs", but you do you.
LAN: different "A"
POP: this is not the "O" you're looking for.
POST: again laughing at anyone who says "pahst"
Those are just the IT-related ones I surveyed. Have fun.
CompuServe was pretty awesome back in the 80's! It was essentially email and Reddit, all in one service. You had scripts that would run to send/receive mail, download thread updates and upload responses - all batch, because you were charged by the minute for connect time.
There are some aspects of that environment I like better than what we have today.
My mother and her husband still use AOL email, which I thought was bad enough, I managed to persuade them some years ago that they didn't need to use the AOL portal to get at the internet.
I still haven't managed to persuade them to change ISP though, even though AOL removed themselves from the broadband ISP business in the UK, what, 20 years ago? And their connection had been bought and sold by different providers multiple times over those years, my stepfather is concerned that if he changes ISP then the email will no longer know how to find his house.
In the face of this sort of argument, I crumble. They could be paying less for a faster service with better support than they get now, but I guess that's never going to happen.
My 85YO mother still uses the AOL email address I set up for her in 1996. It works perfectly on her iPad Pro with IpadOS $CURRENT.
I got the iPad-before-the-iPad-before-last. It maxes out at iOS 9. One of the only ways I've got to get ebooks on it is to email them to my 1996 Hotmail address, which is the only one my my half a dozen that iOS 9 Mail can handle.
The email address? There's no reason they should IMHO. At this point Aol email really has to be one of the longest lived and most stable services out there, and it's weird to even type that :)
The ISP? They could be paying less for a faster connection, and a new ISP would probably throw in a better wireless router than the ancient one they're using (and occasionally having trouble with).
The two are not related - AOL is a free online portal these days, accessible to anyone using any ISP. You can even go there and sign up for free email right now if you want. I can imagine a 'retro' email address fad might hit at some point ...
You can even go there and sign up for free email right now if you want.
Looks like my email address from 1985-1993 is taken. I wonder if at some time it got recycled for lack of use, or if it's still me, but I have no way of logging in to QuantumLink or the old AOL service.
retro_email@aol.com appears to be available though :)
I have no idea if they recycled any addresses, I used to know someone that worked for them about 20 years ago, but she was non-technical and probably wouldn't have access to that info back then. And 20 years ago AOL were already considered outdated and uncool!
A little jarring how clicking on any of the hyperlinked 'channels' on the left navigation bar will send you 20 years into the future in terms of web design. Quite a stark contrast.
I spent an absolute fortune playing British Legends in the mid 1980s on Compuserve. It was $6.25 an hour at 300 baud to watch the text slowly crawl across the screen - and that was dial up, when telephone charges were expensive even for local calls.
You can still play if you are interested! (for free and at a much higher speed)
What a delightful web design throwback. I hit the zoom a few notches so I could actually read it, and then felt right at home reading the news like I used to do decades ago.
I called almost exclusively local BBSes with my 300 bps modem starting in 1985. There was no local Compuserve dial-in number for me. Between the long distance and the per minute charges, Compuserve was out of reach.
By the way, your 1200 bps modem was actually 600 baud! People often use baud and bps interchangeably but they're different. The most common 1200 bps standard was v.22 which used 600 baud.
I mostly called local BBSes. I had to get on CompuServe first, to even find the numbers for local ones. I ran my own BBS for a while, also! Fun times. I still miss those days.
I literally added a 1200 baud modem to my first computer purchase so that I could dial in to CompuServe. Living in the countryside it was an expensive long distance call just to connect and that cost limited my usage but I sure enjoyed it.
>Apparently, there's a rough rule-of-thumb formula
that the cost of a modem is about a dollar per baud.
This estimate accounts for the extras that are usually
added as rated speed is increased to give the device its
1-m1*in-turn utility.
My cable modem (which actually cost $120) is capable of 1.4Gbps downstream and so should cost $1.4B (or $700M and change if you give only $0.50 per baud per direction).
Curious if these old email addresses that became a tech embarrassment will see a rebound in cachet. "Ooh, a résumé with @compuserve.com. This guy was there at the beginning."
I’d love to have my short compuserve.com email back. I’d even be prepared to pay a modest amount for it.
Nothing embarrassing about it, if you wanted to be online (particularly on the road internationally) that was the way. Compuserve had dial-up modems everywhere :-)
My initial reaction to your comment was a smug "Hah! I know what CompuServe was!" followed by the realization that I'v been over 40 for a couple of years now.
I think it was 1992 when my dad showed me how to dial into Compuserve. We might have had a 9600 baud modem that tied up the phone line and cost an astronomical amount per minute. I recall bringing up a weather map of the US. I had no clue what to do with that information. But I was hooked.
I used to live in Germany (dad was a military contractor).
We had a computer with dialup but it was insanely expensive to use there at the time and only my parents could use it.
Well one day they left me home alone and I got curious so I connected and stayed online for probably 8-9 hours before they got home. It was a blast. I too was also hooked immediately.
I sure got a shock when my parents came into my room a month later to ask if I had been on the computer without them because we had a huge bill haha.
Oh gosh. I remember my parents hiding my keyboard and mouse after my Dad received a £500 phone bill one month. This was in 1999. We were on pay per minute dial-up in the UK and I was obsessed with playing a game called Team Fortress Classic, a mod for Half-Life. Even with ping times of 200ms it was still really playable! We only had one phone line and the downside of this for my parents was that no-one could call the house phone - engaged tone. Remember, this is before widespread mobile phones. The downside for me was that any time someone picked up a phone in the house - like my sister to call her stupid boyfriend - all they heard was modem noise and it sometimes ended up in the modem hanging up the connection mid game... Infuriating!
Luckily I had a spare keyboard and mouse in my cupboard, which I promptly set up to the bemusement of my parents. They were very patient...
> We only had one phone line and the downside of this for my parents was that no-one could call the house phone - engaged tone.
I bought this little box on ebay that monitored for the call waiting signal while dialup was connected and then let the call ring through. If I was quick I could get starcraft to reconnect when a telemarketer interrupted. It was a lot cheaper than a second phone line!
I remember getting trial accounts that had a limited number of hours, but if they ran out while you were still connected you didn't get booted off; you just couldn't connect the next time you dialed in. So I would log on near the end of my time limit and spend all night downloading files, well past what would have been the normal account expiration time.
Yeah I ran up a multi hundred dollar internet bill when I was 9 and my parents cancelled AOL for a couple years until they came out with unlimited plans.
They had free trial offers for 10 hours (at first) so I was sneak, then sneak{1,..,14} or something on there.
Eventually I managed to shoulder surf the login for the PPP connection to a local ISP used at my school, then I had unlimited. Thankfully I had enough sense at 13 or 14 to ATDT*67,,1xxxxxxxxxx so that they couldn't identify who it was without actually sending a subpoena/warrant to the telco (which they didn't do). In any case the school paid a flat rate for unlimited usage, so my being connected all night didn't cost anyone anything.
They yelled at me a lot though because it was pretty obvious who was using dozens of hours of dialin every month, given that the school's list of suspects was one item long.
I took borrowed a school account to a local ISP. Saving the setting file onto a disk and rummaging through it with ResEdit to my young surprise brought me the text I was looking for!
Unlike you, I didn't have enough foresight to attempt to block the dialing in number .. at all. But I had internet for most of the school year until, as per your story, it relatively came crashing down one day.
Same justifications of "borrowing" the account as well -- I wasn't using it during the school day itself, I was at school -- and it seemed so silly to waste such services for 2/3rd's of a day!
A Stern talking to and that was that... Imaging what would happen now!
> They yelled at me a lot though because it was pretty obvious who was using dozens of hours of dialin every month, given that the school's list of suspects was one item long.
Not sure why they didn't change the password. I was assuming they just never noticed the usage.
Ah right. I had seen that PDP legacy aspect before but totally forgot. I had a 75300 series account via my dad's work which for the most part was amazing as it was a sysop level account (and free!). The one downside to teenage me was that you couldn't access any of the extra cost bits, like most of the games.
I missed the boat on those paid online services because my family was not in a position to pay $X per month for such a thing. Even scrounging up for my 8-bit Atari and 300bps modem was tough.
So I cut my teeth on people's little basement-hosted BBS's first, and didn't experience anything multi-user until some of the big multi-line BBS's popped up.
I have a valid AOL email address despite never having subscribed to AOL. Did the same thing happen to your CompuServe address; that is, transition to the free email model?
When Kaleida Labs was shutting down in the mid 90's, somebody put a bunch of big labeled recycling bins out in the hall, for soon-to-be-ex-employees to throw different types of office junk into to be recycled.
But there were just so many AOL and Compuserve signup floppies and cds that I labeled two separate recycling bins AOL and Compuserve, one for each brand!
One of my first moments on the internet was chatting on Compuserve using the DOS client. Chats were sent character-by-character so everyone’s text was constantly stomping over everyone else’s. But it was amazing that those were people from all over the country you could chat with.
When I was first introduced to Unix (SVR3) all the students used 'write' to chit-chat, and somehow we adopted conventions so that our text would not stomp (it was line-by-line, though) so we would write something like "-o" for "over" when we were finished typing, and "-oo" or "o&o" when we wanted to end the convo.
When MUDs became a thing, it was soon a stigma to be "on raw telnet" as we'd say, because a client could easily handle incoming text while you're typing a line at the same time. And so I became utterly addicted to full-duplex conversations, hardly even caring if I stayed on topic.
Sometime around 1992, I was at a conference with booths from Compuserve and AOL and all the rest. I marched right up to the Compuserve lady, never having used the service, and I inquired "so when are you gonna get a clue and connect to the Internet?" Of course she answered with something rather clueless and diplomatic, but I got a thrill out of being right when all those walled-gardens hooked up to the walled garden to end all walled gardens.
Compuserve was where I had my first email account in the early/mid 80s, dialing in on a C64 and a 300 baud modem. God, the amount of time I spent playing Megawars and cursing my slow modem.
They put their news articles dates in tiny little text at the bottom of most articles.. interesting design choice. I didn't even see them until I looked at a few.
I began my addiction to a particular game, Island of Kesmai, on Compuserve back in the 80's. It later became Legends of Kesmai (on Gamestorm and AOL) and has since been reborn with several remakes. The current, and best, is Stormhalter (http://www.stormhalter.com/wiki/Main_Page).
The site does not look fancy but it delivers. Everyone complaining about someone using that page, why? I have adblock on so maybe it looks far worse for others. But I just see straight up headlines for each topic and it looks current. I did not know this page still existed either, but honestly I like the simple look.
Funnily, I am in the middle of season 2 of Halt And Catch Fire.
And beyond the references to AWS, Wolf3D and IRC/Usenet, I wonder which other parts are direct references to Compuserve.
[i have never been on Compuserve]
Who knows how old this code is, but this page was developed with div's+css, which 4 didn't support (fully or not at all). It wasn't until later versions that divs replaced tables for layout.[0]
Let me be clear on the CSS support here, It was buggy partial and lousy. I was stuck on that browser for 5 years at the time on Linux before Mozilla became good enough
First time a cookie modal actually enhanced my browsing experience. The background blur hid the retro design, making for a very nice surprise when I dismissed it!
I think I was on Prodigy a little bit before BBS' then after the BBS era began to wain it was dialup PPP (then a hacked PPP server at MIT), and shell systems.
