I would not want to have this place require payment to post. We have members who are stretched thin, and forcing them out of the community because they can’t afford it would be pretty messed up.
This is from quite a few pages back but I am honestly really shocked the idea of needing to pay to post even came up
Of all the languages I have worked with over the years, I have made the most money off of languages that are out of favor or long dead.
Php? VBA-based access apps that handle medical data? Yes, I will deal with this shit. I will solve this nightmare.
Many years ago I took over operation of a very popular fan-site for a pretty famous band. They had been updating the ‘news’ section by manually editing the html.
My non-coder ass installed a php plugin that allowed webmasters to update their website with the same UI they use to write an email and at the time, it blew all of our tiny minds.
Feeling grateful that we at least got plenty of notice, and the current mod crew give a shit about this place and are taking positive action to make something work
Just wanted to add to the chorus of gratitude for the moderators & community that have kept this place a tangible corner of cyberspace, long past the peak of forums being hotspots of engagement.
Definitely not surprising PA is looking to nix hosting the forums, but as others have said truly an end of an era!
Since my activity has always been peripheral here, the hard break of Dec 2025 when PA stops footing the bill may also mark when I stop habitually checking in on this place - maybe not! It is encouraging that folks were given enough notice to try and organize a separate entity post-break, tho it would have been neat for PA folks to still front a living time capsule of the internet circa millennials being the "kids these days".
Best of luck for those putting in the time to keep some semblance of things going, and another round of thanks for those who made a video game webcomic forum something greater than an afterthought for decades(!).
If there ends up being a charge for use of the forums, I'd also ask the mods to kindly keep in mind not everyone pays in USD here, and what seems affordable there may be prohibitively expensive for others
Like, $10 USD could round to $14-15 for others and also effectively cull some international participation; it definitely restricts me from wanting to use certain streaming services, for example
If there ends up being a charge for use of the forums, I'd also ask the mods to kindly keep in mind not everyone pays in USD here, and what seems affordable there may be prohibitively expensive for others
Like, $10 USD could round to $14-15 for others and also effectively cull some international participation; it definitely restricts me from wanting to use certain streaming services, for example
True, even aside from relative currency values it can cause a bunch of minor irritations and inconveniences from international transactions or whatever. Like if it's not going through some existing established known entity it can get flagged as suspicious. Heck my auto renew for Nintendo online causes my bank to send me a text every time because that apparently goes through Singapore and it's freaking Nintendo
+3
TexiKenDammit!That fish really got me!Registered Userregular
I don't have much to say other than I am willing to provide financial UwUs like others, but
1) one thing I always felt limited new people showing up was how for the past two years (at least) most of the forum was hidden and unreadable unless you signed in. I still think of games & technology as the main thread, so not being able to see it when people might be looking for opinions or help on a game always seemed to blunt interactions with the site.
I don't have much to say other than I am willing to provide financial UwUs like others, but
1) one thing I always felt limited new people showing up was how for the past two years (at least) most of the forum was hidden and unreadable unless you signed in. I still think of games & technology as the main thread, so not being able to see it when people might be looking for opinions or help on a game always seemed to blunt interactions with the site.
2) in the new forum I'm Zoro, you can't be Zoro.
Yeah but that also prevents unwanted scraping. Given the big AI push you can’t expect robots.txt to be the one and done solution.
Edit: I should say I haven’t registered an account here in nearly two decades so I don’t even know if this place use captchas or other measures like that.
DrCLYC on
Steam - Synthetic Violence | XBOX Live - Cannonfuse | PSN - CastleBravo | Twitch - SoggybiscuitPA
I don’t even know how we attract new users to this place. It’s the former official forums of a webcomic whose heyday was 10-15 years ago. Oh it’s mainly a video game forum. Those are rare, right?
We don’t have the advantage of a larger forum population like Gaia or SA, and thus don’t have that 00s internet cultural fame (or infamy) that something like SA can lean into. And keep in mind even those communities are struggling to maintain a stable population of users. Forums just aren’t where people go these days to hang out on the internet.
I understand this community is important to people, but at some point you have to make peace with the fact that this forum will shutter one day. All good things, etc. but we can buy at least a few more years for everyone.
Sterica on
+43
MichaelLCIn what furnace was thy brain?ChicagoRegistered Userregular
I've been on the forum for 20 years. Sometimes way more active than others. But it's basically the first url I navigate to when I open a browser.
I've been deep in the throes of a midlife crisis and this definitely feels like that in spades. "Remember all the anchor points to your early life that made sense? Systematically lose all of it and reinvent yourself in your 40s. Get wrecked."
Thanks to everyone, mods especially, who put a lot of their time, care, and life into this place. Sincerely. We're getting old. I look forward to us keeping things together as best we can. Time marches, eh?
I don’t even know how we attract new users to this place. It’s the former official forums of a webcomic whose heyday was 10-15 years ago. Oh it’s mainly a video game forum. Those are rare, right?
We don’t have the advantage of a larger forum population like Gaia or SA, and thus don’t have that 00s internet cultural fame (or infamy) that something like SA can lean into. And keep in mind even those communities are struggling to maintain a stable population of users. Forums just aren’t where people go these days to hang out on the internet.
I understand this community is important to people, but at some people you have to make peace with the fact that this forum will shutter one day. All good things, etc. but we can buy at least a few more years for everyone.
If attracting new users at any point is a goal, I would suggest spotlighting G&T and advertising as a tech/gaming forum first. That forum should not be locked from guest viewing. I think if there was some kind of troubleshooting/tutorials/guides subforum, that alone could get a lot of people checking out the forums, since so much stuff has been lost to people moving to discord or making agonizingly long youtube videos.
But that's a more specific discussion for a later time. Just something that occurred to me yesterday.
cj iwakuraThe Rhythm RegentBears The Name FreedomRegistered Userregular
I wouldn't worry about attracting new users. Just make the place what it is, have everyone migrate accordingly, and if new people join, bonus. Don't try to push it for more than what it is, or you just get more fly by nighters.
It would be nice to attract new users, but that's about 90% because I love meeting new folks and PAX hangouts have always been a delightful time (especially when they led to meeting new friends). It doesn't need to be the main thrust of us finding a new space while this one goes into hospice, though - kinda need to put our own mask on first before we look for other people to shove it onto.
About attracting new users: Every time I've seen an online community transplanted in the past, it always followed the same trajectory. Attrition, then closure. And it usually didn't take that long. People just naturally leave. This snowballs, especially when long-running threads start having long gaps between new posts, or new posts start being few and far between.
I'm not saying we should be out there actively recruiting users, but I would say that making ourselves inviting for new users would do nothing but help this community stave off the inevitable heat death of any online community.
Plus there's the financial aspect. This will be community funded, and you need a critical mass to keep that going. Otherwise, you're going to get gradual attrition followed by a cliff.
Honestly, I think what we're being offered is a couple years to keep talking as we figure out where we're going next. I don't think there's any real intent to build this into a new, full forum. Our volunteer mods probably wouldn't WANT to be engaged in a growing community rather than safeguarding the remnants of this one as it passes into the West.
Honestly, I think what we're being offered is a couple years to keep talking as we figure out where we're going next. I don't think there's any real intent to build this into a new, full forum. Our volunteer mods probably wouldn't WANT to be engaged in a growing community rather than safeguarding the remnants of this one as it passes into the West.
But if we attract new users, that's extra candidates for modship from a pool of people who don't yet realize the abject horror of moderating.
Would you say I had a plethora of pinatas?
Legos are cool, MOCs are cool, check me out on Rebrickable!
I'm not an active user (obviously), but I do have a very strong attachment to the Forum Age of the internet, before the conversation got centralized to Reddit and Twitter. It's cool this place still exists and is active, I'm sad that PA is cutting itself loose from the forum, but I'm happy to see an engaged community committed to surviving the next step.
Honestly, I think what we're being offered is a couple years to keep talking as we figure out where we're going next. I don't think there's any real intent to build this into a new, full forum. Our volunteer mods probably wouldn't WANT to be engaged in a growing community rather than safeguarding the remnants of this one as it passes into the West.
But if we attract new users, that's extra candidates for modship from a pool of people who don't yet realize the abject horror of moderating.
or, and hear me out, we could just make everybody a mod
Honestly, I think what we're being offered is a couple years to keep talking as we figure out where we're going next. I don't think there's any real intent to build this into a new, full forum. Our volunteer mods probably wouldn't WANT to be engaged in a growing community rather than safeguarding the remnants of this one as it passes into the West.
But if we attract new users, that's extra candidates for modship from a pool of people who don't yet realize the abject horror of moderating.
or, and hear me out, we could just make everybody a mod
Mods: "Ok everyone, we're elevating everyone to mod status. Existing mods will be upgraded to senior mods."
Need a voice actor? Hire me at bengrayVO.com
Switch ID: MNC Dover SW-1154-3107-1051 Steam ID
+29
RamiusJoined: July 19, 2000Administrator, ClubPAadmin
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
+2
Zonugal(He/Him) The Holiday ArmadilloI'm Santa's representative for all the southern states. And Mexico!Registered User, Transition Teamregular
The question of recruiting new people into this community continues to occur, which feels a bit premature as the forums enter a death knell but I'll offer my own opinion regarding that topic:
If folks truly want to grow the community, the community at large has to sell itself through a few initiatives that highlight the unique strengths of what a forum can offer against other social media platforms, such as:
-- Annual events like Secret Satans and coordinated vacations like PAX-North
-- Establishing forum events (stuff akin to forum battles)
Because without stuff like that, all you have as a sales pitch is "We talk about games and stuff." Which... We may as well be a bar advertising with "We sell beer here."
I do think @Reznik is correct that developing & hosting tutorials/guides for games & technology is the sort of thing that navigates traffic into a community. There has to be something pulling folks in because "we have good values and cool vibes" is a weightless sales pitch.
Without a dedicated topic, the community does need to establish concrete ways to differentiate from what a sub-reddit can offer new folks.
+17
CambiataCommander ShepardThe likes of which even GAWD has never seenRegistered Userregular
I would not want to have this place require payment to post. We have members who are stretched thin, and forcing them out of the community because they can’t afford it would be pretty messed up.
This is from quite a few pages back but I am honestly really shocked the idea of needing to pay to post even came up
I'm on the fence about such an idea. Something like "Pay $1 a year" will be doable for most, and for those of us with a little extra we should be able to put more money in specifically for the purposes of long time posters having their dues paid anonymously so there doesn't have to be any feeling of patronage for the people who can't manage it.
At the same time, it'll automatically turn some people off, even if they don't have to pay it, and so those people will just be gone or permanent lurkers, and I definitely don't want that.
Probably the best method is once a year funding drives like they do on Wikipedia (or if you're old, PBS). Those who can pay will, those who can't don't have to feel obligated or guilty.
"excuse my French
But fuck you — no, fuck y'all, that's as blunt as it gets"
- Kendrick Lamar, "The Blacker the Berry"
0
minor incidentpublicly subsidized!privately profitable!Registered User, Transition Teamregular
The question of recruiting new people into this community continues to occur, which feels a bit premature as the forums enter a death knell but I'll offer my own opinion regarding that topic:
If folks truly want to grow the community, the community at large has to sell itself through a few initiatives that highlight the unique strengths of what a forum can offer against other social media platforms, such as:
-- Annual events like Secret Satans and coordinated vacations like PAX-North
-- Establishing forum events (stuff akin to forum battles)
Because without stuff like that, all you have as a sales pitch is "We talk about games and stuff." Which... We may as well be a bar advertising with "We sell beer here."
I do think Reznik is correct that developing & hosting tutorials/guides for games & technology is the sort of thing that navigates traffic into a community. There has to be something pulling folks in because "we have good values and cool vibes" is a weightless sales pitch.
Without a dedicated topic, the community does need to establish concrete ways to differentiate from what a sub-reddit can offer new folks.
People will come to see us draw the most beautiful horses.
minor incident on
Hell, New Jersey, it said on the letter. Delivered without comment. So be it!
I'm for whatever allows this community to survive. If we have to lose history, so be it. Badges and past posts won't do any good if the whole thing shutters. Sadly leaving things as is feels untenable.
If the future is volunteer moderation and community donations, then I'd argue we need to do all we can to support that. And imo, that means moving to a platform that has a balance of cost vs technical supportability. That might mean folks have to use external image hosting for example. I'd also argue that a re-org is required. We have multiple threads of the same topic in different places. If we can condense the forum by 30-50%, that reduces the moderation requirements as well.
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
I imagine that the software we want to go to will try to have tools to migrate to them.
*E: often the case with when you try to leave a service: they're going to act like it is impossible to migrate, only for the provider you move *to* to fix it all for you with one button.
--
I'm going to wait with long posts about this subject until we have separate threads, but I definitely want to talk more about the financial structure of this.
The question of recruiting new people into this community continues to occur, which feels a bit premature as the forums enter a death knell but I'll offer my own opinion regarding that topic:
If folks truly want to grow the community, the community at large has to sell itself through a few initiatives that highlight the unique strengths of what a forum can offer against other social media platforms, such as:
-- Annual events like Secret Satans and coordinated vacations like PAX-North
-- Establishing forum events (stuff akin to forum battles)
Because without stuff like that, all you have as a sales pitch is "We talk about games and stuff." Which... We may as well be a bar advertising with "We sell beer here."
I do think @Reznik is correct that developing & hosting tutorials/guides for games & technology is the sort of thing that navigates traffic into a community. There has to be something pulling folks in because "we have good values and cool vibes" is a weightless sales pitch.
Without a dedicated topic, the community does need to establish concrete ways to differentiate from what a sub-reddit can offer new folks.
This conversation may also change based on what technology ends up being used. I could see a world of let's plays, game tips/tutorials, reviews, etc that could drive traffic if those specific items could be crawled by search engines. Especially given the state of gaming sites today, I could see community reviews drawing some folks in, especially for smaller/indie games. I loved reading folks reviews for Pathologic 2 for example.
If we're going to keep talking about whether payment is viable I gotta be blunt. The last place I'm interested in putting any sort of financial information into is a splinter forum largely made by people who will be making a forum for the first time ever much less processing any manner of payments. I don't care what middleman you use. That's, objectively, not a smart place to put information into.
I'm not sure I understand? You don't trust Patreon? There is always risk with online payment, but there are options to minimize that risk.
edit: I'd also assume any future state would involve ads as well as I'm sure it's only a small % of folks that donate for software (discord or reddit for example).
Yeah, I don't think anyone is talking about building an in-house PCI-DSS compliant infrastructure to handle payments. It's a fun challenge but basically a full-time job.
This said as someone who has been involved in the past with one of those.
I don’t even know how we attract new users to this place. It’s the former official forums of a webcomic whose heyday was 10-15 years ago. Oh it’s mainly a video game forum. Those are rare, right?
We don’t have the advantage of a larger forum population like Gaia or SA, and thus don’t have that 00s internet cultural fame (or infamy) that something like SA can lean into. And keep in mind even those communities are struggling to maintain a stable population of users. Forums just aren’t where people go these days to hang out on the internet.
I understand this community is important to people, but at some people you have to make peace with the fact that this forum will shutter one day. All good things, etc. but we can buy at least a few more years for everyone.
Put a password gate in the front page and have forum members never shut up about how they're a member of the new super secret forums and you can't join.
How do you know someone has LUE access?
Don't worry they'll tell you.
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
@Ramius This was my conclusion too. I read up on the docs yesterday and it struck me that all of the docs on jsconnect described Vanilla as the auth client, not as the auth provider. I wanted to sleep on it and check again before bringiing it up.
I don't know what the team's appetite is for custom coding, but it might be possible to use JWT instead.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
I imagine that the software we want to go to will try to have tools to migrate to them.
*E: often the case with when you try to leave a service: they're going to act like it is impossible to migrate, only for the provider you move *to* to fix it all for you with one button.
--
I'm going to wait with long posts about this subject until we have separate threads, but I definitely want to talk more about the financial structure of this.
If Vanilla is following basic best practices, then our passwords here should be stored as hashes and effectively not exportable. There are ways to migrate hashed passwords, but there will be both technical and procedural controls preventing arbitrary access to those hashes. Whether Vanilla can allow for that export is a big x-factor, and whether those hashes are usable on the destination forum is another big x-factor.
I'm not saying it's absolutely impossible, just don't count on it.
The alternatives that Ramius is looking at involve using our current forum as an authentication system. You log in here, Vanilla vouches for you, and the new forum trusts that login and gives you access to your account.
The challenge right now is that Vanilla's docs entirely talk about that working n reverse. Vanilla trusts some other site or system to authenticate you.
Again, none of this is impossible, it's just another challenge to overcome.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+1
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Products, Transition Teamregular
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
I imagine that the software we want to go to will try to have tools to migrate to them.
*E: often the case with when you try to leave a service: they're going to act like it is impossible to migrate, only for the provider you move *to* to fix it all for you with one button.
--
I'm going to wait with long posts about this subject until we have separate threads, but I definitely want to talk more about the financial structure of this.
If Vanilla is following basic best practices, then our passwords here should be stored as hashes and effectively not exportable. There are ways to migrate hashed passwords, but there will be both technical and procedural controls preventing arbitrary access to those hashes. Whether Vanilla can allow for that export is a big x-factor, and whether those hashes are usable on the destination forum is another big x-factor.
I'm not saying it's absolutely impossible, just don't count on it.
The alternatives that Ramius is looking at involve using our current forum as an authentication system. You log in here, Vanilla vouches for you, and the new forum trusts that login and gives you access to your account.
The challenge right now is that Vanilla's docs entirely talk about that working n reverse. Vanilla trusts some other site or system to authenticate you.
Again, none of this is impossible, it's just another challenge to overcome.
And I think it is overcomplicating things... we could just export the usernames, which we can do without database access, and put them in the new software as "protected - verify"
If someone registers with one of those names, we automatically send them an email with a confirmation code, and a link to the current PA forums set to a new private message to a receiving inbox where you, as that user, paste the confirmation code in and hit send.
Like, the email could be:
Almost there!
Your verification code is 39471092
Make sure you are logged in on the PA forums, click the link below, paste this code into the box and submit.
https://forums.penny-arcade.com/messages/add/gdsforum-registration
Vanilla emails the address associated with that user with the contents of the DM, which is monitored by a service that validates the correct code from the correct name and flags the user in the new system as verified.
This is a one-day, completely viable solution that avoids us needing to get in the weeds with migrating people over, especially if they don't all want to come along for the ride.
+20
AthenorBattle Hardened OptimistThe Skies of HiigaraRegistered Userregular
It doesn't surprise me that Vanilla is set up as a Service Provider (SP) and not an Identity Provider (IdP).
I admit that most of my experience is second-hand, usually on the side of trying in SPs to our IdPs here at the university. I've heard horror stories of what it took to get Shibboleth running, and the "fastest" link I ever set up was getting GitLab to use Facebook/Google for OAuth / SAML. But I don't believe that Google/Facebook support attribute binding the way you are talking about (to link current identities to future identities).
Your best bet, as always, is going to be email. Off the top of my head, I could see it going like:
- You get a list of emails of registered users from Vanilla.
- You copy these into an independent database somewhere.
- You feed that database in to whatever future solution we use to seed user accounts.
- You then tie into an OAuth provider (or many).
- When a user first logs in, the forum does not let them immediately set a username. Instead, it validates that their email is correct. If it is, then it prompts them "Is this you?" If so, it links - if not, it gets flagged to a moderator to sort out (our population is small enough to viably handle manual intervention)
- If the user validates their email and there's no associated account, then the user is prompted to choose a username. And if they choose one that is already taken, they get told no AND a flag is raised to the moderator to follow up. (this may be turned off after the initial migration).
With the above proposal, you'd lose existing passwords. However, having gone through 2 implementations where we have tried to keep existing passwords (because heaven forbid professors ever change their passwords), it is doable with enough planning and communication.
And then from there, because you are using one of many OAuth providers, you could wire in more advanced security like 2 factor authentication, passwordless auth, yubikeys, etc. through them without needing admin overhead locally.
He/Him | "We who believe in freedom cannot rest." - Dr. Johnetta Cole, 7/22/2024
+1
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Products, Transition Teamregular
edited October 2024
hmmm... there is another way maybe also...
Is there any means to do an API-based login and get a token back from vanilla on success for the user?
If so, we could set up a middleman login service - something super lightweight like a lambda - that first attempts to log in to the new IdP (cognito, auth0, etc), and if no user is present, make an attempt against vanilla. If the user exists there, we happen to have the username and password on hand to create the new user, which means from that point forward that login will be managed by the IdP and vanilla won't get called for it any more.
syndalis on
+2
FishmanPut your goddamned hand in the goddamned Box of Pain.Registered Userregular
To all the tech minded ppl discussing user migration, do some research on vanilla jsconnect, I think that is the likely path we would take since we have time to do it in an orderly fashion.
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
I imagine that the software we want to go to will try to have tools to migrate to them.
*E: often the case with when you try to leave a service: they're going to act like it is impossible to migrate, only for the provider you move *to* to fix it all for you with one button.
--
I'm going to wait with long posts about this subject until we have separate threads, but I definitely want to talk more about the financial structure of this.
If Vanilla is following basic best practices, then our passwords here should be stored as hashes and effectively not exportable. There are ways to migrate hashed passwords, but there will be both technical and procedural controls preventing arbitrary access to those hashes. Whether Vanilla can allow for that export is a big x-factor, and whether those hashes are usable on the destination forum is another big x-factor.
I'm not saying it's absolutely impossible, just don't count on it.
The alternatives that Ramius is looking at involve using our current forum as an authentication system. You log in here, Vanilla vouches for you, and the new forum trusts that login and gives you access to your account.
The challenge right now is that Vanilla's docs entirely talk about that working n reverse. Vanilla trusts some other site or system to authenticate you.
Again, none of this is impossible, it's just another challenge to overcome.
And I think it is overcomplicating things... we could just export the usernames, which we can do without database access, and put them in the new software as "protected - verify"
If someone registers with one of those names, we automatically send them an email with a confirmation code, and a link to the current PA forums set to a new private message to a receiving inbox where you, as that user, paste the confirmation code in and hit send.
Like, the email could be:
Almost there!
Your verification code is 39471092
Make sure you are logged in on the PA forums, click the link below, paste this code into the box and submit.
https://forums.penny-arcade.com/messages/add/gdsforum-registration
Vanilla emails the address associated with that user with the contents of the DM, which is monitored by a service that validates the correct code from the correct name and flags the user in the new system as verified.
This is a one-day, completely viable solution that avoids us needing to get in the weeds with migrating people over, especially if they don't all want to come along for the ride.
It does require people still have access to the email attached to their forum account, which I know isn't 100%.
Given the bugs and issues people have experienced with updating profiles, getting that sorted might be an early stepping stone as a precursor to core work.
Posts
Steam: adamjnet
This is from quite a few pages back but I am honestly really shocked the idea of needing to pay to post even came up
Many years ago I took over operation of a very popular fan-site for a pretty famous band. They had been updating the ‘news’ section by manually editing the html.
My non-coder ass installed a php plugin that allowed webmasters to update their website with the same UI they use to write an email and at the time, it blew all of our tiny minds.
Steam: adamjnet
Feeling grateful that we at least got plenty of notice, and the current mod crew give a shit about this place and are taking positive action to make something work
Ever tried. Ever failed. No matter. Try again. Fail again. Fail better
bit.ly/2XQM1ke
Definitely not surprising PA is looking to nix hosting the forums, but as others have said truly an end of an era!
Since my activity has always been peripheral here, the hard break of Dec 2025 when PA stops footing the bill may also mark when I stop habitually checking in on this place - maybe not! It is encouraging that folks were given enough notice to try and organize a separate entity post-break, tho it would have been neat for PA folks to still front a living time capsule of the internet circa millennials being the "kids these days".
Best of luck for those putting in the time to keep some semblance of things going, and another round of thanks for those who made a video game webcomic forum something greater than an afterthought for decades(!).
Print out the source directly into a shredder?
Like, $10 USD could round to $14-15 for others and also effectively cull some international participation; it definitely restricts me from wanting to use certain streaming services, for example
3DS Friend Code: 0216-0898-6512
Switch Friend Code: SW-7437-1538-7786
True, even aside from relative currency values it can cause a bunch of minor irritations and inconveniences from international transactions or whatever. Like if it's not going through some existing established known entity it can get flagged as suspicious. Heck my auto renew for Nintendo online causes my bank to send me a text every time because that apparently goes through Singapore and it's freaking Nintendo
1) one thing I always felt limited new people showing up was how for the past two years (at least) most of the forum was hidden and unreadable unless you signed in. I still think of games & technology as the main thread, so not being able to see it when people might be looking for opinions or help on a game always seemed to blunt interactions with the site.
2) in the new forum I'm Zoro, you can't be Zoro.
Yeah but that also prevents unwanted scraping. Given the big AI push you can’t expect robots.txt to be the one and done solution.
Edit: I should say I haven’t registered an account here in nearly two decades so I don’t even know if this place use captchas or other measures like that.
We don’t have the advantage of a larger forum population like Gaia or SA, and thus don’t have that 00s internet cultural fame (or infamy) that something like SA can lean into. And keep in mind even those communities are struggling to maintain a stable population of users. Forums just aren’t where people go these days to hang out on the internet.
I understand this community is important to people, but at some point you have to make peace with the fact that this forum will shutter one day. All good things, etc. but we can buy at least a few more years for everyone.
WOOSTER BOLD
I've been deep in the throes of a midlife crisis and this definitely feels like that in spades. "Remember all the anchor points to your early life that made sense? Systematically lose all of it and reinvent yourself in your 40s. Get wrecked."
Thanks to everyone, mods especially, who put a lot of their time, care, and life into this place. Sincerely. We're getting old. I look forward to us keeping things together as best we can. Time marches, eh?
If attracting new users at any point is a goal, I would suggest spotlighting G&T and advertising as a tech/gaming forum first. That forum should not be locked from guest viewing. I think if there was some kind of troubleshooting/tutorials/guides subforum, that alone could get a lot of people checking out the forums, since so much stuff has been lost to people moving to discord or making agonizingly long youtube videos.
But that's a more specific discussion for a later time. Just something that occurred to me yesterday.
Do... Re... Mi... So... Fa.... Do... Re.... Do...
Forget it...
3DS Friend Code: 0216-0898-6512
Switch Friend Code: SW-7437-1538-7786
I'm not saying we should be out there actively recruiting users, but I would say that making ourselves inviting for new users would do nothing but help this community stave off the inevitable heat death of any online community.
Plus there's the financial aspect. This will be community funded, and you need a critical mass to keep that going. Otherwise, you're going to get gradual attrition followed by a cliff.
But if we attract new users, that's extra candidates for modship from a pool of people who don't yet realize the abject horror of moderating.
Legos are cool, MOCs are cool, check me out on Rebrickable!
or, and hear me out, we could just make everybody a mod
Mods: "Ok everyone, we're elevating everyone to mod status. Existing mods will be upgraded to senior mods."
Switch ID: MNC Dover SW-1154-3107-1051
Steam ID
Having done a little more digging into this myself, I think my hope in this feature was misplaced. Vanilla has support for jsconnect, and some other more standard technologies like Oauth2 and Saml, but always as a client not as an idP. There are plenty of articles on integrating Vanilla as a slave to an outside authenticator to smooth onboarding of users from a 3rd party system into a vanilla forums instance, including both account creation and SSO. But so far I haven't found documented solutions for going in the other direction.
There may still be a way to make this concept work but it might require a custom Oauth2 add-on with the additional functionality we require, and convincing Vanilla to activate it in our Vanilla Cloud instance.
If folks truly want to grow the community, the community at large has to sell itself through a few initiatives that highlight the unique strengths of what a forum can offer against other social media platforms, such as:
-- Annual events like Secret Satans and coordinated vacations like PAX-North
-- Establishing forum events (stuff akin to forum battles)
Because without stuff like that, all you have as a sales pitch is "We talk about games and stuff." Which... We may as well be a bar advertising with "We sell beer here."
I do think @Reznik is correct that developing & hosting tutorials/guides for games & technology is the sort of thing that navigates traffic into a community. There has to be something pulling folks in because "we have good values and cool vibes" is a weightless sales pitch.
Without a dedicated topic, the community does need to establish concrete ways to differentiate from what a sub-reddit can offer new folks.
I'm on the fence about such an idea. Something like "Pay $1 a year" will be doable for most, and for those of us with a little extra we should be able to put more money in specifically for the purposes of long time posters having their dues paid anonymously so there doesn't have to be any feeling of patronage for the people who can't manage it.
At the same time, it'll automatically turn some people off, even if they don't have to pay it, and so those people will just be gone or permanent lurkers, and I definitely don't want that.
Probably the best method is once a year funding drives like they do on Wikipedia (or if you're old, PBS). Those who can pay will, those who can't don't have to feel obligated or guilty.
But fuck you — no, fuck y'all, that's as blunt as it gets"
- Kendrick Lamar, "The Blacker the Berry"
People will come to see us draw the most beautiful horses.
If the future is volunteer moderation and community donations, then I'd argue we need to do all we can to support that. And imo, that means moving to a platform that has a balance of cost vs technical supportability. That might mean folks have to use external image hosting for example. I'd also argue that a re-org is required. We have multiple threads of the same topic in different places. If we can condense the forum by 30-50%, that reduces the moderation requirements as well.
I imagine that the software we want to go to will try to have tools to migrate to them.
*E: often the case with when you try to leave a service: they're going to act like it is impossible to migrate, only for the provider you move *to* to fix it all for you with one button.
--
I'm going to wait with long posts about this subject until we have separate threads, but I definitely want to talk more about the financial structure of this.
This conversation may also change based on what technology ends up being used. I could see a world of let's plays, game tips/tutorials, reviews, etc that could drive traffic if those specific items could be crawled by search engines. Especially given the state of gaming sites today, I could see community reviews drawing some folks in, especially for smaller/indie games. I loved reading folks reviews for Pathologic 2 for example.
edit: I'd also assume any future state would involve ads as well as I'm sure it's only a small % of folks that donate for software (discord or reddit for example).
This said as someone who has been involved in the past with one of those.
Put a password gate in the front page and have forum members never shut up about how they're a member of the new super secret forums and you can't join.
Don't worry they'll tell you.
@Ramius This was my conclusion too. I read up on the docs yesterday and it struck me that all of the docs on jsconnect described Vanilla as the auth client, not as the auth provider. I wanted to sleep on it and check again before bringiing it up.
I don't know what the team's appetite is for custom coding, but it might be possible to use JWT instead.
the "no true scotch man" fallacy.
If Vanilla is following basic best practices, then our passwords here should be stored as hashes and effectively not exportable. There are ways to migrate hashed passwords, but there will be both technical and procedural controls preventing arbitrary access to those hashes. Whether Vanilla can allow for that export is a big x-factor, and whether those hashes are usable on the destination forum is another big x-factor.
I'm not saying it's absolutely impossible, just don't count on it.
The alternatives that Ramius is looking at involve using our current forum as an authentication system. You log in here, Vanilla vouches for you, and the new forum trusts that login and gives you access to your account.
The challenge right now is that Vanilla's docs entirely talk about that working n reverse. Vanilla trusts some other site or system to authenticate you.
Again, none of this is impossible, it's just another challenge to overcome.
the "no true scotch man" fallacy.
And I think it is overcomplicating things... we could just export the usernames, which we can do without database access, and put them in the new software as "protected - verify"
If someone registers with one of those names, we automatically send them an email with a confirmation code, and a link to the current PA forums set to a new private message to a receiving inbox where you, as that user, paste the confirmation code in and hit send.
Like, the email could be:
Vanilla emails the address associated with that user with the contents of the DM, which is monitored by a service that validates the correct code from the correct name and flags the user in the new system as verified.
This is a one-day, completely viable solution that avoids us needing to get in the weeds with migrating people over, especially if they don't all want to come along for the ride.
I admit that most of my experience is second-hand, usually on the side of trying in SPs to our IdPs here at the university. I've heard horror stories of what it took to get Shibboleth running, and the "fastest" link I ever set up was getting GitLab to use Facebook/Google for OAuth / SAML. But I don't believe that Google/Facebook support attribute binding the way you are talking about (to link current identities to future identities).
Your best bet, as always, is going to be email. Off the top of my head, I could see it going like:
- You get a list of emails of registered users from Vanilla.
- You copy these into an independent database somewhere.
- You feed that database in to whatever future solution we use to seed user accounts.
- You then tie into an OAuth provider (or many).
- When a user first logs in, the forum does not let them immediately set a username. Instead, it validates that their email is correct. If it is, then it prompts them "Is this you?" If so, it links - if not, it gets flagged to a moderator to sort out (our population is small enough to viably handle manual intervention)
- If the user validates their email and there's no associated account, then the user is prompted to choose a username. And if they choose one that is already taken, they get told no AND a flag is raised to the moderator to follow up. (this may be turned off after the initial migration).
With the above proposal, you'd lose existing passwords. However, having gone through 2 implementations where we have tried to keep existing passwords (because heaven forbid professors ever change their passwords), it is doable with enough planning and communication.
And then from there, because you are using one of many OAuth providers, you could wire in more advanced security like 2 factor authentication, passwordless auth, yubikeys, etc. through them without needing admin overhead locally.
Is there any means to do an API-based login and get a token back from vanilla on success for the user?
If so, we could set up a middleman login service - something super lightweight like a lambda - that first attempts to log in to the new IdP (cognito, auth0, etc), and if no user is present, make an attempt against vanilla. If the user exists there, we happen to have the username and password on hand to create the new user, which means from that point forward that login will be managed by the IdP and vanilla won't get called for it any more.
It does require people still have access to the email attached to their forum account, which I know isn't 100%.
Given the bugs and issues people have experienced with updating profiles, getting that sorted might be an early stepping stone as a precursor to core work.