If I'm running a tiny little single-user instance on a potato and my post goes to the mastodon.social federated feed, it would be impolite for them to direct 20,000 requests at my potato all at once. Instead, their servers grabs one copy and serves it to their users. If they're set up for 20k eyeballs online at once, they've got capacity to serve them all the photo.

Mastodon has a configurable clean-up period for cached media so you don't use infinite disk. That gives a bad actor an easy way to robustly host images for a couple days: post it, let it federate out, and then take your server down. Everyone else is now doing crimes for you, and cleaning it up is a reactive process by dozens of server admins.

the shitcoin-obsessed CEO is the problem

The guy that bought it is the one who ran the neopets metaverse thing. So it sounds a little dubious.

it was never owned by the church.

the guy who bought it off the original founders was a scientologist and typical C-suite scumbag.

the only cult influencing neopets was capitalism. who doesn’t love shoving two ads in every hole.

I've been spectating games all day. 8v8 has so much going on and is a ton of fun to watch.

Yeah, their KS goal being US$100k is a low budget for something they're expecting to take two years.

not the OP, but

i was going to point to the did:plc thing they made up and went with. but since the last time i looked, it looks like they support (and prefer) did:web, so that's sorted out.

the "wtf" i have is more to do with actually running a community with atproto. you need a central crawler service that knows about all the PDSes you want to be friends with (this is presumably why you need to sign up in their discord right now, they gotta tell their crawler to look at your PDS)

but i think the crawler has to grab the entire PDS for everyone it knows about? if you want a large community, it seems pretty resource-intensive since the ceiling is "infinity posts". bsky's open source code suggests they have chosen not to deal with this problem.

with most AP services (e.g. mastodon), you can prune the data and the only consequence is "you don't get full text search for super old posts received from other services that we pruned", so there are ways to limit the cost other than "limit the number of users in our community".

but this may just be an implementation detail and not an issue with atproto, e.g. git shallow clones are a thing, and the PDS is also storing a big merkel tree. i am not sure if the indexer relies on having the complete history or not (since you do need it for certain operations). bsky's own code just shrugging suggests maybe limiting it is challenging, i dunno.

Email does rely on IP reputation as a major component in deciding if something is spam. The system has matured to a point where it works fairly well and transparently ... but the consequence has been you can't reliably send from an IP block unless somebody is very actively handling abuse and working with the reputation services to keep their IP space in the internet's good graces.

But: I wouldn't want to allowlist based just on one reputation service. I've got some ideas on how to handle spam for my instances involving a few different datapoints. This could be useful as one, if it ends up with enough data.