I want to add some kind of simple serverless functions to wisp.place. It feels like the perfect next step for creating composable web applications within your repository that you can execute anywhere. i can easily do this with wisp-cli. I can’t with wisp.place if i want to keep it free to use by anyone. i’d be opening up my services for free abuse for any malevolent use they see fit.

DDoS, mining, phishing, the list can go on. I thought about, how could i inherently trust a DID’s javascript they want to run on my VM? Ethereum says “Just make them pay.” That works, but I don’t want that. What if I could build trust with that DID? That they’re an active user who probably won’t try to send bots impersonating my ip.

Maybe it’s as simple as having them hold a site for at least a week before unlocking a limited set of invocations that grows with time, possible, but that just makes attacking a waiting game. Maybe see if they post to bluesky and have a tangled repo? LLM bots exist everywhere. Also that just limits use to bluesky posters. I’ve seen a few users already who are wisp only. nothing else in their pdses.

Collateral is also something Ethereum does to establish trust. However again, collateral for them is just money. What would collateral look like for Atproto? I don’t think we have the tools for a network wide form of establishing trust without a central oracle that each application has to manage manually. Labelers are a thing that exist, I want to think about that more.