semi related question, if a client is poorly built and thus really bad at managing relay subscriptions (ie they do a ton of different queries on every subscription on every page load) is that costly for relays?
Discussion
Yes.
how bad?
and i assume the only protection for relays is rate-limiting by IP address, but that’s an iffy fix
It's a compounding effect, so depends how many people use the bad clients. Partial mitigation is possible using nginx rate limits but it's not a pretty solution
That's the same protection any website on the internet has. On Nostr we could do things like requiring NIP-42 AUTH for reads, which is an improvement, even though most clients probably don't implement that.
In practice 99% of the internet websites would never endure a million clients trying to load pages, and yet they all exist with minor hiccups, right? Because most clients do not care at all about the small websites they don't know. I think Nostr will work the same eventually.
The Damus relay can just turn off its DNS, stay offline for some days, then come back as relay2.damus.io, for example, if it wants to deflect most of the automatic blind traffic it is receiving now.