It’s not serverless, of course. Each peer is a server and the peer that created the “sub” have control to be able to moderate things. You have to maintain your peer always online, because it’s a server. Traffic happens over IPFS, which is sloooooow.

ActivityPub is not perfect, but this is just a channer wanting some freeze prach space he can control.

Writefreely is alive. Plume not.

If you don’t have strong privacy concerns, you can use the free tier vps from oracle cloud or Google cloud. They are small, but are more than enough for this load.

Reading the white paper you find the “serverless” has servers. Each community needs to be always online to serve captchas to posters. The system is federated on community level, instead of instance level, and uses DHT instead of DNS.

Authentication bypass should give you interactive access. “I’m in” like. Remote code execution only allows you to run a command, without permanent access. You can use some RCE vulnerabilities to bypass authentication, but not all.