Set your expectations: networking is complex and the configuration you’re hoping for is particularly complex. It sounds to me like you’re looking for a split-horizon configuration where local traffic stays local but internet traffic is routed over VPN. But also you want that configuration only for specific apps.

It’s not the *arr programs that are tricky, it’s that any service you try to configure this way will be some of the hardest sysadmin work.

Thanks for linking that. Reading the paper, it looks like the majority of the “self-host” population they’re capturing is people who have a WordPress site. By my reading, the wording of the paper would disqualify a wordpress.com-hosted site as “self-hosted”. But I’d be very suspicious of their methodology and would expect that quite a few people who use WP-hosted reported as self-hosted because the language is pretty confusing.

Commercial software has advertising: people whose job is to advertise it. That means TV and web ads for Bluesky, influencers talking about it. It also means a team of software engineers building parts of the system specifically to draw people in, whereas non-commercial software often rejects that (lack of infinite-scroll on Lemmy’s default UI, for example).

Activity Pub also requires a different mind-set that doesn’t exist elsewhere on the internet today. You need to decide which instance to join, or maybe to host your own instance. But it doesn’t really matter, because you can federate with other instances. But you have to drive some of that federation, so it does matter a little. It’s pretty complex and confusing and its a problem that only exists in this one niche of software.

Bluesky gives you an infinite feed that feels like you’re connected to the entire Internet without you doing any work. I think the AP service are doing really well, considering what they’re up against.

Based on the article, it seems like cult-follower behavior. Not everyone is susceptible to cults (I think it’s a combo of individual brain and life-circumstances), but I wouldn’t say, “eh, it’s not the cult’s fault that these delusional people killed themselves!”

To someone watching network traffic, a VPN connection looks like two machines exchanging encrypted packets. You can’t see the actual data inside the packet, but you can see all the metadata (who it’s addressed to, how big it is, whether its TCP or UDP, when it’s sent). From the metadata, you can make guesses about the content and VPN would be pretty easy to guess.

When sending a packet over the Internet, there’s two parts of the address: the IP address and the port. The IP address is a specific Internet location, blocks of IP addresses are owned by groups (who owns what is public info) and there are many services that do geo-ip mappings. So if you’re connecting to an IP address that belongs to a known VPN provider, that’s easy.

The second part of the address is the port-number. Servers choose port-numbers to listen to and the common convention is to use well-known ports. So, for example, HTTPS traffic is on port 443. If you see a computer making a lot of requests to port 443, even though the traffic is encrypted we can guess that they’re browsing the web. Wikipedia has a list (which is incomplete because new software can be written at any time and make up a new port that it prefers) and you can see lots of VPN software on there. If you’re connecting to a port that’s known to be used by VPN software, we can guess that you’re using VPN software.

Once you’re running VPN software on an unknown machine and have configured it to use a non-standard port, it’s a bit harder to tell what’s happening, but it’s still possible to make a pretty confident guess. Some VPN setups use “split-tunnel” where some traffic goes over VPN and some over the public Internet. (This is most common in corporate use where private company traffic goes in the tunnel, but browsing Lemmy would go over public.) Sometimes, DNS doesn’t go through the VPN which is a big give-away: you looked up “foo.com” and sent traffic to 172.67.137.159. Then you looked up “bar.org” and sent traffic to the same 172.67.137.159. Odds are that thing is a VPN (or other proxy).

Finally, you can just look at more complex patterns in the traffic. If you’re interested, you could install Wireshark or just run tcpdump and watch your own network traffic. Basic web-browsing is very visible: you send a small request (“HTTP GET /index.html”) and you get a much bigger response back. Then you send a flurry of smaller requests for all the page elements and get a bunch of bigger responses. Then there’s a huuuuge pause. Different protocols will have different shapes (a MOBA game would probably show more even traffic back-and-forth).

You wouldn’t be able to be absolutely confident with this, but over enough time and people you can get very close. Or you can just be a bit aggressive and incorrectly mark things as VPNs.

Not an answer to your question, but I thought this was a nice article for getting some basic grounding on the new AI stuff: https://arstechnica.com/science/2023/07/a-jargon-free-explanation-of-how-ai-large-language-models-work/

I have no idea how well it works in reality, but I can imagine the Lifetime Pass being a good business model for them: only the most enthusiastic user will pay for 3 years up front (lifetime currently costs 3x the yearly). So when they get a Lifetime pass they’re getting 3 years paid up front and an evangelist who will probably tell their friends about Plex. If that Lifetime subscriber gets even one person to sign up for a yearly sub who otherwise wouldn’t have, then Plex came out ahead.

Sure, I’m not saying Plex has to do a single-payment model. Just that it’s a think that’s been done successfully (and for longer than Plex has existed). Everyone’s pushing subscription models so hard that it’s easy to think “this is the only possible way that anything can work”.

I like my Shield TV: https://www.nvidia.com/en-us/shield/shield-tv/

I did need to install a custom launcher on it when the standard AndroidTV launcher added ads.

Lots of businesses have and do exist without a subscription model. I’m fond of the Paprika Recipe Manager, for example, which asks a one-time payment for each major version. All commercial software worked this way in the 80s.