True that. Hadn’t thought of that as it’s not my typical VPN use case.
I’m not sure what a VPN provider could do about that though, they don’t control the operating system’s networking stack. If the user or an outside process that the user decides to trust (i.e. a dhcp server) adds its own network routes, the OS will follow it and route traffic outside of the tunnel.
The defenses I see against it are:
Run the VPN and everything that needs to go through the VPN in a virtualized, non-bridged environment so it’s unaffected by the routing table.
Put a NAT-ing device in between your computer and the network you want to use
Modify the DHCP client so that option 121 is rejected
Edit: thinking about it some more, on Linux at least the VPN client could add some iptables rules that block traffic going through any other interface than the tunnel device (i.e. if it’s not through tun0 or wg0, drop it). Network routes can’t bypass iptables rules, so that should work. It will have the side effect that the VPN connection will appear not to work if someone is using the option 121 trick though, but at least you would know something funny was happening.
Oh and don’t forget to take backups of your /home. Thats good practice for every desktop environment.
The config files of the major desktop environments have become a mess though. Plasma absolutely shits files all over ~/.config and /.local/share where they sit mingled together with the config files of all your other applications and most of it is thoroughly undocumented. I’ve been in the situation where I wanted to restore a previous state of my Plasma desktop from my backups or just start with a clean default desktop and there is just no straightforward way to do that, short of nuking all your configurations.
Doing a quick find query in my current home directory, there are 57 directories and 79 config files that have either plasma or kde in the name, and that doesn’t even include all the /.config/* files belonging to plasma or kde components that don’t have it in their name explicitly (e.g. dolphinrc, katerc, kwinrc, powerdevilrc, bluedevilglobalrc , …)
It was much simpler in the old days when you just had something like a ~/.fvwmrc file that was easy to backup and restore, even early kde used to store everything together in a ~/.kde directory.
apt purge nano is one of the first things I do on a new Debian installation. Much easier to remember than having to use update-alternatives, select-editor and the $EDITOR variable to convince the likes of vigr,vipw, visudo,crontab -e,… that I really want to use vim as my primary editor.
Not really, because you’re now going to make it do more, i.e. incorporate the functionality of sudo and expose it to user input. So unless you can prove that the newly written code is somehow inherently more secure than sudo’s existing code, the attack surface is exactly the same.
I wonder if it’s possible to run their remapping program in a Windows virtual machine.
That should work if you can pass through the entire USB host device to the VM.
I do this with my QK80, which also has Windows only software. I have a KVM virtual machine with Windows, and when I want to configure the QK80, I use the “pass through USB host device” option to give it direct access to the keyboard, and run the software in the VM. It works fine.
If you do this, you temporarily need to connect a second keyboard though because as soon as you pass through the keyboard to the VM it becomes inaccessible for the host OS.
Ubuntu used to bring a bit of spit and polish at a time when most Linux distros lacked that. Nowadays it brings nothing worthwhile to the table anymore, it’s just brand recognition, but what it does bring is aggravation for experienced users.
I had this realization a few years ago when I found myself fighting against 20.04 and I asked myself: what exactly is Ubuntu doing for me that plain Debian can’t? The answer was nothing really, so I moved all my Ubuntu VMs over to Debian Bullseye and never looked back.