Exploring CPUs, motherboards, overclocking, building your own PC, case mods, PC brands, handhelds, peripherals of all types, DVDs, CD burners, hardware-specific software, device drivers, and anything else related to hardware.
The The Restaurant at the Edge of the Universe, previously known as The Water Cooler, is a place to post stuff that has absolutely nothing at all to do with computers, broadband, Scot's Newsletter, or anything that's "supposed" to be here.
I usually keep quiet about my sources when mentioning Debian. I have a PPA for Flacon, had one until recently for PulseEffects but it's now in Debian repos, use Syncthing from its own repo as the Debian one has a minor annoyance which the upstream one doesn't, plus a Suse OBS repo for Strawberry music player (it's actually built for Debian by one of the MX devs).
So technically I have a Frankendebian. No issues with anything from those repos though. But regularly we see people at Debian and MX forums who add outside repos and FUBAR their system.
With KVM/QEMU and virt-manager, there's usually a way to do what you want but you may have to do some research and get your hands dirty with manual configs. It does often work better than anything else once you're up and running.
I predict that will be fixed before you can count to Jack Robinson.
No VPN here, and no "loose" setting in sysctl.conf either. I didn't see a way in either of those articles to actually test vulnerability.
There is a setting commented out which is said to mitigate this if you uncomment:
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks