Trump is forcing states to funnel grant money to Starlink, Senate Democrats say
Overhaul of $42 billion program could delay deployment for years, Democrats warn.
https://arstechnica.com/tech-policy/2025/06/trump-is-forcing-states-to-funnel-grant-money-to-starlink-senate-democrats-say/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Updating talk slides so you all get to be horrified along with me at the current Starlink numbers.

There are now 7,652 Starlink satellites in orbit (>500 more than there were in February, when I last updated these particular slides).

2-3 Starlinks per day are burning up in the atmosphere. That's a lot of weird metal in the atmosphere (and undoubtedly lots of random bits getting to the ground too).

Starlink is a stupidly wasteful and dangerous way to use orbit.

@cryptrz Does @opensuse mean nothing to you? #microOS ftw

I imagine they're pulling this because it's a product with "enterprise" in the name though, albeit nonsense. Pay to have someone to blame, as they say...

@lattera give us the highlights reel! why should the lowly consumer of said software want to use this instead of the official version straight from the source?

#mitmproxy is on the plate this week, with a twist in post topic on the roguesecurity.dev tech blog. This one touches on some more offensive security and research type activities more in line with #bugbounty and #pentesting methodologies.

Decrypt TLS traffic and inspect the gooey interior!

https://roguesecurity.dev/blog/mitmproxy-podman

@kajer proxmoxVE is your friend. :)

@kajer yeah 100% agreed on OPNSense being the clear choice here. I switched at the onset of the wireguard drama and haven't looked back. It's wonderful. I've done active/passive failover before but never messed with state killing. Glad you have a plan in front of you that involves OPNSense though!

@kajer Does OPNSense handle state tracking differently...? I love OPNSense and wholly support moving to it, but are you sure you're going to see different behavior?

Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/

@brian_greenberg Did you have chatGPT write this post for you? It smells a lot like an LLM.

@todb this reads like they still have RSS, just not the same one.

"These announcements will only be shared through CISA social media platforms, email, and RSS feeds and will no longer be listed on our Cybersecurity Alerts & Advisories webpage."

"Note: If you’ve previously used RSS feeds to track Known Exploited Vulnerabilities Catalog updates, please subscribe to the KEV subscription topic through GovDelivery to continue receiving notifications."

@SecurityWriter JA4+ enrichment and L3 correlation, it is the way. Any tool that bootstraps #zeek works well. I'm sure plenty of commercial network appliances can enrich similarly too.

@wolfinpdx wireshark and tshark for the command line are sort of the gold standard. If you're not doing complex things and can boil it down to a BPF, then you can use tcpdump too, but the wireshark filter syntax is going likely be something you have to master if you're going to be working with pcaps

Check out Part 2: https://roguesecurity.dev/blog/opnsense-loki-part2 with the pretty dashboard.

@Lockdownyourlife I semi-recently did the same, and it was painful. This doesn't help either: https://tosdr.org/en/service/244

This is an underdocumented topic in my opinion, so I wrote up a blog on #Grafana #Loki logging of #OPNSense firewall logs through Alloy!

https://roguesecurity.dev/blog/opnsense-loki

Young people deserve the right to privacy. Florida’s SB 868 is a dangerous bill that intends to decrypt teens’ private messages, ban disappearing messages, and allow unrestricted parental access to private messages. Stripping away the safeguards that encryption provides puts everyone at risk. https://www.eff.org/deeplinks/2025/04/floridas-anti-encryption-bill-wrecking-ball-privacy-theres-still-time-stop-it

And Part 2 is live now as well, digging into Headscale itself: https://roguesecurity.dev/blog/headscale-quadlet-part2

I've decided that rather than just taking notes in my own wiki to be forgotten I'm going to start a rudimentary blog.

Here's post 1 of 2 on running #traefik in #podman with Quadlets. The end goal in part 2 will be getting #headscale running for a fully controlled #tailscale VPN. Stay tuned!

https://roguesecurity.dev/blog/headscale-quadlet

@majorlinux What a terrible way to portray the news about MITRE CVE funding cuts: "Security database used by apple..." -- the implication here is disappointing. It is a vulnerability collection and authority used by THE WORLD.