Comments on: This Week in Security: Microsoft on Microsoft, Register Your Domains, Linux on ARM, and FreeBSD Joins the File Cache Club https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/ Fresh hacks every day Sat, 13 Jun 2026 20:51:38 +0000 hourly 1 https://wordpress.org/?v=7.0 By: Christian https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308850 Sat, 13 Jun 2026 20:51:38 +0000 https://hackaday.com/?p=1117170#comment-8308850 In reply to Miles.

Not terrible. Looks to be around $120 for two enclosures, a cable and an adapter.

]]>
By: Christian https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308829 Sat, 13 Jun 2026 19:20:50 +0000 https://hackaday.com/?p=1117170#comment-8308829 In reply to Ostracus.

After looking at it, seems costly when you have sata already and only need a boot drive swap.

]]>
By: PointyOintment https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308803 Sat, 13 Jun 2026 17:16:52 +0000 https://hackaday.com/?p=1117170#comment-8308803 In reply to BiggerThingToFear.

I’m not Mike, and I haven’t looked at those yet, but from the first one’s slug it seems related to these:
https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/
https://blog.cloudflare.com/end-cloudflare-captcha/
https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/
https://developer.apple.com/news/?id=huqjyh7k
https://www.fastly.com/blog/private-access-tokens-stepping-into-the-privacy-respecting-captcha-less
https://friendlycaptcha.com/insights/private-access-tokens-potential/

Those are just DuckDuckGo search results from a few weeks ago when I saw the term “Private Access Token” somewhere from Cloudflare and looked it up. They talk about how much better they are for UX and privacy, but my main feeling when I read the first one (which is the only one I’ve really read, the others just having been left open in background tabs waiting for me to get back to them) was terror.

Cloudflare already has an unhealthy amount of power over the web (and maybe the rest of the internet too, but IDK) due to the popularity and working principle of their DDoS protection service, which is only growing IME, and this seems likely to increase that popularity due to the better UX and first-mover advantage.

I, like many people around here, like to use unconventional devices and software at least occasionally, and I guess those are never going to work with PATs.

They talk about the data being separated between Cloudflare (or another security service provider)—who knows only what website you’re visiting—and your device’s manufacturer—who knows only a bunch of data about hardware usage that they use to calculate that it’s being operated by a human—but currently most hardware manufacturers presumably don’t collect most of that data, and almost certainly not several times per day. And if you choose not to send your manufacturer such data (if they even allow you to choose that), then I guess you don’t get to use PATs.

If PATs are actually a good thing for users (all users, not just those who have the most potential to give big companies more money), then they didn’t do a good job of explaining how.

And it’s no surprise that the first hardware partner is the company best known for walled-gardenism. (Apple is good on user privacy, though.)

]]>
By: PointyOintment https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308793 Sat, 13 Jun 2026 16:23:15 +0000 https://hackaday.com/?p=1117170#comment-8308793 In reply to Anonymous.

Is it possible to configure (or, if they’re open-source and no easier option exists, modify) your systems to wait a few days between a new version coming out and them installing it? Obviously, that would also impact actual urgent security updates, but you could manually approve those after an out-of-band notification, such as a post on the project’s blog.

Sooner or later someone might come up with a code signing scheme where two (or some other plural number) separate developers of a project have to sign each release with keys (or parts of a common key—I don’t remember exactly how this works or what it’s called to be able to look it up) they each uniquely hold. Actually, maybe that already exists?

]]>
By: BiggerThingToFear https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308758 Sat, 13 Jun 2026 13:01:46 +0000 https://hackaday.com/?p=1117170#comment-8308758 There is much more worrying security news, playing out slowly enough not to be so easily noticed, which everyone seems to be ignoring, see here: https://dailysceptic.org/2026/06/05/googles-new-captcha-plans-will-create-a-two-tier-internet-only-accessible-to-those-with-approved-devices/ https://grapheneos.social/@GrapheneOS/116550899908879585 https://www.dedoimedo.com/computers/qr-codes.html Mike K., please do take a look at that stuff.

]]>
By: Foldi-One https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308744 Sat, 13 Jun 2026 10:41:13 +0000 https://hackaday.com/?p=1117170#comment-8308744 In reply to Anonymous.

No solution including entirely separate machines is a complete safety net, as presumably they will all be on your home network, likely use some of the same USB peripheral (which may be purchased bad or polluted by bad actors – for instance the Logitech unifying receivers are so common as are relatively normal hobby micro’s running qmk, making a large enough user pool that it could be worth targeting their upgrade mechanisms) etc. So unless you have really insane attention to all the details there is always a vector for the bad guys.

But practically it isn’t that bad to do well enough on a single computer, if you have a Linux host machine and VM’s you can use VirGL to share the one GPU between them all at once if you must which will help with isolation of your varied uses and the budget for real performance from both. But ultimately I’d suggest just get a CPU with onboard, for 99% of folks that do want a ‘real’ GPU on both the ‘secure’ host and the ‘dirty’ guests you still only need 1 really performant GPU so any onboard graphics capability is probably good enough. Though if you are building a new system Strix Halo like the framework desktop might be the right choice – that onboard GPU is a monster, the RAM allocation between CPU and GPU is flexible and can come from a pretty huge pool, though Rampocalipse has driven the prices up heaps. But even then its actually really good value – a GPU that is more flexible than any consumer one able to address way more RAM if LLM etc is part of you use case and still in the modern rather high end discrete GPU performance bracket, its no 5090 by all accounts, probably not quite a 4090 but you didn’t pay 4090 prices for a complete working system with performant CPU cores and lots of RAM too…

Or and this is the choice I effectively made do just have separate computers, and external boot drives (or perhaps network boot from the ‘secure’ machine) for some uses – as likely your secure isolated ones and/or riskier tasks don’t all need anything hugely performant and you don’t need to be quite so paranoid that the BIOS level sort of bug can make the external SSD/SD card insufficient isolation when you boot into a whole new filesystem on a new drive etc. So Pi4 upward, steamdeck, older system that isn’t up to the games you play, perhaps a 2nd hand surplus business machine can all provide a pretty cheap better than virtualiseation type methods level of safety.

]]>
By: Miles https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/#comment-8308696 Sat, 13 Jun 2026 02:59:32 +0000 https://hackaday.com/?p=1117170#comment-8308696 In reply to P.

Depends on what your needs are, on one hand $600 can get you started with B860 and Ultra 270K and some (~32GB) RAM.

On the other hand $600 goes a good way toward a few 6-core machines of varying ages (if your needs are fairly low something like Coffeetime BIOS mod can get a $45 Xeon E3 chip runnin on a DDR3 consumer motherboard. Performs between an 8700 and an 8700K).

]]>