microsoft

104 Articles

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

April 17, 2026 by 5 Comments

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the 2024 bug, the authentication system could be tricked into passing a zero-length request to the authentication handler. In the modern vulnerability, the system can be tricked into removing a too-large authentication request and passing a zero-length request to the authentication handler.

In both cases, the authentication system may not properly handle the malformed request and allow creation of docker images with access to stored credentials and secrets.

Bugs like these are increasing in visibility because AI agents running in Docker, like OpenClaw, may be tricked via prompt injection into leveraging the vulnerability.

Windows CPU Tools Compromised

videocardz.com notes that the popular Windows monitoring software Cpu-Z and HWMonitor appear to have been compromised. Reports indicate that the download site was compromised, not the actual packages, but that it was redirecting update requests to packages including malware. While the site has been repaired, unfortunately it looks like there is no warning to users that the downloads were compromised for a period of time.

Anecdotally, there has been a rash of Discord account takeovers in the past week, where long-standing accounts in multiple servers have been compromised and turned into spambots. While there is no evidence these events are linked, clearly a new credential or authentication stealing malware is in play, which involves stealing credentials from Discord.

X.Org and XWayland Updated

The X.Org and XWayland servers saw security updates this week, fixing a handful of vulnerabilities involving uninitialized memory use, use-after-free, and reading beyond the end of a buffer.

The vulnerabilities are generally classified as “moderate”, but of course, don’t leave known vulnerabilities when you can avoid it! Fixed releases should find their way into distributions soon.

Continue reading “This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday”

Microsoft Finally Ups FAT32 Size Limit

April 17, 2026 by 38 Comments

You probably don’t spend a lot of time using the FAT32 file system anymore, since it’s thoroughly been superseded many times over. Even so, Microsoft has seen fit to deliver an upgrade for FAT32 for the latest Windows 11 Insider Preview build. Finally, the stock Windows tools will let you format a FAT32 drive up to 2 TB instead of locking you to a 32 GB maximum!

The size limit was never baked into the FAT32 spec itself. With a 32-bit field for counting sectors, the file system supports up to 2 TB volumes with 512-byte sectors. However, as explained by former Microsoft developer [Dave Plummer], it just so happened that the 32 GB limit came about because of a random decision made when slapping together the Format dialogue box over 30 years ago.

The pending change was first announced in 2024, affecting the command line format tool as well. It’s actually been possible to create larger FAT32 volumes for some time, you just couldn’t easily do it with Microsoft’s standard formatting tools.

FAT32 is still a terrible file system to use in 2026, mostly because it has a hard limit on file size that tops out at 4 GB. It’ll ruin your life if you’re shooting HD or 4K video. We often don’t spend a lot of time musing over file systems in detail, but they’re right at the heart of everything we do on our computers on a daily basis. Sometimes, it bears thinking about!

Ask Hackaday: Using CoPilot? Are You Entertained?

April 1, 2026 by 55 Comments

There’s a great debate these days about what the current crop of AI chatbots should and shouldn’t do for you. We aren’t wise enough to know the answer, but we were interested in hearing what is, apparently, Microsoft’s take on it. Looking at their terms of service for Copilot, we read in the original bold:

Copilot is for entertainment purposes only. It can make mistakes, and it may not work as intended. Don’t rely on Copilot for important advice. Use Copilot at your own risk.

While that’s good advice, we are pretty sure we’ve seen people use LLMs, including Copilot, for decidedly non-entertaining tasks. But, at least for now, if you are using Copilot for non-entertainment purposes, you are violating the terms of service.

Continue reading “Ask Hackaday: Using CoPilot? Are You Entertained?”

Inside Project Silica, Now On Bakeware

February 27, 2026 by 35 Comments

You see it all the time in science fiction: the heroes find old data, read it, and learn how to save the day. But how realistic is that? Forget aliens. Could you read a stack of punch cards or a 9-track tape right now? Probably not, and those are just a handful of decades in the past. Fast forward a few centuries, and punch cards will decay, and tapes will lose their coating. More modern storage is just as bad. It simply isn’t made to last for thousands of years. Microsoft has Project Silica, which aims to store data in quartz glass with a potential lifetime of many thousands of years.

As you might expect, this is a write-once technology. Lasers write the data, and polarization-sensitive microscopes read it back. Electromagnetic fields don’t matter. You can’t accidentally change the data while reading. A square glass platter the size of a DVD can hold about 7 TB of data.

While the program is not a new one, they’ve recently published results using ordinary borosilicate glass (like your Pyrex baking dish is made from) as a storage medium. They say writing is also more efficient, and reading now requires only one camera instead of the three in the original system. The paper identifies birefringent voxel writing, phase voxels, and more.

Obviously, this isn’t for the casual project. But we have to wonder if hackers could do something similar with lower densities, for example. Unlike other methods we’ve seen, no DNA is involved.

Continue reading “Inside Project Silica, Now On Bakeware”

Hackaday Links Column Banner

Hackaday Links: February 8, 2026

February 8, 2026 by 8 Comments

We start this week with a bit of a good news/bad news situation. On February 6th, the Relativistic Heavy Ion Collider (RHIC) was shut down after 25 years of operation. Located at Brookhaven National Laboratory in Upton, New York, the RHIC was the only operating particle collider in the United States, and along with the Large Hadron Collider (LHC), was one of only two heavy-ion colliders in existence.

So that’s the bad news. The good news is that the RHIC is going dark so that the Electron-Ion Collider (EIC) can take its place. Planned for activation in the mid-2030s, the EIC will occupy the same tunnel as the RHIC and reuse much of the same hardware. As the name implies, it will be used to collide electrons.

Switching gears (no pun intended) to the world of self-driving cars, Waymo’s chief safety officer, Dr. Mauricio Peña, made a surprising admission this week during a U.S. Senate hearing. When asked what his company’s vehicles do when they are presented with a situation that their on-board systems can’t resolve, Dr. Peña explained that they would contact a human “remote assistance operator.” He further clarified that these individuals, located both in the US and the Philippines, don’t literally drive the car remotely. Still, Senator Ed Markey of Massachusetts questioned not only the company’s transparency on the issue of remote assistance, but the idea that individuals overseas could be making decisions on how vehicles should operate on US roadways.

Continue reading “Hackaday Links: February 8, 2026”

Whipping Up A Quick Adapter To Hack The Xbox 360

January 30, 2026 by 2 Comments

[Androxilogin] had a problem. An Xbox 360 Slim had shown up in the post, but failed to give much more than a beep when turned on. Disassembly revealed some missing components, but replacing them failed to breathe life into the beleaguered console. Deeper repair was needed, and that would require a special adapter which [Androxilogin] was able to whip up from scratch.

When it comes to the Corona models of the Xbox 360, it’s often necessary to use something called a “post-fix adapter” to do certain diagnostic and repair tasks. These adapters consist of a bracket which wraps around the CPU, and probes the solder ball for the POST_OUT signal which is otherwise difficult to access on the motherboard itself. Adapters are readily available online, and are usually manufactured as a PCB with a protruding contact to make a connection.

For [Androxilogin], though, time was short. Rather than wait for adapters to ship, it was quicker to whip up a custom piece to do the same job. This was achieved with a 3D print which was able to clamp around the CPU, while snugly holding a piece of tinned 30 AWG wire to poke the critical point beneath the chip. After a couple of attempts to get the sizing just right, [Androxilogin] was able to make the necessary connection which enabled installing Xell Loader on to the machine to bring it back to life.

If you’re eager to make your own post-fix adapter, files are available on Printables, with more details over on Reddit to boot. While the Xbox 360 is starting to suffer some awkward symptoms of age. we nevertheless still see a steady stream of hacks come in for this vintage machine. If you’re tackling your own retro console mods, be sure to notify the tipsline.

This Unlikely Microsoft Prediction Might Just Hit The Mark

January 25, 2026 by 108 Comments

It’s fair to say that there are many people in our community who just love to dunk on Microsoft Windows. It’s an easy win, after all, the dominant player in the PC operating system market has a long history of dunking on free software, and let’s face it, today’s Windows doesn’t offer a good experience. But what might the future hold? [Mason] has an unexpected prediction: that Microsoft will eventually move towards offering a Windows-themed Linux distro instead of a descendant of today’s Windows.

The very idea is sure to cause mirth, but on a little sober reflection, it’s not such a crazy one. Windows 11 is slow and unfriendly, and increasingly it’s losing the position once enjoyed by its ancestors. The desktop (or laptop) PC is no longer the default computing experience, and what to do about that must be a big headache for the Redmond company. Even gaming, once a stronghold for Windows, is being lost to competitors such as Valve’s Steam OS, so it wouldn’t be outlandish for them to wonder whether the old embrace-and-extend strategy could be tried on the Linux desktop.

We do not possess a working crystal ball here at Hackaday, so we’ll hold off hailing a Microsoft desktop Linux. But we have to admit it’s not an impossible future, having seen Apple reinvent their OS in the past using BSD, and even Microsoft bring out a cloud Linux distro. If you can’t wait, you’ll have to make do with a Windows skin, WINE, and the .NET runtime on your current Linux box.