As I mentioned in the mailing list post, the Microsoft paperwork shuffling matter got dealt with rather quickly, following all the attention the HN thread from the other day got. And now we're finally out with an update!
NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...
All and all, a fun release, and I'm happy to have the Windows release train cooking again.
sammy2255 39 minutes ago [-]
Good to know everything was resolved, but did you ever find out why your signing account was suspended? That's not something you brush off as haha silly Microsoft..
Leherenn 27 minutes ago [-]
Apparently it's quite widespread, so I would assume a bug on their side. That's what support seemed to imply at least. We're still blocked at my company for one month+ now.
PeterStuer 2 minutes ago [-]
"so I would assume a bug on their side"
Why a "bug".
Xunjin 30 minutes ago [-]
They should definitely put up a statement addressing it. Moreover what they plan in the future to avoid such traumatic event, this is not a “simple sign program”, this touches fundamental parts of the OS.
BLKNSLVR 60 minutes ago [-]
Off topic: Thanks for wireguard. It is a truly great piece of software.
16 minutes ago [-]
c0l0 51 minutes ago [-]
As a wireguard user myself (even on the lone Windows machine that I still begrundingly have), I am happy that this problem could have been resolved. I am just wondering - if there had not been this kind of public outcry and outrage that Mr. Donenfeld discounts in his announcement message, would the issue have been fixed by now?
What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!
The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.
x0x0 35 minutes ago [-]
I got a modestly-similar situation resolved by buying a support package and spending 4+ hours across ... not sure, but probably 4-5 support calls? It's been 5 years. If memory serves it was the $200/mo support package for Azure.
In retrospect, I should have not spent 3 weeks trying to get their incompetent software to work and just gone straight to phone calls. And at least in my case, the support agents seemed broadly unfamiliar, but seemed to have access to higher-priority internal case submission which did finally get to someone who could fix my issue.
maltris 46 minutes ago [-]
LibreOffice, VeraCrypt, WireGuard. 2 questions:
Whats next?
Is that a pattern?
ChocolateGod 26 minutes ago [-]
What has LibreOffice got to do with any of this?
IshKebab 5 minutes ago [-]
I don't think you can let them off that easily, given that the only effective support channel was "get to the front page of hacker news", which isn't usually an option.
manbash 1 hours ago [-]
Happy to see it resolved and I hope the other developers are able to have the same experience.
By the way, was it only for the Windows application, or was wireguard-go was also affected?
zx2c4 1 hours ago [-]
This was just for WireGuardNT, the kernel driver for the NT kernel that Windows uses.
>The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.
it was a bit crazy how quickly people got conspiracy-minded about it.
microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.
any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.
anonymous908213 1 hours ago [-]
> incompetence is always more likely than malice.
"Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"
john_strinlai 1 hours ago [-]
i am positive that you understand the spirit of what that saying means.
incompetence is always more likely than [intentional, directed] malice.
microsoft employees did not deliberately attack the wireguard project with a goal of taking it down for whatever grand scheme people's hatred cooks up. if you have evidence that microsoft did this deliberately to ruin the wireguard project, please forward it along to jason (the wireguard maintainer) and several news outlets.
tialaramex 40 minutes ago [-]
Where possible I recommend not caring because figuring out whether malice was present is difficult and you can likely address a problem without needing to be sure.
For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.
Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.
john_strinlai 39 minutes ago [-]
>Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.
i am quoting the maintainer of the project. take it up with them if you think microsoft coordinated a directed attack on their project.
mlyle 27 minutes ago [-]
I think you're missing the point of the person you're replying to.
It's really easy to end up with procedural machinery that makes it unpleasant for other entities that you don't like.
It seems to get the things that you do like and value less often. Why? Because you think about the consequences to what you consider important and you're inclined to ignore potential consequences to those you oppose or are competing with.
The Vogons weren't necessarily overtly malicious when they obliterated Earth.
ImPostingOnHN 22 minutes ago [-]
"hostage speaks well of hostage-taker"
john_strinlai 21 minutes ago [-]
if you think i am defending microsoft, your hatred has blinded you to what my comments are actually saying.
ImPostingOnHN 12 minutes ago [-]
Why would I think that? That isn't a sensible conclusion from what I posted. I think you replied to the wrong post
Regardless of what the maintainer says of their abuser after being abused, the point I think you are getting stuck on is this:
Creating a system which locks you out if you don't speak to a human isn't de-facto malicious.
Having support where you can't speak to a human isn't de-facto malicious, either.
Doing both at the same time, however, is de-facto malicious. Some executives likely got bonuses for doing it, too.
john_strinlai 9 minutes ago [-]
you said "hostage speaks well of hostage-taker" in response to my comment.
i interpreted that as you saying i am the hostage of microsoft, and have stockholm syndrome, therefor am speaking well of (defending) microsoft.
if i misinterpreted that, my bad. are you calling jason the hostage?
ImPostingOnHN 2 minutes ago [-]
Yes, the maintainer continues to be held hostage by Microsoft, so it is no surprise that they don't publicly denounce Microsoft or ascribe ill intent or in any way speak ill of Microsoft.
bronson 51 minutes ago [-]
And I'm positive that you understand the spirit of the post you're replying to.
The saying implies that incompetence and malice are polar opposites. They're not.
john_strinlai 49 minutes ago [-]
>The saying implies that incompetence and malice are polar opposites.
it does not
wtallis 46 minutes ago [-]
Microsoft's incompetence is certainly reckless at a minimum, and often manifests in ways that come across as misanthropic toward their users. They don't really fit the pattern of mere bumbling fools.
john_strinlai 44 minutes ago [-]
sure!
my point was that it wasnt a deliberate conspiracy/attack to fuck over wireguard, which would be an absolutely crazy story if it were true.
acedTrex 52 minutes ago [-]
And the person you are responding is asserting that the response to incompetence of this level should be the SAME as if it directed and intentional malice. Which is a completely valid way to view a fuckup like this.
john_strinlai 40 minutes ago [-]
>response to incompetence of this level should be the SAME
sure.
but this was not a deliberate attack by microsoft employees to shutdown wireguard. that is what i was trying to say and the essence of the quote in question.
acedTrex 17 minutes ago [-]
They are saying that "deliberate attack" or not does not matter and is not worth pointing out. The response is the same so its a worthless point.
john_strinlai 14 minutes ago [-]
whether something is a deliberate attack or not is not worth pointing out?
its, like, the only thing worth pointing out. if microsoft is deliberately targeting projects and literally attacking them, that would be huge fucking news. like crazy news. lawsuits galore.
r14c 50 minutes ago [-]
I mean, sure, but at a certain point negligent incompetence is directly harmful and the motives or lack thereof are just context.
john_strinlai 46 minutes ago [-]
"just context" is important.
i get that everyone has a frothing-at-the-mouth extreme hatred to microsoft and its employees. but microsoft did not say "fuck jason, fuck wireguard, lets try and shut that down". that would be a way different story.
r14c 25 minutes ago [-]
What's the accountability mechanism here? Make a big fuss online and hope the bad press outweighs the negligence?
john_strinlai 22 minutes ago [-]
i point out in my original comment that i think it is stupid that the only way to resolve this sort of thing is via social media. i think it is insane. and the lack of accountability is also crazy, given the influence microsoft (and other big tech) has over everyday life.
i think people are reading my comment as some sort of defense of microsoft. its not.
all i wanted to emphasize was that this incident, while obviously ridiculous, did not come about because a bunch of microsoft employees sat in a cigar-smoke filled room saying "lets destroy wireguard".
trinsic2 34 minutes ago [-]
It doesn't matter. They are doing things that are clearly hostile to users, they should pay dearly for it.
john_strinlai 31 minutes ago [-]
get mad at the shitty stuff they do (there is a lot!), not the fictitious things people come up with in hn comments.
trinsic2 38 minutes ago [-]
With the way things are going right now with all the corruption in governments and corporations were way past the point of giving the benefit of the doubt. These organizations are clearly making changes to their OS's to slowly remove user control.
Everything should be treat as suspicious moving forward and I am glad of the skepticism.
sscaryterry 30 minutes ago [-]
The question is, did they notify the user that the account was blocked, or was it done silently? My money is on the latter, obviously I don’t know, just my guess. Was there a reason? Blocked is semantically harsher, than it has been disabled.
billziss 14 minutes ago [-]
It was done silently. I am one of the affected developers and my software is the open source file system driver WinFsp:
Conspiracy 1: rules from on-high about encryption projects to be suppressed. Debunked.
Conspiracy 2: Copilot all the things! Probably not too far off.
john_strinlai 58 minutes ago [-]
i think they have explicitly made it clear that they want to copilot all of the things (unfortunately), so i dont quite file it under the conspiracy label.
Rendered at 17:11:55 GMT+0000 (Coordinated Universal Time) with Vercel.
NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...
All and all, a fun release, and I'm happy to have the Windows release train cooking again.
Why a "bug".
What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!
The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.
In retrospect, I should have not spent 3 weeks trying to get their incompetent software to work and just gone straight to phone calls. And at least in my case, the support agents seemed broadly unfamiliar, but seemed to have access to higher-priority internal case submission which did finally get to someone who could fix my issue.
Whats next?
Is that a pattern?
By the way, was it only for the Windows application, or was wireguard-go was also affected?
This project -- https://git.zx2c4.com/wireguard-nt/about/ -- is used by this app -- https://git.zx2c4.com/wireguard-windows/about/ . The former is what the signing situation was about. The latter is just signed using a normal boring (but very expensive!) EV code signing certificate from one of the CAs.
it was a bit crazy how quickly people got conspiracy-minded about it.
microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.
any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.
"Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"
incompetence is always more likely than [intentional, directed] malice.
microsoft employees did not deliberately attack the wireguard project with a goal of taking it down for whatever grand scheme people's hatred cooks up. if you have evidence that microsoft did this deliberately to ruin the wireguard project, please forward it along to jason (the wireguard maintainer) and several news outlets.
For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.
Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.
i am quoting the maintainer of the project. take it up with them if you think microsoft coordinated a directed attack on their project.
It's really easy to end up with procedural machinery that makes it unpleasant for other entities that you don't like.
It seems to get the things that you do like and value less often. Why? Because you think about the consequences to what you consider important and you're inclined to ignore potential consequences to those you oppose or are competing with.
The Vogons weren't necessarily overtly malicious when they obliterated Earth.
Regardless of what the maintainer says of their abuser after being abused, the point I think you are getting stuck on is this:
Creating a system which locks you out if you don't speak to a human isn't de-facto malicious.
Having support where you can't speak to a human isn't de-facto malicious, either.
Doing both at the same time, however, is de-facto malicious. Some executives likely got bonuses for doing it, too.
i interpreted that as you saying i am the hostage of microsoft, and have stockholm syndrome, therefor am speaking well of (defending) microsoft.
if i misinterpreted that, my bad. are you calling jason the hostage?
The saying implies that incompetence and malice are polar opposites. They're not.
it does not
my point was that it wasnt a deliberate conspiracy/attack to fuck over wireguard, which would be an absolutely crazy story if it were true.
sure.
but this was not a deliberate attack by microsoft employees to shutdown wireguard. that is what i was trying to say and the essence of the quote in question.
its, like, the only thing worth pointing out. if microsoft is deliberately targeting projects and literally attacking them, that would be huge fucking news. like crazy news. lawsuits galore.
i get that everyone has a frothing-at-the-mouth extreme hatred to microsoft and its employees. but microsoft did not say "fuck jason, fuck wireguard, lets try and shut that down". that would be a way different story.
i think people are reading my comment as some sort of defense of microsoft. its not.
all i wanted to emphasize was that this incident, while obviously ridiculous, did not come about because a bunch of microsoft employees sat in a cigar-smoke filled room saying "lets destroy wireguard".
Everything should be treat as suspicious moving forward and I am glad of the skepticism.
https://github.com/winfsp/winfsp
Conspiracy 2: Copilot all the things! Probably not too far off.