NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...
All and all, a fun release, and I'm happy to have the Windows release train cooking again.
Why a "bug".
https://www.theregister.com/2026/04/09/microsoft_dev_account...
Just curious how/if the version support might work out for ReactOS.
By the way, was it only for the Windows application, or was wireguard-go was also affected?
This project -- https://git.zx2c4.com/wireguard-nt/about/ -- is used by this app -- https://git.zx2c4.com/wireguard-windows/about/ . The former is what the signing situation was about. The latter is just signed using a normal boring (but very expensive!) EV code signing certificate from one of the CAs.
What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!
The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.
In retrospect, I should have not spent 3 weeks trying to get their incompetent software to work and just gone straight to phone calls. And at least in my case, the support agents seemed broadly unfamiliar, but seemed to have access to higher-priority internal case submission which did finally get to someone who could fix my issue.
Whats next?
Is that a pattern?
https://wiki.documentfoundation.org/Faq/General/General_Inst...
john_strinlai•1h ago
it was a bit crazy how quickly people got conspiracy-minded about it.
microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.
any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.
---
edit: well, i certainly underestimated the response to this comment. my mistake for using a common saying rather than being extremely explicit when it comes to something as emotionally charged as microsoft. i dont think i have seen a comment of mine go up and down points so many times before.
what i intended to get across was: "this was not a deliberate, coordinated, purposeful attack on the wireguard project, at the behest of some microsoft executive, to accomplish some goal of making encrypted communication impossible or whatever. instead, this was the result of a stupid system, with a stupid resolution process (social media), that is still awful, but different in important ways from a deliberate attack. this is the typical scenario (stupid system, stupid resolution). the non-typical scenario would be a deliberate choice made and executed by microsoft employees to suddenly destroy a popular project".
i shortened the above paragraph to the common saying "incompetence is always more likely than malice". i shouldnt have. my bad.
anonymous908213•1h ago
"Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"
john_strinlai•1h ago
incompetence is always more likely than [intentional, directed] malice.
microsoft employees did not deliberately attack the wireguard project with a goal of taking it down for whatever grand scheme people's hatred cooks up. if you have evidence that microsoft did this deliberately to ruin the wireguard project, please forward it along to jason (the wireguard maintainer) and several news outlets.
acedTrex•1h ago
john_strinlai•1h ago
sure.
but this was not a deliberate attack by microsoft employees to shutdown wireguard. that is what i was trying to say and the essence of the quote in question.
acedTrex•1h ago
john_strinlai•1h ago
its, like, the only thing worth pointing out. if microsoft is deliberately targeting projects and literally attacking them, that would be huge fucking news. like crazy news. lawsuits galore.
acedTrex•33m ago
Correct in cases like this we are discussing it as a meaningless distinction.
bronson•1h ago
The saying implies that incompetence and malice are polar opposites. They're not.
john_strinlai•1h ago
it does not
r14c•1h ago
john_strinlai•1h ago
i get that everyone has a frothing-at-the-mouth extreme hatred to microsoft and its employees. but microsoft did not say "fuck jason, fuck wireguard, lets try and shut that down". that would be a way different story.
trinsic2•1h ago
john_strinlai•1h ago
r14c•1h ago
john_strinlai•1h ago
i think people are reading my comment as some sort of defense of microsoft. its not.
all i wanted to emphasize was that this incident, while obviously ridiculous, did not come about because a bunch of microsoft employees sat in a cigar-smoke filled room saying "lets destroy wireguard".
wtallis•1h ago
john_strinlai•1h ago
my point was that it wasnt a deliberate conspiracy/attack to fuck over wireguard, which would be an absolutely crazy story if it were true.
tialaramex•1h ago
For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.
Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.
john_strinlai•1h ago
i am quoting the maintainer of the project. take it up with them if you think microsoft coordinated a directed attack on their project.
mlyle•1h ago
It's really easy to end up with procedural machinery that makes it unpleasant for other entities that you don't like.
It seems to get the things that you do like and value less often. Why? Because you think about the consequences to what you consider important and you're inclined to ignore potential consequences to those you oppose or are competing with.
The Vogons weren't necessarily overtly malicious when they obliterated Earth.
ImPostingOnHN•1h ago
john_strinlai•1h ago
ImPostingOnHN•58m ago
Regardless of what the maintainer says of their abuser after being abused, the point I think you are getting stuck on is this:
Creating a system which locks you out if you don't speak to a human isn't de-facto malicious.
Having support where you can't speak to a human isn't de-facto malicious, either.
Doing both at the same time, however, is de-facto malicious. Some executives likely got bonuses for doing it, too.
john_strinlai•55m ago
i interpreted that as you saying i am the hostage of microsoft, and have stockholm syndrome, therefor am speaking well of (defending) microsoft.
if i misinterpreted that, my bad. are you calling jason the hostage?
ImPostingOnHN•48m ago
john_strinlai•39m ago
BLKNSLVR•1h ago
Conspiracy 2: Copilot all the things! Probably not too far off.
john_strinlai•1h ago
wongarsu•11m ago
We can probably blame copilot for the email about new verification reqirements not going out to everyone. Maybe even for the reports of people who jumped through all the hoops and still got blocked as if they hadn't. But rolling out new verification reqirements, then not monitoring how many developers fulfill your new reqirements and following up is entirely on Microsoft employees. That's management failure and disregard for developers on their platform
trinsic2•1h ago
Everything should be treat as suspicious moving forward and I am glad of the skepticism.
sscaryterry•1h ago
billziss•1h ago
https://github.com/winfsp/winfsp
sscaryterry•16m ago
TiredOfLife•40m ago
That's just the side effect of the Soross tracking chips hidden in vaccines activated by 5g towers
orbital-decay•31m ago
john_strinlai•13m ago
root programs are super specific about root cause analysis, what actions lead up to distrust, differentiating deliberate maliciousness from systemic incompetence, etc.
its like the exact opposite of "all this doesnt matter".
of course they still look at the outcome (danger to users, etc.), typically as a first step. but they take great care to determine exactly what lead up to a specific outcome.
orbital-decay•4m ago
Scaled•26m ago
john_strinlai•16m ago
dec0dedab0de•21m ago