alt.hn

4/10/2026 at 3:49:52 PM

WireGuard makes new Windows release following Microsoft signing resolution

 https://lists.zx2c4.com/pipermail/wireguard/2026-April/009561.html

by zx2c4

4/10/2026 at 4:09:04 PM

As I mentioned in the mailing list post, the Microsoft paperwork shuffling matter got dealt with rather quickly, following all the attention the HN thread from the other day got. And now we're finally out with an update!

NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...

All and all, a fun release, and I'm happy to have the Windows release train cooking again.

by zx2c4

4/10/2026 at 4:33:12 PM

Good to know everything was resolved, but did you ever find out why your signing account was suspended? That's not something you brush off as haha silly Microsoft..

by sammy2255

4/10/2026 at 5:49:49 PM

Microsoft are saying it's because those accounts didn't undergo verification for the Windows Hardware Program

https://www.theregister.com/2026/04/09/microsoft_dev_account...

by SturgeonsLaw

4/10/2026 at 10:14:16 PM

I understand it's because it's a device driver, but why should a pure software publisher which has no hardware product of any sort be required to go through a "hardware program" gatekeeper of what binaries a person can choose to install and run on their own computer?

by walrus01

4/10/2026 at 10:24:13 PM

They started it because the drivers people used to use from hardware vendors would routinely blue screen windows, which made MS look like the reason windows would crash. Hardware vendors are notoriously inept at software.

by rstupek

4/11/2026 at 2:12:25 AM

> They started it because the drivers people used to use from hardware vendors would routinely blue screen windows, which made MS look like the reason windows would crash. Hardware vendors are notoriously inept at software.

But hardware vendors also want Windows licenses to include with their hardware, so it's pretty easy to say "do the hardware program certification if you want the discount" and that's exactly what they did in the early days, and it worked fine. Even the peripherals (which are increasingly rare now anyway) still want to be able to put the Windows logo on their product.

At which point we still have the same question: Why are they harassing the WireGuard developers, who have their own reputation for not being inept at software and therefore shouldn't need a Microsoft certification program to assure their users that their code is trustworthy to install?

by AnthonyMouse

4/11/2026 at 5:39:48 AM

> Why are they harassing the WireGuard developers, who have their own reputation for not being inept at software

I would guess this is just large organizations Seeing Like a State whereby they "seek to force administrative legibility on their subjects by homogenizing them".

https://en.wikipedia.org/wiki/Seeing_Like_a_State

by unmole

4/11/2026 at 6:50:56 AM

At which point we're back to, why is Microsoft acting like a government and treating their users like property of the crown instead of autonomous adult human beings who should be free to choose what software they want on their own PC?

by AnthonyMouse

4/11/2026 at 8:22:35 AM

all five letters of that answer are in your username :)

by Barbing

4/11/2026 at 8:27:57 AM

Are you thinking of a single five letter word, two words of three and two letters, or an entire sentence that only uses 5 distinct letters?

Consider being less cryptic, for the sake of those with English as a fourth language.

by defrost

4/11/2026 at 9:40:24 AM

(also a non-native speaker here, mildly annoyed by the obscure joke from GP)

Wordplay are exactly the kind of stuff that LLMs excel at, so I asked Gemini flash, and I got

> snarky play on words by suggesting that the answer to AnthonyMouse's question is "Money."

> Here is the breakdown of how they arrived at that:

> The Username: AnthonyMouse

> The Letters: The word "Money" can be formed using the letters found in M-o-n-t-h-o-n-y M-o-u-s-e

(Gemini's answer is actually longer, I just kept the interesting bit)

Amusingly, this answer exhibits a similar problem to the "how many r in raspberry" problem (it forgets how to spell correctly), since

AnthonyMouse != M-o-n-t-h-o-n-y M-o-u-s-e

But it seems that it got to the correct answer (or an incorrect but plausible :) ) despite that

by berdario

4/11/2026 at 9:33:05 AM

I'm guessing they're thinking of the word 'money'.

by Cordiali

4/10/2026 at 10:43:12 PM

Í think their point was that Wireguard has no physical hardware, so it’s strange as a software project they’d be forced to go through verification for a hardware program.

by VertanaNinjai

4/11/2026 at 12:23:24 AM

Because it's a kernel driver anyway?

by nine_k

4/11/2026 at 7:45:57 AM

Then the program should have been named the kernel level driver verification program.

by anakaine

4/11/2026 at 1:48:04 AM

Okay. So they can call it the “hardware and WireGuard” program for all I care. The reality is that MS requires this sort of approval / verification process for whatever WireGuard is doing. In true HN fashion everyone loves getting distracted by utter meaningless semantics.

by UqWBcuFx6NV4r

4/11/2026 at 7:47:20 AM

Those meaningless semantics are part of how this got missed in the first place, and why it caused such an issue. Microsoft is a large company, and a poorly named program created requirements that were missed.

by anakaine

4/11/2026 at 5:32:01 AM

It's a virtual network interface. So it's not really hardware, but the computer treats it like it is.

by olyjohn

4/10/2026 at 10:53:44 PM

It sounds more like a "driver program" gatekeeper so you are arguing about semantics. I'm not claiming that there is no problem, just that an argument based on the distinction between "hardware" and "driver" is void.

by rlpb

4/10/2026 at 11:03:13 PM

Outside of these unfortunuate situations, a lot of people are quite happy for developers of eg kernel anti cheat to have a difficult time.

We do need to recognise, a long history of "windows always bluescreens" was somewhat reigned in by this policy with a lot of crashes coming down to third party drivers.

by technion

4/10/2026 at 4:41:56 PM

They should definitely put up a statement addressing it. Moreover what they plan in the future to avoid such traumatic event, this is not a “simple sign program”, this touches fundamental parts of the OS.

by Xunjin

4/10/2026 at 4:44:43 PM

Apparently it's quite widespread, so I would assume a bug on their side. That's what support seemed to imply at least. We're still blocked at my company for one month+ now.

by Leherenn

4/10/2026 at 8:36:01 PM

With Microsoft, I assume malice AND negligence first. The hostility they've shown toward their own users tells you everything you need to know.

by fhn

4/10/2026 at 5:09:59 PM

"so I would assume a bug on their side"

Why a "bug".

by PeterStuer

4/10/2026 at 5:31:59 PM

For something like this, I would generalize a "bug" to encompass both software and human processes. Some decision-maker saw some metrics consistent with spam and enacted a spam-blocking measure. Any decision like this is going to lead to false positives. Maybe they decided "I don't need to confer with anyone", or maybe they did and got the green light even after multiple eyeballs looked at it. I'm not saying that this does any good for Microsoft's already-sullied trust, but mistakes happen and combating spam is a constantly evolving arms race. There's no way any organization is going to get it 100% of the time even after decades of dealing with it.

by alekratz

4/11/2026 at 8:40:37 AM

Absolutely agree. Don’t automatically attribute to malice what can also be explained by incompetence

by simonjgreen

4/10/2026 at 7:52:52 PM

I doubt someone manually went and flagged all the accounts as invalid suddenly or whatever and that was their goal. By a bug I mean some kind of automated action that did not produce the expected outcome.

Also because, at least on our side, the account was in an inconsistent state: we were correctly enrolled/validated, but could not access the signing interface.

by Leherenn

4/10/2026 at 4:12:25 PM

Off topic: Thanks for wireguard. It is a truly great piece of software.

by BLKNSLVR

4/10/2026 at 5:56:12 PM

Somewhat on the side - but is there a wireguard that works well for ReactOS? Does the windows version just work fine?

Just curious how/if the version support might work out for ReactOS.

by e12e

4/10/2026 at 6:48:22 PM

Good question! I've never tried. The NT driver makes use of some of the more advanced features of the networking stack, so possibly not. But you never know. I'd love a Wg4React.

by zx2c4

4/10/2026 at 7:42:52 PM

ReactOS was, at one time, targeting a Windows Server 2003-level of compatibility. With that in mind I can't imagine current Wireguard would have even a shred of hope of working on ReactOS.

by EvanAnderson

4/10/2026 at 6:40:50 PM

I really appreciate what you wrote in that post re: dropping support for pre-Windows 10 operating systems.

by EvanAnderson

4/10/2026 at 8:28:08 PM

I'd like to snag that latest previous version which still has compatibility with older OS's, anyone have a reliable link handy?

(I couldn't quickly find a "Previous Versions" list on their website)

by rkagerer

4/10/2026 at 9:10:54 PM

It looks like all the old files are still hosted on the server. You can just replace the version number in the download links with one of the tags from https://git.zx2c4.com/wireguard-windows.

by chenxiaolong

4/10/2026 at 8:32:45 PM

> following all the attention the HN thread from the other day got

That's great for you, and no offense, but what about developers who can't get buzz in a HN thread? Are they just doomed? Why is support only available to those who can raise a ruckus on social media?

by worble

4/10/2026 at 5:17:32 PM

Hey there, thank you for pushing this out. I saw there's a 0.6.1 update now, that also reboots the machine after updating. I don't remember if it said it'd do said reboot...

by unquietwiki

4/11/2026 at 7:31:44 AM

Just updated and it didn't reboot, just displayed an error-looking alert that the manager was already running.

by pseudohadamard

4/10/2026 at 10:11:22 PM

The broader general problem is that it should not be necessary to attempt amplification of a message via HN or X or other platforms to get a company to have a real human pay attention to something, and write a hand crafted response.

This seems to increasingly be the norm with people who have had their accounts locked, deleted or restricted by automated systems. You have to hope that you can write a message and get it amplified via some sort of platform read by hundreds of thousands of people, and get people to reshare your message, in order to get any form of traction.

If you're not somebody well known, noteworthy or somehow significant in a community your likelihood of having your message successfully amplified is much lower.

by walrus01

4/10/2026 at 6:52:33 PM

Your work is always appreciated.

by politelemon

4/10/2026 at 4:20:32 PM

As a wireguard user myself (even on the lone Windows machine that I still begrundingly have), I am happy that this problem could have been resolved. I am just wondering - if there had not been this kind of public outcry and outrage that Mr. Donenfeld discounts in his announcement message, would the issue have been fixed by now?

What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!

The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.

by c0l0

4/10/2026 at 6:10:27 PM

They would be ignored. Having an audience is key to getting problems solved, whether it’s a lone hacker or a large corporation. Without an audience, you have no leverage. At that point you might as well create a new Windows account and re-apply, since that would have more luck than getting around a “we’ve closed your account and there’s no appeal process” barrier.

If that sounds Kafkaesque, it is. It’s a small miracle that getting a post to the top of HN can surmount such bureaucracy at all.

The best way to get an audience is to tell a compelling story. Make it interesting. There are ways of doing that for even the least known developers.

My point is to push back against the idea that it should be fair to everyone and that what’s morally right should prevail in every case. The hardware developer program doesn’t exist to treat every developer fairly. They exist to make money for Microsoft. pg puts it more eloquently here: https://paulgraham.com/judgement.html

by sillysaurusx

4/10/2026 at 9:46:19 PM

It makes me think tech communities need to lobby for more laws to ensure fair access to platforms, app stores, etc. Be that at least side loading apps, etc.

Otherwise we’ll eventually all get lost in the kafkaesque technocracies.

Less for moral reading, but to keep from being squashed by the weight of tech.

by elcritch

4/10/2026 at 11:22:51 PM

>tech communities need to lobby for more laws to ensure fair access to platforms

I'm surprised someone didn't reply saying this would affect the freedom of companies to do whatever they want, whenever they want.

by pixl97

4/11/2026 at 6:56:38 AM

This is why orgs like https://eff.org exist.

by fsflover

4/10/2026 at 6:59:03 PM

While this is a small problem for software (and hardware) that needs custom kernel drivers, or software that needs to run as administrator, you seem to have jumped a long way past that to rant about FOSS on Windows with no justification- general unsigned software works just fine on Windows as it always has.

by NetMageSCW

4/11/2026 at 8:58:34 AM

"works just fine on Windows as it always has" is just not true. These days, I cannot even run my own cross-compiled Go executables of a cross-platform tool that I am developing in private on Windows 10 or 11, because some blue popup from Windows Defender/"SmartScreen" prevents me from doing so, and tells me to contact the software publisher if I'd like to be able to do something about it. Outright disabling Defender/SmartScreen works around the problem (but the popup doesn't tell me that), and, presumably, signing these executables with a "trusted" developer certificate would make this outcome less probable - that is at least what people online have been telling me.

In my book (I started using computers during ther Windows 3.0 era), this clearly does not qualify as "working just fine on Windows as it always has", no matter how you spin it.

by c0l0

4/10/2026 at 4:37:21 PM

I got a modestly-similar situation resolved by buying a support package and spending 4+ hours across ... not sure, but probably 4-5 support calls? It's been 5 years. If memory serves it was the $200/mo support package for Azure.

In retrospect, I should have not spent 3 weeks trying to get their incompetent software to work and just gone straight to phone calls. And at least in my case, the support agents seemed broadly unfamiliar, but seemed to have access to higher-priority internal case submission which did finally get to someone who could fix my issue.

by x0x0

4/11/2026 at 3:30:21 AM

Individual-level ethics and respect are being dispensed with en masse. The excuse being that these companies operate "at scale".

But last time I checked, they are taking money from individuals. Or otherwise encouraging individuals to use their services.

So this lack of respect for individuals by specific large companies, is predicated on their encouraging users to trust them, and depend on them, without taking on any of the implied responsibility to not capriciously ruin someone's day or year. And then hard or soft stone wall them.

As someone who nearly lost everything due to the automated bureaucracy of a financial firm, I cannot stress: We are not safe. And we will not be safe until these companies are legally required to treat customer investment and dependency on their services, as valuable and necessarily recoverable, via prompt recourse and response, in cases where the automated bureaucratic systems fail.

Otherwise, this is going to keep getting worse.

When I hear how Microsoft helps someone who got attention, what I hear is that it takes extraordinary circumstances for Microsoft to care about the significant harm that there systems are causing many other people, today, who did not have the luck of this person.

And that they are very very aware of this.

I think we need to start using the word evil for this. Because it is. It is gross irresponsibility. Gross abuse of a power situation, of a strong dependency, that the company quite knowingly creates.

by Nevermark

4/11/2026 at 5:17:32 AM

Software distribution is largely controlled by 3 companies; Microsoft, Google, and Apple. We used to have the web and web apps as an escape hatch, but, surprise, all 3 of those companies use a shared “safe” browsing blacklist that can be used to wipe your domain / website out of existence. Mozilla participates by using the same list which is a shame.

Big tech shouldn’t be allowed to control the platforms and the ability to distribute / blacklist software and sites. That needs to be legislated against and those companies need to be broken into a thousand pieces each.

by donmcronald

4/11/2026 at 9:06:00 AM

Agreed.

The strong gatekeeping, the encouragement of vital dependency (i.e. treating user/customer data, email, content as if it were the company's, even to the point of cutting access without recourse), the dark pattern upsells, unpermissioned or dark permissioned surveillance, manipulation, the hosting of pervasive scam ads (even Apple News is full of scam ads), ...

None of this should be acceptable. All these ethical violations degrade the lives of countless individuals in the name of "freedom" for corporations.

Conflicts of interest and anticompetitiveness should not be "free" in either sense of the word.

by Nevermark

4/11/2026 at 10:25:05 AM

>I think we need to start using the word evil for this. Because it is. It is gross irresponsibility. Gross abuse of a power situation, of a strong dependency, that the company quite knowingly creates.

Oh wow, good morning.

The parties which taught you the notion of "individual" (by defining you as such, and coercive-conditioning all other models out of you), all happen to be collectives: your family, your society, the institutions, the businesses' communication departments. They have the power of definition. An individual (by definition) does not.

It only gets worse from there.

For what purpose are you made "individual"? Collectives define you as "individual", in order to make you defenseless. Individuals have the useful property of being trapped within an infinite recursion of false "selves"; collectives, on the other hand, are neatly self-reifying. They do not have the organ of inhibition (pre-frontal cortex).

In the eyes of the state, corporations are something like artificial people, right? Alright, model them as legally constructed psychopaths out to get you - how to perform extralegal direct intervention upon 'em, same way they can do to us? It's only fair... wait no you can't! You'd only be hurting their constituent individuals. And you can't hurt them nearly as bad as whatever made them join the collective in the first place; it would not only be pointless but also cruel.

This notion of "individual" which lies at the center of Western individualism (and the related schools of thought which implicitly form your day-to-day behaviors in society, no reflection necessary) is an extremely fraught concept: look at it a little too intently and it begins to fall apart at the seams.

Making you see yourself as this thing called "individual", which is extensively studied with most rigorous methods, and somehow remains fundamentally inscrutable (hard problem of consciousness goes wheee!)... that's not very unlike a proprietary API or OS, is it? "Individual identity" is a useful (to whom?) abstraction over the incontrovertible, but by itself meaningless, physical being of a human organism. Unlike a collective, a body cannot be divided into constituent parts and remain itself; but Western civilization is nominally a world of minds over bodies, and minds are made out of ideas, and ideas can be taken apart and shared around just fine, within one body or among entire crowds.

So what we are observing is not evil; "evil" has meaning in the plane of independent individuals operating in mutually comprehensible moral framing. And that's always been a huge and harmful oversimplifiction.

It's much easier to view the behavior of transnational corporations as a whole as the AGI takeoff. But then one might want to consider when exactly it started - was it the LLMs that precipitated it (as many here seem to think), or is the concept of "artificial intelligence" itself a marketing smokescreen, and the NN/ML/LLM tech is just an inevitable performance optimization once the AGI has embedded itself deeply enough into human industry to direct resources towards the mass production of GPUs and other highly specialized accelerator cells.

by balamatom

4/10/2026 at 9:06:07 PM

Since the impact of the account is presumably known to Microsoft (through telemetry etc), they probably know when these accounts get turned off, and can mark them in case the owner comes back and tries recovery.

Microsoft would not have to automatically and 100% correctly reinstate the account. The goal would be to get high level cases like this one in front of a knowledgable human before the locked account posts angry owner posts complaints in public (If Joe Bloe's defragmentation utility noone has ever heard of and only having 10 installs goes bad, noone would care.)

Here, they don't have to be perfect - you just need to have enough signal-to-voice ratio that employing a very small number of people outweighs the cost to PR and execs to deal with these cases, and to not let accounts get hacked through recovery.

The response from Microsoft [1] is not great, or makes me hopeful.

``` Pavan Davuluri, Microsoft's President of Windows and Devices, said both Idrassi and Donenfeld should have their accounts restored "soon."

"We've seen these reports and are actively working to resolve this as quickly as possible," Davuluri Xeeted. "We've reached out to VeraCrypt and have spoken to Jason at WireGuard, they should be back up and running soon."

He explained that both deactivations were executed as part of the Windows Hardware Program's account verification procedures.

The company published a blog in October, giving devs a two-week warning that if their accounts had not been verified since April 2024, Microsoft would issue mandatory account verification notifications.

"We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.

"And we know that sometimes things still get missed. We're taking this as an opportunity to review how we communicate changes like this and make sure we're doing it better."

```

[1] https://www.theregister.com/2026/04/09/microsoft_dev_account...

by golem14

4/11/2026 at 9:16:43 AM

> make sure partners understood this

Since when they were partners to Micro$lop? First, it's thug like behavior taking the ability to run code on our own computers without their approval. Second it's even more evil justifying this behaviour by calling the developers "partners".

by drewfax

4/11/2026 at 5:34:36 AM

It could be dead simple. Lock the account, but let the owner temporarily unlock it for X days so they have enough time to undergo verification.

by donmcronald

4/10/2026 at 6:34:59 PM

But what would have happened if they weren't able to get Microsoft's attention through an outside channel (this site) and had to go through the normal process?

I'm glad it was resolved quickly for WireGuard, but I'm concerned the results won't generalize.

Also, thanks for WireGuard!

by looneysquash

4/10/2026 at 10:29:42 PM

> and had to go through the normal process?

There is no normal process. The error message clearly states "There are no appeals available, we have closed your application".

If the company makes it impossible for you to communicate with them, the only recourse is to draw public attention to it in order to shame them. This only works if you can gather enough public support and kick up enough of a stink about it. All of the small developers still locked out of their accounts are screwed.

by aaronmdjones

4/11/2026 at 12:55:49 AM

> If the company makes it impossible for you to communicate with them, the only recourse is to draw public attention to it in order to shame them.

Legal action works too. You'd be surprised how effective a letter from an attorney can be.

by wpollock

4/10/2026 at 7:59:02 PM

An interesting point I don't think I've seen someone make -- people compare the LLM revolution to other technical revolutions. You don't need to worry about skill decay in the same way that you don't know how to bake bread from unprocessed wheat, or you don't know how to build a loom, etc.

But local models aside (which no matter the protests from HN, will only be available to the technically savvy few) all of these LLMs are a service, so, the company could degrade the service, they could charge more than you're willing or able to pay, they could ban you. They could disable your account with no meaningful way appeal or seek support. LLMs could look at lot more like the scenario in this thread than something like not knowing how to make your own shoes.

by everdrive

4/11/2026 at 5:21:00 AM

If they manage to build good memory systems, people will stop keeping personal docs and rely on the “AI” for everything. Imagine 20 years from now when people don’t even have copies of the recipe to bake bread and then you’ll see what the goal is.

by donmcronald

4/10/2026 at 8:05:35 PM

It might settle into a situation where cutting edge LLMs are a service, while older and smaller LLMs are self-hosted. So you are not at risk of being cut off, but of being degraded.

by kbelder

4/11/2026 at 5:52:14 AM

I hope you're right. I played around with a bunch of AI stuff recently and that's kind of the conclusion I came to. Use local AI for mission critical stuff, if you're confident in that, and use the SOTA models for reviewing.

Tap the latest general knowledge for asking "could this be improved", but make the improvements with local systems and models. But then the obvious problem becomes finding new data to train the AIs. In my opinion, there's no way their plan doesn't involve stealing from everyone to keep training, so is it really going to be safe to use the cutting edge models at all?

by donmcronald

4/10/2026 at 4:26:25 PM

LibreOffice, VeraCrypt, WireGuard. 2 questions:

Whats next?

Is that a pattern?

by maltris

4/11/2026 at 5:44:58 AM

> Whats next?

I think Microsoft, Google, Apple, etc. are happy with the collateral damage caused by false positives and bad product decisions. And the way they implemented this was a bad product decision.

Think about it. If they "accidentally" destroy distribution for small projects that don't have the visibility to make waves, that's fewer possible startups that can eat their lunch. The cynic in me thinks that "at scale", "AI false positives", etc. are just an excuse for them to eliminate small developers.

They don't have to ban them all either. All they have to do is increase the risk to the point where rational people won't take the risk.

There were people that warned not to get into iOS development because it was impossible to guarantee distribution of an app. How do you build things like LoB apps under those circumstances? And who benefits when it's impossible to promise delivery of custom built apps? It favors big companies with the visibility to short circuit the system.

It's asymmetric rules; one set for big companies and another for small developers. I really hope the renewed interest in Linux takes off because it's the last chance we have at holding off big tech from taking over every little aspect of our lives.

by donmcronald

4/10/2026 at 9:29:25 PM

Was the issue resolved for VeraCrypt as well?

by baobabKoodaa

4/10/2026 at 5:19:26 PM

yeah three projects, one account lock, everyone's users stop getting updates. that's the pattern

by Lihh27

4/10/2026 at 8:00:27 PM

And Windscribe

by direwolf20

4/10/2026 at 4:46:07 PM

What has LibreOffice got to do with any of this?

by ChocolateGod

4/10/2026 at 5:41:23 PM

MS has a history of fucking up LibreOffice installs.

https://wiki.documentfoundation.org/Faq/General/General_Inst...

by quantum_magpie

4/10/2026 at 6:06:54 PM

I am sure this is by accident, MS would never try to discourage users from installing free alternatives to their offerings.

by elAhmo

4/11/2026 at 5:49:54 AM

The "minimum supported Windows version" ratchet is underrated as a maintenance strategy. I've watched codebases drown in compatibility shims that nobody remembers why they exist. Curious how much of the driver size reduction came from dropping pre-Win10 support versus the toolchain updates.

by kuzivaai

4/11/2026 at 5:19:11 AM

How big is the Wire Guard user base on Windows?

How often do they ship new versions?

My understanding is that:

1. Windows drivers are Attested by Microsoft

2. Windows collects driver telemetry

Which means a really good question to ask is:

Why are they canceling driver signing accounts without looking at metrics?

by swisniewski

4/11/2026 at 5:59:30 AM

"it is only 0.01 promille of our customers" chopping off the long tail.

by emj

4/10/2026 at 6:52:17 PM

There was a lot of speculation about this issue because readers assumed that WireGuard's was the only account that got locked. There was actually a wave of account locks that happened at the same time. If you only saw one of the headlines you might assume it was targeted or the result of some directed conspiracy, not the result of a widespread process.

Microsoft did a (very!) bad job of communicating what was happening, but The Register has more information:

> He explained that both deactivations were executed as part of the Windows Hardware Program's account verification procedures.

> The company published a blog in October, giving devs a two-week warning that if their accounts had not been verified since April 2024, Microsoft would issue mandatory account verification notifications.

> "We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.

by Aurornis

4/11/2026 at 5:57:31 AM

> "We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.

Emails are useless given the volume of trivial crap that MS emails about. Banners don't help for systems on auto-pilot. Reminders how?

Break my workflow and let me un-break it when I notice.

by donmcronald

4/10/2026 at 4:09:51 PM

Happy to see it resolved and I hope the other developers are able to have the same experience.

By the way, was it only for the Windows application, or was wireguard-go was also affected?

by manbash

4/10/2026 at 4:07:06 PM

>The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.

it was a bit crazy how quickly people got conspiracy-minded about it.

microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.

any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.

---

edit: well, i certainly underestimated the response to this comment. my mistake for using a common saying rather than being extremely explicit when it comes to something as emotionally charged as microsoft. i dont think i have seen a comment of mine go up and down points so many times before.

what i intended to get across was: "this was not a deliberate, coordinated, purposeful attack on the wireguard project, at the behest of some microsoft executive, to accomplish some goal of making encrypted communication impossible or whatever. instead, this was the result of a stupid system, with a stupid resolution process (social media), that is still awful, but different in important ways from a deliberate attack. this is the typical scenario (stupid system, stupid resolution). the non-typical scenario would be a deliberate choice made and executed by microsoft employees to suddenly destroy a popular project".

i shortened the above paragraph to the common saying "incompetence is always more likely than malice". i shouldnt have. my bad.

by john_strinlai

4/10/2026 at 4:09:34 PM

> incompetence is always more likely than malice.

"Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"

by anonymous908213

4/10/2026 at 4:10:31 PM

i am positive that you understand the spirit of what that saying means.

incompetence is always more likely than [intentional, directed] malice.

microsoft employees did not deliberately attack the wireguard project with a goal of taking it down for whatever grand scheme people's hatred cooks up. if you have evidence that microsoft did this deliberately to ruin the wireguard project, please forward it along to jason (the wireguard maintainer) and several news outlets.

by john_strinlai

4/10/2026 at 4:32:23 PM

Where possible I recommend not caring because figuring out whether malice was present is difficult and you can likely address a problem without needing to be sure.

For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.

Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.

by tialaramex

4/10/2026 at 4:33:10 PM

>Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.

i am quoting the maintainer of the project. take it up with them if you think microsoft coordinated a directed attack on their project.

by john_strinlai

4/10/2026 at 4:44:57 PM

I think you're missing the point of the person you're replying to.

It's really easy to end up with procedural machinery that makes it unpleasant for other entities that you don't like.

It seems to get the things that you do like and value less often. Why? Because you think about the consequences to what you consider important and you're inclined to ignore potential consequences to those you oppose or are competing with.

The Vogons weren't necessarily overtly malicious when they obliterated Earth.

by mlyle

4/10/2026 at 4:49:49 PM

"hostage speaks well of hostage-taker"

by ImPostingOnHN

4/10/2026 at 4:51:14 PM

if you think i am defending microsoft, your hatred has blinded you to what my comments are actually saying.

by john_strinlai

4/10/2026 at 5:00:21 PM

Why would I think that? That isn't a sensible conclusion from what I posted. I think you replied to the wrong post

Regardless of what the maintainer says of their abuser after being abused, the point I think you are getting stuck on is this:

Creating a system which locks you out if you don't speak to a human isn't de-facto malicious.

Having support where you can't speak to a human isn't de-facto malicious, either.

Doing both at the same time, however, is de-facto malicious. Some executives likely got bonuses for doing it, too.

by ImPostingOnHN

4/10/2026 at 5:03:18 PM

you said "hostage speaks well of hostage-taker" in response to my comment.

i interpreted that as you saying i am the hostage of microsoft, and have stockholm syndrome, therefor am speaking well of (defending) microsoft.

if i misinterpreted that, my bad. are you calling jason the hostage?

by john_strinlai

4/10/2026 at 5:10:14 PM

Yes, the maintainer continues to be held hostage by Microsoft, so it is no surprise that they don't publicly denounce Microsoft or ascribe ill intent or in any way speak ill of Microsoft.

by ImPostingOnHN

4/10/2026 at 5:18:49 PM

my bad for misinterpreting your comment.

by john_strinlai

4/10/2026 at 4:20:49 PM

And I'm positive that you understand the spirit of the post you're replying to.

The saying implies that incompetence and malice are polar opposites. They're not.

by bronson

4/10/2026 at 4:22:44 PM

>The saying implies that incompetence and malice are polar opposites.

it does not

by john_strinlai

4/10/2026 at 4:25:38 PM

Microsoft's incompetence is certainly reckless at a minimum, and often manifests in ways that come across as misanthropic toward their users. They don't really fit the pattern of mere bumbling fools.

by wtallis

4/10/2026 at 5:58:03 PM

what about pattern of bumbling fools on crack ?

by PunchyHamster

4/10/2026 at 4:27:41 PM

sure!

my point was that it wasnt a deliberate conspiracy/attack to fuck over wireguard, which would be an absolutely crazy story if it were true.

by john_strinlai

4/11/2026 at 12:38:29 AM

But nobody has said that it was a deliberate conspiracy/attack. Definitely not the OP. Who are you replying to?

by bronson

4/11/2026 at 10:21:26 AM

Some people have been saying that but indeed not OP. I personally think it is both:

1. Microsoft have negligently and/or maliciously created a process which fucks people over

2. That maliciousness is not directed at Wireguard or VeraCrypt.

by jeltz

4/10/2026 at 4:19:28 PM

And the person you are responding is asserting that the response to incompetence of this level should be the SAME as if it directed and intentional malice. Which is a completely valid way to view a fuckup like this.

by acedTrex

4/10/2026 at 4:31:28 PM

>response to incompetence of this level should be the SAME

sure.

but this was not a deliberate attack by microsoft employees to shutdown wireguard. that is what i was trying to say and the essence of the quote in question.

by john_strinlai

4/10/2026 at 8:03:11 PM

Microsoft drove a truck through a school yard at 150mph. It was not a deliberate attack, it was just the fastest route and their map says there's a highway there. Is it malice?

A certain level of recklessness is automatically malice.

by direwolf20

4/10/2026 at 8:08:13 PM

>[...] It was not a deliberate attack [...]

in that case, it certainly wouldnt be called a deliberate attack, right?

the edit in my original comment should hopefully clear up any confusion of my intended point. and, well... the comment you replied to should also make it clear that my entire point is centered around something being deliberate attack vs. ridiculous incompetence.

the deliberateness of it is the entirety of the reason i wrote my comment. choosing the phrase "malice vs. incompetence" was a poor choice on my part, when i should have been extremely explicit. it would have avoided all of this back-and-forth.

by john_strinlai

4/10/2026 at 4:55:12 PM

They are saying that "deliberate attack" or not does not matter and is not worth pointing out. The response is the same so its a worthless point.

by acedTrex

4/10/2026 at 4:57:30 PM

whether something is a deliberate attack or not is not worth pointing out?

its, like, the only thing worth pointing out. if microsoft is deliberately targeting projects and literally attacking them, that would be huge fucking news. like crazy news. lawsuits galore.

by john_strinlai

4/10/2026 at 5:24:44 PM

> whether something is a deliberate attack or not is not worth pointing out?

Correct in cases like this we are discussing it as a meaningless distinction.

by acedTrex

4/10/2026 at 8:01:18 PM

Malicious people are quite good at feigning incompetence.

by direwolf20

4/10/2026 at 4:21:59 PM

I mean, sure, but at a certain point negligent incompetence is directly harmful and the motives or lack thereof are just context.

by r14c

4/10/2026 at 4:26:12 PM

"just context" is important.

i get that everyone has a frothing-at-the-mouth extreme hatred to microsoft and its employees. but microsoft did not say "fuck jason, fuck wireguard, lets try and shut that down". that would be a way different story.

by john_strinlai

4/10/2026 at 4:46:31 PM

What's the accountability mechanism here? Make a big fuss online and hope the bad press outweighs the negligence?

by r14c

4/10/2026 at 4:49:31 PM

i point out in my original comment that i think it is stupid that the only way to resolve this sort of thing is via social media. i think it is insane. and the lack of accountability is also crazy, given the influence microsoft (and other big tech) has over everyday life.

i think people are reading my comment as some sort of defense of microsoft. its not.

all i wanted to emphasize was that this incident, while obviously ridiculous, did not come about because a bunch of microsoft employees sat in a cigar-smoke filled room saying "lets destroy wireguard".

by john_strinlai

4/10/2026 at 4:38:03 PM

It doesn't matter. They are doing things that are clearly hostile to users, they should pay dearly for it.

by trinsic2

4/10/2026 at 4:40:31 PM

get mad at the shitty stuff they do (there is a lot!), not the fictitious things people come up with in hn comments.

by john_strinlai

4/10/2026 at 8:49:07 PM

It's so unhelpful for people to get mad at made up crap. It completely weakens the impact of the pushback. Like if someone is in a position where people are getting mad over all sorts of made up stuff anyway, what's even the point of avoiding actually doing any of the things they're mad about? Might as well get something out of it if the downside doesn't change either way.

by ziml77

4/10/2026 at 7:09:49 PM

Except that the system that removes culpability, visibility and consequences of this kind of abuse is set up deliberately to avoid liability and consequences of such actions.

This isn't a tee-hee accident, this is deliberate organizational design which removed any kind of bad consequences or even thought about what the software does to user from the engineers at Microsoft. They're happy about that. They now don't need to deal with that. And if you'll ask them, they will refuse a change that will make them responsible for abuse of their users.

So, to hell with them :)

by izacus

4/10/2026 at 8:24:20 PM

and even with all of that in mind, this was not a coordinated microsoft attack against wireguard. which was my point.

i am in no way defending microsoft. just pointing out that the conspiracy-theorists suggesting that some exec at microsoft specifically targeted wireguard for whatever nefarious purpose was, well, a conspiracy.

by john_strinlai

4/10/2026 at 4:34:17 PM

With the way things are going right now with all the corruption in governments and corporations were way past the point of giving the benefit of the doubt. These organizations are clearly making changes to their OS's to slowly remove user control.

Everything should be treat as suspicious moving forward and I am glad of the skepticism.

by trinsic2

4/10/2026 at 4:42:04 PM

The question is, did they notify the user that the account was blocked, or was it done silently? My money is on the latter, obviously I don’t know, just my guess. Was there a reason? Blocked is semantically harsher, than it has been disabled.

by sscaryterry

4/10/2026 at 4:58:06 PM

It was done silently. I am one of the affected developers and my software is the open source file system driver WinFsp:

https://github.com/winfsp/winfsp

by billziss

4/10/2026 at 5:41:38 PM

Uncool. Now the question is, how many people, many not reading hn, are actually affected. Seems like a blanket ban of some sort.

by sscaryterry

4/10/2026 at 5:31:39 PM

Society is a bit fatigued of big tech companies making their various accounts essential and then locking people out of them without any due process.

by Scaled

4/10/2026 at 5:41:54 PM

yes, i am in agreement. i tried to be extremely clear in my edit that i think that the whole social media being the only way to get an account back is crazy stupid.

by john_strinlai

4/10/2026 at 5:27:24 PM

All this doesn't matter. What matters is the destructive potential and a breach of trust. CAs have been distrusted for less.

by orbital-decay

4/10/2026 at 5:45:05 PM

>CAs have been distrusted for less.

root programs are super specific about root cause analysis, what actions lead up to distrust, differentiating deliberate maliciousness from systemic incompetence, etc.

its like the exact opposite of "all this doesnt matter".

of course they still look at the outcome (danger to users, etc.), typically as a first step. but they take great care to determine exactly what lead up to a specific outcome.

by john_strinlai

4/10/2026 at 5:54:06 PM

It really depends on the scale of the breach, for example DigiNotar was immediately killed for their gross incompetence. In this case even the scale is unclear, with heavy suspicion towards malice and little hope on fixing any process inside that monstrous bureaucracy or even making it meaningfully care if it's not. I see no reason to trust Microsoft anymore, regardless of it being a fuckup or malice.

by orbital-decay

4/11/2026 at 8:52:59 AM

I think they meant a CA that acted like Microsoft would be distrusted. Not a CA that acted like WireGuard would be distrusted.

by direwolf20

4/10/2026 at 5:36:41 PM

Microsoft lost the benefit of the doubt decades ago.

by dec0dedab0de

4/10/2026 at 7:26:46 PM

Who needs conspiracy?

Microsoft has entitled itself to decide what I can and cannot run on the computer and OS that I paid for, this earns them no additional revenue, so they don't care to do a good job.

This system will never work properly.

by themafia

4/10/2026 at 5:18:23 PM

> it was a bit crazy how quickly people got conspiracy-minded about it.

That's just the side effect of the Soross tracking chips hidden in vaccines activated by 5g towers

by TiredOfLife

4/10/2026 at 4:09:54 PM

Conspiracy 1: rules from on-high about encryption projects to be suppressed. Debunked.

Conspiracy 2: Copilot all the things! Probably not too far off.

by BLKNSLVR

4/10/2026 at 4:13:58 PM

i think they have explicitly made it clear that they want to copilot all of the things (unfortunately), so i dont quite file it under the conspiracy label.

by john_strinlai

4/10/2026 at 5:47:29 PM

If it's not a conspiracy (and to be clear, I don't think it is one) its still a failure on multiple levels of the organisation

We can probably blame copilot for the email about new verification reqirements not going out to everyone. Maybe even for the reports of people who jumped through all the hoops and still got blocked as if they hadn't. But rolling out new verification reqirements, then not monitoring how many developers fulfill your new reqirements and following up is entirely on Microsoft employees. That's management failure and disregard for developers on their platform

by wongarsu

4/11/2026 at 8:30:21 AM

Could someone clarify, why do you need signing whatever to write software on Windows? Why can't you just write the software and run it? And when has this changed?

by ekjhgkejhgk

4/11/2026 at 2:44:07 AM

"The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird."

Hopefully, this isn't just something Microsoft made them say as part of an agreement to get their account back.

by incompatible

4/11/2026 at 6:07:55 AM

I would guess they realized they missed a notification or warning and feel a bit bad about the whole thing blowing up. Hopefully not though. The fact there were several high profile projects that got caught off guard puts the blame mostly on MS IMO.

I think the reason these things go viral is that a ton of people reading about them can see themselves in the same situation, minus the clout needed to get it resolved. A short term PR crisis is the best we can get, so everyone piles on.

I don't think MS will fix it though. IMO, they're more likely to create a program for open source code signing. That way they can capture all the high visibility projects, get a bunch of goodwill for being philanthropic, and all the small projects that don't qualify are too small to cause a fuss, so they can continue to treat them poorly.

by donmcronald

4/10/2026 at 5:06:49 PM

I don't think you can let them off that easily, given that the only effective support channel was "get to the front page of hacker news", which isn't usually an option.

by IshKebab

4/10/2026 at 8:00:36 PM

Why do people put so much effort into supporting a hostile platform? I really don't get it.

by globular-toast

4/11/2026 at 1:32:09 AM

Monopolies.

by DarkUranium

4/10/2026 at 7:21:27 PM

> I don't think there's been any malice or conspiracy or anything weird

Wink if there’s someone else in the room :)

by tamimio

4/10/2026 at 7:28:37 PM

and imagine for those guys that dont have the reach wireguard/veracrypt does.

NEVER trust microsoft, NEVER trust any mechanism people dont 100% control themselves. having to rely on microsoft to sign stuff is an abomination and something nobody should do

by redeeman

4/11/2026 at 7:01:21 AM

[dead]

by jiusanzhou

4/10/2026 at 8:20:58 PM

[dead]

by rajptech

4/11/2026 at 12:32:25 AM

Could you give us an update on how everything was resolved?

I believe the transparency would be a huge plus.

This happened to Wireguard, Veracrypt, Windscribe, and possibly others. Certainly not isolated and very unnerving.

There are still many unanswered questions...

by Ms-J

4/10/2026 at 6:26:27 PM

[dead]

by volume_tech

4/10/2026 at 7:00:55 PM

What's going on at Microsoft? Why did they suddenly declare war on VPN and related software projects?

by shevy-java

4/10/2026 at 8:04:18 PM

Wouldn't comply with CIA backdoor requirements, but now they do ;)

by direwolf20