Discussion

[ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released

zx2c4: As I mentioned in the mailing list post, the Microsoft paperwork shuffling matter got dealt with rather quickly, following all the attention the HN thread from the other day got. And now we're finally out with an update!NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...All and all, a fun release, and I'm happy to have the Windows release train cooking again.

BLKNSLVR: Off topic: Thanks for wireguard. It is a truly great piece of software.

manbash: Happy to see it resolved and I hope the other developers are able to have the same experience.By the way, was it only for the Windows application, or was wireguard-go was also affected?

zx2c4: This was just for WireGuardNT, the kernel driver for the NT kernel that Windows uses.This project -- https://git.zx2c4.com/wireguard-nt/about/ -- is used by this app -- https://git.zx2c4.com/wireguard-windows/about/ . The former is what the signing situation was about. The latter is just signed using a normal boring (but very expensive!) EV code signing certificate from one of the CAs.

sammy2255: Good to know everything was resolved, but did you ever find out why your signing account was suspended? That's not something you brush off as haha silly Microsoft..

Leherenn: Apparently it's quite widespread, so I would assume a bug on their side. That's what support seemed to imply at least. We're still blocked at my company for one month+ now.

Xunjin: They should definitely put up a statement addressing it. Moreover what they plan in the future to avoid such traumatic event, this is not a “simple sign program”, this touches fundamental parts of the OS.

PeterStuer: "so I would assume a bug on their side"Why a "bug".

maltris: LibreOffice, VeraCrypt, WireGuard. 2 questions:Whats next?Is that a pattern?

ChocolateGod: What has LibreOffice got to do with any of this?

Terr_: [delayed]

Lihh27: yeah the pattern is that the signing gate became part of the platform. one account lock and your users stop getting updates

alekratz: For something like this, I would generalize a "bug" to encompass both software and human processes. Some decision-maker saw some metrics consistent with spam and enacted a spam-blocking measure. Any decision like this is going to lead to false positives. Maybe they decided "I don't need to confer with anyone", or maybe they did and got the green light even after multiple eyeballs looked at it. I'm not saying that this does any good for Microsoft's already-sullied trust, but mistakes happen and combating spam is a constantly evolving arms race. There's no way any organization is going to get it 100% of the time even after decades of dealing with it.

quantum_magpie: MS has a history of fucking up LibreOffice installs.https://wiki.documentfoundation.org/Faq/General/General_Inst...

The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.

john_strinlai: >The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.it was a bit crazy how quickly people got conspiracy-minded about it.microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.

BLKNSLVR: Conspiracy 1: rules from on-high about encryption projects to be suppressed. Debunked.Conspiracy 2: Copilot all the things! Probably not too far off.

john_strinlai: i think they have explicitly made it clear that they want to copilot all of the things (unfortunately), so i dont quite file it under the conspiracy label.

anonymous908213: > incompetence is always more likely than malice."Incompetence" of this degree is malice. It is actively malicious to create a system that automatically locks people out of their accounts with absolutely no possibility for human review or recourse short of getting traction in the media. "No sir, I didn't grind those orphans up. It was this orphan grinding machine I made that did it, teehee!"

john_strinlai: i am positive that you understand the spirit of what that saying means.incompetence is always more likely than [intentional, directed] malice.

bronson: And I'm positive that you understand the spirit of the post you're replying to.The saying implies that incompetence and malice are polar opposites. They're not.

john_strinlai: >The saying implies that incompetence and malice are polar opposites.it does not

r14c: I mean, sure, but at a certain point negligent incompetence is directly harmful and the motives or lack thereof are just context.

tialaramex: Where possible I recommend not caring because figuring out whether malice was present is difficult and you can likely address a problem without needing to be sure.For example by creating working processes which never end up "accidentally" causing awful outcomes. This is sometimes more expensive, but we should ensure that the resulting lack of goodwill if you don't is unaffordable.Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.

john_strinlai: >Worst case there is malice and you've now made it more difficult to hide the malice so you've at least made things easier for those who remain committed to looking for malice, including criminal prosecutors.i am quoting the maintainer of the project. take it up with them if you think microsoft coordinated a directed attack on their project.

mlyle: I think you're missing the point of the person you're replying to.It's really easy to end up with procedural machinery that makes it unpleasant for other entities that you don't like.It seems to get the things that you do like and value less often. Why? Because you think about the consequences to what you consider important and you're inclined to ignore potential consequences to those you oppose or are competing with.The Vogons weren't necessarily overtly malicious when they obliterated Earth.

trinsic2: With the way things are going right now with all the corruption in governments and corporations were way past the point of giving the benefit of the doubt. These organizations are clearly making changes to their OS's to slowly remove user control.Everything should be treat as suspicious moving forward and I am glad of the skepticism.

sscaryterry: The question is, did they notify the user that the account was blocked, or was it done silently? My money is on the latter, obviously I don’t know, just my guess. Was there a reason? Blocked is semantically harsher, than it has been disabled.

ImPostingOnHN: "hostage speaks well of hostage-taker"

john_strinlai: if you think i am defending microsoft, your hatred has blinded you to what my comments are actually saying.

ImPostingOnHN: why would I think that?that isn't a sensible conclusion from what I postedI think you replied to the wrong post

john_strinlai: you said "hostage speaks well of hostage-taker" in response to my comment.i interpreted that as you saying i am the hostage of microsoft, and have stockholm syndrome, therefor am speaking well of (defending) microsoft.if i misinterpreted that, my bad. are you calling jason the hostage?

TiredOfLife: > it was a bit crazy how quickly people got conspiracy-minded about it.That's just the side effect of the Soross tracking chips hidden in vaccines activated by 5g towers

Scaled: Society is a bit fatigued of big tech companies making their various accounts essential and then locking people out of them without any due process.

orbital-decay: All this doesn't matter. What matters is the destructive potential and a breach of trust. CAs have been distrusted for less.

john_strinlai: >CAs have been distrusted for less.root programs are super specific about root cause analysis, what actions lead up to distrust, differentiating deliberate maliciousness from systemic incompetence, etc.its like the exact opposite of "all this doesnt matter".

john_strinlai: yes, i am in agreement. i tried to be extremely clear in my edit that i think that the whole social media being the only way to get an account back is crazy stupid.

billziss: It was done silently. I am one of the affected developers and my software is the open source file system driver WinFsp:https://github.com/winfsp/winfsp

sscaryterry: Uncool. Now the question is, how many people, many not reading hn, are actually affected. Seems like a blanket ban of some sort.