NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...

All and all, a fun release, and I'm happy to have the Windows release train cooking again.

What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!

The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.

I'm glad it was resolved quickly for WireGuard, but I'm concerned the results won't generalize.

Also, thanks for WireGuard!

Whats next?

Is that a pattern?

By the way, was it only for the Windows application, or was wireguard-go was also affected?

it was a bit crazy how quickly people got conspiracy-minded about it.

microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.

any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.

---

edit: well, i certainly underestimated the response to this comment. my mistake for using a common saying rather than being extremely explicit when it comes to something as emotionally charged as microsoft. i dont think i have seen a comment of mine go up and down points so many times before.

what i intended to get across was: "this was not a deliberate, coordinated, purposeful attack on the wireguard project, at the behest of some microsoft executive, to accomplish some goal of making encrypted communication impossible or whatever. instead, this was the result of a stupid system, with a stupid resolution process (social media), that is still awful, but different in important ways from a deliberate attack. this is the typical scenario (stupid system, stupid resolution). the non-typical scenario would be a deliberate choice made and executed by microsoft employees to suddenly destroy a popular project".

i shortened the above paragraph to the common saying "incompetence is always more likely than malice". i shouldnt have. my bad.

Microsoft did a (very!) bad job of communicating what was happening, but The Register has more information:

> He explained that both deactivations were executed as part of the Windows Hardware Program's account verification procedures.

> The company published a blog in October, giving devs a two-week warning that if their accounts had not been verified since April 2024, Microsoft would issue mandatory account verification notifications.

> "We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.

NEVER trust microsoft, NEVER trust any mechanism people dont 100% control themselves. having to rely on microsoft to sign stuff is an abomination and something nobody should do

Wink if there’s someone else in the room :)