As I mentioned in the mailing list post, the Microsoft paperwork shuffling matter got dealt with rather quickly, following all the attention the HN thread from the other day got. And now we're finally out with an update!
NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...
All and all, a fun release, and I'm happy to have the Windows release train cooking again.
Good to know everything was resolved, but did you ever find out why your signing account was suspended? That's not something you brush off as haha silly Microsoft..
I understand it's because it's a device driver, but why should a pure software publisher which has no hardware product of any sort be required to go through a "hardware program" gatekeeper of what binaries a person can choose to install and run on their own computer?
They started it because the drivers people used to use from hardware vendors would routinely blue screen windows, which made MS look like the reason windows would crash. Hardware vendors are notoriously inept at software.
> They started it because the drivers people used to use from hardware vendors would routinely blue screen windows, which made MS look like the reason windows would crash. Hardware vendors are notoriously inept at software.
But hardware vendors also want Windows licenses to include with their hardware, so it's pretty easy to say "do the hardware program certification if you want the discount" and that's exactly what they did in the early days, and it worked fine. Even the peripherals (which are increasingly rare now anyway) still want to be able to put the Windows logo on their product.
At which point we still have the same question: Why are they harassing the WireGuard developers, who have their own reputation for not being inept at software and therefore shouldn't need a Microsoft certification program to assure their users that their code is trustworthy to install?
> Why are they harassing the WireGuard developers, who have their own reputation for not being inept at software
I would guess this is just large organizations Seeing Like a State whereby they "seek to force administrative legibility on their subjects by homogenizing them".
At which point we're back to, why is Microsoft acting like a government and treating their users like property of the crown instead of autonomous adult human beings who should be free to choose what software they want on their own PC?
LLMs give you the boring (i.e. statistically probable) answer. You could probably get it to say "money" almost regardless of what the original question was because it's so generic. It might even say that for a name without all the right letters.
From the more than 300 possibilities we can then consider the context. We're talking about Microsoft here, and the problem suggests we're the sort of people who expect anagrams to have secret meaning, so we should prefer an answer implying some kind of conspiracy or kabbalistic nonsense. The obvious candidates are therefore mason and Satan. Between these, Satan would require reusing a letter the candidate set only has once, and one of the other words on the list was stone. We can form two five letter words if we're allowed to reuse letters and thereby get stone mason.
This is the most irrefutable possible proof that we're being pointed to a masonic conspiracy rather than Microsoft's usual popular association with the antichrist.
Come on now. We all know that time is money. It stands to reason that time is equally the root of all evil. They don't want you to know that this is actually the original method used to derive the Second Law of Thermodynamics.
Sorry, that was yesterday's HN Wordle! (that's the New York Times-acquired wordplay game Wordle, quite the popular wordplay game--just joking that I created a word game of my own)
Useless reflection to ignore below (forewarned!)
I hesitated to post; in the end, the value of the comment was so low, I expected non-wordplay-fans to scroll past and lose nothing, so I left it in the hopes at least one person would find the answer themselves and be pleased about it.
No drama, I don't mind a puzzle or oblique reference. I'm also a grandparent and spend too much time on pointing out that what one person is thinking of isn't always the same as what another is, and that there's often yet another way of looking at a statement.
I liked your comment, I guessed the word, and had fun pointing out ambiguities at play.
Í think their point was that Wireguard has no physical hardware, so it’s strange as a software project they’d be forced to go through verification for a hardware program.
Okay. So they can call it the “hardware and WireGuard” program for all I care. The reality is that MS requires this sort of approval / verification process for whatever WireGuard is doing. In true HN fashion everyone loves getting distracted by utter meaningless semantics.
Those meaningless semantics are part of how this got missed in the first place, and why it caused such an issue. Microsoft is a large company, and a poorly named program created requirements that were missed.
It sounds more like a "driver program" gatekeeper so you are arguing about semantics. I'm not claiming that there is no problem, just that an argument based on the distinction between "hardware" and "driver" is void.
Outside of these unfortunuate situations, a lot of people are quite happy for developers of eg kernel anti cheat to have a difficult time.
We do need to recognise, a long history of "windows always bluescreens" was somewhat reigned in by this policy with a lot of crashes coming down to third party drivers.
They should definitely put up a statement addressing it. Moreover what they plan in the future to avoid such traumatic event, this is not a “simple sign program”, this touches fundamental parts of the OS.
Apparently it's quite widespread, so I would assume a bug on their side. That's what support seemed to imply at least. We're still blocked at my company for one month+ now.
For something like this, I would generalize a "bug" to encompass both software and human processes. Some decision-maker saw some metrics consistent with spam and enacted a spam-blocking measure. Any decision like this is going to lead to false positives. Maybe they decided "I don't need to confer with anyone", or maybe they did and got the green light even after multiple eyeballs looked at it. I'm not saying that this does any good for Microsoft's already-sullied trust, but mistakes happen and combating spam is a constantly evolving arms race. There's no way any organization is going to get it 100% of the time even after decades of dealing with it.
I doubt someone manually went and flagged all the accounts as invalid suddenly or whatever and that was their goal.
By a bug I mean some kind of automated action that did not produce the expected outcome.
Also because, at least on our side, the account was in an inconsistent state: we were correctly enrolled/validated, but could not access the signing interface.
The broader general problem is that it should not be necessary to attempt amplification of a message via HN or X or other platforms to get a company to have a real human pay attention to something, and write a hand crafted response.
This seems to increasingly be the norm with people who have had their accounts locked, deleted or restricted by automated systems. You have to hope that you can write a message and get it amplified via some sort of platform read by hundreds of thousands of people, and get people to reshare your message, in order to get any form of traction.
If you're not somebody well known, noteworthy or somehow significant in a community your likelihood of having your message successfully amplified is much lower.
Good question! I've never tried. The NT driver makes use of some of the more advanced features of the networking stack, so possibly not. But you never know. I'd love a Wg4React.
ReactOS was, at one time, targeting a Windows Server 2003-level of compatibility. With that in mind I can't imagine current Wireguard would have even a shred of hope of working on ReactOS.
It looks like all the old files are still hosted on the server. You can just replace the version number in the download links with one of the tags from https://git.zx2c4.com/wireguard-windows.
Hey there, thank you for pushing this out. I saw there's a 0.6.1 update now, that also reboots the machine after updating. I don't remember if it said it'd do said reboot...
> following all the attention the HN thread from the other day got
That's great for you, and no offense, but what about developers who can't get buzz in a HN thread? Are they just doomed? Why is support only available to those who can raise a ruckus on social media?
NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954... . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...
All and all, a fun release, and I'm happy to have the Windows release train cooking again.