WireGuard makes new Windows release following Microsoft signing resolution
WireGuard has released significant updates for its Windows client, marking the first in a long while after resolving a contentious Microsoft account suspension. The fix came swiftly after public outcry on platforms like Hacker News and Twitter, sparking extensive debate on the power of social media to cut through corporate bureaucracy and the nature of "incompetence versus malice" from tech giants. The incident has reignited concerns among FOSS developers about the challenges of code signing and account management on major platforms.
The Lowdown
WireGuard, the popular VPN protocol, announced the release of WireGuardNT v0.11 and WireGuard for Windows v0.6. This update is particularly notable as it's the first Windows client release in some time, following a recent incident where Microsoft temporarily suspended the project's kernel driver signing account. The suspension was ultimately resolved quickly after drawing significant public attention.
- Key Updates: The new releases bring a host of bug fixes, performance enhancements, and significant code streamlining by raising the minimum supported Windows version. This allows for a more modern codebase without needing extensive compatibility hacks.
- Toolchain Modernization: The development process saw updates across the board, including the EWDK for the driver, Clang/LLVM/MingW for userspace tooling, Go for the UI, and the EV certificate and signing infrastructure.
- Microsoft Account Resolution: The primary reason for the extended delay and subsequent public interest was a suspension of WireGuard's Microsoft signing account. Project maintainer Jason Donenfeld clarified that the issue was resolved within a day after widespread online discussion, attributing it to bureaucratic missteps rather than malicious intent.
While the project maintainer downplayed any malicious intent from Microsoft, the community's swift and vocal reaction ultimately pressured Microsoft into a rapid resolution, underscoring the unexpected influence of public platforms in navigating corporate hurdles.
The Gossip
Malice or Mere Mismanagement?
The central debate revolves around whether Microsoft's suspension of WireGuard's signing account was a bureaucratic oversight, as the maintainer suggested, or an act of negligence that amounted to malice. Many commenters argued that while not explicitly malicious, such 'incompetence' from a tech giant is equally harmful, especially when the only effective recourse is public shaming on platforms like Hacker News. The discussion explored the implications of a system where a major project's essential functionality can be arbitrarily blocked, and highlighted a general distrust towards large corporations' opaque processes.
FOSS Fears and Frail Processes
This theme explores the broader implications of Microsoft's actions for Free and Open Source Software (FOSS) developers. Commenters shared concerns that mandatory code signing requirements on Windows could be used as a vector to hinder FOSS projects, citing similar issues faced by projects like VeraCrypt and LibreOffice. The discussion questioned the fairness of a system where 'lesser' or less visible projects might not have the audience to force a resolution, leading to calls for better, more transparent processes from platforms like Microsoft.
Appreciation and Anticipation for Updates
Despite the drama surrounding the signing account, many users expressed sincere gratitude for WireGuard's software, praising its utility and the dedication of its maintainers. The technical aspects of the new release were also noted, including the dropping of pre-Windows 10 support and various toolchain updates. Users were eager to adopt the new client, with some specifically inquiring about its compatibility or specific technical challenges encountered during development.