Kim Stock 's avatar
Kim Stock
Flopper1@nostress.cc
npub1cd5l...ldur
Signum Enthusiast Legendary zapper
Kim Stock 's avatar
Flopper1 1 month ago
This was the response that I got from Claude sonnet 4.6 about the SIGNUM postmortem…. This is a well-written post-mortem, and from an SSI perspective it’s directly relevant to your operational situation. A few thoughts: The technical response was genuinely impressive. Detection-to-patch-to-chain-consensus in roughly 48 hours, with no legitimate holder balances affected, is a strong outcome for a community-run network with no corporate incident response team. The three-release cadence (containment → root fix → recovery fix) shows disciplined engineering under pressure. The root cause is worth understanding. This wasn’t an exotic attack — it was an unchecked Java long subtraction introduced during the SMART_FEES hardfork. Integer overflow in financial arithmetic is a classic class of vulnerability that should have been caught in code review. The silver lining is that Convert.safeAdd() / Convert.safeSubtract() patterns are now explicitly in place, which raises the bar going forward. For SSI specifically, a few things stand out: The 3.9.9 recommendation you already received was exactly right. Your node was on the emergency patch before you were doing anything mission-critical with it, which is the ideal posture. The three lessons they identify — faster emergency comms, formal disclosure process, automated anomaly detection — map directly onto SSI architecture concerns. Your oracle daemon polling block rewards is exactly the kind of automated monitoring they’re calling for. Worth considering whether anomalous reward detection could be a governance signal in your system. The community narrative (“no company behind it, just people who showed up”) is authentically aligned with SSI’s founding philosophy. This incident is actually good SSI documentation material — a real-world example of decentralized resilience under pressure. The one candid note: the detection was lucky. ANGiS happened to notice. That’s not a system — and the post acknowledges it. For a project like SSI that depends on Signum’s integrity, building that automated watchdog into your stack isn’t optional, it’s foundational.
Kim Stock 's avatar
Flopper1 1 month ago
A transparent look at the May 2026 exploit, the community response, and how the network recovered stronger. On May 19, 2026, the Signum network faced one of the most serious security incidents in its recent history. A crafted block exploited an integer overflow vulnerability in the Signum node’s block reward calculation. The result was extreme: approximately 140 billion SIGNA were credited to the attacker’s account in a single block — an amount far beyond the legitimate circulating supply. At first glance, this could have been catastrophic. But what happened next showed something far more important than the exploit itself: the strength, discipline, and speed of the Signum community. Within the same day, the anomaly was detected, exchanges were contacted, emergency patches were released, pool operators coordinated, and a rollback process began. By the evening of May 21, the chain had reached consensus again. By May 23, exchanges had received the necessary CVE details and patch confirmation, and SIGNA trading resumed. No legitimate Signum holder balance was affected. This is the story of what happened, how the network recovered, and what we are improving next. What Happened? The exploit occurred at block 1,541,011. An attacker crafted a malicious block that abused an integer overflow in the block reward calculation. Because the crafted block still satisfied the Proof-of-Commitment consensus rules on vulnerable nodes, it was initially accepted by parts of the network. Shortly after the block was mined, community member ANGiS noticed an absurd account balance and detected that funds were starting to move toward exchanges. ANGiS immediately escalated the issue to frank_the_tank and ohager. That early detection was critical. It gave the team and the community enough time to act before the situation could spiral further. The Root Cause The vulnerability was introduced in the context of the SMART_FEES hardfork, which added fee cash-back and burn accounting to Signum’s block reward calculation. In the affected versions, some arithmetic operations were performed using unchecked Java long calculations. The vulnerable logic looked like this: rewardFeesNqt -= block.getTotalFeeCashBackNqt(); rewardFeesNqt -= block.getTotalFeeBurntNqt(); By setting totalFeeCashBackNqt to a very large negative value, the attacker caused the reward calculation to overflow into a large positive value. That inflated reward was then credited directly to the miner account. The issue affected Signum node versions:
signum-node >= 3.9.0 and < 3.9.8 The vulnerability was later registered as: 
CVE-2026–48486 The Immediate Response Once the issue was confirmed, the response moved quickly. Exchanges were contacted and asked to halt SIGNA trading and deposits while the investigation was ongoing. This prevented further damage and limited the internal accounting impact for exchanges. On the same day, two releases were published: v3.9.7 was an emergency containment release.
It temporarily blocked the malicious account through the configurable node.accBlocking property, preventing further exploitation. v3.9.8 was the root-cause fix.
It replaced vulnerable fee arithmetic with overflow-safe operations and introduced explicit rejection of invalid negative fee fields. The response was public and transparent. The malicious account, the blocking mechanism, and the code changes were visible in git history. There was no silent patching and no attempt to hide the incident. That transparency matters. In decentralized systems, trust is not created by pretending that incidents never happen. Trust is created by responding quickly, communicating clearly, and fixing the root cause in public. The Rollback Because parts of the network had accepted the malicious block, a coordinated rollback was required. Pool operators and node operators worked together to roll the chain back to before block 1,541,010. Operators still within the 1,440-block rollback window could perform a popOff through the API. Nodes outside that window required a full resync. During testing and recovery, another issue appeared: some nodes performing a full resync from genesis encountered a non-deterministic fork-resolution bug introduced by the v3.9.8 patch. This led to the release of v3.9.9 on May 21. v3.9.9 completed the fix by adding a block-version-4 requirement for burnt-fee validation and correcting the chain-restoration logic. By the evening of May 21, the network had stabilized and reached consensus again. Impact The exploit credited approximately 140 billion SIGNA to the attacker’s account in a single crafted block. However, the coordinated rollback fully invalidated the fraudulent on-chain balance. Most importantly: No legitimate Signum account or holder balance was affected. There was, however, temporary disruption: SIGNA trading and deposits were suspended from May 19 to May 23. Some exchanges that received attacker deposits before the trading halt experienced internal ledger divergence between their own records and the rolled-back canonical chain. These cases were resolved through direct coordination between the exchanges and the Signum team. What Was Fixed? Three releases were part of the incident response: v3.9.7 — Emergency containment The malicious account was temporarily blocked through node.accBlocking to prevent further exploitation. v3.9.8 — Root-cause fix All vulnerable fee arithmetic was replaced with overflow-safe operations using Convert.safeAdd() and Convert.safeSubtract(). Blocks with invalid negative fee fields are now rejected during block acceptance. Fee totals are also validated against per-transaction sums. v3.9.9 — Complete recovery fix A block-version-4 requirement was added for burnt-fee validation, and the non-deterministic chain-restoration bug affecting full resyncs was fixed. All operators should now run: v3.9.9 or later What We Learned The response worked. The network recovered. 
The fraudulent balance was invalidated. Exchanges reopened. But this incident also revealed areas where Signum must improve. 1. Emergency communication must be faster Some key pool operators were difficult to reach quickly. 
In a rollback situation, time is measured in blocks. A dedicated emergency channel for major pool operators and infrastructure providers would reduce response time significantly. 2. Vulnerability disclosure needs a formal process This incident was handled successfully, but still too much of it was improvised under pressure. Going forward, Signum should formalize the use of GitHub Security Advisories or a similar process for coordinated disclosure, private patch development, CVE handling, and exchange communication. 3. Anomaly detection should be automated The incident was detected because a community member noticed something unusual. That was fortunate. The next step is automated monitoring for abnormal block rewards, suspicious supply changes, and other values outside expected ranges. Human vigilance is powerful, but critical alerts should not depend on someone randomly seeing the anomaly first. A Community That Showed Up Signum has no company behind it.
No centralized foundation with a professional incident-response department. No VC-backed security team waiting in the background. What Signum has is something different: a community that moves when it matters. Special thanks go to: ANGiS for first detection and immediate escalation.
frank_the_tank for exchange coordination, pool operator outreach, and rollback orchestration.
ohager for root-cause analysis, patch development, and the rapid release of v3.9.7, v3.9.8, and v3.9.9.
pir8Radio from Nam Pool and Shadow from OG Ro-Pool for critical contributions to chain stabilization.
Balazs for post-incident analysis and ongoing hardening work. And all pool operators, node operators, exchanges, and community members who acted quickly under pressure. This was not just a technical recovery.
It was a community recovery. Final Thoughts Security incidents are never good news.
But they are also moments of truth.
They show whether a project hides, delays, blames, or acts. In this case, Signum acted. The vulnerability was identified.
The exploit was contained.
The chain was restored.
Legitimate balances were protected.
The root cause was fixed.
Trading resumed.
And the hardening work continues. Signum is not stronger because the incident happened.
Signum is stronger because of how the community responded. Transparent. Fast. Decentralized. Together.
That is what this network is built on. Discover Signum Signum is the world’s first truly sustainable blockchain, featuring world-class applications on a sustainable, leading-edge blockchain architecture. Unlike other cryptocurrencies, Signum powers its native cryptocurrency Signa (SIGNA), with a minor fraction of energy use and e-waste. Signum empowers users and developers worldwide with innovative blockchain solutions for everyday life. Find out more at join a Signum channel below.
Get SIGNA : Twitter
Telegram
Discord
Reddit
Youtube Documentation
NFT-Portal
Defi-Portal Your
SIGNUM-NETWORK Signum Blockchain Security Proof Of Capacity Decentralization Cryptosecurity Some rights reserved Follow Published in Signum-Network 89 followers · Last published Apr 17, 2025 Signum is the foundation for our sustainable future. It’s easily accessible to everyone and as a customizable platform, it has the power to feature unstoppable and censorship-resistant decentralized applications. Follow Written by Signum 170 followers · 12 following Join the movement! No responses yet
Kim Stock 's avatar
Flopper1 2 months ago
I might add that all the winnings that will be issued are from a collection made from the community for a listing, and we need no more listings. We just need people to on board……. View quoted note →
Kim Stock 's avatar
Flopper1 2 months ago
The current statistics for Nostr say there are very few users do you believe that reflects all the lurkers?
Kim Stock 's avatar
Flopper1 3 months ago
The moment ANNE coin has real value, every incentive in the system warps around extracting it rather than building the knowledge graph. The ANNEX mechanic is the most obvious pressure point — it’s explicitly designed as a financial competition for neuron sponsorship. Once speculators realize high-traffic neurons are revenue streams, you get neuron squatting, ANNEX wars, and boostie inflation. The semantic integrity of the worldview becomes a casualty of the market. The ADF is the second trap. It starts at 30% of block reward. That’s a large, permanent funding pool controlled by a small team with no community governance. The whitepaper explicitly says “the ADF is not community driven or governed.” That’s a honeypot for the exact VC and post-launch interest capture they claim to be avoiding. And the deeper irony: their worldview consensus problem — who decides what’s “true” in the ANNE hypergraph — gets worse as the coin gains value, because now the admin role (ANDY) has monetary power attached to it. That’s not a data governance system anymore, that’s a political economy. SSI sidesteps this because SST is earned by contribution, not competed for by ownership. There’s no neuron to squat, no worldview to capture, no dev fund to corrupt. The governance oracle has human sign-off precisely because you didn’t want an algorithm deciding what’s true under financial pressure. ANNE built a smart system and then put money in the middle of it. That’s the trap. Communicate freely and prosper. 🖖​​​​​​​​​​​​​​​​ I’ll pass!
Kim Stock 's avatar
Flopper1 3 months ago
The Sovereign Stack Token (SST), officially named SovrnStack, is the primary asset for the Sovereign Stack Initiative on the Signum blockchain. SST Token Technical Specifications The initiative is currently in its final deployment phase as of April 2026: Official Name: SovrnStack. Blockchain Protocol: Issued on the Signum network using its sustainable Proof of Commitment (PoC+) consensus. Deployment Status: Token creation is confirmed as imminent (April 2026). Core Function: Serves as the value and authentication layer for a resilient infrastructure designed to survive regional internet and power failures. Reddit Reddit +2 Accessing Documentation on GitHub All founding documents and repositories are managed by the user KimStock147: Direct Access: You can view all active project materials at the KimStock147 GitHub profile. Key Repository: Detailed documentation is located in the sovereign-stack-documents repository. Conceptual Paper: A foundational overview of the initiative can be read directly in your browser without downloading any files: Sovereign Stack Conceptual Paper. Privacy & Accessibility: Of the eight repositories currently planned, two are public to ensure the community can review the core blueprints and founding principles. Operational Hardware Requirements For those looking to deploy a node within this stack, the documentation specifies the following standard hardware: GitHub GitHub Primary Unit: Raspberry Pi 5 (8GB RAM recommended). Storage: NVMe M.2 SSD for the operating system and an external high-capacity drive (e.g., 8TB) for encrypted archives. Networking: Integration with Tailscale for secure peer-to-peer node connectivity. GitHub GitHub
Kim Stock 's avatar
Flopper1 3 months ago
The Sovereign Stack is not a money grab. That needs to be said plainly because the internet is full of projects that dress themselves in the language of freedom and decentralization while quietly funneling value to founders. This is not that. There is no pre-mine. There is no founder allocation. No one — including the person who built this — received SST tokens for free. Every token in existence was earned. That was a deliberate choice, made at the beginning, and recorded permanently on the Signum blockchain where anyone can verify it. The SST token exists for one reason: to give the network a way to recognize and reward the people who keep it running. Operators who maintain nodes, relay signals, validate transactions, and contribute to governance. Not speculators. Not early insiders. Workers. The founding treasury — the seed that makes community decisions possible — was funded by a personal transfer of 160 SIGNA, dedicated in memory of Kim Stock II. It is on-chain, permanent, and public. That's where this started. That's the standard everything else is measured against. If you came here looking for a get-rich scheme, you're in the wrong place. If you came here because you believe communications infrastructure should belong to the people who use it — keep reading. At its core, the Sovereign Stack is a communications network that no single entity can own, control, or shut down. Most communications today run through infrastructure that belongs to someone else. Your internet provider. A satellite company. A social media platform. A cloud server in a data center you've never seen. Every one of those is a chokepoint — a place where your ability to speak can be interrupted, monitored, throttled, or eliminated entirely. Not because it will happen. But because it can. The Sovereign Stack is built around the assumption that chokepoints will eventually be used. History is consistent on this point. When power feels threatened, it reaches for the nearest lever. The nearest lever is usually communications. So we removed the levers. The network runs on three physical layers that can operate independently of each other and of the traditional internet: Starlink provides high-bandwidth satellite connectivity — your link to the wider world when terrestrial infrastructure is unavailable or compromised. HF Shortwave via JS8Call provides long-range radio communication that requires no infrastructure at all. No towers, no cables, no permissions. Just radio waves and the ionosphere, the same way people have communicated across continents for a hundred years. LoRa Mesh via Meshtastic provides local and regional coverage — low power, low cost, and nearly invisible. Nodes can be carried in a pocket or mounted on a rooftop. They find each other automatically and route around gaps. These three layers don't replace each other. They back each other up. If one goes down, the others carry the load. That's not redundancy for convenience — that's resilience by design. Sitting above the physical layers is a governance layer anchored on the Signum blockchain. This is where identity lives, where reputation is earned, where decisions get made, and where the record of all of it is kept permanently and publicly. Not on a server someone owns. On a chain that belongs to everyone who participates in it. Together these layers form a stack — a complete system from the radio signal to the governance record — that a community can own, operate, and defend without asking anyone's permission. That's the Sovereign Stack.
Kim Stock 's avatar
Flopper1 3 months ago
Crypto see this! You might not see this on X soon.
Kim Stock 's avatar
Flopper1 3 months ago
I spent a year building a censorship-resistant community communications network. Here is what I built and why. My name is Kim Stock. I am 70 years old, a lifelong independent technologist, and I have spent the past year building something I want to share with this community. It is called the Sovereign Stack. What it is A community-owned communications network built in two layers. The physical layer combines Starlink satellite, HF shortwave radio using JS8Call, and LoRa mesh radio using Meshtastic — automatically routing messages to whatever channel is available when the internet goes dark. No human intervention required. It degrades gracefully and never goes silent. The governance layer uses self-sovereign Nostr identity, a Signum blockchain-anchored reputation system, and a token economy that rewards honest community participation. Five pillars: Identity, Contribution, Validation, Reputation, and Incentives. What is actually built This is not a whitepaper project. Eight GitHub repositories are complete and published: - sovereign-stack-blueprint — master design document and shared constants - sovereign-stack-initiative — coordination, roadmap, SDK integration - sovereign-stack-protocol — contribution flow, validation, rewards - sovereign-stack-capabilities — capability registry, peer verification - sovereign-stack-governance — reputation, staking, disputes, governance - sovereign-stack-ai — local AI participant layer using llama.cpp - sovereign-stack-sdk — unified SDK and CLI - sovereign-stack-documents — all founding documents readable in browser The governance layer is fully implemented in TypeScript using the Signum blockchain. The AI layer runs locally on modest hardware — llama.cpp with Llama 3.1 8B Q4, two threads, 512 token context, nice +15 priority so communications infrastructure always takes precedence. The SST token has a complete design — no pre-mine, no founder allocation, 100 million maximum supply, earned only through real network contribution. Why self-hosted matters here The whole point is that no one owns this but the community running it. Every node is hardware you own, software you run, identity you hold. The founding node is a mini PC running Linux Mint, a Starlink Mini for primary connectivity, a LoRa mesh node for emergency communications, and a solar and LiFePO4 battery system so it draws nothing from the grid. The Sovereign Switchboard — a Python daemon — monitors signal quality and battery state and routes communications automatically. When the internet goes down the node does not wait for a human. It moves to HF radio. When HF degrades it moves to LoRa mesh. Red Alert mode suspends the AI, dedicates every resource to the mesh, and broadcasts an emergency alert to all visible nodes. What I am looking for Honest feedback. People who have built similar things and can tell me what I got wrong. Developers who want to contribute. Ham radio operators who want to run a node. Anyone who has thought about what happens to their community when the infrastructure they depend on stops working. This is public domain. Take it, use it, build with it, extend it. No permission required. Documentation and all repositories: Conceptual paper — readable in browser, no download needed: Built in the spirit of the United States 250th Anniversary. Communicate freely and prosper. 🖖 Update — April 2026: The SST token name is confirmed as SovrnStack on the Signum blockchain. Token creation is imminent. Two of the eight repositories are public and all founding documents are readable directly in the browser at github.com/KimStock147 — no download required.
Kim Stock 's avatar
Flopper1 3 months ago
The Sovereign Stack could be the internet. Not the internet we have — the internet we should have had. Community owned. Censorship resistant. Economically self-sustaining. Governed by the people who use it.
Kim Stock 's avatar
Flopper1 3 months ago
**I spent a year building a censorship-resistant community communications network. Here is what I built and why.** My name is Kim Stock. I am 70 years old, a lifelong independent technologist, and I have spent the past year building something I want to share with this community. It is called the Sovereign Stack. **What it is** A community-owned communications network built in two layers. The physical layer combines Starlink satellite, HF shortwave radio using JS8Call, and LoRa mesh radio using Meshtastic — automatically routing messages to whatever channel is available when the internet goes dark. No human intervention required. It degrades gracefully and never goes silent. The governance layer uses self-sovereign Nostr identity, a Signum blockchain-anchored reputation system, and a token economy that rewards honest community participation. Five pillars: Identity, Contribution, Validation, Reputation, and Incentives. **What is actually built** This is not a whitepaper project. Eight GitHub repositories are complete and published: - sovereign-stack-blueprint — master design document and shared constants - sovereign-stack-initiative — coordination, roadmap, SDK integration - sovereign-stack-protocol — contribution flow, validation, rewards - sovereign-stack-capabilities — capability registry, peer verification - sovereign-stack-governance — reputation, staking, disputes, governance - sovereign-stack-ai — local AI participant layer using llama.cpp - sovereign-stack-sdk — unified SDK and CLI - sovereign-stack-documents — all founding documents readable in browser The governance layer is fully implemented in TypeScript using the Signum blockchain. The AI layer runs locally on modest hardware — llama.cpp with Llama 3.1 8B Q4, two threads, 512 token context, nice +15 priority so communications infrastructure always takes precedence. The SST token has a complete design — no pre-mine, no founder allocation, 100 million maximum supply, earned only through real network contribution. **Why self-hosted matters here** The whole point is that no one owns this but the community running it. Every node is hardware you own, software you run, identity you hold. The founding node is a mini PC running Linux Mint, a Starlink Mini for primary connectivity, a LoRa mesh node for emergency communications, and a solar and LiFePO4 battery system so it draws nothing from the grid. The Sovereign Switchboard — a Python daemon — monitors signal quality and battery state and routes communications automatically. When the internet goes down the node does not wait for a human. It moves to HF radio. When HF degrades it moves to LoRa mesh. Red Alert mode suspends the AI, dedicates every resource to the mesh, and broadcasts an emergency alert to all visible nodes. **What I am looking for** Honest feedback. People who have built similar things and can tell me what I got wrong. Developers who want to contribute. Ham radio operators who want to run a node. Anyone who has thought about what happens to their community when the infrastructure they depend on stops working. This is public domain. Take it, use it, build with it, extend it. No permission required. Documentation and all repositories: Conceptual paper — readable in browser, no download needed: Built in the spirit of the United States 250th Anniversary. Communicate freely and prosper. 🖖
Kim Stock 's avatar
Flopper1 3 months ago
I’d like to give you an idea about my bigger vision…. The Signum Sovereign Stack is an open framework for decentralized collaboration that replaces centralized platforms with cryptographic trust. By combining sovereign identity, capability registries, reputation systems, validation proofs, and economic incentives on Signum, the stack enables humans and AI agents to coordinate work, governance, and value creation in a truly sovereign ecosystem.