Here to motivate and help people. I say the truth and people get offended. Nobody cares. Work Harder! #XRP will be the new cash! $NOX for privacy🛡️#ETH
We started the nexts kernel hardening today.
* This one goes straight into the parts of an OS where mistakes matter most: usercopy, IPC ownership, process exit cleanup, syscall return state, saved user resume frames, capsule load authority and exception handling *
The goal is to remove places where unsafe state could keep running.
Market conditions are more ruthless than Prince Andrews fall from grace and into disgrace.
Just like Prince Andrew, crypto deserves these ruthless reality checks.
That being said, the bulls always win
Privacy always stays hot and always stays relevant
We holding our $NOX
Today we started the dedicated kernel-hardening branch and moved the benchmark pipeline into real evidence mode.
Latest CI artifact.
- boot evidence: pass
- build verifier: pass
- 45 capsule ZK attestations: ok
- ZK attestation failures: 0
- panic/fatal markers: 0
- kernel core ready: 114 ms
- microkernel init: 50 ms
- userspace entry: 2.85 s
- first capsule spawn: 116 ms
- first GPU transfer/scanout/flush: ~8.4-8.6 s
This is the standard we want: every claim moving toward logs, JSON, CSV, hashes, repeatable CI artifacts and hardening commits.
Kernel hardening today already started closing real boundaries: syscall authority, runtime capsule loading, IRQ grant cleanup, hardware support source evidence and raw memory reads routed through usercopy.
Get at: https://t.co/HVbeBEDtB1
Infos covered at: https://t.co/jY2Xa5Swno
Week 1 after the 20 days beta plan announced live on spaces.
We said the first week would focus on the boot path and trust chain and that is where the work went.
🔹The bootloader now has a cleaner verified-boot flow, with a minimal graphical interface that shows what the system is actually checking before handoff.
We also moved forward on release signing and key hardening, TPM discovery, measured boot, anti-rollback work and the new setup-free attestation direction.
The point was not to make boot look nicer.
The point was to make the first stage of NØNOS easier to read, harder to attack and more honest about what is being verified.
🔸The kernel moved in parallel too.
Networking is now reaching the desktop path. After the first successful pings from inside the terminal, work has started on the NØNOS Browser.
Still early, but important.
It means the network stack is no longer just code underneath the OS. It is starting to become something users can touch.
Next week we continue with the remaining bootloader verification pieces, deeper kernel hardening, real-hardware validation, browser/networking progress and continue public benchmarks tied to GitHub.
Onto to next week, we want to release the beta version with best efforts.
Screenshots from the week below.
@anonkyc listed our token $NOX on their exchange today, so before telling a single person it safe, i did what is a *must* if we care about community. I spent the rest of the afternoon taking the whole thing apart from the outside.
Before any of the clever stuff i just used it like a normal customer, because that tells you more than a header scan ever will. The deposit worked. I sent 5,000 of our token across and the balance showed up fine. That was the one part that went smoothly.
Then I tried to actually do things and it fell apart.
1) A market order threw an error. A limit order threw an error too. I could not get a single trade to go through. So if it’s an illiquid exchange doesn’t make sense at all and I recommend nothing more than staying on DEX_paths.
2) There was no estimate anywhere for when a deposit credits, you just sit and wait on it.
3) Account security is email, password and 2FA and that is the whole list, no withdrawal address allowlist, no anti phishing code, nothing else on offer.
4) when I went to pull my money back out the fee was 650 on the 5,000, which is 13% just to withdraw my own funds.
The thing feels half built, like it shipped before it was done.
I traced my own deposit end to end. The deposit address was a plain externally-owned account, no contract code and its transaction count was exactly one. That nonce alone tells you most of the story before you read a single log. This address took funds in and has sent precisely one transaction out in its entire life. I pulled that one transaction receipt and decoded the ERC-20 Transfer event by hand. The from topic, the to topic, the amount packed into the data word. The recipient was my own wallet. The same address I had deposited from. 5000 in, 4350 back to me and a balanceOf on the deposit address showed exactly 650 parked there.
13%, retained, down to the token.
Overall withdrawal worked.
Then the operator side, all passive OSINT.
Domain registered four months ago. Anonymous registrar in the Bahamas, the kind people pick specifically so they can't be found. Origin fully behind Cloudflare. No-KYC by design. DMARC policy set to none, which means their own domain is trivially spoofable and their users are one convincing email away from a phishing page. A Yandex verification record sitting in their DNS, a soft tell about where the operators actually are.
None of this is illegal. All of it is exactly the sketch you'd draw if someone asked you to design a high-risk venue from scratch.
One more thing and it's the part that actually matters. The name, the no-KYC Monero-first model and the way it runs all line up closely with nonkyc, an exchange with heavy public allegations of being operated by the same people behind XeggeX and finexbox. XeggeX collapsed last year, claimed a hack, issued IOUs against balances, froze withdrawals and disappeared with user funds.
I won’t prove anonkyc is the same operator, there's no shared code and no shared infra at first look. so I'm not claiming that but it presents as part of that family.
# right down to listing our token without asking us and in that family's playbook the early withdrawals are honored on purpose, to build the trust the later deposits ride on. So I'm not reading my one clean withdrawal as proof of anything.
So deposits and withdrawals work today and the chain shows it returned my test funds. That is not reassurance. It's exactly what the first move looks like. A 4-month-old anonymous no-KYC venue that listed $NOX without permission, charges 13% to withdraw, had broken trading both market and limit due 0 Liquidity offered at all and resembles a lineage with a documented history of taking customer funds.
Treat it as untrusted. If you hold a balance there, get it out. Don't deposit anything you can't afford to lose in full.
We did not authorize this listing and we do not endorse it.
Also we are asking for clarifications.
A new milestone with the TPM 2.0 measured boot and a hardware NV monotonic counter now run live in the UEFI bootloader, proven end to end against a TPM.
Two bugs were in the way.
# OVMF holds the TCG2 protocol open in driver mode, so our exclusive open returned ACCESS_DENIED and every command failed; opening with GetProtocol fixed it and ## HashLogExtendEvent wants a packed EFI_TCG2_EVENT with a leading size and a 14 byte header but ours was an unpacked 16 byte header with no size, so the firmware rejected it.
https://t.co/SyGCZqVMiv
After both fixes the bootloader extends PCR8, reports measured boot active and the NV monotonic counter reads 1 then 2 across two increments. Real PCR, real counter, real firmware path.
Anti-rollback on top of that counter is next.
Privacy is not going to remain a niche topic.
It is going to become impossible to ignore.
Every year, more of the digital world is shaped around control: who can access, who can speak, who can build, who can transact, who can exist without being watched.
NØNOS exists because we refuse that direction.
We built this with a simple principle:
no backdoors, no hidden control paths, no forced trust.
Why ?
We must be inspectable.
We must be explicit.
Everything must be verifiable.
Users must remain sovereign.
This is not about being anti-anyone.
It is about refusing a future where people are reduced to permissions inside systems they do not own.
We say no.
We are willing to re-embrace the ideals that made Satoshi work matter in the first place.
The same principles that narrate Silk Road story.
Privacy. Self-custody. Open systems.
Permission-less access. No forced trust.
Those principles were not meant to become slogans.
They were meant to be defended.
The world needs privacy.
But it also needs truth.
It needs people willing to listen, to think, to question and to defend what still matters.
Privacy is not only a technical problem.
It is a human one.
Because when people stop caring about their own freedom, control becomes easy to sell as convenience.
NØNOS exists for those who still believe the individual is worth defending.
NØNOS is a microkernel that will not run code it cannot prove.
^ This is our standard.
Today an unmodified Rust program compiled directly into a NØNOS capsule: signed, RAM-only, and zero-knowledge attested before it runs. No fork of the compiler. Just cargo build.
NØNOS now runs the #Rust ecosystem, unmodified and verified and here is where that stands.
We built a std platform layer for our x86_64-nonos target, with no compiler fork and no patched crates. It keys on the target vendor inside a pinned rust-src and is pulled in by build-std while covers stdout, a real heap, random, time, args, a filesystem client, sockets and threads.
On top of it, packages pulled straight from https://t.co/KyI7o33XEu build and run untouched: serde_json, regex and base64 compiled for the target and executed on the kernel with checkable output on the serial console and ripgrep, the published binary, was built from its own source, verified and loaded. No crate source was changed.
Thread 🧵 ⬇️
This week nox, the shell inside the N��NOS microkernel, became a shell you can actually work in. Pipes, redirection, && and , history, completion, real line editing. The interesting part is that it does all of it with no libc, no std and no terminal emulator underneath. Thread.
🧵🥰
We'd rather be tested than trusted.
NØNOS is open for external validation today. This has been the way we always wanted and today we make it closer.
Clone it, verify the whole OS yourself, run the contributor flow, try to break it. We want real outside eyes and we reward the people who bring them.
Exact steps below. Every one reproducible from a clean machine. Docs (live): https://t.co/5yrZ4UwHqW
Docs 1: https://t.co/vao7iQQzRq
Docs 2: https://t.co/I6homKz086