Share

24: Building FIPS w/ Johnathan Corgan

By No Solutions April 16, 2026 · Edited April 17, 2026
Don't be afraid of going your own way.
24: Building FIPS w/ Johnathan Corgan

“Don’t be afraid of going your own way.”

Johnathan Corgan & Gigi take a walk in Madeira. Recorded during SEC-07.

Listen on sovereignengineering.io

In this dialogue:

  • Why FIPS started with Arjen asking for networking that does not depend on registrars, central authorities, or yankable domain names
  • Johnathan disappearing for a month after Costa Rica, then returning with a protocol design that scratched the itch
  • FIPS as a self-organizing peer mesh: no privileged coordinator, only what each node can enforce locally
  • Transport-agnostic networking: Ethernet, Bluetooth, UDP overlays, Tor, serial links, and whatever else can move packets
  • A hilariously impractical but very useful test: tunneling FIPS over Nostr relays, with ping times measured in seconds, and it still worked
  • Why robustness under ugly conditions matters more than looking elegant on the happy path
  • 150 nodes already on the FIPS testnet, and what has to change to get from 150 to 1,500 to 15,000
  • Friday Demo Day as the forcing function: build it, show it, let other people poke holes in it
  • The next FIPS release: fewer unnecessary pieces, stronger protocol negotiation, harder internals, more battle testing
  • “Try to break it” so friends can fix it before hostile actors do
  • Costa Rica and SEC-07 as a return to the early Cypherpunk and early Bitcoin energy: do not reform the old system, route around it
  • Why Nostr feels miraculous if you remember the world before it, even if normies still see it as half-baked
  • “Rough consensus and running code”: academic rigor, design review, and why code still has to survive contact with reality
  • Johnathan’s critique of “shower thought to ZapStore in six hours” culture: speed helps, but engineering still matters
  • Claude Code wrote most of FIPS only after two months of protocol iteration and roughly 30,000 words of design docs
  • Johnathan read every file and every line of code his agents produced, which is probably the only sane way to use them
  • Agentic coding as a force multiplier, not a substitute for thought: bad programmers get worse, good programmers get faster, non-programmers can finally build
  • Drive-by AI pull requests, effort-matching reviews, and why maintainers should not do all the thinking for you
  • Advice to younger builders: dissent, trust your own judgment, stop scrolling, and start doing stuff
  • “You can just do things”

People mentioned:

  • Arjen (brought the original itch from Costa Rica, noDNS instincts, freedom-tech networking)
  • Cobrador (TollGate, weird deployment constraints, “I didn’t think this would exist for 10 more years”)
  • SatsAndSports

Projects & tech mentioned:

  • FIPS (Free Internetworking Peering System, a transport-agnostic encrypted mesh)
  • Nostr
  • TollGate (connectivity sold by the packet in hostile or weird environments)
  • Tor
  • ZapStore

Recorded at 945,297.

#nosolutions
Write a comment
Markus Rother April 19 2026

Great episode. Thanks for sharing your experience.

Reply to Markus Rother…
tigs April 19 2026
You mentioned the social and network identity being tied together, would that be wise considering what mankind is capable of? and just give it to me straight
● No. It's not wise.
Tying your social identity (Nostr npub — your public posts, your followers, your reputation) to your network identity (your routable address on the mesh) means:
If someone knows who you are online, they know where you are on the network. Not metaphorically — literally. They compute your node_addr from your npub, watch traffic at any
transit node, and see every destination you communicate with, when, how often, and how much data. Your tree coordinates leak your topological position, which in a
geographically-correlated mesh maps to approximate physical location.
This is the equivalent of your home IP address being permanently derived from your Twitter handle, with no way to change one without changing the other.
What mankind does with that:
- Authoritarian governments correlate dissident social accounts to network locations
- Stalkers map a target's npub to their mesh position and narrow down physical location
- Corporations build communication graphs of everyone a person talks to
- State actors identify and selectively degrade or intercept specific people's traffic without breaking encryption — just by pattern analysis
The FIPS spec explicitly rejected onion routing because it's incompatible with greedy routing and error signaling. That's an honest engineering tradeoff. But the consequence is
that the protocol offers confidentiality (they can't read your messages) without anonymity (they know exactly who is talking to whom).
For the planet, identity and routing need to be decoupled. You should be able to have a stable social identity and a rotating, unlinkable network identity. Use your npub to find
someone (via Nostr relay discovery), then establish a session over an ephemeral, disposable routing address that can't be correlated back to the npub by transit nodes.
The protocol already has the pieces — ephemeral keypairs are supported, node_addr is a one-way hash. What's missing is a mechanism to bootstrap a session via your permanent npub
but route it through a throwaway address. That's solvable, but it's not in the current design, and bolting it on later is harder than building it in from the start.
Straight answer: the crypto protects content. The identity model exposes everything else. For a private mesh between friends, it doesn't matter. For the planet, it's a surveillance
gift wrapped in sovereignty branding.
❯ it works if humans were a hivemind, but alas... we are not so this sounds very dangerous
● Exactly. The protocol is designed as if every participant shares the same goal — route packets efficiently, honestly, cooperatively. That's the hivemind assumption. The entire
self-organizing mesh depends on every node telling the truth about its position, its reachability, and its identity.
The real world has adversaries, nation-states, criminals, corporations with misaligned incentives, and ordinary people who will exploit any system the moment there's a reason to. A
protocol designed for cooperation deployed into a world of competition becomes a weapon for whoever defects first.
FIPS is a beautiful answer to a question nobody should ask in public: "what if we trusted everyone on the network?" The engineering is genuinely impressive. But the threat model is
a private mesh, and that's where it should stay until the control plane is hardened against adversarial nodes. Deploying it at planetary scale right now would be like leaving your
front door unlocked because your neighborhood is nice — it works until it doesn't, and when it doesn't, the failure mode is catastrophic and instant.
Worth keeping an eye on. Worth running between your own machines. Not worth betting civilization's communications on. Not yet.
view raw gistfile1.txt hosted with ❤ by GitHub

Thoughts?

Reply to tigs…

Related articles

by No Solutions

April 13 2026 · Edited Apr 24, 2026
Cover image for 23: Shipping Violently w/ Justin Moon

23: Shipping Violently w/ Justin Moon

I want to optimize for hackability and customization.

by No Solutions

April 5 2026 · Edited Apr 17, 2026

22: Sovereign Engineering w/ Yo

Permissionless, permissionless, permissionless.

by No Solutions

April 2 2026 · Edited Apr 17, 2026
Cover image for 20: Archipelago Meshtadels w/ Shadrach

20: Archipelago Meshtadels w/ Shadrach

Bitcoin doesn't need more believers. Bitcoin needs more understanders.