blog.robur.coop/articles/finances.html

411 lines
17 KiB
HTML
Raw Permalink Normal View History

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Robur's blog - How has robur financially been doing since 2018?
</title>
<meta name="description" content="How we organise as a collective, and why we&apos;re doing that.">
<link type="text/css" rel="stylesheet" href="/css/hl.css">
<link type="text/css" rel="stylesheet" href="/css/style.css">
<script src="/js/hl.js"></script>
<link rel="alternate" type="application/rss+xml" href="/feed.xml" title="blog.robur.coop">
</head>
<body>
<header>
<h1>blog.robur.coop</h1>
<blockquote>
The <strong>Robur</strong> cooperative blog.
</blockquote>
</header>
<main><a href="/index.html">Back to index</a>
<article>
<h1>How has robur financially been doing since 2018?</h1>
<ul class="tags-list"><li><a href="/tags.html#tag-finances">finances</a></li><li><a href="/tags.html#tag-cooperative">cooperative</a></li></ul><p>Since the beginning, robur has been working on MirageOS unikernels and getting
them deployed. Due to our experience in hierarchical companies, we wanted to
create something different - a workplace without bosses and management. Instead,
we are a collective where everybody has a say on what we do, and who gets how
much money at the end of the month. This means nobody has to write report and
meet any goals - there's no KPI involved. We strive to be a bunch of people
working together nicely and projects that we own and want to bring forward. If
we discover lack of funding, we reach out to (potential) customers to fill our
cash register. Or reach out to people to donate money.</p>
<p>Since our mission is fulfilling and already complex - organising ourselves in a
hierarchy-free environment, including the payment, and work on software in a
niche market - we decided from the early days that bookeeping and invoicing
should not be part of our collective. Especially since we want to be free in
what kind of funding we accept - donations, commercial contracts, public
funding. In the books, robur is part of the non-profit company
<a href="https://aenderwerk.de">Änderwerk</a> in Germany - and friends of ours run that
company. They get a cut on each income we generate.</p>
<p>To be inclusive and enable everyone to participate in decisions, we are 100%
transparent in our books - every collective member has access to the financial
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
about the needs everyone has on a regular basis and adjust the salary, everyone
agreeing to all the numbers.</p>
<h2 id="2018"><a class="anchor" aria-hidden="true" href="#2018"></a>2018</h2>
<p>We started operations in 2018. In late 2017, we got donations (in the form of
bitcoins) by friends who were convinced of our mission. This was 54,194.91 €.
So, in 2018 we started with that money, and tried to find a mission, and
generate income to sustain our salaries.</p>
<p>Also, already in 2017, we applied for funding from
<a href="https://prototypefund.de">Prototypefund</a> on a <a href="https://prototypefund.de/project/robur-io/">CalDAV server</a>,
and we received the grant in early 2018. This was another 48,500 €, paid to
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
this put us into some struggle, since we needed some double bookkeeping and
individuals had to dig into health care etc.).</p>
<p>We also did in the second half of 2018 a security audit for
<a href="https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/">Least Authority</a>
(invoicing 19,600 €).</p>
<p>And later in 2018 we started on what is now called NetHSM with an initial
design workshop (5,000 €).</p>
<p>And lastly, we started to work on a grant to implement <a href="https://datatracker.ietf.org/doc/html/rfc8446">TLS 1.3</a>,
funded by Jane Street (via OCaml Labs Consulting). In 2018, we received 12,741.71 €</p>
<p>We applied at NLNet for improving the QubesOS firewall developed in MirageOS
(without success), tried to get the IT security prize in Germany (without
success), and to DIAL OSC (without success).</p>
<div role="region"><table>
<tr>
<th>Project</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>Donation</td>
<td class="right">54,194.91</td>
</tr>
<tr>
<td>Prototypefund</td>
<td class="right">48,500.00</td>
</tr>
<tr>
<td>Least Authority</td>
<td class="right">19,600.00</td>
</tr>
<tr>
<td>TLS 1.3</td>
<td class="right">12,741.71</td>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">5,000.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>140,036.62</strong></td>
</tr>
</table></div><h2 id="2019"><a class="anchor" aria-hidden="true" href="#2019"></a>2019</h2>
<p>We were keen to finish the CalDAV implementation (and start a CardDAV
implementation), and received some financial support from Tarides for it
(15,000 €).</p>
<p>The TLS 1.3 work continued, we got in total 68,887.53 €.</p>
<p>We also applied to (and got funding from) Prototypefund, once with an <a href="https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/">OpenVPN-compatible
MirageOS unikernel</a>,
and once with <a href="https://prototypefund.de/project/portable-firewall-fuer-qubesos/">improving the QubesOS firewall developed as MirageOS unikernel</a>.
This means again twice 48,500 €.</p>
<p>We also started the implementation work of NetHSM - which still included a lot
of design work - in total the contract was over 82,500 €. In 2019, we invoiced
Nitrokey in 2019 in total 40,500 €.</p>
<p>We also received a total of 516.48 € as donations from source unknown to us.</p>
<p>We also applied to NLnet with <a href="https://nlnet.nl/project/Robur/">DNSvizor</a>, and
got a grant, but due to buerocratic reasons they couldn't transfer the money to
our non-profit (which was involved with NLnet in some EU grants), and we didn't
get any money in the end.</p>
<div role="region"><table>
<tr>
<th>Project</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>CardDAV</td>
<td class="right">15,000.00</td>
</tr>
<tr>
<td>TLS 1.3</td>
<td class="right">68,887.53</td>
</tr>
<tr>
<td>OpenVPN</td>
<td class="right">48,500.00</td>
</tr>
<tr>
<td>QubesOS</td>
<td class="right">48,500.00</td>
</tr>
<tr>
<td>Donation</td>
<td class="right">516.48</td>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">40,500.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>221,904.01</strong></td>
</tr>
</table></div><h2 id="2020"><a class="anchor" aria-hidden="true" href="#2020"></a>2020</h2>
<p>In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
packages in the MirageOS ecosystem. This was a contract where at the end of the
month, we reported on which PRs and issues we spent how much time. For us, this
was great to have the freedom to work on which OCaml packages we were keen to
get up to speed. In 2020, we received 45,000 € for this maintenance.</p>
<p>We finished the TLS 1.3 work (18,659.01 €)</p>
<p>We continued to work on the NetHSM project, and invoiced 55,500 €.</p>
<p>We received a total of 255 € in donations from sources unknown to us.</p>
<p>We applied at reset.tech again with DNSvizor, unfortunately without success.</p>
<p>We also applied at <a href="https://pointer.ngi.eu">NGI pointer</a> to work on reproducible
builds for MirageOS, and a web frontend. Here we got the grant of 200,000 €,
which we worked on in 2021 and 2022.</p>
<div role="region"><table>
<tr>
<th>Project</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>OCLC</td>
<td class="right">45,000.00</td>
</tr>
<tr>
<td>TLS 1.3</td>
<td class="right">18,659.01</td>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">55,500.00</td>
</tr>
<tr>
<td>Donations</td>
<td class="right">255.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>119,414.01</strong></td>
</tr>
</table></div><h2 id="2021"><a class="anchor" aria-hidden="true" href="#2021"></a>2021</h2>
<p>As outlined, we worked on reproducible builds of unikernels - rethinking the way
how a unikernel is configured: no more compiled-in secrets, but instead using
boot parameters. We setup the infrastructure for doing daily reproducible
builds, serving system packages via a package repository, and a
<a href="https://builds.robur.coop">web frontend</a> hosting the reproducible builds.
We received in total 120,000 € from NGI Pointer in 2021.</p>
<p>Our work on NetHSM continued, including the introduction of elliptic curves
in mirage-crypto (using <a href="https://github.com/mit-plv/fiat-crypto/">fiat</a>). The
invoices to Nitrokey summed up to 26,000 € in 2021.</p>
<p>We developed in a short timeframe two packages, <a href="https://github.com/robur-coop/u2f">u2f</a>
and later <a href="https://git.robur.coop/robur/webauthn">webauthn</a> for Skolem Labs based
on <a href="https://en.wikipedia.org/wiki/Gift_economy">gift economy</a>. This resulted in
donations of 18,976 €.</p>
<p>We agreed with <a href="https://ocaml-sf.org/">OCSF</a> to work on
<a href="https://github.com/hannesm/conex">conex</a>, which we have not delivered yet
(lots of other things had to be cleared first: we did a security review of opam
(leading to <a href="https://opam.ocaml.org/blog/opam-2-1-5-local-cache/">a security advisory</a>),
we got rid of <a href="https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files"><code>extra-files</code></a>
in the opam-repository, and we <a href="https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files">removed the weak hash md5</a>
from the opam-repository.</p>
<div role="region"><table>
<tr>
<th>Customer</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>NGI Pointer</td>
<td class="right">120,000.00</td>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">26,000.00</td>
</tr>
<tr>
<td>Skolem</td>
<td class="right">18,976.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>164,976.00</strong></td>
</tr>
</table></div><h2 id="2022"><a class="anchor" aria-hidden="true" href="#2022"></a>2022</h2>
<p>We finished our NGI pointer project, and received another 80,000 €.</p>
<p>We also did some minor maintenance for Nitrokey, and invoiced 4,500 €.</p>
<p>For Tarides, we started another maintaining MirageOS packages (and continuing
<a href="https://github.com/robur-coop/utcp">our TCP/IP stack</a>), and invoiced in
total 22,500 €.</p>
<p>A grant application for <a href="https://github.com/dinosaure/bob/">bob</a> was rejected,
but a grant application for <a href="https://github.com/robur-coop/miragevpn">MirageVPN</a>
got accepted. Both at NLnet within the EU NGI project.</p>
<div role="region"><table>
<tr>
<th>Project</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>NGI Pointer</td>
<td class="right">80,000.00</td>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">4,500.00</td>
</tr>
<tr>
<td>Tarides</td>
<td class="right">22,500.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>107,000.00</strong></td>
</tr>
</table></div><h2 id="2023"><a class="anchor" aria-hidden="true" href="#2023"></a>2023</h2>
<p>We finished the NetHSM project, and had a final invoice over 2,500 €.</p>
<p>We started a collaboration for <a href="https://semgrep.dev">semgrep</a>, porting some of
their Python code to OCaml. We received in total 37,500 €.</p>
<p>We continued the MirageOS opam package maintenance and invoiced in total
89,250 € to Tarides.</p>
<p>A grant application on <a href="https://nlnet.nl/project/MirageVPN/">MirageVPN</a> got
accepted (NGI Assure), and we received in total 12,000 € for our work on it.
This is a continuation of our 2019 work funded by Prototypefund.</p>
<p>We also wrote various funding applications, including one for
<a href="https://github.com/robur-coop/dnsvizor">DNSvizor</a> that was
<a href="https://nlnet.nl/project/DNSvizor/">accepted</a> (NGI0 Entrust).</p>
<div role="region"><table>
<tr>
<th>Customer</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>Nitrokey</td>
<td class="right">2,500.00</td>
</tr>
<tr>
<td>semgrep</td>
<td class="right">37,500.00</td>
</tr>
<tr>
<td>Tarides</td>
<td class="right">89,250.00</td>
</tr>
<tr>
<td>MirageVPN</td>
<td class="right">12,000.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>141,250.00</strong></td>
</tr>
</table></div><h2 id="2024"><a class="anchor" aria-hidden="true" href="#2024"></a>2024</h2>
<p>We're still in the middle of it, but so far we continued the Tarides maintenance
contract (54,937.50 €).</p>
<p>We also finished the MirageVPN work, and received another 45,000 €.</p>
<p>We had a contract with Semgrep again on porting Python code to OCaml and received 18,559.40 €.</p>
<p>We again worked on several successful funding applications, one on
<a href="https://nlnet.nl/project/PTT/">PTT</a> (NGI Zero Core), a continuation of the
<a href="https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/">NGI DAPSI</a> project -
now realizing mailing lists with our SMTP stack.</p>
<p>We also got <a href="https://nlnet.nl/project/MTE/">MTE</a> (NGI Taler) accepted.</p>
<p>The below table is until end of September 2024.</p>
<div role="region"><table>
<tr>
<th>Project</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>Semgrep</td>
<td class="right">18,559.40</td>
</tr>
<tr>
<td>Tarides</td>
<td class="right">62,812.50</td>
</tr>
<tr>
<td>MirageVPN</td>
<td class="right">45,000.00</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>126,371.90</strong></td>
</tr>
</table></div><h2 id="total"><a class="anchor" aria-hidden="true" href="#total"></a>Total</h2>
<p>In a single table, here's our income since robur started.</p>
<div role="region"><table>
<tr>
<th>Year</th>
<th class="right">Amount</th>
</tr>
<tr>
<td>2018</td>
<td class="right">140,036.62</td>
</tr>
<tr>
<td>2019</td>
<td class="right">221,904.01</td>
</tr>
<tr>
<td>2020</td>
<td class="right">119,414.01</td>
</tr>
<tr>
<td>2021</td>
<td class="right">164,976.00</td>
</tr>
<tr>
<td>2022</td>
<td class="right">107,000.00</td>
</tr>
<tr>
<td>2023</td>
<td class="right">141,250.00</td>
</tr>
<tr>
<td>2024</td>
<td class="right">126,371.90</td>
</tr>
<tr>
<td><strong>Total</strong></td>
<td class="right"><strong>1,020,952.54</strong></td>
</tr>
</table></div><p><img src="../images/finances.png" alt="Plot of above income table" ></p>
<p>As you can spot, it varies quite a bit. In some years we have fewer money
available than in other years.</p>
<h2 id="expenses"><a class="anchor" aria-hidden="true" href="#expenses"></a>Expenses</h2>
<p>As mentioned, the non-profit company <a href="https://aenderwerk.de">Änderwerk</a> running
the bookkeeping and legal stuff (invoices, tax statements, contracts, etc.) gets
a cut on each income we produce. They are doing amazing work and are very
quick responding to our queries.</p>
<p>We spend most of our income on salary. Some money we spend on travel. We also
pay monthly for our server (plus some extra for hardware, and in June 2024 a
huge amount for trying to recover data from failed SSDs).</p>
<h2 id="conclusion"><a class="anchor" aria-hidden="true" href="#conclusion"></a>Conclusion</h2>
<p>We have provided an overview of our income, we were three to five people working
at robur over the entire time. As written at the beginning, we use needs-based
payment. Our experience with this is great! It provides a lot of trust into each
other.</p>
<p>Our funding is diverse from multiple sources - donations, commercial work,
public funding. This was our initial goal, and we're very happy that it works
fine over the last five years.</p>
<p>Taking the numbers into account, we are not paying ourselves &quot;industry standard&quot;
rates - but we really love what we do - and sometimes we just take some time off.
We do work on various projects that we really really enjoy - but where (at the
moment) no funding is available for.</p>
<p>We are always happy to discuss how our collective operates. If you're
interested, please drop us a message.</p>
<p>Of course, if we receive donations, we use them wisely - mainly for working on
the currently not funded projects (bob, albatross, miou, mollymawk - to name a few). If you
can spare a dime or two, don't hesitate to <a href="https://robur.coop/Donate">donate</a>.
Donations are tax-deductable in Germany (and should be in Europe) since we're a
registered non-profit.</p>
<p>If you're interested in MirageOS and using it in your domain, don't hesitate
to reach out to us (via eMail: team@robur.coop) so we can start to chat - we're keen to deploy MirageOS
and find more domains where it is useful.</p>
</article>
</main>
<footer>
<a href="https://github.com/xhtmlboi/yocaml">Powered by <strong>YOCaml</strong></a>
<br />
</footer>
<script>hljs.highlightAll();</script>
</body>
</html>