blog.robur.coop/articles/finances.md

284 lines
12 KiB
Markdown
Raw Normal View History

2024-10-19 11:13:18 +00:00
---
date: 2024-08-26
article.title: What has robur been doing and how since 2018?
article.description:
tags:
- finances
- cooperative
author:
name: Hannes Mehnert
email: hannes@mehnert.org
link: https://hannes.robur.coop
---
Since the beginning, robur has been working on MirageOS unikernels and getting
them deployed. Due to our experience in hierarchical companies, we wanted to
create something different - a workplace without bosses and management. Instead,
we are a collective where everybody has a say on what we do, and who gets how
much money at the end of the month. This means nobody has to write report and
meet any goals - there's no KPI involved. We strive to be a bunch of people
working together nicely and projects that we own and want to bring forward. If
we discover lack of funding, we reach out to (potential) customers to fill our
cash register. Or reach out to people to donate money.
Since our mission is fulfilling and already complex - organising ourselves in a
hierarchy-free environment, including the payment, and work on software in a
niche market - we decided from the early days that bookeeping and invoicing
should not be part of our collective. Especially since we want to be free in
what kind of funding we accept - donations, commercial contracts, public
funding. In the books, robur is part of a non-profit company in Germany - and
friends of ours run that company. They get a cut on each income we generate.
To be inclusive and enable everyone to participate in decisions, we are 100%
transparent in our books - every collective member has access to the financial
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
about the needs everyone has on a regular basis and adjust the salary, everyone
agreeing to all the numbers.
## 2018
We started operations in 2018. In late 2017, we got donations (in the form of
2024-10-19 11:14:24 +00:00
bitcoins) by friends who were convinced of our mission. This was 54,194.91 EUR.
2024-10-19 11:13:18 +00:00
So, in 2018 we started with that money, and tried to find a mission, and
generate income to sustain our salaries.
Also, already in 2017, we applied for funding from
[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/),
2024-10-19 11:14:24 +00:00
and we received the grant in early 2018. This was another 48,500 EUR, paid to
2024-10-19 11:13:18 +00:00
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
this put us into some struggle, since we needed some double bookkeeping and
individuals had to dig into health care etc.).
We also did in the second half of 2018 a security audit for
[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/)
2024-10-19 11:14:24 +00:00
(invoicing 19,600 EUR).
2024-10-19 11:13:18 +00:00
And later in 2018 we started on what is now called NetHSM with an initial
2024-10-19 11:14:24 +00:00
design workshop (5,000 EUR).
2024-10-19 11:13:18 +00:00
And lastly, we started to work on [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446)
2024-10-19 11:14:24 +00:00
funded by Jane Street via OCaml Labs Consulting. In 2018, we received 12,741.71 EUR
2024-10-19 11:13:18 +00:00
We applied at NLNet for improving the QubesOS firewall developed in MirageOS
(without success), tried to get the IT security prize in Germany (without
success), and to DIAL OSC (without success).
| Project | Amount |
|-----------------|----------:|
2024-10-19 11:14:24 +00:00
| Donation | 54,194.91 |
| Prototypefund | 48,500.00 |
| Least Authority | 19,600.00 |
| TLS 1.3 | 12,741.71 |
| Nitrokey | 5,000.00 |
| __Total__ | __140,036.62__ |
2024-10-19 11:13:18 +00:00
## 2019
We were keen to finish the CalDAV implementation (and start a CardDAV
implementation), and received some financial support from Tarides for it
2024-10-19 11:14:24 +00:00
(15,000 EUR).
2024-10-19 11:13:18 +00:00
2024-10-19 11:14:24 +00:00
The TLS 1.3 work continued, we got in total 68,887.53 EUR.
2024-10-19 11:13:18 +00:00
We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible
MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/),
and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/).
2024-10-19 11:14:24 +00:00
This means again twice 48,500 EUR.
2024-10-19 11:13:18 +00:00
We also started the implementation work of NetHSM - which still included a lot
2024-10-19 11:14:24 +00:00
of design work - in total the contract was over 82,500 EUR. In 2019, we invoiced
Nitrokey in 2019 in total 40,500 EUR.
2024-10-19 11:13:18 +00:00
We also received a total of 516.48 EUR as donations from source unknown to us.
We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and
got a grant, but due to buerocratic reasons they couldn't transfer the money to
our non-profit, and we didn't get any money in the end.
| Project | Amount |
|----------|----------:|
2024-10-19 11:14:24 +00:00
| CardDAV | 15,000.00 |
| TLS 1.3 | 68,887.53 |
| OpenVPN | 48,500.00 |
| QubesOS | 48,500.00 |
2024-10-19 11:13:18 +00:00
| Donation | 516.48 |
2024-10-19 11:14:24 +00:00
| Nitrokey | 40,500.00 |
| __Total__ | __221,904.01__ |
2024-10-19 11:13:18 +00:00
## 2020
In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
packages in the MirageOS ecosystem. This was a contract where at the end of the
month, we reported on which PRs and issues we spent how much time. For us, this
was great to have the freedom to work on which OCaml packages we were keen to
2024-10-19 11:14:24 +00:00
get up to speed. In 2020, we received 45,000 EUR for this maintenance.
2024-10-19 11:13:18 +00:00
We finished the TLS 1.3 work (18659.01 EUR)
2024-10-19 11:14:24 +00:00
We continued to work on the NetHSM project, and invoiced 55,500 EUR.
2024-10-19 11:13:18 +00:00
We received a total of 255 EUR in donations from sources unknown to us.
We applied at reset.tech again with DNSvizor, unfortunately without success.
We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible
2024-10-19 11:14:24 +00:00
builds for MirageOS, and a web frontend. Here we got the grant of 200,000 EUR,
2024-10-19 11:13:18 +00:00
which we worked on in 2021 and 2022.
| Project | Amount |
|-----------|----------:|
2024-10-19 11:14:24 +00:00
| OCLC | 45,000.00 |
| TLS 1.3 | 18,659.01 |
| Nitrokey | 55,500.00 |
2024-10-19 11:13:18 +00:00
| Donations | 255.00 |
2024-10-19 11:14:24 +00:00
| __Total__ | __119,414.01__ |
2024-10-19 11:13:18 +00:00
## 2021
As outlined, we worked on reproducible builds of unikernels - rethinking the way
how a unikernel is configured: no more compiled-in secrets, but instead using
boot parameters. We setup the infrastructure for doing daily reproducible
builds, serving system packages via a package repository, and a
[web frontend](https://builds.robur.coop) hosting the reproducible builds.
2024-10-19 11:14:24 +00:00
We received in total 120,000 EUR from NGI Pointer in 2021.
2024-10-19 11:13:18 +00:00
Our work on NetHSM continued, including the introduction of elliptic curves
in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The
2024-10-19 11:14:24 +00:00
invoices to Nitrokey summed up to 26,000 EUR in 2021.
2024-10-19 11:13:18 +00:00
We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f)
and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based
on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in
2024-10-19 11:14:24 +00:00
donations of 18,976 EUR.
2024-10-19 11:13:18 +00:00
We agreed with [OCSF](https://ocaml-sf.org/) to work on
[conex](https://github.com/hannesm/conex), which we have not delivered yet
(lots of other things had to be cleared first: we did a security review of opam
(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)),
we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
from the opam-repository.
| Customer | Amount |
|-------------|----------:|
2024-10-19 11:14:24 +00:00
| NGI Pointer | 120,000.00 |
| Nitrokey | 26,000.00 |
| Skolem | 18,976.00 |
| __Total__ | __164,976.00__ |
2024-10-19 11:13:18 +00:00
## 2022
2024-10-19 11:14:24 +00:00
We finished our NGI pointer project, and received another 80,000 EUR.
2024-10-19 11:13:18 +00:00
2024-10-19 11:14:24 +00:00
We also did some minor maintenance for Nitrokey, and invoiced 4,500 EUR.
2024-10-19 11:13:18 +00:00
For Tarides, we started another maintaining MirageOS packages (and continuing
[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in
2024-10-19 11:14:24 +00:00
total 22,500 EUR.
2024-10-19 11:13:18 +00:00
A grant application for [bob](https://github.com/dinosaure/bob/) was rejected,
but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn)
got accepted.
| Project | Amount |
|-------------|---------:|
2024-10-19 11:14:24 +00:00
| NGI Pointer | 80,000.00 |
| Nitrokey | 4,500.00 |
| Tarides | 22,500.00 |
| __Total__ | __107,000.00__ |
2024-10-19 11:13:18 +00:00
## 2023
2024-10-19 11:14:24 +00:00
We finished the NetHSM project, and had a final invoice over 2,500 EUR.
2024-10-19 11:13:18 +00:00
We started a collaboration for [semgrep](https://semgrep.dev), porting some of
2024-10-19 11:14:24 +00:00
their Python code to OCaml. We received in total 37,500 EUR.
2024-10-19 11:13:18 +00:00
We continued the MirageOS opam package maintenance and invoiced in total
2024-10-19 11:14:24 +00:00
89,250 EUR to Tarides.
2024-10-19 11:13:18 +00:00
A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got
2024-10-19 11:14:24 +00:00
accepted (NGI Assure), and we received in total 12,000 EUR for our work on it.
2024-10-19 11:13:18 +00:00
This is a continuation of our 2019 work funded by Prototypefund.
We also wrote various funding applications, including one for
[DNSvizor](https://github.com/robur-coop/dnsvizor) that was
[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust).
| Customer | Amount |
|-----------|---------:|
2024-10-19 11:14:24 +00:00
| Nitrokey | 2,500.00 |
| semgrep | 37,500.00 |
| Tarides | 89,250.00 |
| MirageVPN | 12,000.00 |
| __Total__ | __141,250.00__ |
2024-10-19 11:13:18 +00:00
## 2024
We're still in the middle of it, but so far we continued the Tarides maintenance
2024-10-19 11:14:24 +00:00
contract (54,937.50 EUR).
2024-10-19 11:13:18 +00:00
2024-10-19 11:14:24 +00:00
We also finished the MirageVPN work, and received another 45,000 EUR.
2024-10-19 11:13:18 +00:00
2024-10-19 11:14:24 +00:00
We had a small contract with Semgrep again on porting Python code to OCaml and received 18,559.40 EUR.
2024-10-19 11:13:18 +00:00
We again worked on several successful funding applications, one on
[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the
[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project -
now realizing mailing lists with our SMTP stack.
We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted.
The below table is until end of August 2024.
| Project | Amount |
|-----------|----------:|
2024-10-19 11:14:24 +00:00
| Semgrep | 18,559.40 |
| Tarides | 54,937.50 |
| MirageVPN | 45,000.00 |
| __Total__ | __118,496.90__ |
2024-10-19 11:13:18 +00:00
## Total
In a single table, here's our income over the last 5 years.
| Year | Amount |
|-------|-----------:|
2024-10-19 11:14:24 +00:00
| 2018 | 140,036.62 |
| 2019 | 221,904.01 |
| 2020 | 119,414.01 |
| 2021 | 164,976.00 |
| 2022 | 107,000.00 |
| 2023 | 141,250.00 |
| 2024 | 118,496.90 |
| __Total__ | __1,013,077.54__ |
2024-10-19 11:13:18 +00:00
As you can spot, it varies quite a bit. In some years we have fewer money
available than in other years.
## Conclusion
We have provided an overview of our income, we were three to five people working
at robur over the entire time. As written at the beginning, we use needs-based
payment. Our experience with this is great! It provides a lot of trust into each
2024-10-19 11:14:24 +00:00
other. From our income, some money flows to Aenderwerk for their amazing
bookkeeping work - writing invoices, doing the taxes, helping us with contracts.
We also finance our server, including a severe hard disk failure in June 2024.
Our funding is diverse from multiple sources - donations, commercial work,
public funding. This was our initial goal, and we're very happy that it works fine
over the last five years.
Taking the numbers into account, we are not paying ourselves "industry standard"
rates - but we really love what we do - and sometimes we just take some time off.
We do work on various projects that we really really enjoy - but where (at the
moment) no funding is available for.
2024-10-19 11:13:18 +00:00
We are always happy to discuss how our collective operates. If you're
interested, please drop us a message.
Of course, if we receive donations, we use them wisely - mainly for working on
the currently not funded projects (bob, miou, mollymawk - to name a few). If you
can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).