blog.robur.coop/articles/finances.md

281 lines
11 KiB
Markdown
Raw Normal View History

2024-10-19 11:13:18 +00:00
---
date: 2024-08-26
article.title: What has robur been doing and how since 2018?
article.description:
tags:
- finances
- cooperative
author:
name: Hannes Mehnert
email: hannes@mehnert.org
link: https://hannes.robur.coop
---
Since the beginning, robur has been working on MirageOS unikernels and getting
them deployed. Due to our experience in hierarchical companies, we wanted to
create something different - a workplace without bosses and management. Instead,
we are a collective where everybody has a say on what we do, and who gets how
much money at the end of the month. This means nobody has to write report and
meet any goals - there's no KPI involved. We strive to be a bunch of people
working together nicely and projects that we own and want to bring forward. If
we discover lack of funding, we reach out to (potential) customers to fill our
cash register. Or reach out to people to donate money.
Since our mission is fulfilling and already complex - organising ourselves in a
hierarchy-free environment, including the payment, and work on software in a
niche market - we decided from the early days that bookeeping and invoicing
should not be part of our collective. Especially since we want to be free in
what kind of funding we accept - donations, commercial contracts, public
funding. In the books, robur is part of a non-profit company in Germany - and
friends of ours run that company. They get a cut on each income we generate.
To be inclusive and enable everyone to participate in decisions, we are 100%
transparent in our books - every collective member has access to the financial
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
about the needs everyone has on a regular basis and adjust the salary, everyone
agreeing to all the numbers.
## 2018
We started operations in 2018. In late 2017, we got donations (in the form of
bitcoins) by friends who were convinced of our mission. This was 54194.91 EUR.
So, in 2018 we started with that money, and tried to find a mission, and
generate income to sustain our salaries.
Also, already in 2017, we applied for funding from
[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/),
and we received the grant in early 2018. This was another 48500 EUR, paid to
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
this put us into some struggle, since we needed some double bookkeeping and
individuals had to dig into health care etc.).
We also did in the second half of 2018 a security audit for
[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/)
(invoicing 19600 EUR).
And later in 2018 we started on what is now called NetHSM with an initial
design workshop (5000 EUR).
And lastly, we started to work on [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446)
funded by Jane Street via OCaml Labs Consulting. In 2018, we received 12741.71 EUR
We applied at NLNet for improving the QubesOS firewall developed in MirageOS
(without success), tried to get the IT security prize in Germany (without
success), and to DIAL OSC (without success).
| Project | Amount |
|-----------------|----------:|
| Donation | 54194.91 |
| Prototypefund | 48500.00 |
| Least Authority | 19600.00 |
| TLS 1.3 | 12741.71 |
| Nitrokey | 5000.00 |
|-----------------|-----------|
| Total | 140036.62 |
## 2019
We were keen to finish the CalDAV implementation (and start a CardDAV
implementation), and received some financial support from Tarides for it
(15000 EUR).
The TLS 1.3 work continued, we got in total 68887.53 EUR.
We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible
MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/),
and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/).
This means again twice 48500 EUR.
We also started the implementation work of NetHSM - which still included a lot
of design work - in total the contract was over 82500 EUR. In 2019, we invoiced
Nitrokey in 2019 in total 40500 EUR.
We also received a total of 516.48 EUR as donations from source unknown to us.
We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and
got a grant, but due to buerocratic reasons they couldn't transfer the money to
our non-profit, and we didn't get any money in the end.
| Project | Amount |
|----------|----------:|
| CardDAV | 15000.00 |
| TLS 1.3 | 68887.53 |
| OpenVPN | 48500.00 |
| QubesOS | 48500.00 |
| Donation | 516.48 |
| Nitrokey | 40500.00 |
|----------|-----------|
| Total | 221904.01 |
## 2020
In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
packages in the MirageOS ecosystem. This was a contract where at the end of the
month, we reported on which PRs and issues we spent how much time. For us, this
was great to have the freedom to work on which OCaml packages we were keen to
get up to speed. In 2020, we received 45000 EUR for this maintenance.
We finished the TLS 1.3 work (18659.01 EUR)
We continued to work on the NetHSM project, and invoiced 55500 EUR.
We received a total of 255 EUR in donations from sources unknown to us.
We applied at reset.tech again with DNSvizor, unfortunately without success.
We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible
builds for MirageOS, and a web frontend. Here we got the grant of 200000 EUR,
which we worked on in 2021 and 2022.
| Project | Amount |
|-----------|----------:|
| OCLC | 45000.00 |
| TLS 1.3 | 18659.01 |
| Nitrokey | 55500.00 |
| Donations | 255.00 |
|-----------|-----------|
| Total | 119414.01 |
## 2021
As outlined, we worked on reproducible builds of unikernels - rethinking the way
how a unikernel is configured: no more compiled-in secrets, but instead using
boot parameters. We setup the infrastructure for doing daily reproducible
builds, serving system packages via a package repository, and a
[web frontend](https://builds.robur.coop) hosting the reproducible builds.
We received in total 120000 EUR from NGI Pointer in 2021.
Our work on NetHSM continued, including the introduction of elliptic curves
in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The
invoices to Nitrokey summed up to 26000 EUR in 2021.
We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f)
and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based
on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in
donations of 18976 EUR.
We agreed with [OCSF](https://ocaml-sf.org/) to work on
[conex](https://github.com/hannesm/conex), which we have not delivered yet
(lots of other things had to be cleared first: we did a security review of opam
(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)),
we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
from the opam-repository.
| Customer | Amount |
|-------------|----------:|
| NGI Pointer | 120000.00 |
| Nitrokey | 26000.00 |
| Skolem | 18976.00 |
|-------------|-----------|
| Total | 164976.00 |
## 2022
We finished our NGI pointer project, and received another 80000 EUR.
We also did some minor maintenance for Nitrokey, and invoiced 4500 EUR.
For Tarides, we started another maintaining MirageOS packages (and continuing
[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in
total 22500 EUR.
A grant application for [bob](https://github.com/dinosaure/bob/) was rejected,
but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn)
got accepted.
| Project | Amount |
|-------------|---------:|
| NGI Pointer | 80000.00 |
| Nitrokey | 4500.00 |
| Tarides | 22500.00 |
|-------------|----------|
| Total |107000.00 |
## 2023
We finished the NetHSM project, and had a final invoice over 2500 EUR.
We started a collaboration for [semgrep](https://semgrep.dev), porting some of
their Python code to OCaml. We received in total 37500 EUR.
We continued the MirageOS opam package maintenance and invoiced in total
89250 EUR to Tarides.
A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got
accepted (NGI Assure), and we received in total 12000 EUR for our work on it.
This is a continuation of our 2019 work funded by Prototypefund.
We also wrote various funding applications, including one for
[DNSvizor](https://github.com/robur-coop/dnsvizor) that was
[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust).
| Customer | Amount |
|-----------|---------:|
| Nitrokey | 2500.00 |
| semgrep | 37500.00 |
| Tarides | 89250.00 |
| MirageVPN | 12000.00 |
|-----------|----------|
| Total |141250.00 |
## 2024
We're still in the middle of it, but so far we continued the Tarides maintenance
contract (54937.50 EUR).
We also finished the MirageVPN work, and received another 45000 EUR.
We had a small contract with Semgrep and received 18559.40 EUR.
We again worked on several successful funding applications, one on
[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the
[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project -
now realizing mailing lists with our SMTP stack.
We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted.
The below table is until end of August 2024.
| Project | Amount |
|-----------|----------:|
| Semgrep | 18559.40 |
| Tarides | 54937.50 |
| MirageVPN | 45000.00 |
|-----------|-----------|
| Total | 118496.90 |
## Total
In a single table, here's our income over the last 5 years.
| Year | Amount |
|-------|-----------:|
| 2018 | 140036.62 |
| 2019 | 221904.01 |
| 2020 | 119414.01 |
| 2021 | 164976.00 |
| 2022 | 107000.00 |
| 2023 | 141250.00 |
| 2024 | 118496.90 |
|-------|------------|
| Total | 1013077.50 |
As you can spot, it varies quite a bit. In some years we have fewer money
available than in other years.
## Conclusion
We have provided an overview of our income, we were three to five people working
at robur over the entire time. As written at the beginning, we use needs-based
payment. Our experience with this is great! It provides a lot of trust into each
other.
We are always happy to discuss how our collective operates. If you're
interested, please drop us a message.
Of course, if we receive donations, we use them wisely - mainly for working on
the currently not funded projects (bob, miou, mollymawk - to name a few). If you
can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).