Merge pull request 'add-finances-article' (#7) from add-finances-article into main

Reviewed-on: robur/blog.robur.coop#7
This commit is contained in:
Hannes Mehnert 2024-10-21 11:29:05 +00:00
commit 0b0c57de5c
4 changed files with 304 additions and 2 deletions

View file

@ -10,7 +10,7 @@ $ git clone git@git.robur.coop:robur/blog.robur.coop
$ cd blog.robur.coop/ $ cd blog.robur.coop/
$ opam pin add -yn . $ opam pin add -yn .
$ opam install --deps-only blogger $ opam install --deps-only blogger
$ dune exec src/watch.exe -- $ dune exec bin/watch.exe --
``` ```
A little server run on `http://localhost:8000`. A little server run on `http://localhost:8000`.

302
articles/finances.md Normal file
View file

@ -0,0 +1,302 @@
---
date: 2024-10-21
title: How has robur financially been doing since 2018?
description: How we organise as a collective, and why we're doing that.
tags:
- finances
- cooperative
author:
name: Hannes Mehnert
email: hannes@mehnert.org
link: https://hannes.robur.coop
---
Since the beginning, robur has been working on MirageOS unikernels and getting
them deployed. Due to our experience in hierarchical companies, we wanted to
create something different - a workplace without bosses and management. Instead,
we are a collective where everybody has a say on what we do, and who gets how
much money at the end of the month. This means nobody has to write report and
meet any goals - there's no KPI involved. We strive to be a bunch of people
working together nicely and projects that we own and want to bring forward. If
we discover lack of funding, we reach out to (potential) customers to fill our
cash register. Or reach out to people to donate money.
Since our mission is fulfilling and already complex - organising ourselves in a
hierarchy-free environment, including the payment, and work on software in a
niche market - we decided from the early days that bookeeping and invoicing
should not be part of our collective. Especially since we want to be free in
what kind of funding we accept - donations, commercial contracts, public
funding. In the books, robur is part of the non-profit company
[Änderwerk](https://aenderwerk.de) in Germany - and friends of ours run that
company. They get a cut on each income we generate.
To be inclusive and enable everyone to participate in decisions, we are 100%
transparent in our books - every collective member has access to the financial
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
about the needs everyone has on a regular basis and adjust the salary, everyone
agreeing to all the numbers.
## 2018
We started operations in 2018. In late 2017, we got donations (in the form of
bitcoins) by friends who were convinced of our mission. This was 54,194.91 €.
So, in 2018 we started with that money, and tried to find a mission, and
generate income to sustain our salaries.
Also, already in 2017, we applied for funding from
[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/),
and we received the grant in early 2018. This was another 48,500 €, paid to
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
this put us into some struggle, since we needed some double bookkeeping and
individuals had to dig into health care etc.).
We also did in the second half of 2018 a security audit for
[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/)
(invoicing 19,600 €).
And later in 2018 we started on what is now called NetHSM with an initial
design workshop (5,000 €).
And lastly, we started to work on a grant to implement [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446),
funded by Jane Street (via OCaml Labs Consulting). In 2018, we received 12,741.71 €
We applied at NLNet for improving the QubesOS firewall developed in MirageOS
(without success), tried to get the IT security prize in Germany (without
success), and to DIAL OSC (without success).
| Project | Amount |
|-----------------|----------:|
| Donation | 54,194.91 |
| Prototypefund | 48,500.00 |
| Least Authority | 19,600.00 |
| TLS 1.3 | 12,741.71 |
| Nitrokey | 5,000.00 |
| __Total__ | __140,036.62__ |
## 2019
We were keen to finish the CalDAV implementation (and start a CardDAV
implementation), and received some financial support from Tarides for it
(15,000 €).
The TLS 1.3 work continued, we got in total 68,887.53 €.
We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible
MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/),
and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/).
This means again twice 48,500 €.
We also started the implementation work of NetHSM - which still included a lot
of design work - in total the contract was over 82,500 €. In 2019, we invoiced
Nitrokey in 2019 in total 40,500 €.
We also received a total of 516.48 € as donations from source unknown to us.
We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and
got a grant, but due to buerocratic reasons they couldn't transfer the money to
our non-profit (which was involved with NLnet in some EU grants), and we didn't
get any money in the end.
| Project | Amount |
|----------|----------:|
| CardDAV | 15,000.00 |
| TLS 1.3 | 68,887.53 |
| OpenVPN | 48,500.00 |
| QubesOS | 48,500.00 |
| Donation | 516.48 |
| Nitrokey | 40,500.00 |
| __Total__ | __221,904.01__ |
## 2020
In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
packages in the MirageOS ecosystem. This was a contract where at the end of the
month, we reported on which PRs and issues we spent how much time. For us, this
was great to have the freedom to work on which OCaml packages we were keen to
get up to speed. In 2020, we received 45,000 € for this maintenance.
We finished the TLS 1.3 work (18,659.01 €)
We continued to work on the NetHSM project, and invoiced 55,500 €.
We received a total of 255 € in donations from sources unknown to us.
We applied at reset.tech again with DNSvizor, unfortunately without success.
We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible
builds for MirageOS, and a web frontend. Here we got the grant of 200,000 €,
which we worked on in 2021 and 2022.
| Project | Amount |
|-----------|----------:|
| OCLC | 45,000.00 |
| TLS 1.3 | 18,659.01 |
| Nitrokey | 55,500.00 |
| Donations | 255.00 |
| __Total__ | __119,414.01__ |
## 2021
As outlined, we worked on reproducible builds of unikernels - rethinking the way
how a unikernel is configured: no more compiled-in secrets, but instead using
boot parameters. We setup the infrastructure for doing daily reproducible
builds, serving system packages via a package repository, and a
[web frontend](https://builds.robur.coop) hosting the reproducible builds.
We received in total 120,000 € from NGI Pointer in 2021.
Our work on NetHSM continued, including the introduction of elliptic curves
in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The
invoices to Nitrokey summed up to 26,000 € in 2021.
We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f)
and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based
on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in
donations of 18,976 €.
We agreed with [OCSF](https://ocaml-sf.org/) to work on
[conex](https://github.com/hannesm/conex), which we have not delivered yet
(lots of other things had to be cleared first: we did a security review of opam
(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)),
we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
from the opam-repository.
| Customer | Amount |
|-------------|----------:|
| NGI Pointer | 120,000.00 |
| Nitrokey | 26,000.00 |
| Skolem | 18,976.00 |
| __Total__ | __164,976.00__ |
## 2022
We finished our NGI pointer project, and received another 80,000 €.
We also did some minor maintenance for Nitrokey, and invoiced 4,500 €.
For Tarides, we started another maintaining MirageOS packages (and continuing
[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in
total 22,500 €.
A grant application for [bob](https://github.com/dinosaure/bob/) was rejected,
but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn)
got accepted. Both at NLnet within the EU NGI project.
| Project | Amount |
|-------------|---------:|
| NGI Pointer | 80,000.00 |
| Nitrokey | 4,500.00 |
| Tarides | 22,500.00 |
| __Total__ | __107,000.00__ |
## 2023
We finished the NetHSM project, and had a final invoice over 2,500 €.
We started a collaboration for [semgrep](https://semgrep.dev), porting some of
their Python code to OCaml. We received in total 37,500 €.
We continued the MirageOS opam package maintenance and invoiced in total
89,250 € to Tarides.
A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got
accepted (NGI Assure), and we received in total 12,000 € for our work on it.
This is a continuation of our 2019 work funded by Prototypefund.
We also wrote various funding applications, including one for
[DNSvizor](https://github.com/robur-coop/dnsvizor) that was
[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust).
| Customer | Amount |
|-----------|---------:|
| Nitrokey | 2,500.00 |
| semgrep | 37,500.00 |
| Tarides | 89,250.00 |
| MirageVPN | 12,000.00 |
| __Total__ | __141,250.00__ |
## 2024
We're still in the middle of it, but so far we continued the Tarides maintenance
contract (54,937.50 €).
We also finished the MirageVPN work, and received another 45,000 €.
We had a contract with Semgrep again on porting Python code to OCaml and received 18,559.40 €.
We again worked on several successful funding applications, one on
[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the
[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project -
now realizing mailing lists with our SMTP stack.
We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted.
The below table is until end of September 2024.
| Project | Amount |
|-----------|----------:|
| Semgrep | 18,559.40 |
| Tarides | 62,812.50 |
| MirageVPN | 45,000.00 |
| __Total__ | __126,371.90__ |
## Total
In a single table, here's our income since robur started.
| Year | Amount |
|-------|-----------:|
| 2018 | 140,036.62 |
| 2019 | 221,904.01 |
| 2020 | 119,414.01 |
| 2021 | 164,976.00 |
| 2022 | 107,000.00 |
| 2023 | 141,250.00 |
| 2024 | 126,371.90 |
| __Total__ | __1,020,952.54__ |
![Plot of above income table](../images/finances.png)
As you can spot, it varies quite a bit. In some years we have fewer money
available than in other years.
## Expenses
As mentioned, the non-profit company [Änderwerk](https://aenderwerk.de) running
the bookkeeping and legal stuff (invoices, tax statements, contracts, etc.) gets
a cut on each income we produce. They are doing amazing work and are very
quick responding to our queries.
We spend most of our income on salary. Some money we spend on travel. We also
pay monthly for our server (plus some extra for hardware, and in June 2024 a
huge amount for trying to recover data from failed SSDs).
## Conclusion
We have provided an overview of our income, we were three to five people working
at robur over the entire time. As written at the beginning, we use needs-based
payment. Our experience with this is great! It provides a lot of trust into each
other.
Our funding is diverse from multiple sources - donations, commercial work,
public funding. This was our initial goal, and we're very happy that it works
fine over the last five years.
Taking the numbers into account, we are not paying ourselves "industry standard"
rates - but we really love what we do - and sometimes we just take some time off.
We do work on various projects that we really really enjoy - but where (at the
moment) no funding is available for.
We are always happy to discuss how our collective operates. If you're
interested, please drop us a message.
Of course, if we receive donations, we use them wisely - mainly for working on
the currently not funded projects (bob, albatross, miou, mollymawk - to name a few). If you
can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).
Donations are tax-deductable in Germany (and should be in Europe) since we're a
registered non-profit.
If you're interested in MirageOS and using it in your domain, don't hesitate
to reach out to us (via eMail: team@robur.coop) so we can start to chat - we're keen to deploy MirageOS
and find more domains where it is useful.

View file

@ -93,6 +93,6 @@ As a spoiler, for P-256 sign there's another improvement of around 4.5 with [Vir
Remove all cstruct, everywhere, apart from in mirage-block-xen and mirage-net-xen ;). It was a fine decision in the early MirageOS days, but from a performance point of view, and for making our packages more broadly usable without many dependencies, it is time to remove cstruct. Earlier this year we already [removed cstruct from ocaml-tar](https://github.com/mirage/ocaml-tar/pull/137) for similar reasons. Remove all cstruct, everywhere, apart from in mirage-block-xen and mirage-net-xen ;). It was a fine decision in the early MirageOS days, but from a performance point of view, and for making our packages more broadly usable without many dependencies, it is time to remove cstruct. Earlier this year we already [removed cstruct from ocaml-tar](https://github.com/mirage/ocaml-tar/pull/137) for similar reasons.
Our MirageOS work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (tax-deducable - at least in the EU) [donation](https://aenderwerk.de/donate/) (select "DONATION robur" in the dropdown menu). Our MirageOS work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (tax-deductable - at least in the EU) [donation](https://aenderwerk.de/donate/) (select "DONATION robur" in the dropdown menu).
We're keen to get MirageOS deployed in production - if you would like to do that, don't hesitate to reach out to us via eMail team at robur.coop We're keen to get MirageOS deployed in production - if you would like to do that, don't hesitate to reach out to us via eMail team at robur.coop

BIN
images/finances.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.3 KiB