forked from robur/blog.robur.coop
302 lines
12 KiB
Markdown
302 lines
12 KiB
Markdown
---
|
|
date: 2024-10-21
|
|
title: How has robur financially been doing since 2018?
|
|
description: How we organise as a collective, and why we're doing that.
|
|
tags:
|
|
- finances
|
|
- cooperative
|
|
author:
|
|
name: Hannes Mehnert
|
|
email: hannes@mehnert.org
|
|
link: https://hannes.robur.coop
|
|
---
|
|
|
|
Since the beginning, robur has been working on MirageOS unikernels and getting
|
|
them deployed. Due to our experience in hierarchical companies, we wanted to
|
|
create something different - a workplace without bosses and management. Instead,
|
|
we are a collective where everybody has a say on what we do, and who gets how
|
|
much money at the end of the month. This means nobody has to write report and
|
|
meet any goals - there's no KPI involved. We strive to be a bunch of people
|
|
working together nicely and projects that we own and want to bring forward. If
|
|
we discover lack of funding, we reach out to (potential) customers to fill our
|
|
cash register. Or reach out to people to donate money.
|
|
|
|
Since our mission is fulfilling and already complex - organising ourselves in a
|
|
hierarchy-free environment, including the payment, and work on software in a
|
|
niche market - we decided from the early days that bookeeping and invoicing
|
|
should not be part of our collective. Especially since we want to be free in
|
|
what kind of funding we accept - donations, commercial contracts, public
|
|
funding. In the books, robur is part of the non-profit company
|
|
[Änderwerk](https://aenderwerk.de) in Germany - and friends of ours run that
|
|
company. They get a cut on each income we generate.
|
|
|
|
To be inclusive and enable everyone to participate in decisions, we are 100%
|
|
transparent in our books - every collective member has access to the financial
|
|
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
|
|
about the needs everyone has on a regular basis and adjust the salary, everyone
|
|
agreeing to all the numbers.
|
|
|
|
## 2018
|
|
|
|
We started operations in 2018. In late 2017, we got donations (in the form of
|
|
bitcoins) by friends who were convinced of our mission. This was 54,194.91 €.
|
|
So, in 2018 we started with that money, and tried to find a mission, and
|
|
generate income to sustain our salaries.
|
|
|
|
Also, already in 2017, we applied for funding from
|
|
[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/),
|
|
and we received the grant in early 2018. This was another 48,500 €, paid to
|
|
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
|
|
this put us into some struggle, since we needed some double bookkeeping and
|
|
individuals had to dig into health care etc.).
|
|
|
|
We also did in the second half of 2018 a security audit for
|
|
[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/)
|
|
(invoicing 19,600 €).
|
|
|
|
And later in 2018 we started on what is now called NetHSM with an initial
|
|
design workshop (5,000 €).
|
|
|
|
And lastly, we started to work on a grant to implement [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446),
|
|
funded by Jane Street (via OCaml Labs Consulting). In 2018, we received 12,741.71 €
|
|
|
|
We applied at NLNet for improving the QubesOS firewall developed in MirageOS
|
|
(without success), tried to get the IT security prize in Germany (without
|
|
success), and to DIAL OSC (without success).
|
|
|
|
| Project | Amount |
|
|
|-----------------|----------:|
|
|
| Donation | 54,194.91 |
|
|
| Prototypefund | 48,500.00 |
|
|
| Least Authority | 19,600.00 |
|
|
| TLS 1.3 | 12,741.71 |
|
|
| Nitrokey | 5,000.00 |
|
|
| __Total__ | __140,036.62__ |
|
|
|
|
|
|
## 2019
|
|
|
|
We were keen to finish the CalDAV implementation (and start a CardDAV
|
|
implementation), and received some financial support from Tarides for it
|
|
(15,000 €).
|
|
|
|
The TLS 1.3 work continued, we got in total 68,887.53 €.
|
|
|
|
We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible
|
|
MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/),
|
|
and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/).
|
|
This means again twice 48,500 €.
|
|
|
|
We also started the implementation work of NetHSM - which still included a lot
|
|
of design work - in total the contract was over 82,500 €. In 2019, we invoiced
|
|
Nitrokey in 2019 in total 40,500 €.
|
|
|
|
We also received a total of 516.48 € as donations from source unknown to us.
|
|
|
|
We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and
|
|
got a grant, but due to buerocratic reasons they couldn't transfer the money to
|
|
our non-profit (which was involved with NLnet in some EU grants), and we didn't
|
|
get any money in the end.
|
|
|
|
| Project | Amount |
|
|
|----------|----------:|
|
|
| CardDAV | 15,000.00 |
|
|
| TLS 1.3 | 68,887.53 |
|
|
| OpenVPN | 48,500.00 |
|
|
| QubesOS | 48,500.00 |
|
|
| Donation | 516.48 |
|
|
| Nitrokey | 40,500.00 |
|
|
| __Total__ | __221,904.01__ |
|
|
|
|
## 2020
|
|
|
|
In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
|
|
packages in the MirageOS ecosystem. This was a contract where at the end of the
|
|
month, we reported on which PRs and issues we spent how much time. For us, this
|
|
was great to have the freedom to work on which OCaml packages we were keen to
|
|
get up to speed. In 2020, we received 45,000 € for this maintenance.
|
|
|
|
We finished the TLS 1.3 work (18,659.01 €)
|
|
|
|
We continued to work on the NetHSM project, and invoiced 55,500 €.
|
|
|
|
We received a total of 255 € in donations from sources unknown to us.
|
|
|
|
We applied at reset.tech again with DNSvizor, unfortunately without success.
|
|
|
|
We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible
|
|
builds for MirageOS, and a web frontend. Here we got the grant of 200,000 €,
|
|
which we worked on in 2021 and 2022.
|
|
|
|
| Project | Amount |
|
|
|-----------|----------:|
|
|
| OCLC | 45,000.00 |
|
|
| TLS 1.3 | 18,659.01 |
|
|
| Nitrokey | 55,500.00 |
|
|
| Donations | 255.00 |
|
|
| __Total__ | __119,414.01__ |
|
|
|
|
## 2021
|
|
|
|
As outlined, we worked on reproducible builds of unikernels - rethinking the way
|
|
how a unikernel is configured: no more compiled-in secrets, but instead using
|
|
boot parameters. We setup the infrastructure for doing daily reproducible
|
|
builds, serving system packages via a package repository, and a
|
|
[web frontend](https://builds.robur.coop) hosting the reproducible builds.
|
|
We received in total 120,000 € from NGI Pointer in 2021.
|
|
|
|
Our work on NetHSM continued, including the introduction of elliptic curves
|
|
in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The
|
|
invoices to Nitrokey summed up to 26,000 € in 2021.
|
|
|
|
We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f)
|
|
and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based
|
|
on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in
|
|
donations of 18,976 €.
|
|
|
|
We agreed with [OCSF](https://ocaml-sf.org/) to work on
|
|
[conex](https://github.com/hannesm/conex), which we have not delivered yet
|
|
(lots of other things had to be cleared first: we did a security review of opam
|
|
(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)),
|
|
we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
|
|
in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
|
|
from the opam-repository.
|
|
|
|
| Customer | Amount |
|
|
|-------------|----------:|
|
|
| NGI Pointer | 120,000.00 |
|
|
| Nitrokey | 26,000.00 |
|
|
| Skolem | 18,976.00 |
|
|
| __Total__ | __164,976.00__ |
|
|
|
|
## 2022
|
|
|
|
We finished our NGI pointer project, and received another 80,000 €.
|
|
|
|
We also did some minor maintenance for Nitrokey, and invoiced 4,500 €.
|
|
|
|
For Tarides, we started another maintaining MirageOS packages (and continuing
|
|
[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in
|
|
total 22,500 €.
|
|
|
|
A grant application for [bob](https://github.com/dinosaure/bob/) was rejected,
|
|
but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn)
|
|
got accepted. Both at NLnet within the EU NGI project.
|
|
|
|
| Project | Amount |
|
|
|-------------|---------:|
|
|
| NGI Pointer | 80,000.00 |
|
|
| Nitrokey | 4,500.00 |
|
|
| Tarides | 22,500.00 |
|
|
| __Total__ | __107,000.00__ |
|
|
|
|
## 2023
|
|
|
|
We finished the NetHSM project, and had a final invoice over 2,500 €.
|
|
|
|
We started a collaboration for [semgrep](https://semgrep.dev), porting some of
|
|
their Python code to OCaml. We received in total 37,500 €.
|
|
|
|
We continued the MirageOS opam package maintenance and invoiced in total
|
|
89,250 € to Tarides.
|
|
|
|
A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got
|
|
accepted (NGI Assure), and we received in total 12,000 € for our work on it.
|
|
This is a continuation of our 2019 work funded by Prototypefund.
|
|
|
|
We also wrote various funding applications, including one for
|
|
[DNSvizor](https://github.com/robur-coop/dnsvizor) that was
|
|
[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust).
|
|
|
|
| Customer | Amount |
|
|
|-----------|---------:|
|
|
| Nitrokey | 2,500.00 |
|
|
| semgrep | 37,500.00 |
|
|
| Tarides | 89,250.00 |
|
|
| MirageVPN | 12,000.00 |
|
|
| __Total__ | __141,250.00__ |
|
|
|
|
## 2024
|
|
|
|
We're still in the middle of it, but so far we continued the Tarides maintenance
|
|
contract (54,937.50 €).
|
|
|
|
We also finished the MirageVPN work, and received another 45,000 €.
|
|
|
|
We had a contract with Semgrep again on porting Python code to OCaml and received 18,559.40 €.
|
|
|
|
We again worked on several successful funding applications, one on
|
|
[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the
|
|
[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project -
|
|
now realizing mailing lists with our SMTP stack.
|
|
|
|
We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted.
|
|
|
|
The below table is until end of September 2024.
|
|
|
|
| Project | Amount |
|
|
|-----------|----------:|
|
|
| Semgrep | 18,559.40 |
|
|
| Tarides | 62,812.50 |
|
|
| MirageVPN | 45,000.00 |
|
|
| __Total__ | __126,371.90__ |
|
|
|
|
## Total
|
|
|
|
In a single table, here's our income since robur started.
|
|
|
|
| Year | Amount |
|
|
|-------|-----------:|
|
|
| 2018 | 140,036.62 |
|
|
| 2019 | 221,904.01 |
|
|
| 2020 | 119,414.01 |
|
|
| 2021 | 164,976.00 |
|
|
| 2022 | 107,000.00 |
|
|
| 2023 | 141,250.00 |
|
|
| 2024 | 126,371.90 |
|
|
| __Total__ | __1,020,952.54__ |
|
|
|
|
![Plot of above income table](../images/finances.png)
|
|
|
|
As you can spot, it varies quite a bit. In some years we have fewer money
|
|
available than in other years.
|
|
|
|
## Expenses
|
|
|
|
As mentioned, the non-profit company [Änderwerk](https://aenderwerk.de) running
|
|
the bookkeeping and legal stuff (invoices, tax statements, contracts, etc.) gets
|
|
a cut on each income we produce. They are doing amazing work and are very
|
|
quick responding to our queries.
|
|
|
|
We spend most of our income on salary. Some money we spend on travel. We also
|
|
pay monthly for our server (plus some extra for hardware, and in June 2024 a
|
|
huge amount for trying to recover data from failed SSDs).
|
|
|
|
## Conclusion
|
|
|
|
We have provided an overview of our income, we were three to five people working
|
|
at robur over the entire time. As written at the beginning, we use needs-based
|
|
payment. Our experience with this is great! It provides a lot of trust into each
|
|
other.
|
|
|
|
Our funding is diverse from multiple sources - donations, commercial work,
|
|
public funding. This was our initial goal, and we're very happy that it works
|
|
fine over the last five years.
|
|
|
|
Taking the numbers into account, we are not paying ourselves "industry standard"
|
|
rates - but we really love what we do - and sometimes we just take some time off.
|
|
We do work on various projects that we really really enjoy - but where (at the
|
|
moment) no funding is available for.
|
|
|
|
We are always happy to discuss how our collective operates. If you're
|
|
interested, please drop us a message.
|
|
|
|
Of course, if we receive donations, we use them wisely - mainly for working on
|
|
the currently not funded projects (bob, albatross, miou, mollymawk - to name a few). If you
|
|
can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).
|
|
Donations are tax-deductable in Germany (and should be in Europe) since we're a
|
|
registered non-profit.
|
|
|
|
If you're interested in MirageOS and using it in your domain, don't hesitate
|
|
to reach out to us (via eMail: team@robur.coop) so we can start to chat - we're keen to deploy MirageOS
|
|
and find more domains where it is useful.
|