forked from robur/blog.robur.coop
280 lines
11 KiB
Markdown
280 lines
11 KiB
Markdown
---
|
|
date: 2024-08-26
|
|
article.title: What has robur been doing and how since 2018?
|
|
article.description:
|
|
tags:
|
|
- finances
|
|
- cooperative
|
|
author:
|
|
name: Hannes Mehnert
|
|
email: hannes@mehnert.org
|
|
link: https://hannes.robur.coop
|
|
---
|
|
|
|
Since the beginning, robur has been working on MirageOS unikernels and getting
|
|
them deployed. Due to our experience in hierarchical companies, we wanted to
|
|
create something different - a workplace without bosses and management. Instead,
|
|
we are a collective where everybody has a say on what we do, and who gets how
|
|
much money at the end of the month. This means nobody has to write report and
|
|
meet any goals - there's no KPI involved. We strive to be a bunch of people
|
|
working together nicely and projects that we own and want to bring forward. If
|
|
we discover lack of funding, we reach out to (potential) customers to fill our
|
|
cash register. Or reach out to people to donate money.
|
|
|
|
Since our mission is fulfilling and already complex - organising ourselves in a
|
|
hierarchy-free environment, including the payment, and work on software in a
|
|
niche market - we decided from the early days that bookeeping and invoicing
|
|
should not be part of our collective. Especially since we want to be free in
|
|
what kind of funding we accept - donations, commercial contracts, public
|
|
funding. In the books, robur is part of a non-profit company in Germany - and
|
|
friends of ours run that company. They get a cut on each income we generate.
|
|
|
|
To be inclusive and enable everyone to participate in decisions, we are 100%
|
|
transparent in our books - every collective member has access to the financial
|
|
spreadsheets, contracts, etc. We use a needs-based payment model, so we talk
|
|
about the needs everyone has on a regular basis and adjust the salary, everyone
|
|
agreeing to all the numbers.
|
|
|
|
## 2018
|
|
|
|
We started operations in 2018. In late 2017, we got donations (in the form of
|
|
bitcoins) by friends who were convinced of our mission. This was 54194.91 EUR.
|
|
So, in 2018 we started with that money, and tried to find a mission, and
|
|
generate income to sustain our salaries.
|
|
|
|
Also, already in 2017, we applied for funding from
|
|
[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/),
|
|
and we received the grant in early 2018. This was another 48500 EUR, paid to
|
|
individuals (due to reasons, Prototype fund can't cash out to the non-profit -
|
|
this put us into some struggle, since we needed some double bookkeeping and
|
|
individuals had to dig into health care etc.).
|
|
|
|
We also did in the second half of 2018 a security audit for
|
|
[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/)
|
|
(invoicing 19600 EUR).
|
|
|
|
And later in 2018 we started on what is now called NetHSM with an initial
|
|
design workshop (5000 EUR).
|
|
|
|
And lastly, we started to work on [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446)
|
|
funded by Jane Street via OCaml Labs Consulting. In 2018, we received 12741.71 EUR
|
|
|
|
We applied at NLNet for improving the QubesOS firewall developed in MirageOS
|
|
(without success), tried to get the IT security prize in Germany (without
|
|
success), and to DIAL OSC (without success).
|
|
|
|
| Project | Amount |
|
|
|-----------------|----------:|
|
|
| Donation | 54194.91 |
|
|
| Prototypefund | 48500.00 |
|
|
| Least Authority | 19600.00 |
|
|
| TLS 1.3 | 12741.71 |
|
|
| Nitrokey | 5000.00 |
|
|
|-----------------|-----------|
|
|
| Total | 140036.62 |
|
|
|
|
|
|
## 2019
|
|
|
|
We were keen to finish the CalDAV implementation (and start a CardDAV
|
|
implementation), and received some financial support from Tarides for it
|
|
(15000 EUR).
|
|
|
|
The TLS 1.3 work continued, we got in total 68887.53 EUR.
|
|
|
|
We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible
|
|
MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/),
|
|
and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/).
|
|
This means again twice 48500 EUR.
|
|
|
|
We also started the implementation work of NetHSM - which still included a lot
|
|
of design work - in total the contract was over 82500 EUR. In 2019, we invoiced
|
|
Nitrokey in 2019 in total 40500 EUR.
|
|
|
|
We also received a total of 516.48 EUR as donations from source unknown to us.
|
|
|
|
We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and
|
|
got a grant, but due to buerocratic reasons they couldn't transfer the money to
|
|
our non-profit, and we didn't get any money in the end.
|
|
|
|
| Project | Amount |
|
|
|----------|----------:|
|
|
| CardDAV | 15000.00 |
|
|
| TLS 1.3 | 68887.53 |
|
|
| OpenVPN | 48500.00 |
|
|
| QubesOS | 48500.00 |
|
|
| Donation | 516.48 |
|
|
| Nitrokey | 40500.00 |
|
|
|----------|-----------|
|
|
| Total | 221904.01 |
|
|
|
|
## 2020
|
|
|
|
In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml
|
|
packages in the MirageOS ecosystem. This was a contract where at the end of the
|
|
month, we reported on which PRs and issues we spent how much time. For us, this
|
|
was great to have the freedom to work on which OCaml packages we were keen to
|
|
get up to speed. In 2020, we received 45000 EUR for this maintenance.
|
|
|
|
We finished the TLS 1.3 work (18659.01 EUR)
|
|
|
|
We continued to work on the NetHSM project, and invoiced 55500 EUR.
|
|
|
|
We received a total of 255 EUR in donations from sources unknown to us.
|
|
|
|
We applied at reset.tech again with DNSvizor, unfortunately without success.
|
|
|
|
We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible
|
|
builds for MirageOS, and a web frontend. Here we got the grant of 200000 EUR,
|
|
which we worked on in 2021 and 2022.
|
|
|
|
| Project | Amount |
|
|
|-----------|----------:|
|
|
| OCLC | 45000.00 |
|
|
| TLS 1.3 | 18659.01 |
|
|
| Nitrokey | 55500.00 |
|
|
| Donations | 255.00 |
|
|
|-----------|-----------|
|
|
| Total | 119414.01 |
|
|
|
|
## 2021
|
|
|
|
As outlined, we worked on reproducible builds of unikernels - rethinking the way
|
|
how a unikernel is configured: no more compiled-in secrets, but instead using
|
|
boot parameters. We setup the infrastructure for doing daily reproducible
|
|
builds, serving system packages via a package repository, and a
|
|
[web frontend](https://builds.robur.coop) hosting the reproducible builds.
|
|
We received in total 120000 EUR from NGI Pointer in 2021.
|
|
|
|
Our work on NetHSM continued, including the introduction of elliptic curves
|
|
in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The
|
|
invoices to Nitrokey summed up to 26000 EUR in 2021.
|
|
|
|
We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f)
|
|
and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based
|
|
on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in
|
|
donations of 18976 EUR.
|
|
|
|
We agreed with [OCSF](https://ocaml-sf.org/) to work on
|
|
[conex](https://github.com/hannesm/conex), which we have not delivered yet
|
|
(lots of other things had to be cleared first: we did a security review of opam
|
|
(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)),
|
|
we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
|
|
in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files)
|
|
from the opam-repository.
|
|
|
|
| Customer | Amount |
|
|
|-------------|----------:|
|
|
| NGI Pointer | 120000.00 |
|
|
| Nitrokey | 26000.00 |
|
|
| Skolem | 18976.00 |
|
|
|-------------|-----------|
|
|
| Total | 164976.00 |
|
|
|
|
## 2022
|
|
|
|
We finished our NGI pointer project, and received another 80000 EUR.
|
|
|
|
We also did some minor maintenance for Nitrokey, and invoiced 4500 EUR.
|
|
|
|
For Tarides, we started another maintaining MirageOS packages (and continuing
|
|
[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in
|
|
total 22500 EUR.
|
|
|
|
A grant application for [bob](https://github.com/dinosaure/bob/) was rejected,
|
|
but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn)
|
|
got accepted.
|
|
|
|
| Project | Amount |
|
|
|-------------|---------:|
|
|
| NGI Pointer | 80000.00 |
|
|
| Nitrokey | 4500.00 |
|
|
| Tarides | 22500.00 |
|
|
|-------------|----------|
|
|
| Total |107000.00 |
|
|
|
|
## 2023
|
|
|
|
We finished the NetHSM project, and had a final invoice over 2500 EUR.
|
|
|
|
We started a collaboration for [semgrep](https://semgrep.dev), porting some of
|
|
their Python code to OCaml. We received in total 37500 EUR.
|
|
|
|
We continued the MirageOS opam package maintenance and invoiced in total
|
|
89250 EUR to Tarides.
|
|
|
|
A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got
|
|
accepted (NGI Assure), and we received in total 12000 EUR for our work on it.
|
|
This is a continuation of our 2019 work funded by Prototypefund.
|
|
|
|
We also wrote various funding applications, including one for
|
|
[DNSvizor](https://github.com/robur-coop/dnsvizor) that was
|
|
[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust).
|
|
|
|
| Customer | Amount |
|
|
|-----------|---------:|
|
|
| Nitrokey | 2500.00 |
|
|
| semgrep | 37500.00 |
|
|
| Tarides | 89250.00 |
|
|
| MirageVPN | 12000.00 |
|
|
|-----------|----------|
|
|
| Total |141250.00 |
|
|
|
|
## 2024
|
|
|
|
We're still in the middle of it, but so far we continued the Tarides maintenance
|
|
contract (54937.50 EUR).
|
|
|
|
We also finished the MirageVPN work, and received another 45000 EUR.
|
|
|
|
We had a small contract with Semgrep and received 18559.40 EUR.
|
|
|
|
We again worked on several successful funding applications, one on
|
|
[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the
|
|
[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project -
|
|
now realizing mailing lists with our SMTP stack.
|
|
|
|
We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted.
|
|
|
|
The below table is until end of August 2024.
|
|
|
|
| Project | Amount |
|
|
|-----------|----------:|
|
|
| Semgrep | 18559.40 |
|
|
| Tarides | 54937.50 |
|
|
| MirageVPN | 45000.00 |
|
|
|-----------|-----------|
|
|
| Total | 118496.90 |
|
|
|
|
## Total
|
|
|
|
In a single table, here's our income over the last 5 years.
|
|
|
|
| Year | Amount |
|
|
|-------|-----------:|
|
|
| 2018 | 140036.62 |
|
|
| 2019 | 221904.01 |
|
|
| 2020 | 119414.01 |
|
|
| 2021 | 164976.00 |
|
|
| 2022 | 107000.00 |
|
|
| 2023 | 141250.00 |
|
|
| 2024 | 118496.90 |
|
|
|-------|------------|
|
|
| Total | 1013077.50 |
|
|
|
|
As you can spot, it varies quite a bit. In some years we have fewer money
|
|
available than in other years.
|
|
|
|
## Conclusion
|
|
|
|
We have provided an overview of our income, we were three to five people working
|
|
at robur over the entire time. As written at the beginning, we use needs-based
|
|
payment. Our experience with this is great! It provides a lot of trust into each
|
|
other.
|
|
|
|
We are always happy to discuss how our collective operates. If you're
|
|
interested, please drop us a message.
|
|
|
|
Of course, if we receive donations, we use them wisely - mainly for working on
|
|
the currently not funded projects (bob, miou, mollymawk - to name a few). If you
|
|
can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).
|