From 843b7a887f092f50f7e1030dd09b1214277a1344 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Sat, 19 Oct 2024 13:13:18 +0200 Subject: [PATCH] initial --- articles/finances.md | 280 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 articles/finances.md diff --git a/articles/finances.md b/articles/finances.md new file mode 100644 index 0000000..722cdda --- /dev/null +++ b/articles/finances.md @@ -0,0 +1,280 @@ +--- +date: 2024-08-26 +article.title: What has robur been doing and how since 2018? +article.description: +tags: + - finances + - cooperative +author: + name: Hannes Mehnert + email: hannes@mehnert.org + link: https://hannes.robur.coop +--- + +Since the beginning, robur has been working on MirageOS unikernels and getting +them deployed. Due to our experience in hierarchical companies, we wanted to +create something different - a workplace without bosses and management. Instead, +we are a collective where everybody has a say on what we do, and who gets how +much money at the end of the month. This means nobody has to write report and +meet any goals - there's no KPI involved. We strive to be a bunch of people +working together nicely and projects that we own and want to bring forward. If +we discover lack of funding, we reach out to (potential) customers to fill our +cash register. Or reach out to people to donate money. + +Since our mission is fulfilling and already complex - organising ourselves in a +hierarchy-free environment, including the payment, and work on software in a +niche market - we decided from the early days that bookeeping and invoicing +should not be part of our collective. Especially since we want to be free in +what kind of funding we accept - donations, commercial contracts, public +funding. In the books, robur is part of a non-profit company in Germany - and +friends of ours run that company. They get a cut on each income we generate. + +To be inclusive and enable everyone to participate in decisions, we are 100% +transparent in our books - every collective member has access to the financial +spreadsheets, contracts, etc. We use a needs-based payment model, so we talk +about the needs everyone has on a regular basis and adjust the salary, everyone +agreeing to all the numbers. + +## 2018 + +We started operations in 2018. In late 2017, we got donations (in the form of +bitcoins) by friends who were convinced of our mission. This was 54194.91 EUR. +So, in 2018 we started with that money, and tried to find a mission, and +generate income to sustain our salaries. + +Also, already in 2017, we applied for funding from +[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/), +and we received the grant in early 2018. This was another 48500 EUR, paid to +individuals (due to reasons, Prototype fund can't cash out to the non-profit - +this put us into some struggle, since we needed some double bookkeeping and +individuals had to dig into health care etc.). + +We also did in the second half of 2018 a security audit for +[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/) +(invoicing 19600 EUR). + +And later in 2018 we started on what is now called NetHSM with an initial +design workshop (5000 EUR). + +And lastly, we started to work on [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446) +funded by Jane Street via OCaml Labs Consulting. In 2018, we received 12741.71 EUR + +We applied at NLNet for improving the QubesOS firewall developed in MirageOS +(without success), tried to get the IT security prize in Germany (without +success), and to DIAL OSC (without success). + +| Project | Amount | +|-----------------|----------:| +| Donation | 54194.91 | +| Prototypefund | 48500.00 | +| Least Authority | 19600.00 | +| TLS 1.3 | 12741.71 | +| Nitrokey | 5000.00 | +|-----------------|-----------| +| Total | 140036.62 | + + +## 2019 + +We were keen to finish the CalDAV implementation (and start a CardDAV +implementation), and received some financial support from Tarides for it +(15000 EUR). + +The TLS 1.3 work continued, we got in total 68887.53 EUR. + +We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible +MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/), +and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/). +This means again twice 48500 EUR. + +We also started the implementation work of NetHSM - which still included a lot +of design work - in total the contract was over 82500 EUR. In 2019, we invoiced +Nitrokey in 2019 in total 40500 EUR. + +We also received a total of 516.48 EUR as donations from source unknown to us. + +We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and +got a grant, but due to buerocratic reasons they couldn't transfer the money to +our non-profit, and we didn't get any money in the end. + +| Project | Amount | +|----------|----------:| +| CardDAV | 15000.00 | +| TLS 1.3 | 68887.53 | +| OpenVPN | 48500.00 | +| QubesOS | 48500.00 | +| Donation | 516.48 | +| Nitrokey | 40500.00 | +|----------|-----------| +| Total | 221904.01 | + +## 2020 + +In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml +packages in the MirageOS ecosystem. This was a contract where at the end of the +month, we reported on which PRs and issues we spent how much time. For us, this +was great to have the freedom to work on which OCaml packages we were keen to +get up to speed. In 2020, we received 45000 EUR for this maintenance. + +We finished the TLS 1.3 work (18659.01 EUR) + +We continued to work on the NetHSM project, and invoiced 55500 EUR. + +We received a total of 255 EUR in donations from sources unknown to us. + +We applied at reset.tech again with DNSvizor, unfortunately without success. + +We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible +builds for MirageOS, and a web frontend. Here we got the grant of 200000 EUR, +which we worked on in 2021 and 2022. + +| Project | Amount | +|-----------|----------:| +| OCLC | 45000.00 | +| TLS 1.3 | 18659.01 | +| Nitrokey | 55500.00 | +| Donations | 255.00 | +|-----------|-----------| +| Total | 119414.01 | + +## 2021 + +As outlined, we worked on reproducible builds of unikernels - rethinking the way +how a unikernel is configured: no more compiled-in secrets, but instead using +boot parameters. We setup the infrastructure for doing daily reproducible +builds, serving system packages via a package repository, and a +[web frontend](https://builds.robur.coop) hosting the reproducible builds. +We received in total 120000 EUR from NGI Pointer in 2021. + +Our work on NetHSM continued, including the introduction of elliptic curves +in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The +invoices to Nitrokey summed up to 26000 EUR in 2021. + +We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f) +and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based +on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in +donations of 18976 EUR. + +We agreed with [OCSF](https://ocaml-sf.org/) to work on +[conex](https://github.com/hannesm/conex), which we have not delivered yet +(lots of other things had to be cleared first: we did a security review of opam +(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)), +we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files) +in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files) +from the opam-repository. + +| Customer | Amount | +|-------------|----------:| +| NGI Pointer | 120000.00 | +| Nitrokey | 26000.00 | +| Skolem | 18976.00 | +|-------------|-----------| +| Total | 164976.00 | + +## 2022 + +We finished our NGI pointer project, and received another 80000 EUR. + +We also did some minor maintenance for Nitrokey, and invoiced 4500 EUR. + +For Tarides, we started another maintaining MirageOS packages (and continuing +[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in +total 22500 EUR. + +A grant application for [bob](https://github.com/dinosaure/bob/) was rejected, +but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn) +got accepted. + +| Project | Amount | +|-------------|---------:| +| NGI Pointer | 80000.00 | +| Nitrokey | 4500.00 | +| Tarides | 22500.00 | +|-------------|----------| +| Total |107000.00 | + +## 2023 + +We finished the NetHSM project, and had a final invoice over 2500 EUR. + +We started a collaboration for [semgrep](https://semgrep.dev), porting some of +their Python code to OCaml. We received in total 37500 EUR. + +We continued the MirageOS opam package maintenance and invoiced in total +89250 EUR to Tarides. + +A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got +accepted (NGI Assure), and we received in total 12000 EUR for our work on it. +This is a continuation of our 2019 work funded by Prototypefund. + +We also wrote various funding applications, including one for +[DNSvizor](https://github.com/robur-coop/dnsvizor) that was +[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust). + +| Customer | Amount | +|-----------|---------:| +| Nitrokey | 2500.00 | +| semgrep | 37500.00 | +| Tarides | 89250.00 | +| MirageVPN | 12000.00 | +|-----------|----------| +| Total |141250.00 | + +## 2024 + +We're still in the middle of it, but so far we continued the Tarides maintenance +contract (54937.50 EUR). + +We also finished the MirageVPN work, and received another 45000 EUR. + +We had a small contract with Semgrep and received 18559.40 EUR. + +We again worked on several successful funding applications, one on +[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the +[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project - +now realizing mailing lists with our SMTP stack. + +We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted. + +The below table is until end of August 2024. + +| Project | Amount | +|-----------|----------:| +| Semgrep | 18559.40 | +| Tarides | 54937.50 | +| MirageVPN | 45000.00 | +|-----------|-----------| +| Total | 118496.90 | + +## Total + +In a single table, here's our income over the last 5 years. + +| Year | Amount | +|-------|-----------:| +| 2018 | 140036.62 | +| 2019 | 221904.01 | +| 2020 | 119414.01 | +| 2021 | 164976.00 | +| 2022 | 107000.00 | +| 2023 | 141250.00 | +| 2024 | 118496.90 | +|-------|------------| +| Total | 1013077.50 | + +As you can spot, it varies quite a bit. In some years we have fewer money +available than in other years. + +## Conclusion + +We have provided an overview of our income, we were three to five people working +at robur over the entire time. As written at the beginning, we use needs-based +payment. Our experience with this is great! It provides a lot of trust into each +other. + +We are always happy to discuss how our collective operates. If you're +interested, please drop us a message. + +Of course, if we receive donations, we use them wisely - mainly for working on +the currently not funded projects (bob, miou, mollymawk - to name a few). If you +can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate).