diff --git a/README.md b/README.md index 0c59861..ec80c87 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ $ git clone git@git.robur.coop:robur/blog.robur.coop $ cd blog.robur.coop/ $ opam pin add -yn . $ opam install --deps-only blogger -$ dune exec src/watch.exe -- +$ dune exec bin/watch.exe -- ``` A little server run on `http://localhost:8000`. diff --git a/articles/finances.md b/articles/finances.md new file mode 100644 index 0000000..73ae505 --- /dev/null +++ b/articles/finances.md @@ -0,0 +1,302 @@ +--- +date: 2024-10-21 +title: How has robur financially been doing since 2018? +description: How we organise as a collective, and why we're doing that. +tags: + - finances + - cooperative +author: + name: Hannes Mehnert + email: hannes@mehnert.org + link: https://hannes.robur.coop +--- + +Since the beginning, robur has been working on MirageOS unikernels and getting +them deployed. Due to our experience in hierarchical companies, we wanted to +create something different - a workplace without bosses and management. Instead, +we are a collective where everybody has a say on what we do, and who gets how +much money at the end of the month. This means nobody has to write report and +meet any goals - there's no KPI involved. We strive to be a bunch of people +working together nicely and projects that we own and want to bring forward. If +we discover lack of funding, we reach out to (potential) customers to fill our +cash register. Or reach out to people to donate money. + +Since our mission is fulfilling and already complex - organising ourselves in a +hierarchy-free environment, including the payment, and work on software in a +niche market - we decided from the early days that bookeeping and invoicing +should not be part of our collective. Especially since we want to be free in +what kind of funding we accept - donations, commercial contracts, public +funding. In the books, robur is part of the non-profit company +[Änderwerk](https://aenderwerk.de) in Germany - and friends of ours run that +company. They get a cut on each income we generate. + +To be inclusive and enable everyone to participate in decisions, we are 100% +transparent in our books - every collective member has access to the financial +spreadsheets, contracts, etc. We use a needs-based payment model, so we talk +about the needs everyone has on a regular basis and adjust the salary, everyone +agreeing to all the numbers. + +## 2018 + +We started operations in 2018. In late 2017, we got donations (in the form of +bitcoins) by friends who were convinced of our mission. This was 54,194.91 €. +So, in 2018 we started with that money, and tried to find a mission, and +generate income to sustain our salaries. + +Also, already in 2017, we applied for funding from +[Prototypefund](https://prototypefund.de) on a [CalDAV server](https://prototypefund.de/project/robur-io/), +and we received the grant in early 2018. This was another 48,500 €, paid to +individuals (due to reasons, Prototype fund can't cash out to the non-profit - +this put us into some struggle, since we needed some double bookkeeping and +individuals had to dig into health care etc.). + +We also did in the second half of 2018 a security audit for +[Least Authority](https://leastauthority.com/blog/audits/five-security-audits-for-the-tezos-foundation/) +(invoicing 19,600 €). + +And later in 2018 we started on what is now called NetHSM with an initial +design workshop (5,000 €). + +And lastly, we started to work on a grant to implement [TLS 1.3](https://datatracker.ietf.org/doc/html/rfc8446), +funded by Jane Street (via OCaml Labs Consulting). In 2018, we received 12,741.71 € + +We applied at NLNet for improving the QubesOS firewall developed in MirageOS +(without success), tried to get the IT security prize in Germany (without +success), and to DIAL OSC (without success). + +| Project | Amount | +|-----------------|----------:| +| Donation | 54,194.91 | +| Prototypefund | 48,500.00 | +| Least Authority | 19,600.00 | +| TLS 1.3 | 12,741.71 | +| Nitrokey | 5,000.00 | +| __Total__ | __140,036.62__ | + + +## 2019 + +We were keen to finish the CalDAV implementation (and start a CardDAV +implementation), and received some financial support from Tarides for it +(15,000 €). + +The TLS 1.3 work continued, we got in total 68,887.53 €. + +We also applied to (and got funding from) Prototypefund, once with an [OpenVPN-compatible +MirageOS unikernel](https://prototypefund.de/en/project/robust-openvpn-client-with-low-use-of-resources/), +and once with [improving the QubesOS firewall developed as MirageOS unikernel](https://prototypefund.de/project/portable-firewall-fuer-qubesos/). +This means again twice 48,500 €. + +We also started the implementation work of NetHSM - which still included a lot +of design work - in total the contract was over 82,500 €. In 2019, we invoiced +Nitrokey in 2019 in total 40,500 €. + +We also received a total of 516.48 € as donations from source unknown to us. + +We also applied to NLnet with [DNSvizor](https://nlnet.nl/project/Robur/), and +got a grant, but due to buerocratic reasons they couldn't transfer the money to +our non-profit (which was involved with NLnet in some EU grants), and we didn't +get any money in the end. + +| Project | Amount | +|----------|----------:| +| CardDAV | 15,000.00 | +| TLS 1.3 | 68,887.53 | +| OpenVPN | 48,500.00 | +| QubesOS | 48,500.00 | +| Donation | 516.48 | +| Nitrokey | 40,500.00 | +| __Total__ | __221,904.01__ | + +## 2020 + +In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml +packages in the MirageOS ecosystem. This was a contract where at the end of the +month, we reported on which PRs and issues we spent how much time. For us, this +was great to have the freedom to work on which OCaml packages we were keen to +get up to speed. In 2020, we received 45,000 € for this maintenance. + +We finished the TLS 1.3 work (18,659.01 €) + +We continued to work on the NetHSM project, and invoiced 55,500 €. + +We received a total of 255 € in donations from sources unknown to us. + +We applied at reset.tech again with DNSvizor, unfortunately without success. + +We also applied at [NGI pointer](https://pointer.ngi.eu) to work on reproducible +builds for MirageOS, and a web frontend. Here we got the grant of 200,000 €, +which we worked on in 2021 and 2022. + +| Project | Amount | +|-----------|----------:| +| OCLC | 45,000.00 | +| TLS 1.3 | 18,659.01 | +| Nitrokey | 55,500.00 | +| Donations | 255.00 | +| __Total__ | __119,414.01__ | + +## 2021 + +As outlined, we worked on reproducible builds of unikernels - rethinking the way +how a unikernel is configured: no more compiled-in secrets, but instead using +boot parameters. We setup the infrastructure for doing daily reproducible +builds, serving system packages via a package repository, and a +[web frontend](https://builds.robur.coop) hosting the reproducible builds. +We received in total 120,000 € from NGI Pointer in 2021. + +Our work on NetHSM continued, including the introduction of elliptic curves +in mirage-crypto (using [fiat](https://github.com/mit-plv/fiat-crypto/)). The +invoices to Nitrokey summed up to 26,000 € in 2021. + +We developed in a short timeframe two packages, [u2f](https://github.com/robur-coop/u2f) +and later [webauthn](https://git.robur.coop/robur/webauthn) for Skolem Labs based +on [gift economy](https://en.wikipedia.org/wiki/Gift_economy). This resulted in +donations of 18,976 €. + +We agreed with [OCSF](https://ocaml-sf.org/) to work on +[conex](https://github.com/hannesm/conex), which we have not delivered yet +(lots of other things had to be cleared first: we did a security review of opam +(leading to [a security advisory](https://opam.ocaml.org/blog/opam-2-1-5-local-cache/)), +we got rid of [`extra-files`](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files) +in the opam-repository, and we [removed the weak hash md5](https://discuss.ocaml.org/t/ann-opam-repository-policy-change-checksums-no-md5-and-no-extra-files) +from the opam-repository. + +| Customer | Amount | +|-------------|----------:| +| NGI Pointer | 120,000.00 | +| Nitrokey | 26,000.00 | +| Skolem | 18,976.00 | +| __Total__ | __164,976.00__ | + +## 2022 + +We finished our NGI pointer project, and received another 80,000 €. + +We also did some minor maintenance for Nitrokey, and invoiced 4,500 €. + +For Tarides, we started another maintaining MirageOS packages (and continuing +[our TCP/IP stack](https://github.com/robur-coop/utcp)), and invoiced in +total 22,500 €. + +A grant application for [bob](https://github.com/dinosaure/bob/) was rejected, +but a grant application for [MirageVPN](https://github.com/robur-coop/miragevpn) +got accepted. Both at NLnet within the EU NGI project. + +| Project | Amount | +|-------------|---------:| +| NGI Pointer | 80,000.00 | +| Nitrokey | 4,500.00 | +| Tarides | 22,500.00 | +| __Total__ | __107,000.00__ | + +## 2023 + +We finished the NetHSM project, and had a final invoice over 2,500 €. + +We started a collaboration for [semgrep](https://semgrep.dev), porting some of +their Python code to OCaml. We received in total 37,500 €. + +We continued the MirageOS opam package maintenance and invoiced in total +89,250 € to Tarides. + +A grant application on [MirageVPN](https://nlnet.nl/project/MirageVPN/) got +accepted (NGI Assure), and we received in total 12,000 € for our work on it. +This is a continuation of our 2019 work funded by Prototypefund. + +We also wrote various funding applications, including one for +[DNSvizor](https://github.com/robur-coop/dnsvizor) that was +[accepted](https://nlnet.nl/project/DNSvizor/) (NGI0 Entrust). + +| Customer | Amount | +|-----------|---------:| +| Nitrokey | 2,500.00 | +| semgrep | 37,500.00 | +| Tarides | 89,250.00 | +| MirageVPN | 12,000.00 | +| __Total__ | __141,250.00__ | + +## 2024 + +We're still in the middle of it, but so far we continued the Tarides maintenance +contract (54,937.50 €). + +We also finished the MirageVPN work, and received another 45,000 €. + +We had a contract with Semgrep again on porting Python code to OCaml and received 18,559.40 €. + +We again worked on several successful funding applications, one on +[PTT](https://nlnet.nl/project/PTT/) (NGI Zero Core), a continuation of the +[NGI DAPSI](https://www.ngi.eu/funded_solution/ngi-dapsiproject-24/) project - +now realizing mailing lists with our SMTP stack. + +We also got [MTE](https://nlnet.nl/project/MTE/) (NGI Taler) accepted. + +The below table is until end of September 2024. + +| Project | Amount | +|-----------|----------:| +| Semgrep | 18,559.40 | +| Tarides | 62,812.50 | +| MirageVPN | 45,000.00 | +| __Total__ | __126,371.90__ | + +## Total + +In a single table, here's our income since robur started. + +| Year | Amount | +|-------|-----------:| +| 2018 | 140,036.62 | +| 2019 | 221,904.01 | +| 2020 | 119,414.01 | +| 2021 | 164,976.00 | +| 2022 | 107,000.00 | +| 2023 | 141,250.00 | +| 2024 | 126,371.90 | +| __Total__ | __1,020,952.54__ | + +![Plot of above income table](../images/finances.png) + +As you can spot, it varies quite a bit. In some years we have fewer money +available than in other years. + +## Expenses + +As mentioned, the non-profit company [Änderwerk](https://aenderwerk.de) running +the bookkeeping and legal stuff (invoices, tax statements, contracts, etc.) gets +a cut on each income we produce. They are doing amazing work and are very +quick responding to our queries. + +We spend most of our income on salary. Some money we spend on travel. We also +pay monthly for our server (plus some extra for hardware, and in June 2024 a +huge amount for trying to recover data from failed SSDs). + +## Conclusion + +We have provided an overview of our income, we were three to five people working +at robur over the entire time. As written at the beginning, we use needs-based +payment. Our experience with this is great! It provides a lot of trust into each +other. + +Our funding is diverse from multiple sources - donations, commercial work, +public funding. This was our initial goal, and we're very happy that it works +fine over the last five years. + +Taking the numbers into account, we are not paying ourselves "industry standard" +rates - but we really love what we do - and sometimes we just take some time off. +We do work on various projects that we really really enjoy - but where (at the +moment) no funding is available for. + +We are always happy to discuss how our collective operates. If you're +interested, please drop us a message. + +Of course, if we receive donations, we use them wisely - mainly for working on +the currently not funded projects (bob, albatross, miou, mollymawk - to name a few). If you +can spare a dime or two, don't hesitate to [donate](https://robur.coop/Donate). +Donations are tax-deductable in Germany (and should be in Europe) since we're a +registered non-profit. + +If you're interested in MirageOS and using it in your domain, don't hesitate +to reach out to us (via eMail: team@robur.coop) so we can start to chat - we're keen to deploy MirageOS +and find more domains where it is useful. diff --git a/articles/speeding-ec-string.md b/articles/speeding-ec-string.md index 36a0252..b7d9d77 100644 --- a/articles/speeding-ec-string.md +++ b/articles/speeding-ec-string.md @@ -93,6 +93,6 @@ As a spoiler, for P-256 sign there's another improvement of around 4.5 with [Vir Remove all cstruct, everywhere, apart from in mirage-block-xen and mirage-net-xen ;). It was a fine decision in the early MirageOS days, but from a performance point of view, and for making our packages more broadly usable without many dependencies, it is time to remove cstruct. Earlier this year we already [removed cstruct from ocaml-tar](https://github.com/mirage/ocaml-tar/pull/137) for similar reasons. -Our MirageOS work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (tax-deducable - at least in the EU) [donation](https://aenderwerk.de/donate/) (select "DONATION robur" in the dropdown menu). +Our MirageOS work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (tax-deductable - at least in the EU) [donation](https://aenderwerk.de/donate/) (select "DONATION robur" in the dropdown menu). We're keen to get MirageOS deployed in production - if you would like to do that, don't hesitate to reach out to us via eMail team at robur.coop diff --git a/images/finances.png b/images/finances.png new file mode 100644 index 0000000..5c7fbc4 Binary files /dev/null and b/images/finances.png differ