blog.robur.coop/articles/finances.md
2024-10-19 13:14:24 +02:00

12 KiB

date article.title article.description tags author
2024-08-26 What has robur been doing and how since 2018?
finances
cooperative
name email link
Hannes Mehnert hannes@mehnert.org https://hannes.robur.coop

Since the beginning, robur has been working on MirageOS unikernels and getting them deployed. Due to our experience in hierarchical companies, we wanted to create something different - a workplace without bosses and management. Instead, we are a collective where everybody has a say on what we do, and who gets how much money at the end of the month. This means nobody has to write report and meet any goals - there's no KPI involved. We strive to be a bunch of people working together nicely and projects that we own and want to bring forward. If we discover lack of funding, we reach out to (potential) customers to fill our cash register. Or reach out to people to donate money.

Since our mission is fulfilling and already complex - organising ourselves in a hierarchy-free environment, including the payment, and work on software in a niche market - we decided from the early days that bookeeping and invoicing should not be part of our collective. Especially since we want to be free in what kind of funding we accept - donations, commercial contracts, public funding. In the books, robur is part of a non-profit company in Germany - and friends of ours run that company. They get a cut on each income we generate.

To be inclusive and enable everyone to participate in decisions, we are 100% transparent in our books - every collective member has access to the financial spreadsheets, contracts, etc. We use a needs-based payment model, so we talk about the needs everyone has on a regular basis and adjust the salary, everyone agreeing to all the numbers.

2018

We started operations in 2018. In late 2017, we got donations (in the form of bitcoins) by friends who were convinced of our mission. This was 54,194.91 EUR. So, in 2018 we started with that money, and tried to find a mission, and generate income to sustain our salaries.

Also, already in 2017, we applied for funding from Prototypefund on a CalDAV server, and we received the grant in early 2018. This was another 48,500 EUR, paid to individuals (due to reasons, Prototype fund can't cash out to the non-profit - this put us into some struggle, since we needed some double bookkeeping and individuals had to dig into health care etc.).

We also did in the second half of 2018 a security audit for Least Authority (invoicing 19,600 EUR).

And later in 2018 we started on what is now called NetHSM with an initial design workshop (5,000 EUR).

And lastly, we started to work on TLS 1.3 funded by Jane Street via OCaml Labs Consulting. In 2018, we received 12,741.71 EUR

We applied at NLNet for improving the QubesOS firewall developed in MirageOS (without success), tried to get the IT security prize in Germany (without success), and to DIAL OSC (without success).

Project Amount
Donation 54,194.91
Prototypefund 48,500.00
Least Authority 19,600.00
TLS 1.3 12,741.71
Nitrokey 5,000.00
Total 140,036.62

2019

We were keen to finish the CalDAV implementation (and start a CardDAV implementation), and received some financial support from Tarides for it (15,000 EUR).

The TLS 1.3 work continued, we got in total 68,887.53 EUR.

We also applied to (and got funding from) Prototypefund, once with an OpenVPN-compatible MirageOS unikernel, and once with improving the QubesOS firewall developed as MirageOS unikernel. This means again twice 48,500 EUR.

We also started the implementation work of NetHSM - which still included a lot of design work - in total the contract was over 82,500 EUR. In 2019, we invoiced Nitrokey in 2019 in total 40,500 EUR.

We also received a total of 516.48 EUR as donations from source unknown to us.

We also applied to NLnet with DNSvizor, and got a grant, but due to buerocratic reasons they couldn't transfer the money to our non-profit, and we didn't get any money in the end.

Project Amount
CardDAV 15,000.00
TLS 1.3 68,887.53
OpenVPN 48,500.00
QubesOS 48,500.00
Donation 516.48
Nitrokey 40,500.00
Total 221,904.01

2020

In 2020, we agreed with OCaml Labs Consulting to work on maintenance of OCaml packages in the MirageOS ecosystem. This was a contract where at the end of the month, we reported on which PRs and issues we spent how much time. For us, this was great to have the freedom to work on which OCaml packages we were keen to get up to speed. In 2020, we received 45,000 EUR for this maintenance.

We finished the TLS 1.3 work (18659.01 EUR)

We continued to work on the NetHSM project, and invoiced 55,500 EUR.

We received a total of 255 EUR in donations from sources unknown to us.

We applied at reset.tech again with DNSvizor, unfortunately without success.

We also applied at NGI pointer to work on reproducible builds for MirageOS, and a web frontend. Here we got the grant of 200,000 EUR, which we worked on in 2021 and 2022.

Project Amount
OCLC 45,000.00
TLS 1.3 18,659.01
Nitrokey 55,500.00
Donations 255.00
Total 119,414.01

2021

As outlined, we worked on reproducible builds of unikernels - rethinking the way how a unikernel is configured: no more compiled-in secrets, but instead using boot parameters. We setup the infrastructure for doing daily reproducible builds, serving system packages via a package repository, and a web frontend hosting the reproducible builds. We received in total 120,000 EUR from NGI Pointer in 2021.

Our work on NetHSM continued, including the introduction of elliptic curves in mirage-crypto (using fiat). The invoices to Nitrokey summed up to 26,000 EUR in 2021.

We developed in a short timeframe two packages, u2f and later webauthn for Skolem Labs based on gift economy. This resulted in donations of 18,976 EUR.

We agreed with OCSF to work on conex, which we have not delivered yet (lots of other things had to be cleared first: we did a security review of opam (leading to a security advisory), we got rid of extra-files in the opam-repository, and we removed the weak hash md5 from the opam-repository.

Customer Amount
NGI Pointer 120,000.00
Nitrokey 26,000.00
Skolem 18,976.00
Total 164,976.00

2022

We finished our NGI pointer project, and received another 80,000 EUR.

We also did some minor maintenance for Nitrokey, and invoiced 4,500 EUR.

For Tarides, we started another maintaining MirageOS packages (and continuing our TCP/IP stack), and invoiced in total 22,500 EUR.

A grant application for bob was rejected, but a grant application for MirageVPN got accepted.

Project Amount
NGI Pointer 80,000.00
Nitrokey 4,500.00
Tarides 22,500.00
Total 107,000.00

2023

We finished the NetHSM project, and had a final invoice over 2,500 EUR.

We started a collaboration for semgrep, porting some of their Python code to OCaml. We received in total 37,500 EUR.

We continued the MirageOS opam package maintenance and invoiced in total 89,250 EUR to Tarides.

A grant application on MirageVPN got accepted (NGI Assure), and we received in total 12,000 EUR for our work on it. This is a continuation of our 2019 work funded by Prototypefund.

We also wrote various funding applications, including one for DNSvizor that was accepted (NGI0 Entrust).

Customer Amount
Nitrokey 2,500.00
semgrep 37,500.00
Tarides 89,250.00
MirageVPN 12,000.00
Total 141,250.00

2024

We're still in the middle of it, but so far we continued the Tarides maintenance contract (54,937.50 EUR).

We also finished the MirageVPN work, and received another 45,000 EUR.

We had a small contract with Semgrep again on porting Python code to OCaml and received 18,559.40 EUR.

We again worked on several successful funding applications, one on PTT (NGI Zero Core), a continuation of the NGI DAPSI project - now realizing mailing lists with our SMTP stack.

We also got MTE (NGI Taler) accepted.

The below table is until end of August 2024.

Project Amount
Semgrep 18,559.40
Tarides 54,937.50
MirageVPN 45,000.00
Total 118,496.90

Total

In a single table, here's our income over the last 5 years.

Year Amount
2018 140,036.62
2019 221,904.01
2020 119,414.01
2021 164,976.00
2022 107,000.00
2023 141,250.00
2024 118,496.90
Total 1,013,077.54

As you can spot, it varies quite a bit. In some years we have fewer money available than in other years.

Conclusion

We have provided an overview of our income, we were three to five people working at robur over the entire time. As written at the beginning, we use needs-based payment. Our experience with this is great! It provides a lot of trust into each other. From our income, some money flows to Aenderwerk for their amazing bookkeeping work - writing invoices, doing the taxes, helping us with contracts. We also finance our server, including a severe hard disk failure in June 2024.

Our funding is diverse from multiple sources - donations, commercial work, public funding. This was our initial goal, and we're very happy that it works fine over the last five years.

Taking the numbers into account, we are not paying ourselves "industry standard" rates - but we really love what we do - and sometimes we just take some time off. We do work on various projects that we really really enjoy - but where (at the moment) no funding is available for.

We are always happy to discuss how our collective operates. If you're interested, please drop us a message.

Of course, if we receive donations, we use them wisely - mainly for working on the currently not funded projects (bob, miou, mollymawk - to name a few). If you can spare a dime or two, don't hesitate to donate.