From 3ebcf3c74c9fe2cafb9172bab8ab07542edc171b Mon Sep 17 00:00:00 2001 From: Canopy bot Date: Fri, 11 Oct 2024 09:31:01 +0000 Subject: [PATCH] updated from main (commit 4e738bc3ff64b034b3d00b0547be017c6b9d5975) --- About Us/Network | 4 ++-- About Us/Retreats | 4 ++-- Our Work/Projects | 12 ++++++------ Our Work/Publications-and-Talks | 5 ++--- atom | 27 +++++++++++++-------------- 5 files changed, 25 insertions(+), 27 deletions(-) diff --git a/About Us/Network b/About Us/Network index 1580df9..4a342fd 100644 --- a/About Us/Network +++ b/About Us/Network @@ -1,10 +1,10 @@ -Network

Network

Published: 2019-09-10 (last updated: 2023-12-14)

Collaborations

+Network

Network

Published: 2019-09-10 (last updated: 2024-10-11)

Collaborations

Änderwerk gGmbH
Änderwerk is a "back-end provider" for the open source community. They work with Robur to assist us in our financial processes and administration.

Least Authority Least Authority is a Berlin-based group building technology that is open source and focused on allowing user freedom and privacy protection in online services. Robur has worked with Least Authority to make security audits of OCaml applications.

-

MirageOS
+

MirageOS
MirageOS is a library operating system that constructs unikernels for secure and high-performing applications. Most Robur projects are designed to be compatible with MirageOS, as well as native operating systems, like Linux or FreeBSD. We work closely with the MirageOS community to help develop its ecosystem and increase the availability of secure applications offered within it.

Nitrokey
Robur designed and implemented NetHSM for Nitrokey.

diff --git a/About Us/Retreats b/About Us/Retreats index ecd20b6..cb575c1 100644 --- a/About Us/Retreats +++ b/About Us/Retreats @@ -1,7 +1,7 @@ -Retreats

Retreats

Published: 2019-09-10 (last updated: 2019-09-10)

Twice a year the Robur team meet with others from the OCaml and MirageOS community at a week long hack retreat in Marrakesh, Morocco.

+Retreats

Retreats

Published: 2019-09-10 (last updated: 2024-10-11)

Twice a year the Robur team meet with others from the OCaml and MirageOS community at a week long hack retreat in Marrakesh, Morocco.

We use these times to discuss and learn about new developments in the MirageOS ecosystem and meet in person about our Robur projects. And of course we have fun whilst we are at it!

-

The retreats are held in a hostel in the center of the city, which we wholly rent out for the period, with food provided. If you are interested in participating in the next retreat please see the MirageOS site for more details and sign-up method.

+

The retreats are held in a hostel in the center of the city, which we wholly rent out for the period, with food provided. If you are interested in participating in the next retreat please see the MirageOS site for more details and sign-up method.

Contact Donate

\ No newline at end of file diff --git a/Our Work/Projects b/Our Work/Projects index 91e7e56..07ce431 100644 --- a/Our Work/Projects +++ b/Our Work/Projects @@ -1,5 +1,5 @@ -Projects

Projects

Published: 2019-09-10 (last updated: 2024-06-30)

Robur Reproducible Builds

+Projects

Projects

Published: 2019-09-10 (last updated: 2024-10-11)

Robur Reproducible Builds

In 2021 we in Robur have been working towards easing deployment of reproducible mirage applications. The work has been funded by the Eurepean Union under the Next Generation Internet (NGI Pointer) initiative. The result is online.

The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for Opam packages and MirageOS - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.

Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- albatross-client-local update my-unikernel is everything needed for an update.

@@ -8,7 +8,7 @@

Bitcoin Piñata

The Bitcoin Piñata is a transparent bug bounty: it holds the private key for a bitcoin wallet. It is a MirageOS unikernel designed to test our TLS and all underlying transport implementations.

Its open communication channels are HTTP and HTTPS, and a TLS client and TLS server endpoint, all written in OCaml. The cryptographic material for TLS is generated on startup in the Piñata and is supposed to never leave it. However, if an attacker manages to establish a mutually authenticated (using certificates) TLS channel, the private key to the bitcoin wallet is transmitted over this channel, and the attacker gains access to the bait (the bitcoins).

-

The project was launched on February 10th 2015. At this time friends from the IPredator project lent us 10 bitcoins (back then worth ~2000 EUR) for the bait. By 2018 no one had successfully cracked the Piñata and the bitcoins, by this point worth ~200 000 EUR, were repurposed for other projects, however the project remains live, with a small amount of bitcoins in it, for anyone wishing to try to crack it.

+

The project was launched on February 10th 2015. At this time friends from the IPredator project lent us 10 bitcoins (back then worth ~2000 EUR) for the bait. By 2018 no one had successfully cracked the Piñata and the bitcoins, by this point worth ~200 000 EUR, were repurposed for other projects, however the project remains live, with a small amount of bitcoins in it, for anyone wishing to try to crack it.

Hannes Mehnert and David Kaloper-Meršinjak designed the Bitcoin Piñata to attract security professionals to look into our TLS stack, developed purely in OCaml since early 2014.

More technical information:

On startup, the Piñata generates its certificate authority on the fly, including certificates and private keys, this means that only the Piñata itself contains private keys which can authenticate successfully.

@@ -18,13 +18,13 @@

The source code of the Piñata is open source and even the running binary (without the private bitcoin wallet key) is published in the git repository.

Further links about the Bitcoin Piñata:

CalDAV Server

@@ -43,7 +43,7 @@

DNS

The Domain Name System is used like a phone book for the internet - it translates human-memoizable domain names (e.g. robur.coop) to machine-routable IP addresses (e.g. 198.167.222.215) and other records such as where eMail should be sent to. DNS is a fault-tolerant hierarchical decentralized key-value store with caching. DNS has been deployed on the Internet since 1987.

On the one side, the authoritative server, which has delegated responsibility for a domain, provides that mapping information (i.e. that a certain IP is the right one for a certain domain), and on the other side a resolver provides the functionality to figure out which server to request for each query a client has.

-

Since 2017 we have developed DNS, server, resolver, and client as a spare-time project. They serve different purposes in our ecosystem: the server is used by domains such as nqsb.io and robur.coop as an authoritative server; we use a caching resolver for our bi-annual hack retreats in Marrakesh; and the client is used by any MirageOS unikernel that needs to resolve domain names.

+

Since 2017 we have developed DNS, server, resolver, and client as a spare-time project. They serve different purposes in our ecosystem: the server is used by domains such as robur.coop as an authoritative server; we use a caching resolver for our bi-annual hack retreats in Marrakesh; and the client is used by any MirageOS unikernel that needs to resolve domain names.

When developing this project we carefully considered which elements were strictly required and have ensured a minimal codebase, providing for better security and ease of use.

Since mid-August 2019 our DNS implementation replaced the existing, but incomplete and barely maintained OCaml implementation. It is released to the opam repository.

A specific use case for this project is to combine a DNS resolver with a local zone (where it acts as server), and a DHCP server - a protocol used for dynamic IP address configuration - into a single service. We recently received confirmation of a grant from Nlnet via the next generation internet initiative from the EU to develop such a service based on our DNS library.

diff --git a/Our Work/Publications-and-Talks b/Our Work/Publications-and-Talks index 9ec3080..f34a907 100644 --- a/Our Work/Publications-and-Talks +++ b/Our Work/Publications-and-Talks @@ -1,5 +1,5 @@ -Publications and Talks

Publications and Talks

Published: 2019-09-10 (last updated: 2020-01-07)

We regularly give talks and write publications about our work, OCaml and MirageOS and other aspects of coding, security and computer science that we have expertise in. Below are some examples of these, if you are interested in having a Robur member speak at your event please reach out to us.

+Publications and Talks

Publications and Talks

Published: 2019-09-10 (last updated: 2024-10-11)

We regularly give talks and write publications about our work, OCaml and MirageOS and other aspects of coding, security and computer science that we have expertise in. Below are some examples of these, if you are interested in having a Robur member speak at your event please reach out to us.

Hannes Mehnert

Talks:

Chaos Communication Congress 2019 (36c3) - Leaving Legacy Behind
@@ -14,8 +14,7 @@ This is a continuation of earlier talks at BornHack (2016, 2017), and goes into Discusses the basic usage of DNS, including stub and recursive resolver, server; various protocol extensions including zone transfer, dynamic updates, authentication, notifications; privacy extensions (query path minimization, DNS-over-TLS); provisioning let's encrypt certificates; and attacks (poisoning, amplification). Explains the Robur implementation of DNS with above mentioned extensions as minimized MirageOS unikernels.

Publications:

Engineering with Logic: Rigorous Test-Oracle Specification and Validation for TCP/IP and the Sockets API (JACM vol 66, January 2019), full paper. (Steve Bishop, Matthew Fairbairn, Hannes Mehnert, Michael Norrish, Tom Ridge, Peter Sewell, Michael Smith, Keith Wansbrough)

-

Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation (Usenix security 2015), video presentation (David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy, Peter Sewell)

-

Not-quite-so-broken TLS 1.3 Mechanized Conformance Checking - TLS 1.3 Ready or Not (TRON), workshop website (David Kaloper-Meršinjak and Hannes Mehnert)

+

Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation (Usenix security 2015), video presentation (David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy, Peter Sewell)

Martin Lucina

Talks:

FOSDEM 2019 - Solo5: A sandboxed, re-targetable execution environment for unikernels
diff --git a/atom b/atom index 11d6ff8..899f14a 100644 --- a/atom +++ b/atom @@ -1,4 +1,4 @@ -urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbcrobur2024-07-01T07:38:01-00:002021-11-16T15:06:35-00:00<p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> +urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbcrobur2024-10-11T09:30:39-00:002021-11-16T15:06:35-00:00<p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> <p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p> <p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client update my-unikernel</code> is everything needed for an update.</p> <p>Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from <a href="https://builds.robur.coop/job/dns-primary-git/">authoritative DNS servers</a> (<a href="https://builds.robur.coop/job/dns-secondary/">secondary</a>, <a href="https://builds.robur.coop/job/dns-letsencrypt-secondary/">let's encrypt DNS solver</a>), <a href="https://builds.robur.coop/job/dnsvizor/">DNS-and-DHCP service (similar to dnsmasq)</a>, <a href="https://builds.robur.coop/job/tlstunnel/">TLS reverse proxy</a>, <a href="https://builds.robur.coop/job/unipi/">Unipi - a web server that delivers content from a git repository</a>, <a href="https://builds.robur.coop/job/dns-resolver/">DNS resolver</a>, <a href="https://builds.robur.coop/job/caldav/">CalDAV server</a>, and of course your own MirageOS unikernel.</p> @@ -202,8 +202,7 @@ This is a continuation of earlier talks at BornHack (2016, 2017), and goes into Discusses the basic usage of DNS, including stub and recursive resolver, server; various protocol extensions including zone transfer, dynamic updates, authentication, notifications; privacy extensions (query path minimization, DNS-over-TLS); provisioning let's encrypt certificates; and attacks (poisoning, amplification). Explains the Robur implementation of DNS with above mentioned extensions as minimized MirageOS unikernels.</p> <h3 id="publications">Publications:</h3> <p><a href="https://dl.acm.org/citation.cfm?id=3243650">Engineering with Logic: Rigorous Test-Oracle Specification and Validation for TCP/IP and the Sockets API (JACM vol 66, January 2019)</a>, <a href="https://www.cl.cam.ac.uk/~pes20/Netsem/paper3.pdf">full paper.</a> (Steve Bishop, Matthew Fairbairn, Hannes Mehnert, Michael Norrish, Tom Ridge, Peter Sewell, Michael Smith, Keith Wansbrough)</p> -<p><a href="https://usenix15.nqsb.io">Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation (Usenix security 2015)</a>, <a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak">video presentation</a> (David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy, Peter Sewell)</p> -<p><a href="https://tron.nqsb.io">Not-quite-so-broken TLS 1.3 Mechanized Conformance Checking - TLS 1.3 Ready or Not (TRON)</a>, <a href="https://www.ndss-symposium.org/ndss2016/tron-workshop-programme/">workshop website</a> (David Kaloper-Meršinjak and Hannes Mehnert)</p> +<p><a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak">Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation (Usenix security 2015)</a>, <a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak">video presentation</a> (David Kaloper-Meršinjak, Hannes Mehnert, Anil Madhavapeddy, Peter Sewell)</p> <h1 id="martin-lucina">Martin Lucina</h1> <h3 id="talks-1">Talks:</h3> <p>FOSDEM 2019 - <a href="https://archive.fosdem.org/2019/schedule/event/solo5_unikernels/">Solo5: A sandboxed, re-targetable execution environment for unikernels</a><br /> @@ -232,7 +231,7 @@ Talks about the case study of building an API-first architecture at Etsy. She ta According to Wikipedia a shell script is a computer program designed to be run by a command line interpreter. Typical operations performed by shell scripts include file manipulation, program execution, and printing text. Sounds complicated? In this talk Stefanie Schirmer shows how to build a shell in ten minutes.</p> <p>JSConf EU 2015 - <a href="https://www.youtube.com/watch?v=6Qx5ZAbfqjo">Functional programming and curry cooking in JS</a><br /> This talk explores functional programming concepts, which help us create powerful abstractions to master complex problems and create more simple and elegant programs. JavaScript allows us to ease into the functional programming style, letting us focus just on the concepts, without the distraction of learning a specific functional programming language. To make the dry functional programming concepts more digestible, we use cooking as an analogy. And since the logician Haskell Curry invented functional programming, we combine our journey in JavaScript with examples and recipes for tasty curry dishes.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaPublications and Talks2020-01-07T11:22:12-00:00canopy2019-09-10T19:40:14-00:00<h1 id="robur-reproducible-builds">Robur Reproducible Builds</h1> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaPublications and Talks2024-10-11T09:30:39-00:00canopy2019-09-10T19:40:14-00:00<h1 id="robur-reproducible-builds">Robur Reproducible Builds</h1> <p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the Eurepean Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> <p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p> <p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client-local update my-unikernel</code> is everything needed for an update.</p> @@ -241,7 +240,7 @@ This talk explores functional programming concepts, which help us create powerfu <h1 id="bitcoin-piñata">Bitcoin Piñata</h1> <p>The <a href="http://ownme.ipredator.se">Bitcoin Piñata</a> is a transparent <a href="https://en.wikipedia.org/wiki/Bug_bounty_program">bug bounty</a>: it holds the private key for a bitcoin wallet. It is a <a href="/Our%20Work/Technology-Employed#MirageOS">MirageOS unikernel</a> designed to test our TLS and all underlying transport implementations.</p> <p>Its open communication channels are HTTP and HTTPS, and a TLS client and TLS server endpoint, all written in <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a>. The cryptographic material for TLS is generated on startup in the Piñata and is supposed to never leave it. However, if an attacker manages to establish a mutually authenticated (using certificates) TLS channel, the private key to the bitcoin wallet is transmitted over this channel, and the attacker gains access to the bait (the bitcoins).</p> -<p>The project was <a href="https://mirage.io/announcing-bitcoin-pinata">launched</a> on February 10th 2015. At this time friends from the IPredator project lent us 10 bitcoins (back then worth ~2000 EUR) for the bait. By 2018 no one had successfully cracked the Piñata and the bitcoins, by this point worth ~200 000 EUR, were repurposed for other projects, however the project remains live, with a small amount of bitcoins in it, for anyone wishing to try to crack it.</p> +<p>The project was <a href="https://mirageos.org/announcing-bitcoin-pinata">launched</a> on February 10th 2015. At this time friends from the IPredator project lent us 10 bitcoins (back then worth ~2000 EUR) for the bait. By 2018 no one had successfully cracked the Piñata and the bitcoins, by this point worth ~200 000 EUR, were repurposed for other projects, however the project remains live, with a small amount of bitcoins in it, for anyone wishing to try to crack it.</p> <p><a href="/About%20Us/Team">Hannes Mehnert</a> and David Kaloper-Meršinjak designed the Bitcoin Piñata to attract security professionals to look into our <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS</a> stack, developed purely in OCaml since early 2014.</p> <h4 id="more-technical-information">More technical information:</h4> <p>On startup, the Piñata generates its certificate authority on the fly, including certificates and private keys, this means that only the Piñata itself contains private keys which can authenticate successfully.</p> @@ -251,13 +250,13 @@ This talk explores functional programming concepts, which help us create powerfu <p>The source code of the Piñata is <a href="https://github.com/mirleft/btc-pinata">open source</a> and even the running binary (without the private bitcoin wallet key) is published in the git repository.</p> <p>Further links about the Bitcoin Piñata:</p> <ul> -<li><a href="https://mirage.io/blog/bitcoin-pinata-results">Statistics after 5 months</a> +<li><a href="https://mirageos.org/blog/bitcoin-pinata-results">Statistics after 5 months</a> </li> <li><a href="https://somerandomidiot.com/blog/2018/04/17/whacking-the-bitcoin-pinata/">Post about whacking the pinata</a> </li> -<li><a href="https://hannes.nqsb.io/Posts/Pinata">Evaluation 3 years later</a> +<li><a href="https://hannes.robur.coop/Posts/Pinata">Evaluation 3 years later</a> </li> -<li><a href="https://usenix15.nqsb.io">Usenix security research paper on TLS stack</a> +<li><a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kaloper-mersinjak">Usenix security research paper on TLS stack</a> </li> </ul> <h1 id="caldav-server">CalDAV Server</h1> @@ -276,7 +275,7 @@ This talk explores functional programming concepts, which help us create powerfu <h1 id="dns">DNS</h1> <p>The Domain Name System is used like a phone book for the internet - it translates human-memoizable domain names (e.g. robur.coop) to machine-routable IP addresses (e.g. 198.167.222.215) and other records such as where eMail should be sent to. DNS is a fault-tolerant hierarchical decentralized key-value store with caching. DNS has been deployed on the Internet since 1987.</p> <p>On the one side, the authoritative server, which has delegated responsibility for a domain, provides that mapping information (i.e. that a certain IP is the right one for a certain domain), and on the other side a resolver provides the functionality to figure out which server to request for each query a client has.</p> -<p>Since 2017 we have developed DNS, server, resolver, and client as a spare-time project. They serve different purposes in our ecosystem: the server is used by domains such as nqsb.io and robur.coop as an authoritative server; we use a caching resolver for our bi-annual hack retreats in Marrakesh; and the client is used by any MirageOS unikernel that needs to resolve domain names.</p> +<p>Since 2017 we have developed DNS, server, resolver, and client as a spare-time project. They serve different purposes in our ecosystem: the server is used by domains such as robur.coop as an authoritative server; we use a caching resolver for our bi-annual hack retreats in Marrakesh; and the client is used by any MirageOS unikernel that needs to resolve domain names.</p> <p>When developing this project we carefully considered which elements were strictly required and have ensured a minimal codebase, providing for better security and ease of use.</p> <p>Since mid-August 2019 our DNS implementation replaced the existing, but incomplete and barely maintained <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a> implementation. It is released to the opam repository.</p> <p>A specific use case for this project is to combine a DNS resolver with a local zone (where it acts as server), and a DHCP server - a protocol used for dynamic IP address configuration - into a single service. We recently received confirmation of a grant from Nlnet via the next generation internet initiative from the EU to develop such a service based on our DNS library.</p> @@ -335,7 +334,7 @@ This talk explores functional programming concepts, which help us create powerfu <p>Compared to existing technologies, such as traditional virtualization using KVM/QEMU, VMWare, crosvm and so on, Solo5 is several orders of magnitude smaller (around 10,000 lines of C) and is tailored to running unikernels in a legacy-free and minimalist fashion.</p> <p>Our goal for Solo5 is to enable the use of unikernel technology to build hybrid, disaggregated systems where the designer/developer can choose which components are untrusted or security-sensitive and &quot;split them out&quot; from the monolithic host system. At the same time the developer can continue to use existing, familiar, technology as the base or &quot;control plane&quot; for the overall system design/deployment, or mix and match traditional applications and unikernels as appropriate.</p> <p>The software is available <a href="https://github.com/solo5">on Github</a>.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaProjects2024-06-30T19:42:13-00:00canopy2019-09-10T19:40:14-00:00<p>We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaProjects2024-10-11T09:30:39-00:00canopy2019-09-10T19:40:14-00:00<p>We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.</p> <p>We write all our code in a high-level memory-safe (and more secure) programming language called <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a>. In addition each piece of software leverages <a href="/Our%20Work/Technology-Employed#MirageOS">MirageOS</a> (a minimal operating system) to produce bespoke applications tailored to only contain their required functionality. Each service is executed on virtual machines with a size usually around 1-10 MB, much smaller than a UNIX / Linux system, and it boots within milliseconds.</p> <p>Where other approaches try to patch general purpose operating systems by adding more layers, we strive to build a secure system from the ground up.</p> <p>Our approach means our software has a number of security and ease-of-use benefits:</p> @@ -399,13 +398,13 @@ He is still heavily involved as a developer and system administrator in <a hr <p>Her Erdős number is 4.</p> urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaTeam2023-09-21T14:46:48-00:00canopy2019-09-10T19:40:14-00:00<p>Twice a year the Robur team meet with others from the OCaml and MirageOS community at a week long hack retreat in Marrakesh, Morocco.</p> <p>We use these times to discuss and learn about new developments in the MirageOS ecosystem and meet in person about our Robur projects. And of course we have fun whilst we are at it!</p> -<p>The retreats are held in a hostel in the center of the city, which we wholly rent out for the period, with food provided. If you are interested in participating in the next retreat please <a href="http://retreat.mirage.io/">see the MirageOS site</a> for more details and sign-up method.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaRetreats2019-09-10T21:40:09-00:00canopy2019-09-10T19:40:14-00:00<h1 id="collaborations">Collaborations</h1> +<p>The retreats are held in a hostel in the center of the city, which we wholly rent out for the period, with food provided. If you are interested in participating in the next retreat please <a href="http://retreat.mirageos.org/">see the MirageOS site</a> for more details and sign-up method.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaRetreats2024-10-11T09:30:39-00:00canopy2019-09-10T19:40:14-00:00<h1 id="collaborations">Collaborations</h1> <p><a href="https://aenderwerk.de">Änderwerk gGmbH</a><br /> Änderwerk is a &quot;back-end provider&quot; for the open source community. They work with Robur to assist us in our financial processes and administration.</p> <p><a href="https://leastauthority.com">Least Authority</a> Least Authority is a Berlin-based group building technology that is open source and focused on allowing user freedom and privacy protection in online services. Robur has worked with Least Authority to make security audits of OCaml applications.</p> -<p><a href="https://mirage.io">MirageOS</a><br /> +<p><a href="https://mirageos.org">MirageOS</a><br /> MirageOS is a library operating system that constructs unikernels for secure and high-performing applications. Most Robur projects are designed to be compatible with MirageOS, as well as native operating systems, like Linux or FreeBSD. We work closely with the MirageOS community to help develop its ecosystem and increase the availability of secure applications offered within it.</p> <p><a href="https://nitrokey.com">Nitrokey</a><br /> Robur designed and implemented <a href="https://www.nitrokey.com/products/nethsm">NetHSM</a> for Nitrokey.</p> @@ -423,7 +422,7 @@ NGI pointer is a EU funded project which funds the next generation ecosystem of In 2023 NLnet funded further work on MirageVPN. In 2019 NLnet Foundation granted Robur funding to develop a secure DNS resolver in OCaml. NLnet is a Dutch foundation that receives money from donations, legacies and collaborative funding and sub-granting mechanisms after starting with substantial capital established by pioneers of the European internet in 1997. It grants money to organizations and people that contribute to an open information society and secure internet projects.</p> <p><a href="https://prototypefund.de/en">The Prototype Fund</a><br /> The Prototype Fund has awarded Robur several grants for various projects such as the CalDAV Server, the Mirage Firewall and our OCaml implementation of an OpenVPN client. The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is supported and evaluated by the Open Knowledge Foundation Germany. It funds individuals and small organizations to develop open source applications designed for the common good.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaNetwork2023-12-14T15:13:04-00:00canopy2019-09-10T19:40:14-00:00<p>At Robur our focus is on the software we develop. We are passionate about our work and believe in the importance of creating and maintaining secure digital infrastructure.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaNetwork2024-10-11T09:30:39-00:00canopy2019-09-10T19:40:14-00:00<p>At Robur our focus is on the software we develop. We are passionate about our work and believe in the importance of creating and maintaining secure digital infrastructure.</p> <p>We get our funding through three avenues: grants for particular open-source projects, contracts for specific work including development and auditing, and public donations that help allow us to continue the work that isn't otherwise funded.</p> <p>We spend most of our funding on salaries, ensuring Robur keeps developing the software we think is important. We do not spend money on fancy parties or first class business trips. Our general breakdown of spending per year is:</p> <ul>