diff --git a/atom b/atom index cd02059..8efa45f 100644 --- a/atom +++ b/atom @@ -1,4 +1,4 @@ -urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbcrobur2022-11-17T12:59:08-00:002021-11-16T15:06:35-00:00<p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> +urn:uuid:8167ecfe-9676-11e7-8dc1-68f728e7bbbcrobur2022-11-17T12:59:08-00:002021-11-16T15:06:35-00:00<p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the European Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> <p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p> <p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client-local update my-unikernel</code> is everything needed for an update.</p> <p>Several ready-to-use MirageOS unikernels are built on a daily basis - ranging from <a href="https://builds.robur.coop/job/dns-primary-git/">authoritative DNS servers</a> (<a href="https://builds.robur.coop/job/dns-secondary/">secondary</a>, <a href="https://builds.robur.coop/job/dns-letsencrypt-secondary/">let's encrypt DNS solver</a>), <a href="https://builds.robur.coop/job/dnsvizor/">DNS-and-DHCP service (similar to dnsmasq)</a>, <a href="https://builds.robur.coop/job/tlstunnel/">TLS reverse proxy</a>, <a href="https://builds.robur.coop/job/unipi/">Unipi - a web server that delivers content from a git repository</a>, <a href="https://builds.robur.coop/job/dns-resolver/">DNS resolver</a>, <a href="https://builds.robur.coop/job/caldav/">CalDAV server</a>, and of course your own MirageOS unikernel.</p> @@ -115,7 +115,7 @@ $ fg # back to albatross-client-local console $ Ctrl-C # kill that process </code></pre> <p>That's it. Albatross has more features, such as block devices, multiple bridges (for management, private networks, ...), restart if the unikernel exited with specific exit code, assignment of a unikernel to a specific CPU. It also has remote command execution and resource limits (you can allow your friends to execute a number of unikernels with limited memory and block storage accessing only some of your bridges). There is a daemon to collect metrics and report them to Grafana (via Telegraf and Influx). MirageOS unikernels also support IPv6, you're not limited to legacy IP.</p> -urn:uuid:a225bf44-9230-569f-8852-1b5d2132a749Robur Reproducible Builds2022-11-17T12:59:08-00:00canopy2019-09-10T19:40:14-00:00<h1>MirageOS</h1> +urn:uuid:a225bf44-9230-569f-8852-1b5d2132a749Robur Reproducible Builds2022-11-17T12:59:08-00:00canopy2019-09-10T19:40:14-00:00<h1>MirageOS</h1> <p>MirageOS is a software suite to build custom-tailored operating systems from (mostly open source) small individual libraries. It has been developed since 2009 at the University of Cambridge, UK and is written in the programming language <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a>.</p> <p>It compiles the necessary OCaml libraries into a unikernel - a small operating system, each built for a certain purpose. For each unikernel we can pick from hundreds of permissively licensed open source libraries which implement network protocols, storage on block devices, or interfaces to network devices via the hypervisor or host operating system. As we only put into each one exactly what is needed, each unikernel is fast; instantly booting and, as there is less code base, it is easier to maintain and keep secure.</p> <p>As an example to see how lines of code compare, here are the number of lines of code needed for different elements of our <a href="/Our%20Work/Projects#Bitcoin%20Pinata">Bitcoin Pinata</a>, measured in thousands of lines of code:</p> @@ -173,7 +173,7 @@ $ Ctrl-C # kill that process <p>In 2016, Facebook developed ReasonML, a dialect of OCaml which syntax is closer to JavaScript, and easier to comprehend for beginners coming from that family of programming languages. ReasonML and OCaml code can be easily combined into a single application, since they use the same compiler.</p> <h3>Further Information</h3> <p>There is active work on OCaml language development and its runtime system. More literature on why OCaml is a good choice has been written by Yaron Minsky (Jane Street) in the article <a href="https://queue.acm.org/detail.cfm?id=2038036">OCaml for the masses</a>, and more recently by the crypto-ledger <a href="https://tezos.com/static/position_paper-841a0a56b573afb28da16f6650152fb4.pdf">Tezos</a>.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaTechnology Employed2019-10-31T12:06:40-00:00canopy2019-09-10T19:40:14-00:00<p>We can work with you to design, develop and audit software and infrastructure to assist you in enhancing your technical security and reliability. Whilst we are not a service provider, and so can not offer to host applications, we can assist you in deploying MirageOS and OCaml services.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaTechnology Employed2019-10-31T12:06:40-00:00canopy2019-09-10T19:40:14-00:00<p>We can work with you to design, develop and audit software and infrastructure to assist you in enhancing your technical security and reliability. Whilst we are not a service provider, and so can not offer to host applications, we can assist you in deploying MirageOS and OCaml services.</p> <h3>Design</h3> <p>Working with you to understand the needs of your organization, and how your software infrastructure is currently setup and used, we can assist you in working out any improvements you might require.</p> <p>We can consult on design for specific products to ensure you plan the best solution for a single application, or take a more holistic view of your infrastructure and protocols to improve speed, security and ease of use.</p> @@ -186,7 +186,7 @@ $ Ctrl-C # kill that process <p>We can provide code auditing services, particularly focusing on security and reducing code base. We have team members who have thorough experience working with OCaml, C (embedded, kernel and userspace), x86 assembly, Scala, Java, Android, Haskell, PHP and Python.</p> <p>Our audits can help ensure your environment is secure whilst also working with you to reduce attack service and increase speed. While we generally prefer “white-box” audits because we believe they yield the best results for the time invested, we also have experience with “black-box” penetration testing.</p> <p>Please <a href="/Contact">contact us</a> if you are interested in any of the above and we can discuss how we can assist you in developing a more secure architecture and for your organization.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaServices2019-09-10T22:09:34-00:00canopy2019-09-10T19:40:14-00:00<p>We regularly give talks and write publications about our work, OCaml and MirageOS and other aspects of coding, security and computer science that we have expertise in. Below are some examples of these, if you are interested in having a Robur member speak at your event please <a href="/Contact">reach out</a> to us.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaServices2019-09-10T22:09:34-00:00canopy2019-09-10T19:40:14-00:00<p>We regularly give talks and write publications about our work, OCaml and MirageOS and other aspects of coding, security and computer science that we have expertise in. Below are some examples of these, if you are interested in having a Robur member speak at your event please <a href="/Contact">reach out</a> to us.</p> <h1>Hannes Mehnert</h1> <h3>Talks:</h3> <p>Chaos Communication Congress 2019 (36c3) - <a href="https://media.ccc.de/v/36c3-11172-leaving_legacy_behind">Leaving Legacy Behind</a><br /> @@ -231,7 +231,7 @@ Talks about the case study of building an API-first architecture at Etsy. She ta According to Wikipedia a shell script is a computer program designed to be run by a command line interpreter. Typical operations performed by shell scripts include file manipulation, program execution, and printing text. Sounds complicated? In this talk Stefanie Schirmer shows how to build a shell in ten minutes.</p> <p>JSConf EU 2015 - <a href="https://www.youtube.com/watch?v=6Qx5ZAbfqjo">Functional programming and curry cooking in JS</a><br /> This talk explores functional programming concepts, which help us create powerful abstractions to master complex problems and create more simple and elegant programs. JavaScript allows us to ease into the functional programming style, letting us focus just on the concepts, without the distraction of learning a specific functional programming language. To make the dry functional programming concepts more digestible, we use cooking as an analogy. And since the logician Haskell Curry invented functional programming, we combine our journey in JavaScript with examples and recipes for tasty curry dishes.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaPublications and Talks2020-01-07T11:22:12-00:00canopy2019-09-10T19:40:14-00:00<h1>Robur Reproducible Builds</h1> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaPublications and Talks2020-01-07T11:22:12-00:00canopy2019-09-10T19:40:14-00:00<h1>Robur Reproducible Builds</h1> <p>In 2021 we in <a href="https://robur.coop/">Robur</a> have been working towards easing deployment of reproducible mirage applications. The work has been funded by the Eurepean Union under the <a href="https://pointer.ngi.eu/">Next Generation Internet (NGI Pointer) initiative</a>. The result is <a href="https://builds.robur.coop">online</a>.</p> <p>The overall goal is to push MirageOS into production in a trustworthy way. We worked on reproducible builds for <a href="https://opam.ocaml.org">Opam</a> packages and <a href="https://mirageos.org">MirageOS</a> - with the infrastructure being reproducible itself. Reproducible builds are crucial for supply chain security - everyone can reproduce the exact same binary (by using the same sources and environment), without reproducible builds we would not publish binaries.</p> <p>Reproducible builds are also great for fleet management: by inspecting the hash of the binary that is executed, we can figure out which versions of which libraries are in the unikernel - and suggest updates if newer builds are available or if a used library has a security flaw -- <code>albatross-client-local update my-unikernel</code> is everything needed for an update.</p> @@ -333,7 +333,7 @@ This talk explores functional programming concepts, which help us create powerfu <p>Compared to existing technologies, such as traditional virtualization using KVM/QEMU, VMWare, crosvm and so on, Solo5 is several orders of magnitude smaller (around 10,000 lines of C) and is tailored to running unikernels in a legacy-free and minimalist fashion.</p> <p>Our goal for Solo5 is to enable the use of unikernel technology to build hybrid, disaggregated systems where the designer/developer can choose which components are untrusted or security-sensitive and &quot;split them out&quot; from the monolithic host system. At the same time the developer can continue to use existing, familiar, technology as the base or &quot;control plane&quot; for the overall system design/deployment, or mix and match traditional applications and unikernels as appropriate.</p> <p>The software is available <a href="https://github.com/solo5">on Github</a>.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaProjects2022-03-01T22:03:39-00:00canopy2019-09-10T19:40:14-00:00<p>We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaProjects2022-03-01T22:03:39-00:00canopy2019-09-10T19:40:14-00:00<p>We are a nonprofit open source software cooperative whose mission is to develop robust and secure digital infrastructure. We strive to enable more people to reliably run their own infrastructure by producing correct, surprise-free software to be deployed in real environments. Our software aims to meet the needs of anyone working in an environment where security and dependability is vital.</p> <p>We write all our code in a high-level memory-safe (and more secure) programming language called <a href="/Our%20Work/Technology-Employed#OCaml">OCaml</a>. In addition each piece of software leverages <a href="/Our%20Work/Technology-Employed#MirageOS">MirageOS</a> (a minimal operating system) to produce bespoke applications tailored to only contain their required functionality. Each service is executed on virtual machines with a size usually around 1-10 MB, much smaller than a UNIX / Linux system, and it boots within milliseconds.</p> <p>Where other approaches try to patch general purpose operating systems by adding more layers, we strive to build a secure system from the ground up.</p> <p>Our approach means our software has a number of security and ease-of-use benefits:</p> @@ -357,7 +357,7 @@ This talk explores functional programming concepts, which help us create powerfu <p>If you are interested in seeing how we can assist you in improving your organization's digital infrastructure please see our <a href="/Our%20Work/Services">services offered</a>.</p> <p>If you like our approach to open source software and want to support our work please consider a <a href="/Donate">donation</a>.</p> <p>Or if you are a funder of open source projects focused on security and reliability and like our approach we would love to hear from <a href="/Contact">you</a>.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaOur Approach2019-09-10T22:16:40-00:00canopy2019-09-10T19:40:14-00:00<p>Robur is a software development cooperative specializing in robust and secure digital infrastructure written in OCaml.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaOur Approach2019-09-10T22:16:40-00:00canopy2019-09-10T19:40:14-00:00<p>Robur is a software development cooperative specializing in robust and secure digital infrastructure written in OCaml.</p> <h2>Current members</h2> <h3>Hannes</h3> <p>Hannes enjoys living in Berlin, Germany. Until end of 2017, he used to be a research associate at the University of Cambridge in the rems project. He enjoys to write code, and also traveling and repairing his recumbent bicycle, and being a barista.</p> @@ -393,10 +393,10 @@ He is still heavily involved as a developer and system administrator in <a hr <p>Joe has a background in penetration testing, protocol design, applied cryptography, and architectural IT security system design for customers, especially in the banking, insurance, and pension fund sectors. He has been consulting on BPAY integration in Australia, and conducting web and network security assessments for customers throughout the world.</p> <p>Lately he has spent the last couple of years writing OCaml and has been working with IT security, dev-ops and automated deployment for customers specializing in Enterprise Resource Planning, Internet of Things, and medical technology.</p> <p>In his spare time he dabbles in research into similar topics and serialization frameworks, in addition to the enjoyable pursuit of tabletop roleplaying and social interactions in smoky pubs - two disciplines that he excels in, but that have somehow not been of particular interest to paying customers (yet).</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaTeam2022-11-10T16:46:33-00:00canopy2019-09-10T19:40:14-00:00<p>Twice a year the Robur team meet with others from the OCaml and MirageOS community at a week long hack retreat in Marrakesh, Morocco.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaTeam2022-11-10T16:46:33-00:00canopy2019-09-10T19:40:14-00:00<p>Twice a year the Robur team meet with others from the OCaml and MirageOS community at a week long hack retreat in Marrakesh, Morocco.</p> <p>We use these times to discuss and learn about new developments in the MirageOS ecosystem and meet in person about our Robur projects. And of course we have fun whilst we are at it!</p> <p>The retreats are held in a hostel in the center of the city, which we wholly rent out for the period, with food provided. If you are interested in participating in the next retreat please <a href="http://retreat.mirage.io/">see the MirageOS site</a> for more details and sign-up method.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaRetreats2019-09-10T21:40:09-00:00canopy2019-09-10T19:40:14-00:00<h1>Collaborations</h1> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaRetreats2019-09-10T21:40:09-00:00canopy2019-09-10T19:40:14-00:00<h1>Collaborations</h1> <p><a href="https://techcultivation.org">The Center for the Cultivation of Technology</a><br /> The Center for the Cultivation of Technology is a &quot;back-end provider&quot; for the open source community. They work with Robur to assist us in our financial processes and administration.</p> <p><a href="https://leastauthority.com">Least Authority</a> @@ -413,7 +413,7 @@ Is a for-profit distributed engineering team based in Paris and Cambridge that m In 2019 NLnet Foundation granted Robur funding to develop a secure DNS resolver in OCaml. NLnet is a Dutch foundation that receives money from donations, legacies and collaborative funding and sub-granting mechanisms after starting with substantial capital established by pioneers of the European internet in 1997. It grants money to organizations and people that contribute to an open information society and secure internet projects.</p> <p><a href="https://prototypefund.de/en">The Prototype Fund</a><br /> The Prototype Fund has awarded Robur several grants for various projects such as the CalDAV Server, the Mirage Firewall and our OCaml implementation of an OpenVPN client. The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is supported and evaluated by the Open Knowledge Foundation Germany. It funds individuals and small organizations to develop open source applications designed for the common good.</p> -urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaNetwork2020-02-18T17:34:49-00:00canopy2019-09-10T19:40:14-00:00<p>At Robur our focus is on the software we develop. We are passionate about our work and believe in the importance of creating and maintaining secure digital infrastructure.</p> +urn:uuid:a4887de7-8629-5578-836f-d31b51fe75aaNetwork2020-02-18T17:34:49-00:00canopy2019-09-10T19:40:14-00:00<p>At Robur our focus is on the software we develop. We are passionate about our work and believe in the importance of creating and maintaining secure digital infrastructure.</p> <p>We get our funding through three avenues: grants for particular open-source projects, contracts for specific work including development and auditing, and public donations that help allow us to continue the work that isn't otherwise funded.</p> <p>We spend most of our funding on salaries, ensuring Robur keeps developing the software we think is important. We do not spend money on fancy parties or first class business trips. Our general breakdown of spending per year is:</p> <ul>