-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(data) add robur success story #2862
base: main
Are you sure you want to change the base?
Conversation
--- | ||
|
||
## Challenge | ||
Hannes’ journey began with a passion for improving system infrastructure while fostering a collaborative, non-hierarchical work environment. Initially focused on formal verification during his PhD studies, he found the process to be tedious and impractical for large-scale impact. In his academic work, he encountered dynamically typed languages often used for network stacks, which introduced significant inefficiencies. These languages required runtime checks to ensure safety, resulting in performance costs and errors that only surfaced during execution. Seeking an alternative, Hannes envisioned a better approach: building secure, high-performance systems within a collective that valued open collaboration and sustainable practices. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not 'dynamically typed' for network stacks, but 'weakly typed'.
These don't necessarily require runtime checks (and there's no performance cost) - but due to the lack of memory safety a programming error may lead to a security concern.
In 2018, Hannes and a group of like-minded peers established Robur, a worker-owned collective committed to advancing MirageOS and creating impactful software solutions. The team quickly demonstrated their ability to deliver results. For instance, they developed a high-performance OpenVPN implementation, securing funding in 2019 and again in 2023 to optimize performance and finalize the protocol. Another achievement involved maintaining and extending the QubesOS Firewall, originally developed in 2015, to strengthen the security of isolated virtual machine environments. | ||
|
||
Robur also contributed significantly to cryptographic tools and protocols, including Mirage-Crypto and a robust TLS stack. Beyond development, the team uses MirageOS unikernels to host essential services such as their own DNS and CalDav servers. This active use ensures the reliability of their work while directly contributing to the stability and maintenance of MirageOS. These successes reflect the power of their collective model, where decisions about funding, projects, and partnerships are made collaboratively, fostering a culture of shared responsibility. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe worth to link to our recent blog article about our finances https://blog.robur.coop/articles/finances.html
## Solution | ||
Robur has successfully implemented OCaml-based solutions to address complex challenges in network and system infrastructure. Their work on cryptographic protocols, such as TLS and Mirage-Crypto, highlights OCaml’s ability to handle demanding computational tasks with both efficiency and security. These protocols form the backbone of secure communications for many applications. | ||
|
||
Performance optimization tools, such as `statmemprof`, are integral to Robur’s workflow, enabling fine-tuned control over resource usage. By hosting services like DNS and CalDav on unikernels, Robur demonstrates the real-world applicability and reliability of their approach. Additionally, their commitment to open-source development allows organizations to benefit from their innovations, as exemplified by the NetHSM project, which transitioned from a closed-source implementation to an open-source solution under Robur’s stewardship. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find the last sentence awkward, and it doesn't give robur's involvement into NetHSM a fair role. Let's drop that sentence.
Instead, could we emphasize that robur is not only working on MirageOS, but also on ecosystem things, such as:
- security of (esp.) opam
- reproducible builds
- opam repository archiving
thanks a lot for writing this up, @sabine |
Ready for publishing. Requires review and approval from @hannesm.