56 Receive Grants to Upgrade the Open Internet Architecture

We are happy to announce that 56 teams and individuals will receive funding to support their work on improving the core technologies of the internet. We'd like to congratulate them and thank them for making the internet better for us all.

We are welcoming projects from 29 countries involving people and organisations of various types: individuals, small and medium enterprises, foundations, and collectives. The new projects operate across all ten layers of the NGI technology stack: from trustworthy open hardware to services & applications which provide autonomy for end-users. The grantees will not only receive funding but also practical support such as accessibility and security audits, advice on license compliance, packaging and mentoring.

Final call for NGI Zero Core

All these free and open source projects are part of the NGI Zero Core fund. The purpose of this programme is to upgrade the open internet architecture (hardware, software, protocols) to increase the performance of the network, adapt it to new application requirements, improve quality of service, make it more resilient to security threats, more energy efficient and respectful of the environment (e.g. repairability, recyclability), and increasingly supportive of open and decentralised technologies and services.

This was the last of eight open calls for the NGI Zero Core fund. The programme will now enter its concluding phase. This means the people and teams that were assigned a grant will continue to work on their projects, but no more new proposals will be accepted. However, other programmes are very much open to proposals and the next deadline is April 1^st. In total 250 projects were selected within NGI Zero Core, on a vast range of topics ranging from video conferencing tools, web browsers, routing protocols, social media tools all the way to cryptography, radartools to design superconductive circuitry.

If you applied for a grant
This is the selection for the October call of the NGI Zero Core fund only. We always inform all applicants about the outcome of the review ahead of the public announcement, whether they are selected or not. If you have not heard anything, you probably applied to a later call or a different fund that is still under review.

How do I find out which call round I applied to?

You can see which call round you applied to by checking the application number assigned to the project when you submitted the proposal. The number starts with the year and month of the call, so 2024-10- in the case of the October 2024 call. You see that same number featured in the emails we send you (It should not happen, but if you did apply to another call and did not hear anything, do contact us)

Meet the new projects!

(you can click or tap on the project name to fold out additional information)

Trustworthy hardware and manufacturing

• Extensive openwifi support for OpenWRT — Software Defined Radio Wifi for OpenWRT routers

  The internet service provider and the IT department are often responsible for setting up your Wi-Fi network at home and work, respectively. As a result, many people take Wi-Fi routers and APs for granted and do not realize that these devices are complex and vulnerable closed black boxes of software, firmware and hardware. The often-outdated software and firmware on these devices, combined with their hardware and overall black box nature, raise serious security concerns. For example, the US is considering a ban on TP-Link devices. The software community addresses this issue through projects such as OpenWRT. However, these OpenWRT devices still route their wireless traffic through a closed Wi-Fi chip.

  This project (from the creators of openwifi, the first full-stack open-source IEEE 802.11a/g/n Wi-Fi chip) aims to provide a transparent alternative. Tje project will deliver fully featured openwifi-on-OpenWRT support for all openwifi-enabled boards. To achieve this, the dependency of openwifi on ADI Kuiper Linux is broken and its hardware description is modularized, allowing us to port openwifi to OpenWRT in a maintainable manner. The result is an openwifi package within OpenWRT, allowing users to choose for both open-source software and Wi-Fi chip, thereby enhancing the security and openness of Wi-Fi routers/APs. With this work, we lay the foundation for future developments, including potential partnerships with open-source Wi-Fi router vendors.

  ▸ For more details see: https://nlnet.nl/project/OpenWifi-OpenWRT

• FastWave 2.0 — Waveform visualizer for gateware development

  FastWave is an open-source waveform viewer designed as a modern alternative to GTKWave. This cross-platform desktop application is suitable for both professionals and beginners, offering simple installation and a strong focus on user experience. Its goal is to boost productivity and satisfaction among current hardware developers while also attracting new developers and students to the hardware design ecosystem. FastWave is built on fast and reliable Rust libraries and leverages well-proven web technologies to ensure a consistent look, accessibility, design flexibility, and safe user extensibility via WebAssembly plugins.

  ▸ For more details see: https://nlnet.nl/project/FastWave2.0

• MNT Reform QCS6490 Module — MNT Reform compatible open Hardware processor module

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/MNTReform-QCS6490

• Mosaic Simulation — EDA tool for analog chip design

  Today, the chip design industry is deeply proprietary with NDAs at every level, which means it is not possible to share design files at all. This in turn stifles learning, innovation and transparency in chip design. In order to create a chip design industry that can be trusted with our digital lives, and which is accessible to educational institutions and small business, it is essential to develop powerful open source tools for chip design. Anyone should be able to use these tools, allowing for unhindered collaboration.

  Mosaic is a tool that attacks the first design phase of an analog chip, or analog peripherals for a digital one: design and simulation of the schematic. In this follow-up grant the team will focus on simplification, distribution, and polish - making Mosaic easier to install and use as well as maintain.

  ▸ For more details see: https://nlnet.nl/project/Mosaic-simulation

• OPERA-DSP — Open hardware FMCW Radar signal processing in FPGA

  Frequency Modulated Continuous Wave (FMCW) radar is essential for applications such as autonomous vehicles, industrial automation, environmental monitoring, and security, enabling high-resolution object detection and speed estimation. However, to fully leverage FMCW radar data, digital signal processing (DSP) techniques must be applied in real time to extract meaningful information. The OPERA-DSP project aims to develop an open-source FMCW radar DSP hardware library, making radar signal processing more accessible to researchers and developers. It will provide essential IP cores, including windowing functions, Fast Fourier Transform (FFT), magnitude computation, and Constant False Alarm Rate (CFAR) detection. To simplify adoption, OPERA-DSP will integrate these DSP libraries with a RISC-V core and develop an FPGA-based design, complemented by scripts for automated bitstream generation.

  ▸ For more details see: https://nlnet.nl/project/OPERA-DSP

• SMAesH-Mode — Side-channel protected hardware implementation of AES

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/SMAesH-Mode

• SoCLinux — Easier driver development for Py2HWSW framework

  SoCLinux is an open-source project that aims to configure and generate a Linux system for RISC-V processors, focusing on creating a robust and maintainable environment for designing and testing IP cores. The project builds upon the existing open-source Py2HWSW framework powering the IOb-SoC platform, enhancing the functionality and portability of IP cores, by using as examples the key IOb-Cache, IOb-Eth, and IOb-UART16550 open-source cores. By providing a Linux IP core testbed, SoCLinux enables developers to build and test Linux drivers for new IP cores quickly, accelerating the production of high-quality IP cores, open-source or otherwise. The project aims to establish a widely adopted and maintainable ecosystem for IP core development, benefiting the broader community of IP core providers and users. SoCLinux will leverage the IP-XACT standard (IEEE 1685) for IP core packaging, and seamlessly exchange IP cores with FuseSoC, a well-known open-source IP core package manager.

  ▸ For more details see: https://nlnet.nl/project/SoCLinux

• VersatAI — Automation of ML/AI algorithm support in computational accellerators

  Versat is a Coarse-Grained Reconfigurable Array (CGRA) compiler and programming framework to accelerate AI and ML workloads on open-source RISC-V-based systems. The VersatAI project will enhance Versat to automate AI/ML accelerator generation by translating standard representations of these algorithms such as ONNX into optimized RISC-V programs accelerated by a CGRA. Leveraging prior work in cryptographic acceleration and SoC integration, the project will focus on key AI/ML tasks like convolutional neural networks and transformers. The development will be fully open-source, ensuring compatibility with industry-standard AI frameworks and improving CGRA accessibility for AI applications.

  ▸ For more details see: https://nlnet.nl/project/VersatAI

Network infrastructure incl. routing, P2P and VPN

• GNUnet on Android — Port GNUnet protocol stack to Android mobile OS

  This project is about making GNUnet, a network protocol stack for developing secure, distributed and privacy-preserving applications, available on Android. To achieve this, we are developing an Android application that runs the basic GNUnet services and make them available to other applications that want to use these services. As a blueprint for an application that uses GNUnet services, we will port the GTK-based GUI for the GNUnet's messenger service to Android. To get GNUnet running on Android, we need to make sure that GNUnet works behind NAT boxes in the mobile environment, and make changes to the GNUnet architecture so that it runs as a monolithic single-threaded app. Additionally, we have to take care of the resource consumption on mobile devices. Of course, tests and benchmarks need to be written and integrated into a new CI/CD worker that builds and verifies GNUnet on Android.

  ▸ For more details see: https://nlnet.nl/project/GNUnet-Android

• Persistent Storage for Goblins — Integrate ERIS content-addressable encrypted storage to Goblins

  Goblins is a distributed object programming environment that is being developed by the Spritely Institute for building secure peer-to-peer applications. It is intended to be used for building fully-decentralized, healthy social community networks. This project aims at adding persistent storage to Goblins, allowing arbitrary content such as text files, images or music to be referenced and used from within Goblins with a large-degree of network transparency. For this we will use an encrypted content-addressed storage network based on ERIS (Encoding for Robust Immutable Storage).

  ▸ For more details see: https://nlnet.nl/project/Goblins-Persistence

Software engineering, protocols, interoperability, cryptography, algorithms, proofs

• Collation + i18n support in musl libc — Complete POSIX internationalised functions in musl libc

  musl libc is a lean C standard library implementation for Linux. It strongly focuses on correctness, compliance with standards, and reduced footprint, both in terms of binary size and memory usage. Its initial release dates to 2011, making it a considerably modern implementation compared to alternatives like glibc. As default in e.g. Alpine Linux (which is widely used in containers but also is the basis for end user facing efforts like postmarketOS) it can be found in many unexpected places.

  This project will implement two features still missing: collation and internationalization support. The first one allows set ordering based on locales, and follows a certain set of established rules and standards. The second one provides basic functionality in the language of choice for the user like dates, times, numbers, and monetary symbols. Contributors from the postmarketOS community will validate the work, to make sure that everything actually works out as intended.

  ▸ For more details see: https://nlnet.nl/project/Musl-i18n-collation

• Encaya — TLS interop with alternative/decentralised CA mechanisms

  Public certificate authorities as used by the TLS ecosystem play a critical role, but the fact that there are many such authorities forms a security liability. DANE (DNS-Based Authentication of Named Entities) provides a complementary mechanism that provides an additional check on top of the public CA's through DNS; it is yet to see meaningful adoption by major TLS implementations.

  Encaya is a compatibility layer that provides DANE-like functionality in TLS implementations that don't support DANE. It is used in production by Namecoin, an alternative decentralized naming system. By only replacing the root CA list rather than the entire TLS stack, Encaya achieves considerably smaller attack surface than other similar compatibility layers. This grant covers efforts to improve Encaya's scalability, standardize its behavior, and extend its usage beyond Namecoin.

  ▸ For more details see: https://nlnet.nl/project/Encaya

• Federated eIDAS-compatible signing portal — Qualified digital signatures using eID cards

  Existing electronic document signing platforms often lack support for advanced or qualified electronic signatures available under the EU's eIDAS standard, relying instead on simpler signatures without stronger legal validity. Our federated eIDAS-compatible signing portal addresses this gap by providing an open-source user-friendly platform for creating qualified electronic signatures using government-issued eID cards and other qualified signature creation devices. Unlike existing alternatives, our project integrates seamlessly with desktop and mobile signer applications, both open-source and commercial, enabling intuitive qualified document signing, validation, archiving, and API integration with third-party systems. Its federated manner ensures that independent portal instances can securely exchange documents, simplifying the adoption of qualified electronic signatures across Europe, reducing reliance on proprietary solutions, and improving digital administrative workflows.

  ▸ For more details see: https://nlnet.nl/project/eIDAS-portal

• FuSa proven Slint — Certifiable functional safety for Slint UI toolkit

  Functional safety (FuSa) is a core requirement in domains like automotive industry, the medical sector, and aerospace. For safety-critical systems often certifications for entire solutions are part of the regulatory requirements before a solution may be deployed, including all free and open source components which are part of such a solution. The entire solution often also includes graphical user interface elements as well, meaning of course that any underlying frameworks for developing GUIs need to be functional-safety-proven to even be considered.

  Slint is a versatile declarative UI solution written in Rust. Rust's strong guarantees of memory safety and thread safety make it a suitable language for developing applications that require Functional Safety (FuSa) certification. The goal of this project is to make Slint compliant with the requirements for certification, making it into a compelling option for building robust graphical user interfaces requiring functional safety. Having FOSS solutions opens up the door for trustworthy and user friendly tools within industry - open for scrutiny and wide reuse.

  ▸ For more details see: https://nlnet.nl/project/Slint-FunctionalSafety

• k3lp — Unicode Keyboard3 Layout Parser

  k3lp (/kɛlp/) is a mobile-first library designed to support parsing and utilizing Unicode Keyboard3 files. Keyboard3 is an enhanced and rewritten standard developed by The Unicode Consortium and officially released with CLDR 45. It offers an open and interoperable standard for declaring and sharing keyboard layouts. Although the standard has been available for some time, there is currently no ready-to-use open-source library to effectively utilize these files. This is where k3lp comes into play, aiming to provide an easy-to-use, multi-platform library written in Kotlin 2.0. The library includes all the necessary business logic for layout parsing and streamlining keyboard developers' workflows, however the actual user interface implementation is left to the library consumer. Initially targeting Android and iOS developers in need of keyboard layout logic and tested in the open-source FlorisBoard keyboard, this library is capable of running on all platforms where the JVM runs on or where Kotlin compiles to.

  ▸ For more details see: https://nlnet.nl/project/k3lp

• lib25519 using NEON for ARM64 — ARM64 optimisations for lib25519 microlibrary

  Network protocols in today's world rely on elliptic-curve cryptography (ECC) to protect communication against espionage and sabotage. lib25519 (https://lib25519.cr.yp.to) is a software library for the Curve25519 elliptic curve (https://cr.yp.to/ecdh/curve25519-20060209.pdf), including the X25519 encryption system and the Ed25519 signature system. Curve25519 is the fastest curve in TLS 1.3, and the only curve in Wireguard, Signal, and many other applications (https://ianix.com/pub/curve25519-deployment.html). Currently the optimizations in lib25519 use serial instructions and vector instructions for Intel and AMD CPUs, and use serial instructions for ARM CPUs, but do not use vector instructions for ARM CPUs. This project aims at exploiting the NEON vector instructions of 64-bit ARM CPUs and extend lib25519 by providing top speeds for those CPUs, in particular setting new speed records for X25519 key generation and Ed25519 signing, while meeting the security constraint of not leaking secret information through timing.

  ▸ For more details see: https://nlnet.nl/project/lib25519-ARM64

• Namespace-specified imports in GHC — Fine-grained namespace control in Haskell

  Haskell is a purely functional programming language with a free and open-source compiler (GHC), as well as a mature ecosystem of open-source libraries for server-side programming (warp, wai, servant, scotty, etc), client-side programming (http-client), and blog generation (hakyll). By making use of Haskell's features, especially its support for concurrent and parallel programming, it is possible to develop efficient, secure and scalable web servers.

  "Namespace-specified imports" is a proposed feature for the Haskell programming language that further enhances its capabilities. By implementing "Namespace-specified imports" in the Glasgow Haskell Compiler, we will enable Haskell programmers to exercise fine-grained control over the namespaces of imported and exported entities. This is important when combining the use of existing libraries with the use of type-level programming features (techniques to ensure software correctness).

  This project should result in a complete implementation of this feature and its inclusion in the next compiler release.

  ▸ For more details see: https://nlnet.nl/project/GHC-NamespaceImports

• Openfire Next-Gen Connectivity — Authentication/SASL improvements to Openfire XMPP server

  Openfire is a mature, open-source, cross-platform real-time collaboration server based on the XMPP protocol, known for its flexibility and widespread use in decentralized communication. Over the past two decades, the XMPP protocol has evolved, introducing new standards that significantly enhance connection setup speed, security, and flexibility. These advancements improve the establishment of authenticated connections, ensuring better overall performance and more robust functionality for real-time communication systems.

  ▸ For more details see: https://nlnet.nl/project/Openfire-Connectivity

• Scheme Testing Framework — Modernise testing for Scheme

  This project addresses a critical gap in the Scheme ecosystem by delivering a comprehensive and extensible testing framework that will serve as foundational infrastructure for current and future development. The Scheme family of languages powers numerous important projects in reproducible builds, decentralized systems, and security-critical applications, yet lacks a modern, well-designed testing solution compatible with today's development practices. Our library bridges this gap, enables interactive testing workflows with immediate feedback for REPLs and IDEs while supporting automated CI/CD pipelines through standardized interfaces. By creating SRFI specification with an implementation-agnostic design, proper test isolation, and metadata-driven test runners, we will empower developers to build more reliable software across the entire Scheme ecosystem. This contribution in core development infrastructure will strengthen existing projects, lower barriers to entry for newcomers, and enable the next generation of Scheme applications.

  ▸ For more details see: https://nlnet.nl/project/SchemeTestingFramework

• Solid Application Interoperability — Easy to deploy authorization for Solid Applications

  Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid Application Interoperability provides a clear way to create intuitive data boundaries and higher-level patterns to manage access to that data following the principle of least privilege.

  This project focuses on finalizing the enforcement of user-defined access policies and improving related user experience (UX), development experience (DX), and deployability.

  Solid Project was founded by Tim Berners-Lee and is currently stewarded by the Open Data Institute (ODI). Incubation of technical reports happens in the W3C Solid Community Group. Some drafts have already been provided as inputs to the W3C Linked Web Storage Working Group which is chartered to publish final specifications.

  ▸ For more details see: https://nlnet.nl/project/SolidInterop4

• Stalwart Collaboration Server — Integrated solution for email, calendaring and file management

  Stalwart Mail Server was created to address the challenges of email self-hosting by offering a modern, secure, and easy-to-maintain solution. With support for JMAP, IMAP4, POP3, and SMTP, it provides individuals and businesses with a powerful, privacy-focused alternative to third-party email providers. Now Stalwart is expanding beyond email with the introduction of Stalwart Collaboration Server, a new component that will complement Stalwart Mail Server and transform the platform into a complete, self-hosted collaboration suite. Stalwart Collaboration Server will provide built-in support for calendars using CalDAV and JMAP for Calendars, contacts management through CardDAV and JMAP for Contacts, and file storage and sharing via WebDAV and JMAP for File Management.

  By combining email, calendaring, contact management, and file storage in one open-source solution, Stalwart will offer a powerful alternative to proprietary platforms like Microsoft Exchange. Organizations will be able to self-host their entire collaboration stack while maintaining full control over their data, ensuring privacy, security, and scalability. Stalwart Collaboration Server will extend the project’s mission to modernize, democratize, and decentralize essential communication and collaboration tools. With this expansion, businesses and individuals will no longer need to rely on closed-source, vendor-locked solutions. Instead, they will have access to a fully integrated, scalable, and privacy-focused platform that empowers them to communicate and collaborate on their own terms.

  ▸ For more details see: https://nlnet.nl/project/Stalwart-Collaboration

• WgMath — Open GPU scientific computing for every platform

  Today’s GPU scientific computing ecosystem is still strongly dominated by CUDA, a closed, proprietary technology tied to a specific hardware vendor. The WgMath project aims to empower the scientific computing community, including the web community, with a collection of foundational GPU mathematical libraries that are fully cross-platform (hence not tied to a specific hardware vendor) by leveraging the open WebGPU standard, as well as WebAssembly for browser support. WgMath will provide mathematical compute shaders for linear algebra, geometry, and rigid-body physics simulation; as well as some utilities for easily combining WGSL shaders through Rust libraries and its popular Cargo dependencies management tool. With the creation of these foundational libraries, we aim to promote the development of a scientific computing community building highly performant, reusable, cross-platform, scientific computing projects, while relying on open standards, and preserving freedom of GPU hardware selection.

  ▸ For more details see: https://nlnet.nl/project/WgMath

Operating Systems, firmware and virtualisation

• Blitz - a modular web renderer — Rust-based browser engine

  Blitz is a new independent web engine implemented in Rust. It’s flexible low-level APIs make it suitable for a wide variety of use cases web browsers, an application runtimes, ebook rendering, email rendering, rendering HTML to image, etc. And its uniquely modular architecture allows it to share much of its code with other projects which it is hoped will lead to a more sustainable development model.

  This project aims to bring Blitz “up to scratch” for the use-case of being an HTML/CSS browser (JavaScript support is not in scope). Use cases that are being targeted include: browsing wikipedia, viewing news websites, and searching using a search engine. The work to be completed includes improvements to the layout engine, implementation of form controls, adding WPT testing infrastructure, and the creation of an initial browser UI.

  ▸ For more details see: https://nlnet.nl/project/Blitz

• Control plane for Nix-based systems — Dynamic system management and orchestration with Nix

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/Nix-ControlPlane

• fdtshim — Simplify use of Device Tree Binaries for Linux installers

  The fdtshim project aims to implement a distribution-agnostic and hardware-agnostic method, and protocols, to load the correct hardware- specific DeviceTree on UEFI systems. With fdtshim, installation media for distributions can become truly generic, and support boot from different DT-incompatible kernels. Its usage is transparent to the user, and ensures the system will continue working after a major kernel update, whether booting from the current kernel, or the previously working kernel.

  Using fdtshim makes it much easier for end users to boot live and install media on different devices with different architectures: mobile phones, tablets, embedded systems, laptops, servers and workstations

  ▸ For more details see: https://nlnet.nl/project/fdtshim

• GNU Mes interpreter speedup effort — Increase performance of full source bootstrap

  GNU Mes is a Scheme interpreter (mes), C compiler (mescc) and a minimal C standard library (meslibc) for bootstrapping the GNU System. The Scheme interpreter is written in a few thousands lines of simple C, and the C compiler is written in Scheme, and these are mutually-hosted. GNU Mes has a key role in the Full Source Bootstrap chain as it is the first fully featured C compiler that also ships a C standard library.

  This project aims to improve the performance of GNU Mes' scheme interpreter, rewriting it as a bytecode interpreter, while keeping it as simple and readable as it is. This would enable faster execution of the Mes C Compiler (mescc) for faster build times, making the bootstrapping chain more accessible, specially in small single-board computers where memory access is more expensive. This speedup could also lead to a reduction of steps in the bootstrapping chain, making it simpler and easier to maintain.

  ▸ For more details see: https://nlnet.nl/project/GNUMes-speedup

• Nova JavaScript engine — Independent JavaScript engine written in Rust

  Nova is a JavaScript engine exploring a different, data-oriented design inspired JavaScript engine design. This design allows greatly reduced memory usage, optimal data cache locality for algorithms on happy paths, memory safety by construction, and various other technical optimisations that together form a compelling and interesting whole. The design involves tradeoffs, paying extra indirection for its gains, and the implementation treads mostly unfamiliar territory: the technical choices are nothing new, but they have not seen wide usage in production JavaScript engines to date. If the upsides overshadow the downsides, as they seem to do, the result will be a JavaScript engine that reduces memory usage by 30 to 50 percentage points, while improving performance under real-world loads.

  ▸ For more details see: https://nlnet.nl/project/Nova

• Plasma Mobile powermanagement improvements — Better power management on mobile Linux

  Plasma Mobile is an open source user interface for mobile devices developed by the KDE Community. Plasma works on top of various free and open source operating systems such as Linux, offering an attractive open mobile stack. Built on the foundations of Plasma Desktop, Plasma Mobile brings its flexibility to a mobile form factor. To increase mass-adoption of such a free-software alternative, it is important that we offer a great experience in terms of productivity and usability of the platform. One aspect in helping to achieve broader adoption of Plasma Mobile is by extending battery-life: the longer users can use their phone without needing to recharge, the better. This project will improve the power management for Plasma Mobile, also keeping an eye on user experience.

  ▸ For more details see: https://nlnet.nl/project/PlasmaMobile-powermanagement

• RVVM — RISC-V Virtual Machine

  RVVM is a virtual machine/emulator for RISC-V guests, which emphasizes on performance, security, lean code and portability. It runs a lot of guest operating systems, including Linux, Haiku, FreeBSD, OpenBSD, etc, and has a rich device infrastructure (Network adapters, NVMe, HID, PCIe with MSI). Emulation performance is very competitive thanks to RVJIT dynamic binary translator. Portability is taken very seriosly and only requires C99 as a baseline. We also aim to run RISC-V applications on a foreign host without full OS guest (userland emulation, i.e. RISC-V containers).

  To prevent theoretical VM escape vulnerabilities from being exploited, we enforce kernel-level isolation, strict codestyle and compiler warning policies, extensive static analysis and use of sanitizers/fuzzers.

  The RVVM infrastructure is meant to be modular and embeddable - the whole project is contained within "librvvm" library and a reference VM manager to make use of it. GDB debug server is also available for kernel developers and alike. The goal under NGI Zero Core is to implement first-class KVM hypervisor suport for RISC-V, as well as x86_64 & ARM64 hypervisor variant (reusing the same device emulation infrastructure), shadow pagetable acceleration for guest MMU, and RISC-V Vector extension support which is gaining serious traction and is much needed for software testing. Additionally, a special deduplication image format is in the works which should give immense storage benefits in terms of space saved for build farms and cloud use, as well as atomic write consistency for reliability.

  ▸ For more details see: https://nlnet.nl/project/RVVM

• s6-rc — Service manager for s6-based systems

  The s6-rc service manager, part of the s6 ecosystem, is a correct and efficient alternative to software managing boot scripts like sysv-rc or OpenRC: it provides a bootability guarantee, a reliable logging infrastructure, parallel service start without race conditions, and the lowest resource usage of all existing service managers (which means it is very fast and will run on the smallest systems). However, it is not yet adopted by many Linux distributions, for lack of a high-level user interface and pre-provided boot scripts.

  We are adding these features to s6-rc so it can be easily integrated to more distributions currently relying on OpenRC, such as Alpine Linux, and also targeted as a backend for service description languages for use with automatic deployment to containers, VMs, clusters, or embedded systems. The goal is to make s6-rc an accessible and widely known service management alternative for fast, reliable and energy-friendly system deployment.

  ▸ For more details see: https://nlnet.nl/project/s6-rc

• synit-nixos — Expand synit system layer and integrate in NixOS

  Much of the software applications and services that we interact with today can only exist as dynamic compositions of many different software components. Dynamic systems can be adapted to serve different purposes, react to a changing environment, and can be self-updating or self-healing in response to failure. These systems exchange the predictability of static systems for the resilience of dynamism.

  Our software operating systems achieve dynamism by what some call the "system layer". Traditional this would be the so-called "init" system which activates different software components. The system layer is the software activation and management of init combined with a communication layer, reactive behavior, and system introspection. Synit is an experimental system layer that provides these features according to a model that combines capability security, conversational actors, and eventually-consistent replicated state.

  The Synit-NixOS project aims to bring init and system-layer portability to NixOS with Synit as an alternative to systemd.

  ▸ For more details see: https://nlnet.nl/project/synit-nixos

• YAWS - Yet Another Web Server — Sans IO web server written in Rust

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/YAWS

Measurement, monitoring, analysis and abuse handling

• Automate FOSS license compatibility determination — Check software projects for license (in)compatibility + compliance

  By classifying license clauses, rather than only the licenses themselves, and the way components are used and provided, we reduce the complexity of license compliance and compatibility and will provide useful resources for humans and computers. The result of this project can be used to simplify choosing a license for your project, assisting in complying when providing FOSS components to your users, checking compatibility between the licenses in your project.

  ▸ For more details see: https://nlnet.nl/project/LicenseCompatibilityAutomation

• Hardware Bill-of-Materials (HBOM) generator — Create CycloneDX HBoM compliant inventory of hardware

  cdxgen is a CLI tool, library, REPL, and server for creating valid and compliant CycloneDX Bills of Materials (BOMs) in JSON format, containing an aggregate of all project dependencies. CycloneDX is a full-stack BOM specification that is easily created, human- and machine-readable, and simple to parse. The proposed project aims to extend cdxgen by adding support for generating hardware bills of materials (HBOM) in CycloneDX format, while remaining fully compatible with the existing tool ecosystem.

  ▸ For more details see: https://nlnet.nl/project/HBoM-cdxgen

• Libre Diagnostic — Open hardware car diagnostics

  Car diagnostic has evolved from the early OBD-I systems of the 1980s to today’s OBD-II standard. While some commercial scanners provide real-time vehicle data and trouble code readings, they are proprietary, limiting transparency and customisation. An open-source alternative will offer greater control, community-driven improvements, and long-term affordability.

  This project aims to develop a cost-effective and user-friendly diagnostic tool that connects to a vehicle’s OBD-II system via Bluetooth using the ELM327 adapter. It will allow users to read and clear diagnostic trouble codes (DTCs), monitor real-time performance data, and analyse key systems like ABS, airbags, and engine health. The project will provide a transparent, accessible, and reliable diagnostic solution for both car owners and professionals.

  ▸ For more details see: https://nlnet.nl/project/LibreDiagnostic

• Lychee — Reliable and fast link checker to combat linkrot

  Links are the glue that holds the web together, but broken links undermine our collective digital knowledge. With 54% of Wikipedia references and 70% of links in legal journals now dead, link rot is a serious threat to information accessibility and makes for an unpleasant web experience.

  Lychee is a fast, memory-efficient CLI tool written in Rust that detects broken links in Markdown, HTML, and plain text. Over the past 4 years, it has been adopted by tens of thousands of public repositories and organizations like Google, Microsoft, and AWS. The project will focus on three key milestones: implementing recursion support to check entire websites at once, adding per-host rate limiting to prevent server overload and sabilizing the codebase for a 1.0 release. By improving Lychee, we're helping everyone from small websites to major platforms maintain their corner of the open web and preserve our digital heritage.

  ▸ For more details see: https://nlnet.nl/project/lychee

• OWASP blint — Versatile binary linter, malware research tool and SBOM generator

  OWASP blint is an open-source binary linter and SBOM generator. The project had a humble origin as a linting tool, but soon found rapid adoption for a range of use cases such as malware identification (MalwareBazaar is a large-scale user), binary risk audits, and more recently binary SBOM generation for Android apk, go, dotnet, and rust binaries. The current version of Blint can already generate a granular SBOM for Android apk/aab files, up to some extent even from binary.

  Within the scope of this grant, the team will enhance blint to improve package identification for native binary blobs (c/rust/kotlin native) bundled within an android app, will add fuctionality to identify cloud services, domain names, IP addresses, and other sensitive literals by performing static analysis on binaries. In addition support will be added for generating precise SBOM for swift binaries (unencrypted/debug files) by integrating blint with an LLVM frontend and a number of general improvements will be made to linting rules for mobile apps.

  ▸ For more details see: https://nlnet.nl/project/OWASP-blint

• WPT automatic testing for platform accessibility mappings — Improve testing of platform a10y support in Web Platform Tests

  In order to support assistive technology (AT), web browsers must provide information about web pages' contents via OS-specific accessibility APIs. The Accessible Rich Internet Applications (ARIA) suite of standards includes specifications concerning how browsers should translate the web page contents into each supported API. To date, these Accessibility API Mapping (AAM) specifications have not been tested in a standard way across browsers. This project will help extend the primary test suite for web standards (https://web-platform-tests.org/) to allow for testing of accessibility APIs. The project also includes writing tests for the Linux accessibility API mappings. With these addition to the test suite, we will be able to find interop bugs between browsers and web developers will be able to understand the status of browser support for accessibility features they want to use on the Linux platform.

  ▸ For more details see: https://nlnet.nl/project/WPT-PlatformAccessibility

Middleware and identity

• AppBundler — Package (graphical) Julia apps for all platforms

  While Julia provides excellent support for GUI frameworks across all major desktop operating systems, deploying these applications traditionally requires users to install Julia, instantiate projects, and run them from the command line. AppBundler addresses this challenge by creating self-contained, native installers for Julia GUI applications regardless of framework. It employs a flexible recipe system with sensible defaults, allowing developers to easily configure resulting bundles. This project will integrate open-source bundling tools for macOS and Windows to replace proprietary SDKs, enabling distribution as binary dependencies without cumbersome host setup and facilitating cross-platform deployment from Linux hosts. AppBundler will support various Julia compilation methods, including pkgimages, sysimages, and Julia 1.12+ static compilation features, while developing Flatpak integration and addressing sandboxing to ensure applications run securely without compromising user systems.

  ▸ For more details see: https://nlnet.nl/project/Julia-AppBundler

• Hockeypuck — Next generation OpenPGP keyserver

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/Hockeypuck

• SelfHostBlocks — NixOS based server management for self-hosting

  It is obvious by now that a deep dependency on proprietary service providers or "the cloud" is a significant liability. SelfHostBlocks lowers the bar to self-hosting by providing an opinionated server management system based on NixOS modules and focused on best practices. SelfHostBlocks also sets out to introduce contracts into nixpkgs to increase modularity, code-reuse and to empower end users to assemble components that fit together.

  ▸ For more details see: https://nlnet.nl/project/SelfHostBlocks

• UnifiedPush — Decentralized push notification protocol with libre implementations

  Push notifications are essential to the modern mobile experience, as they enable applications to communicate with users in real time, even when not in active use. Major mobile operating systems provide a centralized service that they control, but depending on a centralized push notification system controlled by one company raises issues of privacy and independence. UnifiedPush is a decentralized push notification system that lets the users choose the service they want to use. It’s designed to be privacy-friendly, flexible, and open. It is compatible with WebPush, the standard for web applications.

  ▸ For more details see: https://nlnet.nl/project/UnifiedPush-LinuxMobile

Decentralised solutions, including blockchain/distributed ledger

• Persistent Storage for Goblins — Integrate ERIS content-addressable encrypted storage to Goblins

  Goblins is a distributed object programming environment that is being developed by the Spritely Institute for building secure peer-to-peer applications. It is intended to be used for building fully-decentralized, healthy social community networks. This project aims at adding persistent storage to Goblins, allowing arbitrary content such as text files, images or music to be referenced and used from within Goblins with a large-degree of network transparency. For this we will use an encrypted content-addressed storage network based on ERIS (Encoding for Robust Immutable Storage).

  ▸ For more details see: https://nlnet.nl/project/Goblins-Persistence

Data and AI

• Open Web Calendar Stack II — Recurring events and calendar merging

  The Open Web Calendar creates a highly configurable calendar what can be integrate into existing websites. Its stack is composed of various libraries working with a variety of internet standards/RFCs. This project will amongst others improve the support for recurring events. Various widely used Python libraries such as icalendar, mergecal, caldav and dateutil will also receive improvements as well as better documentation to aid developers. Their compliance with the underlying standards will be better tested to cope with the wide range of applications and use cases in the 'wild' - and should improve software quality and stability in millions of installations.

  ▸ For more details see: https://nlnet.nl/project/OpenWebCalendar-recurring

Services + Applications (e.g. email, instant messaging, video chat, collaboration)

• Cartes — Modern web map application with transit support

  Cartes.app is a modern web map application. Cartes (which means maps in French) provides a universal interface for mobile and desktop: a simple URL lets the user open or share the map of a place with friends. This fills the gap of the "online" experience of proprietary offerings such as Google and Apple Maps.

  It levers state of the art open-source libraries to offer a rich feature set including transit and itinerary plans, address search and place categories, to name a few. In addition to data from OpenStreetMap (OSM) Cartes also draws from other public data sources to deliver a complete experience: transit data sets, Panoramax street level imagery, Wikimedia, etc. Cartes runs its own hosted tile layers.

  In the scope of this grant, the project will tackle internationalisation of the user interface, enable editing and reviewing places, add satellite tiles, live transit data, low-carbon itineraries as well as perform a variety of other performance and feature improvements.

  ▸ For more details see: https://nlnet.nl/project/Cartes

• EventFahrplan — User-friendly mobile event app

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/EventFahrplan-UI

• Federated webinars for eduMEET — Extended platform for distributed online webinars basing on eduMEET

  The main aim of the project is a new functional scope of eduMEET: federated webinars for big online meetings. eduMEET is a free and open-source video conferencing (VC) application that allows organisations of any size to build and deploy cost-effective on-premises web-based VC services. It is an easy-to-use solution that originated within the European Research and Education community. It is focused on security and privacy, and designed to give full control and ownership of ones own data and video streams.

  A key aspect of the project is providing efficient engines for communication between distributed eduMEET instances, in order to provide support for large scale webinars. Additionally, eduMEET will add dedicated layout for webinars (speaker’s view), specific user roles and privileges (Panelist and Passive Participant) as well as a management module. The end result will be a full featured webinar platform that is an attractive low cost alternative to expensive proprietary services.

  ▸ For more details see: https://nlnet.nl/project/eduMEET-webinars

• Open Web Calendar Stack II — Recurring events and calendar merging

  The Open Web Calendar creates a highly configurable calendar what can be integrate into existing websites. Its stack is composed of various libraries working with a variety of internet standards/RFCs. This project will amongst others improve the support for recurring events. Various widely used Python libraries such as icalendar, mergecal, caldav and dateutil will also receive improvements as well as better documentation to aid developers. Their compliance with the underlying standards will be better tested to cope with the wide range of applications and use cases in the 'wild' - and should improve software quality and stability in millions of installations.

  ▸ For more details see: https://nlnet.nl/project/OpenWebCalendar-recurring

• Overte Visual Scripting — Feature enhancements of FOSS virtual reality platform

  Overte is a virtual social platform that allows its users to socialize in a more involved way than traditional digital communications, by allowing them to enter worlds using Virtual Reality. It can be used not just for recreational activities, but also education, psychotherapy, congresses, and more. The goal is to support people's need for immersive social platforms, by providing them with something that is privacy respecting and free.

  As part of this project, we aim to take on bigger maintenance and development tasks that may otherwise happen slowly or remain undone. Such tasks include fixing bugs, updating to Qt 6, and overhauling the UI, as it has accumulated quite some technical debt over the years.

  ▸ For more details see: https://nlnet.nl/project/Overte-visualscripting

• Rivista — Publish and consume news feeds via XMPP

  Rivista Journal is an open-source, minimalist journaling platform which is designed for writers who want a simple and distraction-free writing experience.

  It is built to support the XMPP protocol, allowing people to publish content which can be shared and discovered across different platforms, such as Blasta, Libervia, and Movim, over the decentralized network.

  In addition to being cost-effective and having low maintenance overhead, Rivista Journal focuses on providing a clean interface that emphasizes writing and reading without the clutter often associated with more complex content management systems.

  ▸ For more details see: https://nlnet.nl/project/Rivista

• Tusky — Android client for ActivityPub

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/Tusky

Vertical use cases, Search, Community

• DataLab — Scientific platform for signal and image processing + visualisation

  DataLab is an open-source scientific platform for processing and visualizing 1D signals and 2D images for research, education and industry. It provides powerful, validated computing capabilities with a focus on extensibility, automation, and interoperability. The project aims to refactor DataLab’s core architecture by decoupling its computational engine from the graphical interface, creating a new standalone, reusable library. This modular approach will improve scalability, facilitate integration with third-party tools, and lay the foundation for future expansions, such as a web-based frontend. By enhancing flexibility and sustainability, DataLab seeks to serve a broader research and engineering community.

  ▸ For more details see: https://nlnet.nl/project/DataLab

• IzzyOnDroid — Third party repository for FOSS Android apps

  IzzyOnDroid provides Android apps which are available under free and open source licenses approved by OSI/FSF. With its more than 1,200 apps, this already popular repository is the largest third-party F-Droid-compatible repository - with more than 200,000 daily visitors on the primary site alone, not counting mirrors. Its intent is to provide useful apps, connecting a vibrant community of developers and users, with a focus on transparency, privacy, and security.

  The goal of this project is to provide additional security, transparency, flexibility, and decentralization – e.g. by advancing our reproducible builds (which already cover more than a third of all apps in our collection) and making our tooling easier available for others to use.

  ▸ For more details see: https://nlnet.nl/project/IzzyOnDroid

• Mapterhorn — Open terrain tile sets and data catalog

  Mapterhorn is an open-source alternative to proprietary terrain data platforms that addresses the fragmentation of global high-resolution terrain data. While many European countries like Austria and the Netherlands have released open terrain datasets, users currently rely predominantly on proprietary intermediaries such as Google Maps or Esri to consume these. This is due to inconsistencies in formats, projections, licenses, and access methods. Mapterhorn solves this through three components: a global low-resolution terrain tileset based on ESA's Copernicus model, regional high-resolution tilesets from national LIDAR surveys, and a comprehensive data catalog using the open STAC specification. By distributing terrain tiles in Web Mercator projection in standard formats such as GeoTiff and PMTiles, Mapterhorn will enhance disaster response capabilities, improve solar energy planning, boost tourism promotion, and enable numerous other applications across the public sector in Europe and beyond.

  ▸ For more details see: https://nlnet.nl/project/Mapterhorn

• Multilingual Marginalia — Search engine focused on quality discovery

  The project summary for this project is not yet available. Please come back soon!

  ▸ For more details see: https://nlnet.nl/project/Marginalia-multilingual

• Open Banking Gateway Taler Wallet Top-Up/Merchant Verification — Add GNU Taler support to Open Banking Gateway

  Transferring Euro to the Taler wallet should be quick, easy and flawless. Taler Open Banking Gateway (TOBG) will provide the technology to top-up a Taler wallet in a regulatory compliant, instant and user-friendly way. TOBG will use the Payment Initiation Services mechanism introduced and regulated under the revised European Payment Services Directive (PSD2). A German bank will support and run the platform, providing technical and regulatory alignment.

  The project will help to improve adoption and usage of the Taler system significantly. It will also extend the existing Open Banking Gateway software with additional functionality, improved user experience and additional adaptors for European banks. The outcome will be a full functional solution with a focused scope of supported banks users can top-up from. Both the operators and the free and open source community will able to further extend the reach, functionality, supported channels and use cases. One of these use cases is to use Payment Initiation Services in merchant apps for account verification.

  ▸ For more details see: https://nlnet.nl/project/TALER-OpenBankingGateway

• OPERA-DSP — Open hardware FMCW Radar signal processing in FPGA

  Frequency Modulated Continuous Wave (FMCW) radar is essential for applications such as autonomous vehicles, industrial automation, environmental monitoring, and security, enabling high-resolution object detection and speed estimation. However, to fully leverage FMCW radar data, digital signal processing (DSP) techniques must be applied in real time to extract meaningful information. The OPERA-DSP project aims to develop an open-source FMCW radar DSP hardware library, making radar signal processing more accessible to researchers and developers. It will provide essential IP cores, including windowing functions, Fast Fourier Transform (FFT), magnitude computation, and Constant False Alarm Rate (CFAR) detection. To simplify adoption, OPERA-DSP will integrate these DSP libraries with a RISC-V core and develop an FPGA-based design, complemented by scripts for automated bitstream generation.

  ▸ For more details see: https://nlnet.nl/project/OPERA-DSP

• Payment Module for Nuxt/Vue.js — Module to add GNU Taler support in Nuxt/Vue.js

  Nuxt is a widely used JavaScript library for building web interfaces based on the lightweight Vue.js framework. This project will create a dedicated GNU Taler module for Nuxt, allowing developers the same convenience when supporting a privacy-friendly option they would have using Nuxt modules for proprietary services like Stripe and PayPal. It includes Vue.js components for donation and order payment, documentation and examples such as a file-based webshop.

  ▸ For more details see: https://nlnet.nl/project/TALER-integration-Nuxt

• Py3DTiles - Textured Mesh tiling — OGC 3DTiles 1.1 support for 3D tile conversion tool

  Py3DTiles is an OpenSource Python module and CLI to create 3DTiles from various 3D geo-referenced data types and formats. It supports point clouds, IFC (BIM) and other 3D data types. It generates datasets suitable for 3D visualization of cartographic data.

  This project will add support for Textured Mesh conversion. Textured Mesh data can originate from various sources such as drone sensors, satellite imagery, and aerial photography through photogrammetry. Pointclouds can be transformed to Textured Mesh through triangulation. Textured mesh can also be created with 3D design software like Blender or Vue. Implementing 3D Tiles conversion capabilities of these data types will reinforce 3D data processing capabilities with opensource software, and increase interoperability and interconnection of software and data processing pipelines. Beyond adding these new capabilities to Py3DTiles, the project will also integrate and develop underlying algorithms and methods to process the data efficiently and handle large amounts of data.

  ▸ For more details see: https://nlnet.nl/project/Py3DTiles

• Rackweaver — Design and manage physical infrastructure hosting

  RackWeaver is an AGPLv3+ cross-platform desktop application for designing and managing data center infrastructure. Its describes a complete object representation of one's data centers, including physical locations, port connections, and network configurations. Further, it comprises a suite of tools (both GUI and CLI) to act upon that model and modify it intelligently. It is able to generate documentation, switch configurations, and disk images, aid in system monitoring, and more through a plugin system. RackWeaver is built as a native desktop application (using Python and Qt) so that it continues to run for decades. Additionally, it leverages version control and OpenPGP keys to reliably document all changes to one's infrastructure. RackWeaver is usable by anyone, from a solo sysadmin managing a few machines, to a team overseeing multiple autonomous systems, for those who prefer offline, scriptable, and easy-to-use free/libre software.

  ▸ For more details see: https://nlnet.nl/project/RackWeaver

• TALER integration in flohmarkt — Secure payments for P2P classified adds federating with ActivityPub

  Flohmarkt is a decentral federated small advertisement platform, sorted by category (hence the name "classified ads"). The name flohmarkt comes from the German word for "flea market". Flohmarkt allows to federate local platforms by using the web-based federation protocol ActivityPub, make up one big place for small advertisements about exchange of goods and services. This project will integrate Taler payments into Flohmarkt - allow individuals to informally sell goods to each other in a privacy preserving manner.

  ▸ For more details see: https://nlnet.nl/project/TALER-flohmarkt

---

Still hungry for more projects? Check out the overview of all our current and recent projects...

Inspired? If you are working on a project that contributes to the Next Generation Internet you can submit a proposal. The next deadline is April 1^st.

Acknowledgements

The NGI0 Core fund is made possible with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology.