Calls: Send in your ideas. Deadline October 1st, 2023.

NGI0 Entrust

Trustworthiness and data sovereignty

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI0 Entrust (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

AALT (Accelerated Analog Layout Tool) — More efficient analog layout generation for chips)

AALT (Accelerated Analog Layout Tool) aims to increase the productivity of analog integrated circuit layout by keeping the human in the loop but automating the time consuming, monotonous activities. The tool will generate matched structures in guard rings and wells with DRC aware optimisation of sub-circuit block placement and simple auto-routing. The goal is to improve analog layout speed by 50% by letting the computer do the boring work and leave the human to do the thinking. It will support existing open-source projects KLayout and PDKMaster.

>> Read more about AALT (Accelerated Analog Layout Tool)

ActivityPods — Framework for fully-decentralized social apps, combining ActivityPub and Solid Pods

ActivityPods brings together two game-changing protocols, ActivityPub and Solid Pods. The goal is to empower developers to create fully-decentralized social apps thanks to an easy-to-use framework. Following the Solid project's principles, ActivityPods apps store all data directly in the user's Pod (Personal Online Datastore). But since these Pods are also ActivityPub actors, they can easily exchange with other Pods and any other ActivityPub-compatible software. Lightweight bots can access the Pod's data, listen to ActivityPub activities and act accordingly. This novel architecture gives users the freedom (1) to choose where they store their data, (2) to share their data with anyone on the web, (3) to switch apps at any time without losing data. The overall benefit is a more resilient and innovative web, where privacy and interoperability are guaranteed by design.

>> Read more about ActivityPods

Apicula — Open source tools for working with Gowin FPGAs

Only a few years ago, you could only program FPGAs with the proprietary tools provided by the vendors, locking you into that ecosystem and its features and bugs. But open source FPGA tools have been making great strides, and there are now mature open source synthesis and PnR tools, namely Yosys and Nextpnr. However, only Lattice FPGAs are currently well supported, still de facto locking you into a single vendor. There are a few other projects, such as Apicula, that target other FPGAs, but none of them are feature complete and of production quality. The goal here is to take Apicula to the next level, where it goes from an experimental flow for FOSS enthusiasts to a production ready tool, finally and truly breaking FPGA vendor lock-in.

>> Read more about Apicula

Automating mobile app interception with Frida — Mobile app network introspection for security research

Inspecting mobile app network traffic is a key part of security & privacy research, which helps protect everybody who uses modern mobile devices. It's also an indispensable debugging tool for app developers & QA teams. However, this technique has faced growing challenges from increasing OS restrictions and individual app countermeasures like certificate pinning, such that inspection now often requires advanced reverse-engineering knowledge and significant time-consuming manual setup. In this project, new tools will be built using Frida (a dynamic instrumentation framework) and integrated with HTTP Toolkit (a network debugging tool) to enable one-click targeted interception, making inspecting traffic from mobile apps on a user's own iOS & Android devices accessible to technical users without specialist expertise.

>> Read more about Automating mobile app interception with Frida

Perspectives: Making Models — Generate software from open models for human interaction patterns

The Perspectives project provides a distributed runtime that allows people to collaboratively run a model that supports them in some form of co-operation. This can be as simple as playing a game of chess or as extensive as coordinating parent's cars to transport a junior sports team to away matches. To completely model the latter is the main thrust of this work, as supported by NLnet and NGI Zero Entrust. The automatic screens generated by the runtime, based on the model, will be customised to provide a pleasant user experience. On the one hand the end result will be a usable little app, run within the InPlace end user program (that itself runs in the browser as a WebApp). On the other hand, it will provide a reasonably extensive model that showcases a realistic application of the Perspectives Modelling language. This development will also be a driving force that will make the distributed runtime better and the modelling language stronger.

Perspectives is built on a figure-ground reversal of the structure underlying much of today's internet. Data is not concentrated in a few heaps of similar-looking cases (commonly called databases) but instead on the devices of the people that are its source, subject and users. It is conceived of such that functionality builds upon other functionality, creating a network effect not in terms of numbers of users but in terms of functionality. The more of that, the better, stronger and more useful it becomes. The current project will deliver the first end user functionality that goes beyond maintaining the system environment itself (such as developing models, hooking up to communication services, etc).

>> Read more about Perspectives: Making Models

Arcan-A12 — Explorative p2p protocol for fast and secure remote desktops

Protocols such as VNC, X11 and SSH have long been fundamental components for accessing user facing software or desktop computing as a whole over a network connection, with millions of daily users ranging from simple households to businesses and critical infrastructure. The development of these protocols and their respective tools has unfortunately stagnated, drifting towards proprietary extensions and otherwise dragging behind developments in compression technology, while leaving qualities such as accessibility and usability in a rough state. A12 is a project within the Arcan umbrella (models for future desktop computing) that aims to change this, leaning on decades of experience in system graphics. A12 consolidates the use cases of these - and related - protocols, adding stronger privacy protections against side channel analysis, use of modern compression techniques, providing higher visual quality and lower latency with simplified key management and service discovery.

>> Read more about Arcan-A12

Atomic Tables — Self-hostable tabular structured data solution

Atomic Tables is a new extension to the open source Atomic Data ecosystem, which aims to make the web more interoperable. In Atomic Tables, users can easily create their own data models using a tables interface, which people know and love from tools like Excel, Notion and Airtable. Having a self-hostable alternative to the existing SAAS offerings helps users retain control over their own data. What makes this project unique, is that the data models created in Atomic Tables are retrievable by a URL and can easily be re-used on other machines. This keeps costs of transforming or mapping data at an absolute minimum. Maintaining a standardized data model suddenly becomes trivial, instead of costing countless of man hours. Additionally, the software is not just designed to be a clean, intuitive end-user facing application, but also a powerful developer API that brings incredible performance and flexibility, making it highly usable as a database in other applications.

>> Read more about Atomic Tables

BB3-CM4 — CM4 compatible MCU board

Chip shortages are causing production problems throughout the industry. A way of getting out of the production trap is to get project boards more modular. Popular open hardware projects like the EEZ BB3 T&M (Test & Measurement) device currently depend on specific scarce microcontroller boards, and prospective users face impossible delays and constantly rising prices. This project will relieve some of the tension by delivering special "MCU" boards that are compatible in form factor to widely used MCUs. That way projects gain much more room for fulfilling production needs - allowing them to use alternative pin compatible main modules (like the ULX4M FPGA) without redesign, delivering more flexibility. One additional advantage of this approach is that production of module and base board does not need to be at the same time or by the same company. Hardware upgrades and the right to repair become possible and just involve changing a module, without having to throw out the complete system. Along with the "MCU" module the project delivers a new back plane board for the BB3 T&M device - fully compatible with current design, so existing users can upgrade or replace parts.

>> Read more about BB3-CM4

Balthazar Casing — Open hardware laptop

Balthazar is a project that aims to create an advanced, open-hardware laptop that is affordable and accessible to everyone, while also being well-designed and ergonomic. The laptop will feature a range of hardware and software features designed to protect users' data and prevent third-party intrusion. It will also include physical safety features such as a hot-swappable CPU and hard-wired switches, as well as the ability for users to add external modules based on various instruction sets and systems on the module, as well as spare keyboards. The project's goals include empowering users to take control of their own data, making computing more sustainable through the use of modular components, and creating an educational platform and advanced computing device that is accessible to users of all income levels.

>> Read more about Balthazar Casing

Bana — Personal network oriented ActivityPub powered social networking

Bana is aimed at private social networking. It is both a server and a mobile Web app, and is federated: anyone can operate a server and people on one server can communicate with people on any other Bana server. Bana uses ActivityPub, ActivityStreams, and the Activity Vocabulary protocols.

Anthropologist Robin Dunbar speculated humans could only comfortably maintain 150 stable relationships. Bana limits you to 150 connections: the closest friends and family members in your life. The connections are reciprocal, meaning both people follow each other. Interactions.

Bana offers a digital journal shared with only the closest people in your life. Bana allows you to post text, photos, videos, audio, location check-ins, workouts, and media consumption - capturing what you want to remember about this particular day in your life.

>> Read more about Bana

BlockNote — An modern, open source Block-based editor is an open-source block-based rich text editor. BlockNote makes it easier for developers to add user-friendly, modern and collaborative (or "multiplayer") text-editing capabilities to their applications.

Currently, adding a high-quality document editor to applications often requires deep expertise that is out of reach for many individuals or organizations. BlockNote aims to bridge this gap by offering an open source editor that’s easy-to-adopt for developers, comes with a modern and polished UX, and is block-based. This makes it easier to create structured documents and to programmatically extend the editor and document.

Enabling developers to add document authoring capabilities to their software can increase data sovereignty by reducing dependence on a limited range of SaaS applications for document authoring and management.

>> Read more about BlockNote

Bonfire federated groups — Create, join and manage federated groups across instances

Bonfire is an extensible open source federated community platform, that empowers groups to easily configure their spaces from the ground up, according to a variety of needs and visions.

Bonfire envisions a web of independent but interconnected social networks (using a wide definition, since we consider the social components of activities in the economic, educational, and political spheres as well) - able to speak and transfer information among each other, according to their own boundaries and preferences.

The scope of this project is to give users the tools to create, join and manage federated groups across instances, with their own set of rules and customisable governance. Federated groups on Bonfire will lever the flexible foundation we've recently released: circles and boundaries. Using those building blocks we will ensure that groups have the possibility to define a fine grained set of roles and permissions, with the possibility for each group to define a multitude of roles that fit with how they want to manage membership and participation, and distribute power and responsibility.

>> Read more about Bonfire federated groups

Canaille — Zero-knowledge opinionated OpenID Connect (OIDC) server.

Canaille is a zero-knowledge opinionated identity server. Canaille aims to lower the barrier to entry for identity management, by providing a simple lightweight interoperable software focused on accessibility for end-users, administrators and contributors. It provides user and group management for small and medium sized organizations. It has authorization management and Single Sign-On features based on the OpenID Connect standard.

>> Read more about Canaille

Castopod Plugins — Add plugins to the Castopod podcast server

Castopod Plugins is a new modular framework which will allow anyone to develop their own plugins for the Castopod podcast hosting platform. Adding 3rd party plugins bring many advantages to Castopod, most notably a clean and versioned way to add custom features. This allows developers and users to make different tradeoffs by implementing and deploying features essential to them, whether or not these are acceptable as part of the core platform. It also helps with compliance at a global scale, without unnecessary censorship: some extensions will be legal to deploy in some jurisdictions but might be problematic in others. By further slimming down the core of Castopod server, modularity will improve overall code security. The project will allow the whole community to be an active part of future development, and will help better cater to the widely differing needs that podcasters have.

>> Read more about Castopod Plugins

Charon — Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

>> Read more about Charon

Anchorboot — Pre-built UEFI replacement firmware for ARM-based ChromeOS devices using coreboot/U-Boot

Despite their bad reputation as walled-garden systems, ChromeOS devices have huge potential to be FOSS-friendly as most things that make them work are published as free software. However, they use custom platform firmware purpose-built to boot their operating system with non-standard boot mechanisms, whose limitations make it significantly hard to run other OSes on these devices through their stock firmware, stifling this potential.

Anchorboot is a new platform firmware distribution for ARM-based ChromeOS devices using coreboot and U-Boot, with the aim to make it easy to install and use conventional Linux distributions on them through UEFI support. As part of this effort, we will first improve and extend integration between both projects to the ARM architectures, then work on a selection of Chromebooks to fix any issues and to port device drivers to either project where necessary. As each board's work is complete, we will prepare and distribute pre-built, tested firmware images ready to be flashed on these boards along with sources, instructions on how to use the images, and other documentation relevant to the devices.

>> Read more about Anchorboot

Cloud hosting service portability — Service portability for cloud hosting platforms

Configurious Monk or cMonk is a combination of a configuration portal and a set of deterministically configured services that can be used to provide ‘common internet services’ like DNS, E-mail, Matrix, Mastodon, Pixelfed, eduVPN, Nextcloud and more. cMonk's intended use is in large scale cloud deployments, intended for thousands or even millions of users. It is not intended for use in self-hosting situations, but might still be used that way.

The whole project is meant as a service-platform for 'at scale' operatoins, so we are specifically aiming at 24x7x365 availability which requires redundancy and automatic fail-overs everywhere. Configurious Monk is easy to use, and focuses on being ‘out of the way’ of the user. One of its key features is that it lets the user be in complete control. The ultimate form of control being that you can export all your data and configuration and take it elsewhere. Full service portability is the goal. It uses NixOS and the Nix package manager as its base and has an API that can be used to connect the configuration panel to other services.

>> Read more about Cloud hosting service portability

Coloquinte — High performance placement of cells inside digital electronic circuitry

A core component of the ASIC design toolchain is the placement tool, which must decide where to place the components of the chip so that it can be manufactured and meet the performance target. To build chips reliably, improve performance and improve power consumption, the placement tool must interact with other complex tools (routing, timing, gate sizing, ...). This requires a complex integration, and even necessary to target newer technology nodes. Our goal is to provide high-quality placement algorithms with an easy-to-use interface, so it is easy to use in multiple situations and toolchains.

Coloquinte started as a component of the Coriolis toolchain. Since then, it has been made into a library for inclusion in other tools and multiple languages. Current developments target the integration with timing tools (for better chip performance) and routing tools (for power consumption, performance and compilation stability).

>> Read more about Coloquinte

CryptPad Blueprints — Server-side encrypted collaborative editor

CryptPad is an end-to-end encrypted collaboration suite that has been under active development for 8 years, and is currently used by hundreds of thousands of people. Its feature set has grown from a simple editor to a full-blown suite with multiple apps, drive, teams, etc. The next generation of CryptPad should be even better - with stronger security guarantees ("perfect forward secrecy", post-quantum crypto), offline-first collaborative editing, and user-driven workflows like password resets. This project will take the first steps in this direction. We document the ways in which cryptography is used on the platform, review the state of the art in applied cryptography and then evaluate the right match with available technologies. Finally we will use these foundations to move forward to a new architecture for CryptPad that will allow for future developments, improved usability, and tighter security.

>> Read more about CryptPad Blueprints

DANCE4All — Implement DANCE specification in GnuTLS and MbedTLS

DANE (which stands for "DNS-Based Authentication of Named Entities") is a set of mechanisms and techniques standardised within the IETF that allow Internet applications to establish cryptographically secured communications by using information made available through the domain name system. By binding key information to a domain name and protecting that binding with DNSSEC, applications can easily discover authenticated keys for services.

The original DANE specification was built around server authentication. Recently a new initiative called DANCE ( emerged, extending DANE to include client authentication. The DANCE4All project's goal is to implement the DANCE specification in two major TLS libraries (GnuTLS and MbedTLS) such that client DANE will become widely available.

>> Read more about DANCE4All

DAVx⁵ — Share Contacts, Calendars, Tasks, Notes & Journals

DAVx⁵ is a two-way sync tool for Android that gives people the power of choice where to store their data, instead of being locked-in to big tech. It uses the open protocols CalDAV, CardDAV and WebDAV to sync your Contacts, Calendars, Tasks, Notes and Journals across all your devices. It also offers access to your online files and is seamlessly integrated into the Android mobile operating system.

To get a step forward in technology we want to introduce Push functionality, so that the app does no longer have to poll the server for changes at given intervals. Instead the server should directly inform the client whenever there are changes in a users resource. People would then receive these changes in almost real-time on all their mobile devices instead of having to wait for the next sync schedule. This project is about making a new standard for WebDAV Push, implementing it on a common server as a sample and as well on the client side (DAVx⁵). Besides Google FCM we also want to use UnifiedPush as Push backend, so that this can be used even on devices that do not use any Google services. Bringing this standard to life will greatly empower the already widely available WebDAV/CalDAV/CardDAV ecosystem in general.

>> Read more about DAVx⁵

DMT — Implementation of MOSFET Parameter Extraction Flow for Sky130 into DMT

DeviceModelingToolkit (DMT) is a Python tool targeted at helping modeling engineers extract model parameters, run circuit and TCAD simulations and automate their infrastructure.

Open PDKs like Skywater130 and IHP SG13G2 have brought about significant disruption in the open-source semiconductor landscape, eliminating barriers and reducing costs for all participants. A reoccurring issue of such open-source PDKs are the compact models. In this project, a compact model parameter extraction flow will be implemented into the open-source device modelling software DMT for generating improved MOSFET compact models for open-source PDKs. These models can be leveraged by circuit designers for cutting edge designs. The parameter extraction tool will be applied to the recently released IHP SG13G2 PDK to demonstrate its usefulness.

>> Read more about DMT

Dolphin authorisation — Avoid privilege escalation in the Dolphin file manager

While acting with elevated privileges, software needs to be distraction-free, clear and user-friendly to avoid security issues and other ways of impairing a system. This project is about enabling average users to do administrative file manipulation within the popular file manager Dolphin securely and with confidence. There is a strong demand for proper integration, enabling less technically-savvy users to safely work with all kinds of files. This project will bring improvements to technical and user-friendliness aspects, so the user will know how to securely accomplish their tasks. This will remove some attack vectors, reduce the risk of falling for social engineering, and reduce user error.

>> Read more about Dolphin authorisation

EDeA — Repeatable, automated measurement data capture

EDeA is a set of tools and a web portal which makes it easier for people to share and collaborate on Open Hardware sub-circuits. The scope of this project is to further improve on the collaboration aspect of the portal and to build the EDeA Measurement Server. The EDeA Measurement Server is a tool for automated scientific data capture (not only) for sub-circuits and a library which enables test & measurement as code. This makes it possible to analyze, reason about and share open hardware in a repeatable and consistent manner.

>> Read more about EDeA

EEZ Studio — Open source tooling for measurement and test equipment

EEZ Studio is a free and open source cross-platform low-code visual tool that brings the functionality of legacy solutions for effective control of test and measurement devices. Modern user interface, modular design, debugger, drag&drop flowchart programming will enable easy collection of measurement data as well as automation of test procedures in different environments from classrooms, workshops, laboratories to production lines.

EEZ Studio also offers a development environment for efficient creation of GUIs for embedded systems that use touchscreens. Unlike similar solutions, EEZ Studio enables not only drag&drop programming, debugging and GUI simulator, but also the creation of complex business logic for interaction with the user and with underlying hardware functionality.

>> Read more about EEZ Studio

EventFahrplan — Conference schedule app with strong offline capabilities

EventFahrplan is a privacy-friendly app for attending conferences and events running on Android devices. The development of the project happens continuously by staying up-to-date with new technologies and Android versions, adding useful features and fixing bugs. Current challenges are the migration to Compose UI, architectural refactoring, Kotlin coroutines, accessibility improvements, translation management, behavior changes with Android 13, interface changes to address large devices - and many other topics. This project helps to sustain the development of the app and to work on a selection of these topics.

>> Read more about EventFahrplan

FABulous Demo SoC — SoC with open source FPGA based on FABulous

Until recently, integrated circuits have largely been treated as blackboxes in the realm of trustworthy hardware. FPGAs, devices that can be programmed by the user to implement arbitrary logic functionality, help to open up this realm. But even with open source software stacks such as Yosys and nextpnr compiling for them, FPGAs themselves are still proprietary silicon. Using the FABulous framework and a wide range of other open IP, we are building a FPGA SoC (combination of a FPGA programmable logic fabric and a Linux-capable RISC-V CPU) that is both itself open source and built with open tools, and also supports the open FPGA toolchain. to develop it. Simplicity is a key design decision throughout, so we can use our work to explain how modern computing systems work without the complexity of commercial platforms.

>> Read more about FABulous Demo SoC

Federated software forges with Gitea — Add ActivityPub based federation to Gitea

Gitea is a self hosted software forge where developers can work together on software projects and users can report bugs or request features. It is very popular with over 100 millions pulls on the Docker Hub. As of Gitea version 1.17, when a project is hosted on a Gitea instance, every developer is expected to create an account on that instance in order to participate. Compared to email, it is as if it was necessary to create an account on to send a message to someone with an email address and another on to send a message to someone with an email address. But in 2022 there are two: the W3C ActivityPub protocol published in 2017 and forgefed, an emerging standard (since 2019) to describe activities happening on software forges. They can be used by Gitea instances to communicate with each other and create a federation of forges continuously communicating with one another instead of a constellation of isolated silos. A federated Gitea will enable software developers to work on the same project even when they use different Gitea instances. There will be bridges between isolated Gitea instances that software projects can use to synchronize in real time.

>> Read more about Federated software forges with Gitea

Software metadata — Decentralized, federated metadata about software applications

The project summary for this project is not yet available. Please come back soon!

>> Read more about Software metadata

Flarum — Add federation and much more to the extensible forum software Flarum.

Flarum is a technically advanced, open and extensible discussion platform. Flarum aims to bring people interaction to a new level by how it is designed and engineered. Flarum's key features include a responsive user interface that works seamlessly across all devices, a powerful and flexible extension system that allows users to customize the forum to their specific needs, and a robust set of moderation tools to keep the forum safe and spam-free. Within this project Flarum will add among others support for the W3C ActivityPub standard, to make content accessible in a federated way.

>> Read more about Flarum

ForgeFed — Federating software forges with ActivityPub

The platforms that software developers use for hosting and collaborating on their projects, known as software forges, are centralized systems. And some of the most popular forge websites run proprietary software and controlled by a single company. The values, methods, policies and interfaces of the tools we use with our software projects often don't align with our values and needs, but despite having coding skills, we're powerless to change the situation. ForgeFed aims to put the power back into the hands of the Free Software community, and to allow for systems that are truly trustworthy and support inclusion, freedom, participation, censorship resistance and alignment with needs, by turning software forges into a decentralized network. ForgeFed is a protocol and vocabulary for federation of servers and services related to the Software Development Lifecycle, and an attempt to implement federation into existing free-software forges. ForgeFed has been based on the ActivityPub protocol, which is widely adopted on the Fediverse, and is augmenting it with Object Capabilities, an essential component for distributed secure flexible authorization of collaborative resource access.

>> Read more about ForgeFed

Forgejo — An open source software forge with a focus on federation

In order to collaborate among global FOSS communities, free and open source software projects need to make their software repositories available somewhere online. Running such repositories on top of a third party proprietary service introduces significant liabilities, including stability and privacy risks. There are also geopolitical issues of depending on such pseudo-infrastructure, where the political situation in one country can have an impact on the availability of technology in other countries.

Forgejo is a new software forge designed to scale to millions of users and projects by combining ActivityPub based federated features developed for Gitea and optimizations developed for Codeberg.

Forgejo helps to decentralise by enabling many independent forges to emerge, and allow them to federae. Forgejo aims at lowering the technical barrier, facilitate moderation in a federated environment and provide the expected security updates.

>> Read more about Forgejo

Frictionless Standards (v2) — New version of the Frictionless Standards specification + improved tooling

Frictionless Standards are lightweight yet comprehensive open standards to help data publishers and consumers to create and use data. The standards include Data Package to describe a dataset, Data Resource to describe a data resource, File Dialect to describe a file format, and Table Schema to describe tabular data. They can be used together within a data package, like when providing a data API within an open data portal, or separately as building blocks for other standards or metadata catalogues, like Table Schema catalogue for public data models. The ultimate goal of Frictionless Standards is fully aligned with the FAIR principles: Findability, Accessibility, Interoperability, and Reuse of digital assets.

>> Read more about Frictionless Standards (v2)

Funkwhale — ActivityPub-driven audio streaming and sharing

Funkwhale is a federated platform that provides tools for managing, publishing, and sharing audio content using the ActivityPub protocol. In this project, we aim to expand our use of ActivityPub and extend our integration with other ActivityPub-powered platforms. We also plan to improve our product offerings by redesigning our flagship web app, adding support for more content types in our API, creating new features that integrate with MusicBrainz, and making our Android offering feature-complete.

>> Read more about Funkwhale

GNS Migration and Zone Management — Registrar tools for adoption of GNU Name System

The GNU Name System is in the final stages of standardization. Consequently, calls for migration and large-scale testing as well as interest in running GNS registrars are increasing. In order to address this development this project aims to facilitate the management of GNS zones by administrators and to provide users with means to resolve real-world names.

To ease adoption, a framework for GNS registrars will be developed for zone management. The registrar framework will allow GNS zone administrators to provide a web-interface for subdomain registration by other users.The services may also be provided for a fee similar to how DNS domain registrars operate to cover running costs. The framework is envisioned to support integration of privacy-friendly payments with GNU Taler (

To demonstrate the capabilities of GNS with respect to DNS migration, we plan to run multiple GNS zones ourselves which contain the zone information from real-world DNS top-level domains.A selection of existing top-level domains for which open data exists will be hosted and served through GNS in order to facilitate the daily use of the name system. We are are planning to integrate at least three DNS zones and publish them (regularly) in GNS for users to resolve.

>> Read more about GNS Migration and Zone Management

Taler for local currencies. — Free software banking backend for local currencies

This project is about extending GNU Taler’s LibEuFin software to make it suitable as a core banking system for local or regional currencies, in combination with the Taler payment system. The innovation comes from employing FLOSS technology, and having a centrally managed and yet privacy-preserving payment system.

Our focus will be on creating interfaces to allow regional currency administrators to control the platform, including account creation, controlling money supply, analyzing transactions, and setting of relevant policies. Additionally, we will support onboarding of customers, including offering them a way to trade fiat currency (e.g. EUR) for the local currency or vice versa (if permitted by the currency conversion policies of the platform).

We will work with cities and regions that have deployed regional currencies (or are planning to do so) to better understand their needs and adapt our plans according to their use-cases.

>> Read more about Taler for local currencies.

GNUnet CONG — Modernise the network stack of GNUnet

GNUnet-CONG is an intermediate abstraction layer for decentralized network stacks. The goal of this project is to create a common abstraction for the gnunet layer-2-overlay and libp2p, which can be used by higher level services of GNunet (DHT, CADET and others). In addition to the abstraction GNUnet-CONG adds E2E encryption and protocol versioning for protocols on higher layers. With wrapping these functionalities in a nice abstraction, CONG offers a usable secure protocol/service that enables a controlled way to deal with developmental progress on higher layers. In addition to integrating the latest changes to the layer-2-overlay of GNUnet with its other parts, this project is a step towards interoperability and collaboration between projects for a decentralized internet on a technical as well as on a organisational level.

>> Read more about GNUnet CONG

Garage — Lightweight geo-distributed data store compatible with Amazon S3

Garage is a lightweight geo-distributed data store that implements the Amazon S3 object storage protocol. Garage is meant primarily for self-hosting at home on second-hand commodity hardware, meaning it has to tolerate a wide variety of failure scenarios such as power cuts, Internet disconnections, and machine crashes or slow response times. It also has to be easy to deploy and maintain, so that hobbyists and small organizations can use it without a hassle. Garage focuses on allowing users to build geo-distributed clusters, with nodes connected through consumer-grade Wide Area Network (Internet) connections. Garage makes this possible by tolerating relatively high latency between nodes thanks to an innovative design based on the principles of the Dynamo database and that makes heavy use of Conflict-free Replicated Data Types (CRDTs). Garage is written in Rust, with a strong emphasis on stability and robustness. The funding from NLnet will allow development of Garage to continue, tackling in particular the following two aspects: improving compatibility with the S3 protocol and guaranteeing the stability and soundness of the core of Garage's storage engine.

>> Read more about Garage

Genealogos — Nix to SBOM generator targeting the CycloneDX format

With the increasing importance of understanding the software supply chain, both for security and legal purposes, it has become necessary to provide users, administrators, and developers with an accurate picture of what's in the software they use. Like with any bookkeeping task, doing that manually is cumbersome and hard to keep up to date. The better course of action is to use the information encoded within functional package management tools like Nix. With Genealogos you can generate a compliance-ready CycloneDX Software Bill of Materials (SBOM) for any package available in the nixpkgs repository or in fact from any nix flake -- and automatically keep it up to date.

>> Read more about Genealogos

Verilog-AMS in Gnucap — Mixed-signal modelling and simulation with Verilog-AMS

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. The language supports high-level behavioural descriptions as well as structural descriptions of systems and components. This Project will make substantial progress towards a Gnucap based free/libre Verilog-AMS implementation. Gnucap is a modular mixed-signal circuit simulator, and has been released under a copyleft license with the intent to avoid patent issues. Gnucap provides partial support for structural Verilog and encompasses an analog modelling language that has influenced the Verilog standards. We will enhance data structures and algorithms in Gnucap, and improve Verilog support on the simulator level. We will implement a Verilog-AMS behavioural model generator targetting Gnucap with the intent to support simulators with similar architecture later on.

>> Read more about Verilog-AMS in Gnucap

GoToSocial — Lightweight ActivityPub social network server

GoToSocial is an ActivityPub social network server, powered by Golang. It complements existing ActivityPub implementations by providing a lightweight, customizable entryway into decentralized social media hosting. GoToSocial places a high value on ease of deployment and maintenance; this means low system requirements, minimal external dependencies, and clear documentation. GoToSocial empowers self-hosting newcomers to deploy small, personalized instances, from which they connect to others across the Fediverse, using low-powered equipment lying around at home. With GoToSocial, you can follow people and have followers, you make posts which people can favourite and reply to and share, and you scroll through posts from people you follow using a timeline. You can write long posts or short posts, or just post images, it's up to you. You can also, of course, block people or otherwise limit interactions that you don't want by posting just to your friends.

>> Read more about GoToSocial

Gorgon CI — Continuous integration testing for PRs against software dependencies

A longstanding challenge of open source development is that few users test development versions of software. This means that bugs make it into stable releases, annoying thousands of downstream users. In extreme but common cases, this results in downstream software getting stuck on outdated versions of dependencies because they missed the opportunity to participate in the upstream release cycle. This is despite the fact that many of those downstream users will have their own CI setups that might have caught the bug had they been run against the development version of the upstream library.

Gorgon is a CI system that will test PRs for your project, but it will run your project's tests against PRs for your dependencies as well. By leveraging Nix, Gorgon can make smart decisions about which PRs to test. Changes affecting few derivations will be prioritized over mass rebuilds, to test as many PRs as possible despite limited hardware.

This will let you identify which changes to your upstream dependencies you should care about. You'll be able to find and report bugs before they make it into a release, and know which upstream discussions to get involved in.

>> Read more about Gorgon CI

Haphaestus — Lightweight JavaScript-free browser engine written in Haskell

In the pursuit of turning a document publishing system into an application delivery platform modern web browsers have become incredibly complex. Thus frustrating efforts to adapt and modify browsers to people's individual needs, including privacy and accessibility needs. Haphaestus aims to illustrate the potential of a more private JavaScript-free web to provide an optimal experience for any conceivable device, by building upon the dev's previous auditory web browser to prototype one that can conveniently navigate most (but the most popular) sites using a TV remote.

Haphaestus will strive to deliver a working independent web browser requiring minimal TV remote button presses, as well as reusable software components for laying out, rendering, & paginating richtext documents written in a range of alphabets.

>> Read more about Haphaestus

Hardware accelerated 2D graphics — Design hardware accelerated 2D graphics using C to Verilog

This project is to develop a hardware accelerated 2D video controller for easily adding user interfaces to industrial and commercial machines. Besides offering a useful product and fulfilling a long-standing need for embedded systems development, it will also encourage people to engage in FPGA-based hardware development by using more friendly tools.Traditionally, to make stand-alone machines and systems (i.e. not based on PCs but on custom computing boards), if developers need to add graphical user interfaces (GUI) they are offered only two inconvenient options: use a complex system like a Linux-capable board, or limit performance to low resolutions that are unsuitable for medium to large displays. The latter case simply prevents successfully marketing those products, while the former requires a high degree of qualifications in embedded systems development, to build simple products like signage systems or vending machines. This project is somewhat inspired by the success of the Arduino project, a product and ecosystem that greatly simplified the design of not too complex machines, and encouraged a lot of people to do their own designs. Currently, with the easier Arduino and similar systems, there's no way to control professional user interfaces, so many developers keep outside of the field. With the proposed system, instead, it is easy: you can send drawing commands to the board right from the Arduino system, through a provided library. The board then loads previously stored images and fonts to render the GUI at a high resolution. The drawing commands are implemented with hardware acceleration to meet speed needs, and the cores for achieving that (FPGA gateware) will be written in the widely known C language. This is solved with a custom tool for conversion to Verilog, that offers fast graphical simulations too. This will encourage people who know the language from software development, to enter the hardware design field. Also, the widely known and easy to learn Micropython language will be offered, to further ease implementing devices.

>> Read more about Hardware accelerated 2D graphics

OCap layer for Haskell actor library — Implement OCapN and Syndicate in Haskell's troupe

This project aims to develop a stratified framework for the Haskell language to utilize ocap-based protocols. This would enable modern, secure, and efficient communication in distributed systems. The target protocols are OCapN and Syndicate, both related to CapTP, but different in focus (RPC vs sharing state). The project will provide a set of packages necessary to participate in a cross-language P2P network of applications. That includes pluggable transports, message codecs, and handling patterns.

>> Read more about OCap layer for Haskell actor library

IC workspace — Open Source IC Design Management Tool

IC workspace is a design management tool that address the complexity of working with scattered design domains that span analog, digital, EDA tools, flows and process development kits (PDKs). In the process of designing a chip, multiple people need an common organized structure to work on design capturing schematics, generator, custom layout, high level digital design combined with test benches in various domain specific formats. Each tool in the open source domain has it own file structure. IC workspace is an open source framework with tools that individual designers and teams use to organize design files in a local workspace. IC workspace integrates interface to source code version control systems, the various tools in the design flow and organizes the files in a workspace with an unified component structure with dependency attributes. IC workspace sets common language and methodologies for both analog and digital – frontend/backend designer to maximize productivity within the open source chip design ecosystem of tools, PDK’s and people.

>> Read more about IC workspace

Icosa Gallery — Open, decentralised platform for 3D assets

Icosa Gallery is an open source 3D model sharing platform, designed to give users total control over their 3D creations. Powered by ActivityPub, users are free to choose their own instance that suits their needs, while still being able to share their creations with the wider fediverse. Users have access to a versatile 3D viewer for the browser, can upload in a wide choice of formats, and have complete control over publishing, licencing, and terms of their own assets. 3D portfolios are made simple for sharing with clients. A powerful API, search, and tagging system allows users to easily integrate their creations into any 3D environment. Instance admins have a versatile toolbox for managing data, including multiple large file storage backends depending on their hosting needs.

>> Read more about Icosa Gallery

Inko — Programming language with deterministic automatic memory management

Inko is a statically typed programming language, aiming to make it easy to write concurrent, reliable, deterministic, and memory safe software. Memory is managed automatically, without the use of a garbage collector. Instead, Inko uses a form of single ownership and runtime reference counting, and memory management is deterministic. Inko's type system makes data race conditions impossible, without the need to use locks and similar synchronisation methods, and without the need to copy data structures when sharing them between threads.

As part of this project, we'll finish work on our upcoming native code compiler, overhaul and improve the compilation of generic types and functions, implement a type-safe C FFI, add support for cross-compilation, and expand the standard library with various networking protocols.

>> Read more about Inko

Irdest - OpenWRT Image and Bluetooth LE — Add Bluetooth LE connections to Irdest

This project extends the Irdest mesh networking stack in two ways:

Firstly, adding Bluetooth Low Energy support to Irdest. Bluetooth Low Energy (BLE) is an important technology to support for the mesh to work seamlessly. BLE supports the same communication range as regular Bluetooth protocol, while substantially reducing the energy footprint. Given that almost all mobile devices support BLE, supporting it in Irdest is a great advantage.

Secondly, creating an OpenWRT image for Irdest. OpenWRT is a Linux distribution for embedded devices like routers. Like any other operating system, it has apps or packages. Irdest could see wider adoption if we publish an Irdest package for easy installation on OpenWRT.

>> Read more about Irdest - OpenWRT Image and Bluetooth LE

Irdest spec, db, route scoring — Route scoring and other routing improvements for Irdest meshnets

Performant ad hoc mesh networks are an important way to achieve more resilience and reduce the dependency on fixed infrastructure. Irdest is a mature, relevant and up-to-date effort for hardware- and end-user-agnostic mesh networking. This project tackles some of the largest remaining issues in the Irdest stack. The Ratman router is currently not yet usable in production settings without immense supervision. The main goal of this project is to elevate the quality and resilience of Ratman to reach a level that users, who are not directly involved in development, have the capacity to run an instance and get reasonable error messages when something goes wrong - while minimising the amount of intervention actually required. Additional implementation of a few key missing features will make Ratman more useful in a wider set of deployments, and should improve general performance and uptime.

>> Read more about Irdest spec, db, route scoring

Threat intelligence sharing — Privacy-Preserving Sharing of Threat Intelligence in Trusted Adversarial Environments

Iris P2P is a peer to peer system for sharing security detections and threat intelligence with trusted models resilient to manipulation attacks Most P2P systems are designed for file sharing, storage, chat, etc. but they are not prepared to share security detections, threat intelligence data and alerts. The security world needs better ways to automatically share intelligence data with trusted organizations and peers. This sharing is better decentralized so no single organization has control or can censor, sell or modify the data. Especially due to privacy concerns of what is done with your data. Iris is the first global P2P system that is designed to solve this problem. It implements: automatic sharing of threat intelligence data when you are attacked, controlling the spread in the P2P to spread slowly, alerting the network of a new attacker. Controlling the spread in the P2P to be fast, asking peers about the reputation of other peers, and defining ‘organizations’ in the P2P network using the DHT and private/public keys. Organizations can publish their keys in conventional communication systems to attest ownership (social media, etc.) All communication is encrypted with private/public keys. You can control the privacy of your data by defining to which organizations and peers you want to share your data. You can also control the transfer of data with epidemic algorithms. All data is evaluated according to the trust in the other peers. Defining trust of each peer in the network with a new protocol (Fides) which computes the trust in each peer by balancing the direct interactions with peers and reputation of peers according to the rest of the peers. Fides implements a mathematical model to guarantee that no adversarial peer can lie to manipulate the reputation and the trust.

>> Read more about Threat intelligence sharing

JShelter Manifest V3 — Make JShelter compatible with Manifest V3

JShelter is a freely licensed anti-malware Web browser extension that informs and protects people's freedom and privacy through people's regular use of the Web. These programs often go unnoticed, but run on a user's system -- whenever the Web server says to run them. They are typically served to the user as minified JavaScript, and few provide the corresponding human readable source code, or a free license allowing users to lawfully inspect and modify the program. By definition, these programs infringe user freedom. This Free Software Foundation project started in 2020 and is continuously developing. It is currently used by thousands of users around the world as the project gears up to continue protecting users from potential threats from JavaScript, such as fingerprinting and tracking and data collection while migrating to Google's Manifest V3. Manifest V3 will restrict the capabilities of Web extensions -- especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the Web sites you visit. Because of that, Manifest V3 is a detrimental step back for Internet privacy. With the help of NLNet, JShelter will work to upgrade its functionalities and continue to protect user privacy on the Web, which is even more important after this transition.

>> Read more about JShelter Manifest V3

JellyfishOPP — Open Hardware device for power profiling

JellyfishOPP (Open Power Profiler) is an affordable open-hardware measurement device designed to provide advanced, bidirectional power measurements and profiling, power optimizations, and battery profiling/simulation. It primarily targets developers of ultra-low power devices such as IoT sensors and wearable electronics, while also serving engineers and hobbyists. OPP will be a portable USB device that can be controlled through a host computer or smartphone app. Additionally, it will feature a simple on-device user interface for basic functionalities, eliminating the need for a host device in certain scenarios.

>> Read more about JellyfishOPP

Kaidan Auth + portability — Account portability and Client/Server Authentication for the Kaidan XMPP client

Kaidan is a user-friendly and modern chat app for every device. It uses the open communication protocol XMPP (Jabber). Unlike other chat apps, you are not dependent on one specific service provider. Instead, you can choose between various servers and clients. Kaidan is one of those XMPP clients.

In contrast to many other XMPP clients, it is easy to get started and switch devices with Kaidan. Additionally, it adapts to your operating system and device's dimensions. It runs on mobile and desktop systems including Linux, Windows, macOS, Android, Plasma Mobile and Ubuntu Touch.

The user interface makes use of Kirigami and QtQuick. The back-end of Kaidan is entirely written in C++ using Qt and the Qt-based XMPP library QXmpp.

>> Read more about Kaidan Auth + portability

Improving and extending Kaitai Struct — Rust parsing for binary analysis tool Kaitai Struct

Kaitai Struct (KS) is a tool for working with binary formats. It introduces a declarative domain-specific language for describing the structure of arbitrary binary formats. Based on any specification, KS can automatically generate a ready-to-use parsing module in one of 11 programming languages (C++/STL, C#, Go, Java, JavaScript, Lua, Nim, Perl, PHP, Python, Ruby). Serialization is supported in Java and Python.

This project aims to add Rust as a target language for parsing and to port the JavaScript runtime library to TypeScript, which will allow type checking and better IDE autocompletion in users' projects. Web IDE has a severe limitation that parsing errors prevent any results from being displayed. This is planned to be fixed, along with several other nuisances that limit user-friendliness. Compiler will be improved too. Support for multi-byte terminators (needed for null-terminated UTF-16 strings) will be added in all target languages, GraphViz generation failures will be resolved by updating to support newer KS features. The `valid` key will be extended by the capability to validate whether a value is part of an enum. The support for imports and unused types will be enhanced.

>> Read more about Improving and extending Kaitai Struct

Kazarma Release — Bridge between ActivityPub and Matrix protocol

Matrix-Appservice-CommonsPub is a bridge between two decentralized protocols: Matrix and ActivityPub. This allows to exchange private messages between Matrix users and users of different ActivityPub-enabled platforms, like PeerTube, Pixelfed and Mastodon. The bridge comes as an easy-to-deploy, secure and scalable solution. In this project the team works on significantly improvement of interoperability with various ActivityPub-flavours, and extending the feature set - better moderation options, private bridges, internationalisation, etc.

>> Read more about Kazarma Release

Kbin — ActivityPub based link sharing and microblogging

Kbin is a decentralized content aggregator and microblogging platform running on the Fediverse network. It can communicate with many other ActivityPub services, including Mastodon, Lemmy, Pleroma, Peertube. The initiative aims to promote a free and open internet. The platform is divided into thematic categories called magazines. By default, any user can create their own magazine and automatically become its owner. Then they receive a number of administrative tools that will help them personalize and moderate the magazine, including appointing moderators from among other users. Content from the Fediverse is also cataloged based on groups or tags. A registered user can follow magazines, other users or domains and create his own personalized homepage. There is also the option to block unwanted topics.

Content can be posted on the main page - external links and more relevant articles or on microblog section - aggregating short posts. All content can be additionally categorized and labeled. Great possibilities to search for interesting topics and people easily is something that distinguishes Kbin. Platform is equally suitable for a small personal instance for friends and family, a school or university community, company platform or a general instance with thousands of active users.

>> Read more about Kbin

KiKit — Tooling for automation of production of PCB designed in KiCAD

The EDA suite KiCAD is a widespread libre solution for designing electronics. KiKit is a Python library, KiCAD plugin, and a CLI tool to automate several tasks in a standard KiCAD workflow. The main goal of KiKit is to make the step from finishing a PCB design to having a physical PCB as easy as possible, as fast as possible, and as error-proof as possible. It achieves that via automation of manufacturing data preparation. The automated processes are reliable, repeatable, and require zero designer input. Thus, they are error-proof. KiKit allows you to perform sanity checks of the PCBs, build panels according to the description and generate manufacturing data (gerbers, assembly files, BOMs, stencils), PCB documentation, and more. All this can be fully automated and, e.g., integrated into continuous-integration pipelines. Not only KiKit provides ready-to-use pipelines for the most common scenarios, but it can also serve as a framework for building custom PCB post-processing setups.

>> Read more about KiKit

Collabora Online/LibreOffice Accessibility — Private and accessible collaborative editing with Collabora Online/LibreOffice

Collaborative online text editing has become undispensable for many, but not everyone can equally benefit from it. The goal of this project is to implement improved accessibility for Collabora Online. The core of the proposal is to add accessibility to the edit view of documents, which are currently just pixels for a screen reader. This means users should be able to migrate off public cloud offerings when it comes to office document editing and this project should improve privacy for the most vulnerable in the society.

>> Read more about Collabora Online/LibreOffice Accessibility

LibreOffice/Collabora Online typography — Add interoperability and state-of-the-art web typography to LibreOffice/Collabora Online line break

The project adds state-of-the-art ISO OpenDocument/web typography features and MS Office line break interoperability to LibreOffice open source office suite (reference application of ISO OpenDocument format) and Collabora Online (open source online office suite built on LibreOffice Technology). This includes the support of ISO OpenDocument text property fo:hyphenate and paragraph property fo:hyphenation-keep (same features in XSL, CSS3 and CSS4); restoring lost text layout interoperability caused by the new default line break algorithm of Microsoft Word; and improving hyphenation zone interoperability (Microsoft Word/CSS4).

>> Read more about LibreOffice/Collabora Online typography

Lemmy private communities — Add private communities to Lemmy federated link aggregator

Lemmy is an open-source, easily self-hostable link aggregator that you can use to share, discover and discuss interesting new ideas - and discuss them with the world. Lemmy is a good decentralized alternative to widely used proprietary services like Reddit. It is designed to work in the Fediverse by virtue of its implementation of the W3C ActivityPub standard, and communicate natively with other ActivityPub services such as Mastodon, Funkwhale and Peertube. User registered on one server from one of these services should be able to effortlessly subscribe to communities on any other server, where they can have discussions with users registered elsewhere.

In this project, the team will deliver many noteworthy upgrades ranging from a more stable API, to group federation, two-factor authentication and improved moderation. In addition the project will work on the new native client Jerboa (for the Android OS). Also for the nostalgically inclined, the project is working on a new frontend inspired by traditional web forums like phpBB.

>> Read more about Lemmy private communities

Libre-SOC HPC — Work on High Performance Compute capabilities for Libre-SOC

LibreSOC has made significant progress in the development of Digitally-Sovereign VLSI designs. This project will continue to further that initial research to create High Performance Compute capabilities for ultimate use in end-user products such as smartphones, desktops, laptops and Industrial Embedded PCs is clearly important. We therefore aim to further the IEEE754 Pipelines, associated Formal Correctness Proofs, and continue implementing unit tests, Simulator, Processor Core implementing Power ISA and Draft SVP64, as well as documentation. In order to engage with developers and solicit feedback we wlll present the progress and outcomes at relevant technical conferences.

>> Read more about Libre-SOC HPC

Libre-SOC OpenPOWER ISA WG — Steward ISA extension proposals through OpenPOWER External RFC Process

The Libre-SOC project has developed Draft SVP64 (a Vector Extension for the Power ISA), containing around a hundred new Draft instructions that dramatically improves the Supercomputing-class Power ISA. It also produced a Simulator, thousands of unit tests and over 350 pages of documentation. What we could not do however was submit a Specification to the OpenPOWER ISA Working Group - because the ISA WG was still in the process of being ratified. That has now been done, and we need to begin the formal process of writing up "Requests For Change" and submitting them. The end result will be an extremely powerful Vector ISA suitable for use in Digitally-Sovereign end-user products.

>> Read more about Libre-SOC OpenPOWER ISA WG

IndieHosters — System for Cross-domain Identity Management (SCIM)

Most organizations have a digital work environment that is composed of many applications. With a Single Sign-on (SSO) system they get a unified login and logout experience, but there is a catch. Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. For instance, users are deleted in the SSO, but not in the applications. Hence, SSO implementations are not GDPR compliant by default, and organizations have to develop custom process to circumvent violations. SCIM is a standard developed within the Internet Engineering Task Force designed to solve exactly that. The project is to develop a SCIM client for Keycloak and a SCIM service provider for Nextcloud, RocketChat, Matrix and Stackspin.

>> Read more about IndieHosters

Libre Car Control — Automotive development platform, protocol analyzer and hacking multi-tool

The Engine Control Unit (ECU) is a microprocessor-based system that receives input from various sensors, analyzes the data, and controls various driving functions based on the input. LibreCar is a small and affordable device which can emulate an actual ECU as an electronic control module that manages control of an automotive vehicle. Acting as an all-in-one device for building, testing, monitoring, and experimenting with Automotive ECUs, LibreCar is built around a unique FPGA-based architecture making its digital hardware fully customized to suit the application at hand. As a result, it can act as a no-compromise Automotive protocol analyzer, an Automotive-hacking multi-tool, or an Automotive development platform. It is a fully reconfigurable test instrument that provides all the hardware, gateware, firmware, and software you will need to work with—and, indeed, to master Automotive domain such as rapid prototyping of compliant and non-compliant Automotive devices, Protocol analysis for Automotive protocols like Diagnostics, XCP and DLT for security research etc.

>> Read more about Libre Car Control

LibreCellular — FOSS technology stack for 4G networks

The LibreCellular project makes it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware. Achieving this via validated hardware and software configurations that are subjected to rigorous end-to-end testing via a continuous integration (CI) platform, supported by tooling and documentation for repeatable deployment.

This NLnet funded work will build on previous efforts and enable the integration of a more advanced core network, together with support for Voice-over-LTE (VoLTE). In support of which the existing CI hardware platform will also be extended and tests developed to provide VoLTE coverage. Finally, a previously developed medium power RF amplifier will be further developed to create a complete RF front-end, and a deployment manual will be created which covers topics such as antenna selection, spectrum licensing and EMF assessments.

>> Read more about LibreCellular

LibreOffice CRDT — Real-time collaboration between several, distributed LibreOffice instances

LibreOffice is the most widely used free and open source office suite, available for desktop, mobile and in the browser. Its most popular application is the text editor Writer, which is used to write billions of document every year.

Due to the increase of connectivity and remote work, these days many users look for real-time collaboration capabilities - meaning the ability to work with multiple persons on a single document in parallel. This project seeks to add this critical feature to LibreOffice. As a significant first step towards that goal, this project will therefore embark to re-architect LibreOffice Writer's comment (and later on change tracking) implementation, to make use of a suitable CRDT data structure. This is the first step towards real-time collaboration between several, distributed LibreOffice instances (desktop, mobile and server/Online).

>> Read more about LibreOffice CRDT

LibrePCB — EDA software suite to develop printed circuit boards

LibrePCB is a free and open source electronics design automation (EDA) software suite to develop printed circuit boards (PCBs). It runs on all major platforms and aims to be easy to use, while still beeing able to create professional schematics and PCBs. The goal is to make creating electronics easier, more efficient and less error-prone by using modern technologies and user interface concepts. LibrePCB therefore streamlines the whole PCB design process — from installing part libraries to ordering the final PCB design. Having such a free, powerful EDA software is the basement for the whole open hardware community as it allows us to reduce the dependency to proprietary and expensive technologies and empowers everyone to develop hardware for free, from hobbyists to professionals.

>> Read more about LibrePCB

LibreQoS — Improve congestion control for wifi networks

LibreQoS is a Quality of Experience (QoE) open source platform that leverages state of the art (and IETF standardized) Flow Queueing (FQ) and Active Queue Management (AQM) algorithms to help Internet Service Providers (ISPs) enhance their customers' internet connections. It effectively manages latency and bufferbloat over existing infrastructure. LibreQos ensures fair sharing of bandwidth, prioritizes critical real-time applications and promotes connection quality, equity and access.

>> Read more about LibreQoS

Liminix — Nix-based OS for domestic WiFi routers, access points etc

Today you can reflash your broadband router with Linux (e.g. DD-WRT, OpenWRT, Tomato or variants) to provide unparalleled flexibility to do things that the manufacturer system was not capable of. However, managing this flexibility by hand is challenging, especially when keeping custom configuration in sync across devices or through version upgrades.

Liminix aims to provide an OpenWrt-style embedded Linux distribution based on the Nix language for congruent configuration management, and the Nix package system. On top of this we plan to implement seamless management of configuration and secrets across a network of Liminix devices, and robust dependency-based service/process management so that a device can respond usefully when hardware or network connectivity changes.

>> Read more about Liminix

LiteX — Developer framework for FPGA and ASIC designs

LiteX is a versatile Python-based framework designed for building FPGA SoCs, providing a useful tool for developers working with FPGA and ASIC designs. Within this project we will improve LiteX by simplifying its use across three main tasks: creating FPGA-based accelerators and innovative ASIC SoCs, and running CI tests on FPGA boards.

For supporting FPGA-based accelerators we will develop a user-friendly infrastructure for developers to create their own accelerators using their preferred HDL language, along with example projects and documentation for various FPGA boards. We will extend LiteX CI tests to hardware to maintain stability, avoid regressions when introducing new features and enable testing of configurations that are difficult or impossible to simulate. And by introduce ASIC support to LiteX we enable people to create innovative ASIC SoCs. We start with a SKY130 build backend, and will extend the framework to streamline switching between different flows: Simulation, FPGA prototyping, and ASIC. We subsequently collaborate with other NLnet-funded projects to create an innovative SoC to validate the toolchain.

By delivering these tasks, the project will support the LiteX ecosystem, encourage innovation, and share the outcomes within the open-source hardware community.

>> Read more about LiteX

LunaPnR Phase 2 — A versatile and fast new open-source place and route tool

Making a custom chip (ASIC) requires a vast arsenal of tools, to do synthesis, simulation, parasitic extraction and schematic entry. . LunaPnR aims to add a robust open-source automated place & route tool to the equation. Luna targets ASIC processes larger than 100nm, in which it can perform place & route, do clock-tree synthesis and timing verification. This allows to design e.g. mixed-signal (analogue + digital) chips used in sensors and IOT devices. LunaPnR integrates well with existing open-source tools, such as YosysHQ's Yosys (a logic synthesis tool) and KLayout (a manual ASIC layout tool), but also with commercial tools via industry standard file formats (LEF, DEF and GDS). A fully open toolchain allows for a complete chain-of-trust between the chip designer and the chip manufacturer, from digital design to GDS2 and back (via wafer inspection).

In this new project LunaPnR will implement and test detail routing algorithms, enhancing the quality of the parasitic extraction for use with the OpenSTA static timing analyzer, speed up the graphical user interface (so it can render very large design efficiently), implement and test the power structure/special net/padring placer & router, and integrate Logic Equivalence Check (LEC).

>> Read more about LunaPnR Phase 2

Mainstreaming Anonymity for Developers (MAD) — Add Onion Services to interactive internet applications

The project summary for this project is not yet available. Please come back soon!

>> Read more about Mainstreaming Anonymity for Developers (MAD)

MNT Reform Next — New iteration of the MNT open hardware laptop

MNT Reform Next is a new, thinner and higher performance version of the renowned Open Hardware laptop MNT Reform. It adopts connectivity standards like USB-C and PD charging, remains modular and aligned with the Right to Repair, and is built with longevity in mind. The project aims to bring Open Hardware computing and Free and Open Source Software to a larger audience by lowering cost and increasing portability while delivering more processing power.

>> Read more about MNT Reform Next

Machdyne — Modular open compute hardware

Machdyne designs and builds small computers intended for timeless applications such as reading, writing, math, education, organization, communication, and automation. We are creating a new series of open-source computer designs based on European-manufactured FPGAs. These computers will use an updatable open-source System on a Chip (SoC) that can be fully audited, understood and trusted.

>> Read more about Machdyne

Mailpile 2 (moggie) — Building a secure, modern e-mail client for self-hosting

Mailpile's mission is to empower users to be more autonomous and private in how they manage, store and communicate over e-mail, simplifying the use of relevant encryption technology (OpenPGP, Tor and encrypted local storage). Mailpile 2 will be an Open Source, secure web-mail application, usable and powerful enough to be a compelling alternative to both mainstream desktop e-mail clients and proprietary web-mail services. Mailpile 2 will offer both local and remote access to an elegant, mobile-friendly web interface, built on web-APIs exposed by Moggie. Moggie is the project's technical toolkit for searching and working with e-mail. This stage of the project is about developing Moggie to the point where it is useful as a stand-alone tool in its own right, and feature complete enough that work on the Mailpile 2 user-interface can commence.

>> Read more about Mailpile 2 (moggie)

Makatea — An x86, 64-bit Virtual Machine Monitor for the seL4, verified microkernel

The security of any software system depends on its underlying Operating System (OS). However, even compartmentalization focused OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing base to implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) on. Makatea is a new hypervisor written from the ground up, capable of paravirtualisation, Hardware-Assisted Virtualisation and device emulation. Makatea also will allow to run software originally written for other platforms wherever seL4 can be made to run - and do so in a very controlled environment.

>> Read more about Makatea

MapComplete — Thematics OpenStreetMap-viewer and editor.

OpenStreetMap is a libre and free online database of geodata which can be edited by everyone and is used by millions of people. However, contributing can be challenging or intimidating to non-technical users. MapComplete is a webapp whose goal is to make it trivial to see and update information on OpenStreetMap. This is achieved by showing only features related to a single topic of interest on the map - from playgrounds, public toilets and bicycle rental places to charging stations and public tap water spots.

MapComplete contains many thematic maps, each built for a certain community of users and use cases. By focusing on a single topic, contributors are not distracted by objects not relevant to them. Furthermore, this allows to show (and ask for) attributes that are highly specialized (e.g. a widget that determines tree species based on pictures) but also to reuse common attributes and elements (such as showing and adding opening hours or pictures). Within this project, performance will be improved and a user interface to create a new topical map will be built, which will allow for more people to contribute on more topics.

>> Read more about MapComplete

Marginalia Search — A fresh take on search

Marginalia Search is an experimental Internet search engine for the independent web designed and optimized to run on cheap consumer hardware. The overarching goal of the development effort is to bring the project into a more mature state; to improve search quality and range, reduce the amount of manual operations, and to produce and offer portable data in order to bolster adjacent efforts in the search and discovery space.

>> Read more about Marginalia Search

Modular — Reusable decentralised meta-search engine is a search engine dedicated to online press. It can work from your computer being shaped as browser WebExtension and gives you back the control of your information sources allowing to choose (and pin-point) the newspapers to search in. Sources can be contributed by users, covering any domain where it's the chronological order that matters : press (TV, radios…), scientific press, online agendas…

Using is free, avoid ads and does not trigger the tracking mechanisms of online newspapers when discovering the results. With the new developments within this project, will break out of web browsers to become available server-side and for mobile users. Also, contributions for your favorite sources will finally be possible "all by mouse" and without computer science specific knowledge (traditional method via CSS selectors still being available).

>> Read more about Modular

MobileAtlas — Taking roaming measurements to the next levelMobileAtlas

MobileAtlas is an international measurement platform for cellular networks that takes roaming measurements to the next level. Although mobile cellular networks have become a major Internet access technology, mobile data traffic is surging, and data roaming has become widely used, well-established measurement platforms (e.g., RIPE Atlas) are not well-suited for measurements in the mobile network ecosystem. This includes measurements of metered connections and consideration of roaming status and zero-rating offers.

MobileAtlas implements the promising approach to geographically decouple SIM card and modem, which boosts the scalability and flexibility of the measurement platform. It offers versatile capabilities and a controlled environment that makes a good foundation for accurate and fine-grained measurements. In the current phase we focus on increasing the coverage of the measurement platform and improving the support for emerging technologies (e.g. eSIM, IPv6, VoLTE, and 5G).

>> Read more about MobileAtlas

Mobroute — A minimalist FOSS public-transportation router/tool suite

Mobroute is a minimal FOSS public-transportation router and suite of tools allowing you to route between locations using public transportation (GTFS) data. GTFS feeds are automatically fetched from the Mobility Database, data is granularly cached, and Mobroute is designed to have as few 'knobs' as possible to adjust to be practically useful. The core of the routing system is based on graph traversal using Dijkstra's algorithm. The implementation functions as both a standalone commandline application and also offers a HTTP API for integration with existing map applications.

>> Read more about Mobroute

Caster — Open-hardware high-refresh-rate electrophoretic display controller

Modos is building an libre, open source and open hardware ecosystem of low-cost, affordable electronic devices that use an E Ink display and are driven by the first open-hardware high-refresh-rate electrophoretic display controller of our own design. Having such a controller will enable the creation of new devices and applications designed around the advantages of this dynamic medium: easier on the eyes, less power consumption, readable in direct sunlight, and persistence.

In this project, the team will incrementally improve upon the existing (working) prototypes and establish a Pilot Program . The team provides community support, and makes sure you contribute to the development of the open hardware ecosystem.

>> Read more about Caster

Mox — Modern full-featured open source secure mail server

Mox is a modern email server implementation that makes it easy for people and organizations to run their own mail server, allowing them to stay in control of their own email communication, and keeping email decentralized. While high-quality open source mail server software components exist, their code bases are growing old, and getting a working setup involves configuring at least half a dozen of them to work together. That complexity has turned people to a few (centralized) email providers. Mox gives users their power back! All important protocols/mechanisms needed for a modern email setup have been implemented in mox, including: IMAP4, SMTP, SPF, DKIM, DMARC, MTA-STS, TLSRPT, automatic TLS with ACME and Let's Encrypt, IP/domain/bayesian spam filtering, internationalized email, account autoconfiguration. Setting up mox takes just minutes with the quickstart, with no additional tools/dependencies required. The code base is lean, coherent, self-contained, well-tested, cross-referenced with specifications, liberally MIT-licensed, trivially reproducibly built and is defensively written in Go, a modern, safe programming language. Mox's integrated approach has allowed for novel functionality. Development continues on supporting more protocols and extensions, as well as quality improvements such as more automated tests. On the roadmap at the time of writing (but check the project site!): IMAP4 CONDSTORE, QRESYNC, THREAD extensions, DANE and DNSSEC, sending DMARC and TLS reports, OAUTH2, Sieve, JMAP, Webmail, Calendaring and more.

>> Read more about Mox

Naja — EDA tool focused on post logic synthesis

Naja is an EDA (Electronic Design Automation) project aiming at offering open source data structures and APIs for the development of post logic synthesis EDA algorithms such as: netlist simplification (constant and dead logic propagation), logic replication, netlist partitioning, ASIC and FPGA place and route, …

In most EDA flows, data exchange is done by using standard netlist formats (Verilog, LEF/DEF, EDIF, …) which were not designed to represent data structures content with high fidelity. To address this problem, Naja relies on Cap'n Proto open source interchange format.

Naja also emphasizes EDA applications parallelization (targeting in particular cloud computing) by providing a robust object identification mechanism allowing to partition and merge data across the network.

>> Read more about Naja

NaxRiscv core improvements — Open hardware out-order Risc-V CPU

This project aim at extending the scope of the NaxRiscv project (a free and open-source out-of-order multi-issue RISC-V CPU, using innovative hardware description technics and optimized for FPGA deployment) by getting the CPU to run Debian in a stable manner and documenting the whole process used to build the required binaries/rootfs, implementing memory coherency, multicore support and a L2 cache to enhance the performances, and finally, optimizing and synthesizing the CPU for ASIC using the free and open-source tooling to pave the way for some future NaxRiscv based silicon chips.

>> Read more about NaxRiscv core improvements

Nitrokey 3 — PIV/FIPS 201-3 and extended hardware support for Trussed/Nitrokey

Nitrokey 3 is an open source hardware USB/NFC key aiming for data encryption and two-factor authentication. Currently it supports FIDO2 authentication and WebCrypt. This project will allow it to extend its Rust firmware, developing additional functionality which makes it into a full-featured open hardware security key. By adding support for new so called 'secure elements' to Trussed, any device using Trussed can benefit from more hardware options. Within the project we will also develop PIV support for Nitrokey 3. PIV is a smart card standard which is used in enterprises and also popular among users of some operating systems like Microsoft Windows. PIV allows for data encryption, signing and authentication.

>> Read more about Nitrokey 3

Nitter — Alternative privacy-preserving FOSS UI for Twitter

Nitter is an open source alternative Twitter front-end that prioritizes privacy and performance. It acts like a proxy by requesting data on the server using internal twitter APIs, and serving a lightweight front-end without JavaScript or ads, as well as RSS feeds. This bypasses the need for login credentials, and all requests including media go through the Nitter server. It's easy to self-host, and more than 100 public ins tances are available. The scope of this project is to implement features such as an account system for following Twitter users, tweet embeds, missing Twitter features, and general maintenance. The account system will store tweets in a database, paving the way for a future tweet archival feature.

>> Read more about Nitter

Debug Adapter with Nix — Implement the Debug Adaptor Protocol for Nix

The DAWN (Debug Adaptor with Nix) project intends to improve the Nix developer experience by making debugging Nix code easier. As with most programming languages, writing Nix code may be difficult and confusing for those both new to and experienced with Nix, so having a good debugger experience is essential. Today, debugging Nix may be performed either via the Nix debugger's repl or by print statements (builtins.trace). DAWN improves this debugging experience by implementing the adapter portion of Microsoft's Debug Adapter Protocol on top of the Nix debugger. DAWN will provide an ergonomic and first class debugging experience directly from all editors supporting the Debug Adaptor Protocol.

>> Read more about Debug Adapter with Nix

Nominatim as a library — Self-hostable address/location retrieval for OpenStreetMap

Nominatim is an open-source geographic search engine (geocoder). It makes use of the data from OpenStreetMap to built up a database and API that allows to search for any place on earth and lookup addresses for any given geographic location. The conventional wisdom is that geocoding is such a computationally heavy task that it can only be done through a webservice. So far, Nominatim has been following this convention. While it is easy to install your own instance, it is still expected to be run as a service. However, if you care about privacy, then location data is not something you would want to regularly send to an external geocoding provider because it allows to create detailed movement profiles. We need the possibility to do geocoding directly on the device. The goal of this project is to transform Nominatim's code base so that it cannot be only be used as a web service but also as a local application or as a library inside another application. In the first phase, the PHP code of the search frontend will be ported to Python, which is much better suited for such a multi-use task. In the second phase, we explore if the rather heavy-weight PostgreSQL database can be transformed into an SQLite database to even further simplify using Nominatim as a library.

>> Read more about Nominatim as a library

Nyxt Webextensions — Independent implementation of WebExtensions

Nyxt is a web browser that seeks to empower knowledge workers with access to better browsing tools. The Internet is the single largest corpus of human knowledge available. Effective tools to navigate, browse, and index it are important for research/work/empowerment. Nyxt provides these tools. A different take on the "browser", Nyxt is a power-browser, designed from the ground-up for work.

What was until now missing from Nyxt, and from other third party browsers, is support for common WebExtensions (such as NoScript, ad blockers, etc). In this project we'll extend Nyxt's capabilities to support WebExtensions which will allow users to customise their browsing experience and better protect themselves from abuse. Additionally, our work will pave the way for other libre WebKitGTK+ to support WebExtensions, and thus, increase adoption.

>> Read more about Nyxt Webextensions

Oku — A browser and encrypted data vault based on IPFS

Oku is a free and open-source browser for the Web, which aims to bring several technologies, some new and some pre-existing, to everyday users of personal computers. It aims to promote the usage of peer-to-peer protocols, such as IPFS, onion routing (using the Arti implementation of the Tor anonymity protocols), and the WebKit browser engine. With the IPFS protocol built into the browser, users will be able to create, share, and view hypermedia without the need for servers; as a consequence, pages accessed through the IPFS protocol will require offline, local-first data storage on 'vaults' residing in the user's device. The browser facilitates the reading of data from the local storage vaults, prompting the user for a password so that the vault may be decrypted; afterwards, the 'hivepage' (a page accessible through a P2P protocol, as opposed to HTTP) is provided with the user's files residing in the relevant decrypted vault. This model will promote a more trustable alternative to the Web, while simultaneously reducing the cost of publicly sharing hypermedia on the Internet, as servers will no longer be responsible for hosting & serving the content.

>> Read more about Oku

Open Energy Profiler Toolset — Modular open hardware Energy Profiling

Battery-powered devices often incorporate high-speed communication protocols that consume power in high peaks. One of the main challenges is to provide a compatible set of hardware and software solutions that will enable easy and high-precision energy profiling tools which enable high-speed sampling rates and high current rates.Energy consumption profiling of such devices requires the use of various hardware and software solutions that are often not compatible, making them difficult to use, or do not provide suitable measurement accuracy. Our primary objective is to provide a unified toolset that encompasses an EEZ bus compatible hardware platform, open-source firmware, customized protocols for external firmware energy debugging, and a user-friendly graphical interface for widely used operating systems like Windows and Linux. This toolset will enable the end user to quantify overall MCU-based device consumption and identify energy-intensive software parts within an IoT end device. The project outcomes will include an EEZ Bus compatible standalone acquisition card that support sampling data rates up to 4 MSPS and high-speed data streaming through an Ethernet interface; an open-source library as support for energy debugging of end device firmware; and open-source GUI application for visual examination of different energy consumption parameters.

>> Read more about Open Energy Profiler Toolset

Ordie — Designing a SoC for Betrusted

The field of open silicon is still in its infancy, and while the story on digital logic generation is good, analogue is still a work in progress, and full system integration is only just beginning. The Ordie project will characterize available analogue and digital blocks, integrate them, and create simulation and test software to validate them both pre- and post-production. In this way, the Ordie project will create open, fully-verified silicon chips where every aspect of the part is inspectable down to the raw GDS files. These parts will be usable in some aspects of projects such as Betrusted, where they may be used to replace some of the proprietary silicon with open variants. Along the way it will develop a circuit that enumerates over USB, be able to address various debug structures using existing Wishbone USB and Spibone debugging, and develop a buck regulator, useful for powering on-die structures.The on-chip blocks will be documented using reference systems such as lxsocdoc.

>> Read more about Ordie

Organic Maps — Privacy-focused Android & iOS offline maps application

Organic Maps is a free and open-source mobile app, that offers fast detailed offline maps of the entire world based on the OpenStreetMap database maintained by millions of people across the globe. The app works with downloaded map files on your device, offering fast power-efficient map rendering, offline turn-by-turn navigation with walking/cycling/driving directions as well as robust offline search and trip planning features. Organic Maps is a community-driven app you can trust – no software bloat, no battery drain, no excessive permissions, no ads, no tracking, no personal data collection, no big tech's prying eyes. Pure and organic, made with love.

>> Read more about Organic Maps

Passthrough Authentication — Authentication proxy using Kerberos and SPNEGO

The project summary for this project is not yet available. Please come back soon!

>> Read more about Passthrough Authentication

Peertube plugin livechat — Integrated chat for Peertube live streams

The Peertube project aims to offer a free, decentralized, and sovereign alternative to video-on-demand platforms. Since its 3.0.0 version it is possible to live stream. However, the Peertube team has chosen not to integrate a chat system, but rather to offer the necessary tools so that it is possible to integrate this functionality via plugins. It is in this context that the "Peertube Livechat" plugin was launched in 2021. This project - already installed on nearly 250 Peertube instances - has grown with time, and already provides a serious alternative to existing proprietary systems. However, there are still some steps to be done to offer the same level of service as these commercial platforms: manage the decentralization allowed by Peertube at the chat level, possibility of automatic moderation, streamer/viewer interaction tools, improve and complete the translations of the software, improve its documentation, think about the numerous requests of the community, and so on.

>> Read more about Peertube plugin livechat

PeerTube - Remote Transcoding — Remote Transcoding for distributed video sharing network

PeerTube is a free-libre and federated alternative to centralized video platforms such as YouTube, Twitch or Vimeo. It empowers content creators (institutions, video-makers and live streamers, communities, etc.) to self host their own collective video-platform without being isolated in the wide web. The technical choices behind PeerTube (ActivityPub Federation, peer-to-peer broadcasting) keep the source of this sugestion (the technical and financial bar to self & collective hosting: you no longer need Google's server farm and Amazon's money to host your own PeerTube servers (an instance) and synchronize it with other servers to share video catalogs!

There is still one technical bottleneck: video transcoding. This step is essential for a smooth video broadcasting experience. Transcoding happens at every video upload or during live-streams, and consumes a lot of CPU power. Instances hosting lots of content creators or live streamers tend to rapidly need to upgrade the CPU power of their server, to avoid a bottleneck that only happens episodically. Allowing transcoding work to happen remotely could solve a number of important logistical problems in a more efficient, resilient, affordable and eco-friendly manner.

>> Read more about PeerTube - Remote Transcoding

Pimalaya — Open source personal information management

The project summary for this project is not yet available. Please come back soon!

>> Read more about Pimalaya

PixelDroid/Media editor — Native PixelFed/ActivityPub image sharing app

PixelDroid is an Android app focused on sharing pictures and video through ActivityPub-based services such as Pixelfed and Mastodon. The scope of this project is two-fold: first to improve the application's features and make it more friendly to use for people new to the platform - we want PixelDroid to have the best onboarding experience of the fediverse. Secondly to work on photo and video editing, adding features and streamlining the editing user experience. We will also enable our work on photo and video editing to be used by others outside of the context of our app, by creating a standalone editing application and improving our 'Android media editor' library so that adding media editing to FOSS Android applications is easier than ever.

>> Read more about PixelDroid/Media editor

Pixelfed — Open source, federated photo sharing platform using ActivityPub

Pixelfed is a free and ethical photo sharing platform, powered by ActivityPub federation. The primary scope of this project is to build a federated Groups feature which will enable people to create communities across Pixelfed instances and other fediverse software. Pixelfed Groups will support text, photo and video posts on a separate Group-only timeline feed, as well as support a powerful role based membership system where admins can easily control who can join and the other actions they can perform.

>> Read more about Pixelfed

pretalx — Open source tooling for events and conferences

When attending events like conferences, visitors are often subjected to privacy-invading proprietary apps by organisers. With printed programmes typically no longer made available, visitors are put on the spot: either they install some unknown app and allow themselves to be tracked, or they don't know which sessions to attend. Pretalx is an open source project for events and conferences. It provides a Call for Proposals interface, tools for review (including fully double-blinded ones), scheduling, speaker communication, and attendee feedback. pretalx has a variety of plugins and can be self-hosted. This gives conference organisers, speakers and attendees complete control over the data they share. This project will completely redo the writable API of pretalx, making it a strong privacy-friendly option for any event being organised.

Pretalx is one of the leading open source tools capable of handling the full organisation of events from Call for Proposals to user feedback, and is used by many large open source events already (MozFest, FOSDEM, Pycon, NSEC, etc).

>> Read more about pretalx

Pythonic Slint — Add a full-blown Python API to Slint

Slint is a next generation declarative GUI toolkit that supports multiple programming languages such as Rust, C++, and JavaScript. Implemented in Rust, a language known for its memory safety and performance, Slint can run on platforms such as Windows, Linux, Mac, QNX, and microcontrollers. Next to JavaScript, Python is the most popular programming language. While Python developers already have a number of options when it comes to GUI frameworks, most of these are in the form of wrappers or bindings. We aim to make Python a first-class citizen with a dedicated and idiomatic API, to empower developers to create amazing user interfaces for their applications. Python developers will benefit from a modern open source GUI framework that is well-supported.

>> Read more about Pythonic Slint

RA-Sentinel — A smart geiger teller for wifi network traffic

The project summary for this project is not yet available. Please come back soon!

>> Read more about RA-Sentinel

RAIJIN — Open Hardware brain meeasurements with near-infrared spectroscopy

Low-cost electroencephalographic (EEG) systems have been available for over a decade, such as the open hardware OpenBCI ecosystem. While EEG has been democratized to varying degrees, blood-oxygen-level-dependent (BOLD) methodologies are constrained to medical and niche realms. While magnetic resonance imaging is impractical for a hobbyist, functional near-infrared spectroscopy (fNIRS) may offer a more practical alternative. Similarly, non-visual and non-auditory feedback from a brain-computer interface (BCI) may be streamlined with a tactile or haptic device. Transcranial temporal interference stimulation (TTIS) can be directed and integrated with the existing ecosystem. The Rank-Adjusted Infrared Juxtaposed Interferential Neuromodulation (RAIJIN) marks three components that would significantly improve tools for citizen-scientists. Given recent low-cost projects, it may be possible to bring low-cost fNIRS, non-invasive deep brain stimulation, and tactile response into the OpenBCI ecosystem. Tactile and TTIS enable closed-loop computer-brain interference (CBI). By integrating BCI and CBI, the RAIJIN system will enable mobile, low-cost, BOLD-capable, closed loop, and non-invasive brain-to-brain interface (BBI).

>> Read more about RAIJIN

Fast RSA + PQ Blind Signatures — Fast multiprecision integers for blind RSA and Post-Quantum signatures

We observed significant performance differences between the different implementations of classic RSA signatures in various widely used Free Software cryptographic libraries. Each of the libraries takes a different approach to implementing modular exponentiation, the core operation when generating and verifying RSA signatures. Naturally, RSA signatures would also not be safe in presence of large-scale quantum computers.

In this project, we improve the performance of libgcrypt, mbedTLS, GNU nettle and libgmp to ensure that they are on par with the best secure implementations available today. Furthermore, we implement one of the academic post-quantum blind signature schemes, make it available as Free Software and integrate it with GNU Taler.

>> Read more about Fast RSA + PQ Blind Signatures

Radio-Meshnet — Self-sustained Community and Emergency Radio Networking

The project summary for this project is not yet available. Please come back soon!

>> Read more about Radio-Meshnet

Raptor Lake Desktop — Implement open-source firmware for modern mainboards and chipsets

The Raptor Lake Desktop project aims to deliver open-source firmware support for a modern day motherboard (the MSI PRO Z690-A WIFI DDR4/DDR5 workstation/desktop), enabling users to customize and enhance their hardware. Through open-source firmware, users will have the freedom to modify and adapt the software according to their specific requirements. Building on the success of the Alder Lake Desktop initiative, this project focuses on two key goals: adding support for 13th generation Raptor Lake-S CPUs on existing boards and implementing open-source firmware support for the MSI PRO Z790-P WIFI DDR4/DDR5 boards. The project also includes the development of additional firmware features to improve system functionality and security, such as selective Option ROM loading, ESP partition scanning, power state after power fail option, PCIe Resizable BARs, and XMP memory profile selection. Through community involvement and feedback, the project aims to provide a more personalized and flexible computing experience for board owners.

>> Read more about Raptor Lake Desktop

Replicant on Pinephone 1.2 — Add basic support for the Pinephone 1.2 to Replicant

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it.

The goals is to first adapt support for the Pinephone and various other hardware (mainly from GLODroid), to make it generic and reusable by other Android distributions and smartphones to improve collaboration between Android distributions using mainline linux kernels.

>> Read more about Replicant on Pinephone 1.2

Reproducible F-Droid — Building a trusted app ecosystem with F-Droid

F-Droid maintains a complete free software build/sign/deploy stack for securely making signed releases of Android apps in a fully automated way. This has been used since 2010 to run the repository of free software Android apps. Reproducible builds means it is possible to make a strong link between the actual app running on our devices, and the source code which they were built from. When the source code has been thoroughly inspected and is trusted, it is then possible to apply that same trust to the install binary.

This project will make this stack much easier for other people and organizations to deploy and use on a daily basis. This allows organizations to run rebuilders to confirm that the releases available on or any F-Droid-compatible repository exactly match the source code. The resulting data can then be automatically consumed by the client app so it can communicate to the user that it was confirmed as a reproducible build.

>> Read more about Reproducible F-Droid

pcb-rnd, sch-rnd — Open source EDA suite

Ringdove EDA is a modular, portable Electronics Design Automation toolkit mainly targeting the Printed Circuit Board design workflow. The two flagship projects in Ringdove are sch-rnd (schematics capture) and pcb-rnd (printed circuit board editing). Because of the modular layout of the code and the active management of dependencies, both projects are highly portable, both in time (old, present and future systems) and in workflows (interactive graphical design or interactive command line usage or headless automated processing). Ringdove also strives to support file formats of other EDA software, especially for loading proprietary formats, making existing/legacy hardware designs more accessible to the Open Source community.

>> Read more about pcb-rnd, sch-rnd

Rotonda Secure Extensions — Implement BGPSec in Rust and integrate into Rotonda

Rotonda is a modular routing project that brings BGP observability and easy BGP provisioning to networks. Its aim is to improve the safety and security of the inter-domain routing system. In this particular effort we will build two features that will help us further the goal of security and safety.

First, we will implement BGPsec as a first-class citizen in Rotonda. BGPsec is a standardised protocol for securing routes in the inter-domain routing system. As far as we know Rotonda will be the first open source routing software that supports BGPsec out-of-the-box.

Second, we will implement a run-time configurable plug-in system for Rotonda, that will not only increase its modularity and extensibility, but also its usability.

>> Read more about Rotonda Secure Extensions

SDCC — Small Device C Compiler compiler for 8-bit microcontrollers

The Small Device C Compiler (SDCC) is free and open source software for 8-bit microcontrollers. While such 8-bit microcontrollers might seem like outdated technology (most of the popular chips sold today use 32 bit or 64 bit solutions), the fact that there are less transistors to fire up with every cycle means there are quite a few basic use cases where 8-bit systems might very well remain the most energy-efficient option despite . SDCC is competing head to head with various proprietary compilers - such as Keil, IAR, Comsic, Raisonance. The tasks in this project will significantly boosts the capabilities of SDCC and allow developers a more mature tool to design for e.g. eco-friendliness. The project will deliver various improvements in SDCC, in order to make it more complete and competitive in terms of features and workflow.

>> Read more about SDCC

SIP RELOAD — REsource LOcation And Discovery, a peer-to-peer (P2P) signaling protocol

SIP is a mature internet technology to establish sessions of any type across the internet. RELOAD stands for REsource LOcation And Discovery and is a peer-to-peer (P2P) signaling protocol standardised in IETF that provides its clients with an abstract storage and messaging service between a set of cooperating peers that form an overlay network. RELOAD defines a security model based on a certificate enrollment service that provides unique identities. NAT traversal is a fundamental service of the protocol.

The goal is to implement a P2P communications network based on IETF standards that allows people to communicate securely without the traditional interposed third parties like SIP service providers.

This is done both by establishing direct encrypted channels between the participants as well as using digital identities based on X509 certificates to identify the participants in a conversation, which will prevent third parties from inserting themselves into the conversation by attempting to impersonate one of the participants.

The outcome would be a working RELOAD implementation, with a functional backend for connecting and discovering peers based on their identity which is backed by an email address that will then also function as a working SIP address.

>> Read more about SIP RELOAD

Software Heritage listers + tooling — Performance improvements and new listers/tooling for Software Heritage

Software Heritage's ambition is to collect, preserve, and share all software that is publicly available in source code form. The platform currently list and load more than 200 million free and open source projects. One of the bottlenecks for collecting sources is the speed at which these can be collected. We want to address performance improvements on data discovery and ingestion through the usage of the PyPy interpreter, which should help in reducing CPU bound in highly repetitive area of the Python code responsible for data analysis and validation. To expand the list of existing source code origins we will create new listers and loaders for Dlang, Julia and Elm package managers.

>> Read more about Software Heritage listers + tooling

SeedVault Integrity — Add integrity checking and WebDAV support to SeedVault Android backups

SeedVault Backup is an independent open-source app data backup application for Android and derived mobile operating systems. By storing Android users' data and files in a place the user chooses, and by using client-side encryption to protect backed-up data, SeedVault offers users maximum data privacy and resilience with minimal hassle.

SeedVault uses Android's storage access framework (SAF) to read and write encrypted app data. This allows it to backup and restore application data on a wide range of platforms (such as Nextcloud) and even USB flash drives.

The project will improve the current implementation to allow storing files also on generic WebDAV-based storage without the SAF abstraction layer for improved performance and reliability. It will be possible to decide what apps and files should be restored and to verify the integrity of the backups made.

>> Read more about SeedVault Integrity

SelfPrivacy — Reproducible self-hosting stack based on NixOS

Self-hosting can be a challenge even for a professional, let alone an unprepared user. We want to change that. SelfPrivacy is a free application that helps you set up and manage your self-hosted services. Our goal is to create an accessible tool that gives everyone an opportunity to create their own self-hosted infrastructure.

Our application supports multiple platforms and to use it, all you need is to register with a provider and copy the access token into the application. SelfPrivacy will set up the system, domain, DNS and install open source services such as E-Mail, Nextcloud, Jitsi, etc. SelfPrivacy automates the entire lifecycle: provisioning, updates, configuration changes, monitoring, backups and space management.

We encourage the use of private services that we provide, and we also develop infrastructure based on the NixOS distribution.

>> Read more about SelfPrivacy

#Seppo! — Portable ActivityPub implementation

Posting and liking self reliantly and still have a life. #Seppo! empowers you to publish short texts and images to the internet as easily as using an online service but retain full agency and responsibility. What you publish is solely subject to public law. No 3rd parties hold a stake, nobody else imposes any rules on you. This is because you publish on your own property. Which is possible because housekeeping is no more than the known follow/unfollow/block/unblock content moderation of your own single account. You do that by yourself. There are no scripting engines or databases, no technical updates required. You can focus solely on the message to deliver. You build an online presence on your own digital property, robust for decades if you decide so. #Seppo! is built on mature web standards (e.g. ActivityPub), a european technology stack, inspectable plain-text storage, is security aware and decentralised. It is made for but not limited to off-the-shelf static webspace as offered by numerous vendors all over the EU. #Seppo! targets individuals and small organisations joining the #Fediverse with max. 10k followers, optionally cross-posting to the closed platforms.

>> Read more about #Seppo!

Servo — Independent Rust-based browser engine

Servo aims to provide an independent, modular, embeddable web rendering engine, allowing developers to deliver content and applications using web standards. Servo is written in Rust, taking advantage of the memory safety properties and concurrency features of the language. As part of this project we'll add support for more CSS features to the Servo layout. The main areas of work on this project would be support for floats, writing modes and tables; which will increase the number of web pages and applications render properly in Servo.

>> Read more about Servo

SiCl4 — Tool for interactive reverse engineering of digital logic.

SiCl4 (silicon tetrachloride) is a tool for reverse-engineering digital logic designs. Starting from an FPGA bitstream or other types of netlists, this tool will assist users in interactively recovering higher-level structures. Algorithms will help with tasks such as finding shared subcircuits or identifying known patterns such as adders, counters, comparators, state machines, etc., so that the user can focus on understanding the higher-level functions of the target design. SiCl4 will be scriptable in order to allow for easy extension, and it will also integrate with the existing open-source EDA ecosystem.

>> Read more about SiCl4

Silicon verification — Non-destructive, in-situ inspection of physical chips

The global nature of supply chains presents an existential question for the trustworthiness of hardware: how do I know the chips in my device are genuine and pristine? Trusted domestic fabs only solve a facet of the problem: after a silicon wafer leaves the fab, it criss-crosses the globe multiple times as it is packaged, tested, and assembled into an end user product, presenting a huge attack surface for post-fab substitutions and alterations. The "Silicon Verification" project lays foundations for high resolution end-user, direct, and non-destructive optical inspection of chips. Our research aims to create a set of techniques for hardware packages that fill the analogous role of "digital signature verification" for software packages: a ubiquitous method to establish trust in a package, after it has been delivered to the user.

>> Read more about Silicon verification

Solid Compound — A software library/framework to simplify designing for W3C Solid

Solid Compound is an innovative library designed to streamline the integration of web applications into the Solid ecosystem. It provides functionality to Solid App developers to make their Solid Apps usable without end-users needing a Solid Pod or a WebID. This lowers the barrier of entry for new end-users and allows everyone to use newly crafted and innovative Solid applications.

Solid Compound offers a hybrid data storage approach, allowing for data to be stored either in the application's datastore (but Solid-ready) or in the user's Solid pod. It also enables user authentication (either done by the application or Solid-OIDC). This merging of traditional web development with Solid-compatible systems also extends the functionality to include a feature that enables data and identity migration from an application's datastore to a user's pod when they are ready.

The hybrid approach ensures a smooth transition towards a more decentralized web, while simultaneously broadening the reach of Solid developers to users who may not yet be familiar with the Solid ecosystem.

>> Read more about Solid Compound

Solid Data Modules — Improve data accessibility and prevent data corruption in Solid Pods

The Solid Project enables a "Bring your own Data" architecture, but this is only useful if apps understand the data they find on the pod.

Client-client specs are the crucial but underdeveloped core part of the Solid project which needs urgent attention now. Solid Data Modules will build on the existing remoteStorage modules work and the Solid Application Interoperability spec. They will support the data types already documented in our PDS Interop ( and Shaperepo ( initiatives.

Apart from making data more easily accessible, reliably updating index files, and preventing data corruption, the Solid Data Modules will also automatically show the app developer which fine-grained Data Grants to request. That way, we hope to finally stop the bad practice of even demo apps that request root access to your pod.

>> Read more about Solid Data Modules

Solid Application Interoperability — Interoperable Data sharing flows and discovery for Solid

Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, either individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid Application Interoperability provides clear way to create intuitive data boundaries and higher level patterns to manage access to that data following the principle of least privilege.

The focus of this project is on three parts: i18n for the Authorization Agent, data sharing flows and verifying WebID of social peers.

>> Read more about Solid Application Interoperability

Solid Usable App Tools Project — Improve developer experience for W3C Solid

The Solid project is one of the best known efforts promising to bring individual data ownership to the people of Europe and the world. While Solid has many use cases, a common example is an alternative to Facebook, Instagram, and Twitter where a user can own their own social media data. But, Solid's current specification, implementations, and developer tools are not yet able to support a full-fledged social media alternative. This project will aide the ongoing specification and developer tool development for Solid by filling in the gaps that are currently preventing a "home-run" app from being created on Solid.

Particular areas of concern for this project are: Authentication for Mobile Apps and Bots, Real-Time Notifications, and Easier Devtools (which caters also for developer that lack much prior knowledge of linked data). In addition, the project will produce a tutorial series to make developing apps on Solid as easy as learning how to use more mainstream technologies like React.

>> Read more about Solid Usable App Tools Project

Space Tube — Group-to-group instant messaging

Space Tube is a service utilising the Matrix protocol to allow groups to communicate with other groups. A group member adds the Space Tube bot to their shared chat platform e.g. discord server, slack organisation, element space etc, then they can create a channel (or tube) that sends messages to and from another group's chat platform. This allows groups to form relationships as groups that don't rely on individual people within those groups connecting them together. These group relationships can then scale to much larger directly participatory structures.

This project will automate the process of creating tubes so that it can be done in a few seconds by a non-technical user. It will also expand tube functionality by allowing tubes to connect more than two groups at once and providing links to a graphical interface to support more complex group interactions such as agreeing to proposals or sharing resources.

>> Read more about Space Tube

Spectrum Applications — Add running graphical applications to the compartmentalized desktop OS Spectrum

Spectrum is a project that aims to develop a secure, compartmentalized desktop operating system with security and usability improvements over other existing implementations. This project will improve Spectrum's support for running graphical applications. Currently, users have to manually create virtual machines by laying out a configuration directory themselves (or using a helper Nix function). Running a new application often requires some customisation work on the VM to set up the environment suitably for the application to run and defining access controls - and there is no facility to create a VM on the fly.

After this project is done, the system will be able to automatically start VMs on the fly for applications packaged as AppImages, and applications will be able to dynamically request access to files using the existing XDG Desktop Portals interface that is already implemented by major toolkits (so File→Open… will just work in unmodified applications, with the user able to select from all their files without the application being able to see them). The foundations will have been laid to go on to support applications packaged in other ways, such as Flatpak (which could be follow-up work, should this initial stage be successful).

>> Read more about Spectrum Applications

Stalwart Mail Server — Robust full featured mail infrastructure in Rust

Self-hosting an e-mail server is notoriously difficult. While privacy is a top concern for many individuals and businesses, the complexities of self-hosting a mail server often outweigh the benefits, leading many to choose to sacrifice some privacy and pay a third-party provider to manage their email instead. One of the key challenges of self-hosting an email server is the outdated and complex nature of most available open-source mail server software.

Stalwart Mail Server is an open-source email server written in Rust that aims to help modernize, democratize, and promote decentralization of email. The server offers a robust and privacy-focused solution that is easy for individuals and businesses to set up and maintain on their own.

Stalwart Mail Server consists of three components: a JMAP server, an IMAP4 server with support for ManageSieve as well as many extensions, and an SMTP server with support for DMARC, DKIM, ARC, and SPF. The server does not require any external software or databases to run and can easily scale to multiple servers thanks to its native Raft support.

Furthermore, the use of Rust in Stalwart Mail Server allows it to offer improved performance, safety, and concurrency compared to other solutions, making it a versatile and robust choice for those looking to self-host their own email server.

>> Read more about Stalwart Mail Server

TOS;DR OTA backend — Integrate Terms of Service;Didn't Read with Open Terms Archive

Open Terms Archive is a digital common that produces (since 2020) datasets of the evolution of contractual documents (Terms of Service, Privacy Policy…) over time, enabling analysis and comparison. It aims at shifting the power balance from big tech actors towards researchers, end users and regulators. The “Terms of Service; Didn't Read” (ToS;DR) project enables (since 2011) crowd-reading and rating of these same contractual documents. These documents are obtained from the web with a dedicated engine that stores them in a private database and suffers from lack of maintenance.

The goal of the effort is to replace the historical ToS;DR crawler with the public Open Terms Archive datasets, thus increasing the reliability and auditability of the source data, since the annotations will be based on public datasets produced by replicable instances instead of being based on a one-off database used only by ToS;DR itself. This will also enable establishing a common data format for annotating documents.

>> Read more about TOS;DR OTA backend

GNU Taler wallet app for iOS — Mobile GNU Taler payments for portable Apple devices

GNU Taler (Taxable Anonymous Libre Electronic Reserves) is a privacy-preserving electronic instant payment system that is fully free software. It uses electronic coins stored in wallets on customer’s device. Coins are like cash. Users can use Taler to pay in existing currencies (i.e. EUR, USD, BTC), or use it to for instance create new regional currencies. The Taler wallet is currently available as a browser-based WebExtension and as Android app, but not yet as iOS app. This project will develop a user-friendly and accessible iOS wallet app for the GNU Taler payment system. With the iOS Taler wallet app, users will be able to make payments with their iPhone -- similar to how they would use proprietary payments systems like Apple Pay.

>> Read more about GNU Taler wallet app for iOS

Tasteweb — Develop new web of trust mechanisms

Webs of Trust, (or networks of endorsement) are a common social technology with many useful properties; they can grow quickly, they can support a blend of shared structure and local structure, and they can incrementally self-correct with minimal labor. Despite being fairly common in the online world, we identify many still unrealized applications for webs of trust which we expect would greatly empower grass-roots organization of information, news systems, and public dialog. The main obstacle to most of these new functions turns out to be the performance scaling limits of today's graph databases. We've identified indexes and algorithms that would allow us to transcend those limits. The project aims to implement fast shortest path indexes (eg, Contraction Hierarchies, BatchHL+), and "sparse query" indexes (novel) (dynamic unions, or dynamic cache placement), for open source graph databases, to enable several new critical functions for webs of trust: Globally inclusive networks of endorsement, exclusive claims, news discovery, and subjective filtering. Once implemented, we plan to make this functionality available to emerging open source social network protocols and social computing frameworks.

>> Read more about Tasteweb

Threshold OPRFs — Bringing the power of Threshold OPRFs to the people

"Bringing the power of Threshold OPRFs to the people" is a project trying to jump the gap between academic research and robust free software implementations. Oblivious Pseudo-random Functions (OPRFs) and Threshold constructions bring some very interesting and strong security properties that go beyond the state-of-the-art. Besides low-level implementations, reusable libraries, servers, and command-line clients, also concrete applications will be delivered, such as password and secret storages, encrypted data-at-rest, authentication, and secure channel setup.

>> Read more about Threshold OPRFs

Tracking weasel — Detect privacy violations in mobile apps

Privacy and data protection are fundamental rights and already well protected by legal frameworks in the EU. Yet, tracking—often without consent—is ubiquitous and often unavoidable. While tech-savvy users can defend themselves against that to a certain degree with tools like tracking blockers, we want to attack the problem at its root to make the web safe for everyone, regardless of expertise. With this project, we want to build infrastructure to detect privacy violations in apps on Android and iOS and crowdsource complaints against this behaviour with the data protection authorities. The result will be a web app where users can select an app from the app stores, which we will then download and run in an emulator or on an actual device. We will analyse the apps’ network traffic and detect privacy violations not just based on server connections but the actual data being transmitted. We will also check any consent dialogs. The website will then show a report to the user and, depending on the results, give them the option to generate a complaint under the GDPR and ePrivacy Directive, complete with the collected evidence from the analysis in the form of screenshots and traffic dumps.

>> Read more about Tracking weasel

Trenchboot as Anti Evil Maid — Integrate Trenchboot into Qubes OS as defense mechanism against physical compromise

Enhancing the security measures of Qubes OS is the primary objective of this initiative, which involves integrating the TrenchBoot Project into the Anti-Evil Maid (AEM) implementation. Traditional firmware security measures, such as UEFI Secure Boot and measured boot, have limitations that can be overcome by leveraging Dynamic Root of Trust (DRT) technologies and TPM 2.0.

TrenchBoot provides a secure environment for operating system launch and integrity measurements, ensuring greater protection. The project aims to extend support to both Intel and AMD hardware, addressing the current lack of TPM 2.0 support and AMD compatibility in the AEM implementation. Key objectives include implementing TPM 2.0 support in Xen, updating AEM scripts, and ensuring seamless integration with AMD hardware. The successful execution of this initiative will significantly enhance the security of Qubes OS and promote the adoption of DRT technologies in open-source and security-oriented operating systems. Thorough testing on various hardware configurations will validate the solution's effectiveness and reliability.

>> Read more about Trenchboot as Anti Evil Maid

Reverse Engineering Toolkit — Reducing e-waste through Reverse Engineering

According to the Global E-waste Statistics Partnership (GESP), electronic waste is estimated to increase to 74.4 Million Tonnes by 2030. A strong factor in the continuing increase of e-waste is the electronic industry artificially shortening the lifespan of their devices. Planned obsolescence, the inability to repair and abandoned software support all contribute to devices prematurely ending up in a waste stream. Older high-end consumer electronics devices have powerful components that, once open schematics, firmware and documentation has been created for them through reverse engineering, can be repurposed to create new and different devices.

To meet this aim, Unbinare is creating an open hardware reverse engineering toolkit consisting of the OI!STER (a tool for debugging and glitching MCUs), the UNBProbe (a passive, spring-loaded needle probe for probing PCBs), the UNBProbebase (a magnetic base with a prototyping area) and a breakout board - which allow to repurpose components salvaged from e.g. discarded mobile phones.

>> Read more about Reverse Engineering Toolkit

DeltaChat/WebXDC — Portable private apps that can be shared in e.g. chat

Webxdc is a fresh and still evolving effort to explore "private apps", essentially 'portable' web apps through which users can interact in any number of ways outside of the traditional client-server paradigm, e.g. over E2EE chat. These mini-apps offer interesting interaction patterns -- without any dependency on centralised infrastructure, additional logins etc. It grew from Delta Chat, a highly innovative solution that uses secure email-based communication technology for social networking, protected with OpenPGP/Autocrypt.

The project will further develop the concept of Webxdc apps, and make it for instance possible for users to make data portable (which is currently not possible due to missing security controls for that).

>> Read more about DeltaChat/WebXDC

Whisperfish — Cross-platform mobile client for Signal and derivatives

Whisperfish is a third-party open source client for the popular Signal instant messaging network. Whisperfish is an advanced beta stage, and is available for SailfishOS. In collaboration with the Axolotl project, within this project we aim for implementing full-fledged clients for various mobile operating systems.

>> Read more about Whisperfish

Wolvic — Web browser designed for use in XR devices

Everybody will meanwhile have come across people wearing strange glasses, immersed in a world beyond the here and now. But what are they looking at, and how does the web fit in there? Wolvic is a web browser dedicated to work with virtual reality (VR) and enhanced reality (XR). The goal of this project is to add a number of important features such as VR peripheral awareness (placing contextual information on the edge of the user's vision) and spatial reasoning (3D representation of navigation-related information) to the Wolvic browser. Wolvic is the only open source browser available in the XR space, and as such any device maker or other third party can create their own version of Wolvic to explore the burgeoning XR space.

>> Read more about Wolvic

Event Federation Plugin for WordPress — Add ActivityPub to events created with most common WordPress event plugins

Freedom in announcing events. The WordPress Event Federation plugin allows events created in WordPress with the most popular event plugins to be seamlessly published to Fediverse via ActivityPub. The core problem is that events need to be discoverable, listable and subscribable by potential visitors. Since organisers' personal websites do not meet this requirement, most of them publish their events on multiple (commercial) platforms, which results in people searching for events being tied to these platforms. Currently, many to most event organisers use WordPress to run their own website. With this plugin, they can make their events even more visible without changing their workflow. At the same time, they gain data sovereignty and independence from traditional search engines and platforms that give less control over how content can be filtered. The goal is to realise typical use cases, such as server-to-server federation with Mobilizon instances, or another example: to allow Fediverse users, such as those of Mastodon, to follow events directly from the organisers.

>> Read more about Event Federation Plugin for WordPress

XR Fragments — Discover, reference, navigate and query 3D online content

After the hype of early (and proprietary) virtual reality technologies like Second Life cooled down, there is recently a renewed push towards the “3D” web which uses virtual reality technologies (also marketed under new brand names like "Metaverse"). While many technological building blocks are meanwhile available, seamlessly surfing the 3D web however seems quite far away still for a simple reason — browsers exit fullscreen/WebXR mode when switching web addresses, essentially removing the immersive experience when navigating. While such a limitation comes from obvious security considerations, it also pushes VR/AR-Headset owners into walled gardens for a more pleasant experience.

XR Fragments is developing a simple public protocol for networked 3D webrings to discover, reference, navigate and query 3D online content (read-only). This allows to enable immersive 3D navigation, liberate 3D content from being locked away inside games / walled gardens and to query objects inside a 3D asset files, without the need of serverside backends.

>> Read more about XR Fragments

Yrs weak links — More efficient CRDT by interconnecting and synchronising data structures inside documents

Yrs weak links project aims to extend existing implementation of Yjs/Yrs - one of the most popular free and open source libraries for building collaborative peer-to-peer applications - with new primitives such as cursors allowing for a seamless integration with rich text editors, and an ability to cross-reference and react to changes occuring in a different parts of an application: be it for display or other evaluation purposes like referencing cells in spreadsheet calculations. All of these will be possible while preserving eventual consistency in an environment where applications need to be operable and accept changes coming from many different users even when offline or when the standard Internet access is not available.

>> Read more about Yrs weak links

libspng APNG — Add Animated PNG (APNG) image read- and write support to libspng

libspng is a modern C library for reading and writing images in the Portable Network Graphics (PNG) file format. Created from the ground up with security and ease of use in mind, it provides an alternative to the reference implementation and a migration path to a simpler API, an extensive test suite ensures interoperability.

The goal of this project is to implement Animated PNG (APNG) support and make it a more viable alternative to the reference implementation.

>> Read more about libspng APNG

mCaptcha — Privacy-friendly Proof of Work (PoW) based CAPTCHA system

Existing CAPTCHA systems expect visitors to identify objects to prevent spam, which makes the web inaccessible to persons with cognitive, auditory, and visual special needs. They log Internet Protocol (IP) addresses and use tracking technologies, like cookies, to track and profile their users across the internet. IP logging and cookie-based tracking are privacy-invasive, inaccurate, and impossible to use with anonymizing technologies like Tor and VPNs. Censors can abuse the opaque nature of these systems to prevent certain groups from accessing certain types of information. Independent testing for bias is not possible since the documentation doesn't exist for their methods and algorithms.

mCaptcha is an attempt at creating a self-hosted alternative to reCAPTCHA and hCaptcha with a focus on privacy, transparency, user experience, and accessibility. mCaptcha’s Proof of Work (PoW) mechanism uses strong cryptographic principles that guarantee idempotency and transparency. mCaptcha doesn’t log IP addresses and doesn’t require tracking user activity across the internet. Censors can’t use mCaptcha to deny access to information without detection. Also, the PoW mechanism requires minimal user interaction to solve the CAPTCHA, which will significantly improve the accessibility of the web.

>> Read more about mCaptcha

mitmproxy — HTTP/3 Support and OS Proxy Mode for intercepting local proxy

mitmproxy is a versatile tool for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay network communication from websites and mobile applications.

This project is about the development of two new major features to mitmproxy: HTTP/3 Interception and a new OS proxy mode. With an increasing number of apps using the HTTP/3 protocol to communicate, we are adding support for it in mitmproxy so that it can be observed just as well as other protocols. For the second part of this project, we will be adding a new operating mode that makes it possible to inspect applications running on the user's device with a single click. These features collectively empower users to gain insights into what data their own devices are sending out.

>> Read more about mitmproxy

Strengthening NTP and NTS in ntpd-rs — Memory-safe implementation of IETF time standards including NTPv5 and NTS

NTP is one of the building blocks of the internet, and it and its security improvements are, therefore, of vital importance for a safer internet. Over the last year, we have created a new implementation of the Network Time Protocol called ntpd-rs, which includes Network Time Security support.

In this project, we will work on growing adoption and strengthening our implementation. On the one hand, that means expanding platform support, packaging options, and implementing improvements suggested by early adopters. On the other hand, we see the need to increase the usability of NTS, which is not deployed widely. By contributing to improvements of NTP (NTPv5) and exploring the creation of an NTS pool, we aim to foster NTS adoption.

>> Read more about Strengthening NTP and NTS in ntpd-rs

openXC7 — Improve hardware support for open source FPGA tooling

FPGAs are reconfigurable chips capable of handling many electronic signals in parallel. They are used in network equipment like backbone switches, firewalls, video devices like surveillance cameras and radio equipment like mobile-phone base stations, radar systems and satellites to process high volumes of data with very low latency. FPGAs are also used to test digital circuit designs before they are manufactured as chips.

The functionality of FPGAs is determined by a configuration file which is loaded into the FPGA at power-on. The configuration file is usually generated from a design file by a proprietary tool provided by the manufacturer of the FPGA.

openXC7 will provide a complete set of open source tools to generate a configuration file for the widely used family of Xilinx Series 7 FPGAs from manufacturer Xilinx/AMD without having to use any proprietary tools. This will empower digital design engineers to have the guarantee that no backdoor is implemented on FPGA based devices by the proprietary design tool provided by the vendor.

The availability of the source code of the FPGA design tool will also allow anyone to come up with new use cases for FPGAs currently not possible with existing tools.

In this project the team will implement gigabit transceiver support, both for the widely used Artix7 and the Kintex7 families of devices, thus enabling complete open source network infrastructure (e.g. an open source 10 GB Ethernet switch). The second focal point will be identifying and fixing issues that arise from the community of users of the toolchain.

>> Read more about openXC7

purl2all — Discover metadata for software packages

The project summary for this project is not yet available. Please come back soon!

>> Read more about purl2all

uFork — A memory-safe pure-actor virtual machine

Applying the design principle of actors-all-the-way-down, uFork implements a virtual-machine that is memory-safe at the level of assembly-language instructions. All operations occur in the context of an actor message-event, which provides object-capability security throughout the system. The effects of individual instructions are isolated so they can only affect the state of their host actor until a transactional commit releases additional asynchronous message-events into the system. This isolation allows interleaved execution of multiple instruction streams, so multiple actors can make progress concurrently. The virtual-machine implements automatic memory management with garbage-collection, and fine-grained resource quotas are enforced by the processor.

>> Read more about uFork

vdirsyncer — Synchronise calendars and contacts

In this digital age, we all have digital address books with the phones and addresses of our loved ones, friends, and those with whom we work. We keep calendars with meetings we need to attend and places we are expected to be. And we need to keep this information synchronised across devices, shared with others, but only with those whom we choose to collaborate. Vdirsyncer synchronises address books and calendars between webcal, caldav, and local vdir collections. This empowers users to manage their own data, synchronise with servers of their choice, as well as interact with their data offline in their own devices. Vdirsyncer has proven itself a useful tool, but suffers from some early design issues which are impossible to fix without rewriting it. Within this project, the rewrite will become a reality. Additionally, the codebase will be structured to be easily usable by other projects and developers.

>> Read more about vdirsyncer