NGI0 Entrust

ARMify — Auto-Identification of MCU Models to Simplify ARM Bare-Metal Reverse Engineering

ARMify aims to become a plugin for the open-source reverse engineering tool Ghidra, with its primary goal being to assist security analysts in analyzing ARM Cortex-M bare-metal firmware. This is achieved through automatic microcontroller model identification and annotation of memory-mapped peripherals. It helps analysts to understand how the firmware interacts with microcontroller features, offering significant time savings compared to manual cross-referencing with the microcontroller datasheet. The development entails creating an SVD parser (the SVD standard formalizes Cortex-M microcontroller system details, such as peripheral registers, in XML format) and a comprehensive microcontroller database, both of which will be released as standalone tools alongside ARMify. The SVD parser will enable the processing and preparation of Cortex-M microcontroller system details, while the microcontroller database will provide a repository of technical characteristics and a user-friendly interface for easy access.

>> Read more about ARMify

AVantGaRDe — Reliable Foundations of Local-first Graph Databases

The *AVantGaRDe* (Verified highly-Available and Reliable Distributed Graph Databases) project aims to develop a framework for reliably supporting local-first connectivity. Graph databases have recently been introduced to efficiently manage interconnected, heterogeneous, and semi-structured data. These leverage native graph storage, an expressive property graph model, and dedicated graph query languages. Still, scalably and reliably managing large graphs, while ensuring availability, low latency, and consistency is challenging. While cloud graph databases try to address this, local-first solutions allow users to preserve ownership and agency over their data. Unfortunately, no local-first graph databases exist, as these require customized replicated data types (CRDTs) and compositionally preserving graph invariants. Moreover, as CRDTs are already notoriously difficult to construct, ensuring the correctness of complex graph CRDTs is challenging. The project aims to develop a novel framework for designing foundational models for local-first graph databases, with built-in trustworthiness and reliability guarantees. *AVantGaRDe* sets to design a unified framework for prototyping and extracting correct-by-construction horizontally scaled property graph CRDTs that can preserve complex invariants.

>> Read more about AVantGaRDe

ActivityPods — Framework for fully-decentralized social apps, combining ActivityPub and Solid Pods

ActivityPods brings together two game-changing protocols, ActivityPub and Solid Pods. The goal is to empower developers to create fully-decentralized social apps thanks to an easy-to-use framework. Following the Solid project's principles, ActivityPods apps store all data directly in the user's Pod (Personal Online Datastore). But since these Pods are also ActivityPub actors, they can easily exchange with other Pods and any other ActivityPub-compatible software. Lightweight bots can access the Pod's data, listen to ActivityPub activities and act accordingly. This novel architecture gives users the freedom (1) to choose where they store their data, (2) to share their data with anyone on the web, (3) to switch apps at any time without losing data. The overall benefit is a more resilient and innovative web, where privacy and interoperability are guaranteed by design.

>> Read more about ActivityPods

Agorakit — Groupware which is a friendly online home to communities

Agorakit is a web-based, open source organization tool for collectives. By creating collaborative groups, people can discuss topics, organize events, store files and keep everyone updated as needed. The tool is very easy to use, participants only need to register with an email, the very low barrier of entry and easy to use user interface make it an ideal tool for heterogeneous groups with people of broadly different backgrounds and skills. Those seem like simple features, but to have access to all those in the same product without friction is in our very humble opinion unique to Agorakit. The scope of this project is to enhance documentation, ease use and installation, and allow external communication (including federation).

>> Read more about Agorakit

AlekSIS — All-libre extensible kit for school information systems

AlekSIS' – short for All-libre extensible kit for school information systems – goal is to digitise educational institutions' organizational tasks in a sustainable, individual and independent manner. Educational institutions are complex and diverse places: A fair bit of information has to be managed and made accessible in a way that serves the needs of all groups involved. Furthermore, the needs of schools differ considerably, making a one-size-fits-all solution infeasible. Originating in and being built in close collaboration with schools, the AlekSIS project provides the missing FOSS solution for this application area. It aims to deliver a fully fledged, highly customizable software suite that gives schools full control over operation, data and privacy, while integrating existing FOSS projects. From displaying timetables to providing digital class records or person and group management, AlekSIS already includes a great deal of the features the people involved in education, students and teachers, need in their daily routine. Designed as a web application built around the Django and Vue.js frameworks, its responsive design and offline capabilities cater to various devices and user groups. A further aspect of AlekSIS' FOSS architecture is to provide learning opportunities to its student users by facilitating the creation of extensions and contributions to the project itself.

The goals of this project are to further strengthen our efforts in porting the whole legacy frontend to the newer, Vue.js based one, to finish making AlekSIS capable of timetable and substitution planning and to extend AlekSIS' functionality making it even more competitively viable.

>> Read more about AlekSIS

Apicula — Open source tools for working with Gowin FPGAs

Only a few years ago, you could only program FPGAs with the proprietary tools provided by the vendors, locking you into that ecosystem and its features and bugs. But open source FPGA tools have been making great strides, and there are now mature open source synthesis and PnR tools, namely Yosys and Nextpnr. However, only Lattice FPGAs are currently well supported, still de facto locking you into a single vendor. There are a few other projects, such as Apicula, that target other FPGAs, but none of them are feature complete and of production quality. The goal here is to take Apicula to the next level, where it goes from an experimental flow for FOSS enthusiasts to a production ready tool, finally and truly breaking FPGA vendor lock-in.

>> Read more about Apicula

Apicula IO primitives — Add additional IO primitives to libre Gowin FPGA tools

Apicula is a project that aims to provide open source tools to work with Gowin FPGAs. (FPGAs are repurposable chips used in many everyday and specialist electronic products for everything from tying systems together to highly specialized algorithm accelerators). In recent years open source FPGA tools have made great strides to break the vendor lock-in of commercial FPGA tools. But to completely break vendor lock-in a variety of mature toolchains are needed. We have reached a point of general usability, and with this grant Apicula aims to make another large leap forward, improving feature parity, documentation, and support for more advanced and specialized Gowin devices.

>> Read more about Apicula IO primitives

Automating mobile app interception with Frida — Mobile app network introspection for security research

Inspecting mobile app network traffic is a key part of security & privacy research, which helps protect everybody who uses modern mobile devices. It's also an indispensable debugging tool for app developers & QA teams. However, this technique has faced growing challenges from increasing OS restrictions and individual app countermeasures like certificate pinning, such that inspection now often requires advanced reverse-engineering knowledge and significant time-consuming manual setup. In this project, new tools will be built using Frida (a dynamic instrumentation framework) and integrated with HTTP Toolkit (a network debugging tool) to enable one-click targeted interception, making inspecting traffic from mobile apps on a user's own iOS & Android devices accessible to technical users without specialist expertise.

>> Read more about Automating mobile app interception with Frida

Perspectives: Making Models — Generate software from open models for human interaction patterns

The Perspectives project provides a distributed runtime that allows people to collaboratively run a model that supports them in some form of co-operation. This can be as simple as playing a game of chess or as extensive as coordinating parent's cars to transport a junior sports team to away matches. To completely model the latter is the main thrust of this work, as supported by NLnet and NGI Zero Entrust. The automatic screens generated by the runtime, based on the model, will be customised to provide a pleasant user experience. On the one hand the end result will be a usable little app, run within the InPlace end user program (that itself runs in the browser as a WebApp). On the other hand, it will provide a reasonably extensive model that showcases a realistic application of the Perspectives Modelling language. This development will also be a driving force that will make the distributed runtime better and the modelling language stronger.

Perspectives is built on a figure-ground reversal of the structure underlying much of today's internet. Data is not concentrated in a few heaps of similar-looking cases (commonly called databases) but instead on the devices of the people that are its source, subject and users. It is conceived of such that functionality builds upon other functionality, creating a network effect not in terms of numbers of users but in terms of functionality. The more of that, the better, stronger and more useful it becomes. The current project will deliver the first end user functionality that goes beyond maintaining the system environment itself (such as developing models, hooking up to communication services, etc).

>> Read more about Perspectives: Making Models

Arcan-A12 — Explorative p2p protocol for fast and secure remote desktops

Protocols such as VNC, X11 and SSH have long been fundamental components for accessing user facing software or desktop computing as a whole over a network connection, with millions of daily users ranging from simple households to businesses and critical infrastructure. The development of these protocols and their respective tools has unfortunately stagnated, drifting towards proprietary extensions and otherwise dragging behind developments in compression technology, while leaving qualities such as accessibility and usability in a rough state. A12 is a project within the Arcan umbrella (models for future desktop computing) that aims to change this, leaning on decades of experience in system graphics. A12 consolidates the use cases of these - and related - protocols, adding stronger privacy protections against side channel analysis, use of modern compression techniques, providing higher visual quality and lower latency with simplified key management and service discovery.

>> Read more about Arcan-A12

Atomic Tables — Self-hostable tabular structured data solution

Atomic Tables is a new extension to the open source Atomic Data ecosystem, which aims to make the web more interoperable. In Atomic Tables, users can easily create their own data models using a tables interface, which people know and love from tools like Excel, Notion and Airtable. Having a self-hostable alternative to the existing SAAS offerings helps users retain control over their own data. What makes this project unique, is that the data models created in Atomic Tables are retrievable by a URL and can easily be re-used on other machines. This keeps costs of transforming or mapping data at an absolute minimum. Maintaining a standardized data model suddenly becomes trivial, instead of costing countless of man hours. Additionally, the software is not just designed to be a clean, intuitive end-user facing application, but also a powerful developer API that brings incredible performance and flexibility, making it highly usable as a database in other applications.

>> Read more about Atomic Tables

BB3-CM4 — CM4 compatible MCU board

Chip shortages are causing production problems throughout the industry. A way of getting out of the production trap is to get project boards more modular. Popular open hardware projects like the EEZ BB3 T&M (Test & Measurement) device currently depend on specific scarce microcontroller boards, and prospective users face impossible delays and constantly rising prices. This project will relieve some of the tension by delivering special "MCU" boards that are compatible in form factor to widely used MCUs. That way projects gain much more room for fulfilling production needs - allowing them to use alternative pin compatible main modules (like the ULX4M FPGA) without redesign, delivering more flexibility. One additional advantage of this approach is that production of module and base board does not need to be at the same time or by the same company. Hardware upgrades and the right to repair become possible and just involve changing a module, without having to throw out the complete system. Along with the "MCU" module the project delivers a new back plane board for the BB3 T&M device - fully compatible with current design, so existing users can upgrade or replace parts.

>> Read more about BB3-CM4

Back to source: trust but verify all the packages — Analysis pipeline for mapping and cross-referencing binaries with source code

Sometimes, the released binaries of an open source package do not match its source code. Or the source code does not match the code in a version control repo. There are many reasons for this discrepancy, but in all cases, this is a potential serious issue as the binary cannot be trusted. Additional (or different) code in the binary could be malware or a vector for unknown software vulnerabilities, or create FOSS license compliance issues.

Back to source creates analysis pipelines to systematically map and cross-reference the binaries of a FOSS package to its source code and source repository and report discrepancies. We call this the deployment to development analysis (d2d) to map deployed code (binaries) to the development code (the sources) and plan to apply this "trust but verify" approach to all the binaries!

>> Read more about Back to source: trust but verify all the packages

Balthazar Casing — Open hardware laptop

Balthazar is a project that aims to create an advanced, open-hardware laptop that is affordable and accessible to everyone, while also being well-designed and ergonomic. The laptop will feature a range of hardware and software features designed to protect users' data and prevent third-party intrusion. It will also include physical safety features such as a hot-swappable CPU and hard-wired switches, as well as the ability for users to add external modules based on various instruction sets and systems on the module, as well as spare keyboards. The project's goals include empowering users to take control of their own data, making computing more sustainable through the use of modular components, and creating an educational platform and advanced computing device that is accessible to users of all income levels.

>> Read more about Balthazar Casing

Bana — Personal network oriented ActivityPub powered social networking

Bana is aimed at private social networking. It is both a server and a mobile Web app, and is federated: anyone can operate a server and people on one server can communicate with people on any other Bana server. Bana uses ActivityPub, ActivityStreams, and the Activity Vocabulary protocols.

Anthropologist Robin Dunbar speculated humans could only comfortably maintain 150 stable relationships. Bana limits you to 150 connections: the closest friends and family members in your life. The connections are reciprocal, meaning both people follow each other. Interactions.

Bana offers a digital journal shared with only the closest people in your life. Bana allows you to post text, photos, videos, audio, location check-ins, workouts, and media consumption - capturing what you want to remember about this particular day in your life.

>> Read more about Bana

Blink for Windows — Modern cross-platform SIP client

Blink is a mature open source real-time communication application that can be used on different operating systems, based on the IETF SIP standard. It offers audio, video, instant messaging and desktop sharing. It supports end-to-end asynchronous messaging and end-to-end encryption which works both online (OTR) and offline (OpenPGP).

Within the scope of the effort, the team will continue the migration to a more modern toolkit based on Qt6, and add support for the still widely used Microsoft Windows platform that currently lacks a high quality, standards compliant FOSS softphone.

>> Read more about Blink for Windows

BlockNote — An modern, open source Block-based editor

blocknotejs.org is an open-source block-based rich text editor. BlockNote makes it easier for developers to add user-friendly, modern and collaborative (or "multiplayer") text-editing capabilities to their applications.

Currently, adding a high-quality document editor to applications often requires deep expertise that is out of reach for many individuals or organizations. BlockNote aims to bridge this gap by offering an open source editor that’s easy-to-adopt for developers, comes with a modern and polished UX, and is block-based. This makes it easier to create structured documents and to programmatically extend the editor and document.

Enabling developers to add document authoring capabilities to their software can increase data sovereignty by reducing dependence on a limited range of SaaS applications for document authoring and management.

>> Read more about BlockNote

Bonfire federated groups — Create, join and manage federated groups across instances

Bonfire is an extensible open source federated community platform, that empowers groups to easily configure their spaces from the ground up, according to a variety of needs and visions.

Bonfire envisions a web of independent but interconnected social networks (using a wide definition, since we consider the social components of activities in the economic, educational, and political spheres as well) - able to speak and transfer information among each other, according to their own boundaries and preferences.

The scope of this project is to give users the tools to create, join and manage federated groups across instances, with their own set of rules and customisable governance. Federated groups on Bonfire will lever the flexible foundation we've recently released: circles and boundaries. Using those building blocks we will ensure that groups have the possibility to define a fine grained set of roles and permissions, with the possibility for each group to define a multitude of roles that fit with how they want to manage membership and participation, and distribute power and responsibility.

>> Read more about Bonfire federated groups

Bonfire Framework — Elixir-based ActivityPub implementation and library with groups and RBAC

Bonfire is an open-source, federated social networking toolkit, designed to empower communities to build custom and federated social networks. The current focus of our project is to improve the stability, performance, and documentation of our codebase, honing a solid framework that enhances user experience and encourages wider adoption. We aim to catch bugs, enhance platform performance, and enrich the developer experience by crafting comprehensive tutorials and documentation. A key aspect of our project involves extending our ActivityPub Library, which underpins the federated nature of Bonfire, and contributing back to the ActivityPub ecosystem by releasing v1.0 of our open-source ActivityPub library. The expected outcomes include a robust, efficient Bonfire framework to be used in production, a surge in developer and community adoption, and contributions to standardize federation protocols.

>> Read more about Bonfire Framework

BrailleRAP — Low-cost open hardware for creating Braille content

BrailleRAP is an open source Braille embosser. AccessBrailleRAP software give you the ability to translate a text document into Braille and emboss the Braille characters on paper with the BrailleRAP device. DesktopBrailleRAP software project aim to build a desktop publishing application suitable to build tactile documents for unsighted people with the Braille embosser BrailleRAP.

The application brings the ability to import vector graphics in SVG format, or create text label with a position and orientation on a page layout. Text labels are translated in Braille with the ability to choose the Braille standard (language in a simplified manner). Vector graphics are decomposed in series of dot positions along path. All dots from Braille characters and paths are converted in GCODE commands for the BrailleRAP embosser. The result is a tactile document with accurate embossed Braille and tactile 2d graphics made by a series of close dots. DesktopBrailleRAP aim to build a suitable tool for individual or teacher to build tactile documents for unsighted people, such as geographic maps, building or organization maps (like school or campus), public transportation maps or teaching plans in biology and mathematics (geometry). The funding from NLnet will allow the development of the first public release with suitable documentation.

>> Read more about BrailleRAP

CRAVEX — Cyber Resilience Application for Vulnerability Exploitability Exchange

There is no free and open source vulnerability exploitability management application centered on software packages. Vulnerability management applications traditionally serve the needs of security teams first. There is a fundamental disconnect between the package-centric mindset of a developer and the vulnerability-centric mindset of a security analyst.

Developers need modern tools to manage, triage, rate, review, and determine exploitability of package vulnerabilities in a package-centric world. They are the primary stakeholders and best positioned to tackle open source package vulnerabilities at the root. With the impending requirements of the CRA, open source projects and small businesses urgently need a free and open solution to comply with these new emerging mandates with minimal friction and costs.

The Cyber Resilience Application for Vulnerability Exploitability (CRAVEX) is a web-based app designed to fulfill these requirements for better software supply chain integrity and security. CRAVEX will make it easier for any organization to comply with the emerging CRA and other regulatory requirements, efficiently, and improve the overall security posture of organizations of all sizes, especially for SMEs.

CRAVEX will collect, track, and triage FOSS package vulnerabilities, determine their exploitability in a portfolio of software products and projects, and provide reporting with SBOMs and VEX statements to share with stakeholders.

>> Read more about CRAVEX

Converged Security Suite +AMD — Add AMD support to Converged Security Suite

The Converged Security Suite has been developed as an open-source tool to provision and test systems where proprietary (and closed) Firmware Security Technologies - such as Intel "Trusted Execution Environment", Intel "BootGuard", and Intel "Converged BootGuard and TXT" (CBnT) - are enabled. Since this is a security-critical operation, transparent open-source tooling is needed to securely provision and test the configuration of your system within the limitations of a closed system.

The CSS made huge progress provisioning and testing Intel-based security mechanisms, and within this project we extend this to AMD's Platform Secure Boot, AMD's Secure Memory Encryption and AMD's Secure Encrypted Virtualization. The goal is to provide a test suite for those security mechanism in order to understand how they are configured and provide transparency into those features.

>> Read more about Converged Security Suite +AMD

Canaille — Zero-knowledge opinionated OpenID Connect (OIDC) server.

Canaille is a zero-knowledge opinionated identity server. Canaille aims to lower the barrier to entry for identity management, by providing a simple lightweight interoperable software focused on accessibility for end-users, administrators and contributors. It provides user and group management for small and medium sized organizations. It has authorization management and Single Sign-On features based on the OpenID Connect standard.

>> Read more about Canaille

Castopod Plugins — Add plugins to the Castopod podcast server

Castopod Plugins is a new modular framework which will allow anyone to develop their own plugins for the Castopod podcast hosting platform. Adding 3rd party plugins bring many advantages to Castopod, most notably a clean and versioned way to add custom features. This allows developers and users to make different tradeoffs by implementing and deploying features essential to them, whether or not these are acceptable as part of the core platform. It also helps with compliance at a global scale, without unnecessary censorship: some extensions will be legal to deploy in some jurisdictions but might be problematic in others. By further slimming down the core of Castopod server, modularity will improve overall code security. The project will allow the whole community to be an active part of future development, and will help better cater to the widely differing needs that podcasters have.

>> Read more about Castopod Plugins

Charon — Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

>> Read more about Charon

Anchorboot — Pre-built UEFI replacement firmware for ARM-based ChromeOS devices using coreboot/U-Boot

Despite their bad reputation as walled-garden systems, ChromeOS devices have huge potential to be FOSS-friendly as most things that make them work are published as free software. However, they use custom platform firmware purpose-built to boot their operating system with non-standard boot mechanisms, whose limitations make it significantly hard to run other OSes on these devices through their stock firmware, stifling this potential.

Anchorboot is a new platform firmware distribution for ARM-based ChromeOS devices using coreboot and U-Boot, with the aim to make it easy to install and use conventional Linux distributions on them through UEFI support. As part of this effort, we will first improve and extend integration between both projects to the ARM architectures, then work on a selection of Chromebooks to fix any issues and to port device drivers to either project where necessary. As each board's work is complete, we will prepare and distribute pre-built, tested firmware images ready to be flashed on these boards along with sources, instructions on how to use the images, and other documentation relevant to the devices.

>> Read more about Anchorboot

Cloud hosting service portability — Service portability for cloud hosting platforms

Configurious Monk or cMonk is a combination of a configuration portal and a set of deterministically configured services that can be used to provide ‘common internet services’ like DNS, E-mail, Matrix, Mastodon, Pixelfed, eduVPN, Nextcloud and more. cMonk's intended use is in large scale cloud deployments, intended for thousands or even millions of users. It is not intended for use in self-hosting situations, but might still be used that way.

The whole project is meant as a service-platform for 'at scale' operatoins, so we are specifically aiming at 24x7x365 availability which requires redundancy and automatic fail-overs everywhere. Configurious Monk is easy to use, and focuses on being ‘out of the way’ of the user. One of its key features is that it lets the user be in complete control. The ultimate form of control being that you can export all your data and configuration and take it elsewhere. Full service portability is the goal. It uses NixOS and the Nix package manager as its base and has an API that can be used to connect the configuration panel to other services.

>> Read more about Cloud hosting service portability

Coloquinte — High performance placement of cells inside digital electronic circuitry

A core component of the ASIC design toolchain is the placement tool, which must decide where to place the components of the chip so that it can be manufactured and meet the performance target. To build chips reliably, improve performance and improve power consumption, the placement tool must interact with other complex tools (routing, timing, gate sizing, ...). This requires a complex integration, and even necessary to target newer technology nodes. Our goal is to provide high-quality placement algorithms with an easy-to-use interface, so it is easy to use in multiple situations and toolchains.

Coloquinte started as a component of the Coriolis toolchain. Since then, it has been made into a library for inclusion in other tools and multiple languages. Current developments target the integration with timing tools (for better chip performance) and routing tools (for power consumption, performance and compilation stability).

>> Read more about Coloquinte

Commune — User-friendly persistent chat/voice rooms

Commune is an open source alternative to Discord, specifically designed for public-by-default communities. Based on Matrix and built as a Synapse server extension combined with a custom client, Commune inverts a lot of Matrix norms: (1) Web-readable channels and threads that are easily shared as links and tended to in a digital garden; (2) shared interest discoverability across spaces via federated webrings; (3) opt-in encryption for ease of onboarding.

The mission of Commune is to act as an accessibility layer on top of the Matrix protocol as a backbone for online community building. Commune meets users where they are by integrating tightly with Discord through two-way syncing and social logins (OAuth), allowing for incremental adoption as opposed to competing directly with the networking effects of incumbents.

>> Read more about Commune

CryptPad Blueprints — Server-side encrypted collaborative editor

CryptPad is an end-to-end encrypted collaboration suite that has been under active development for 8 years, and is currently used by hundreds of thousands of people. Its feature set has grown from a simple editor to a full-blown suite with multiple apps, drive, teams, etc. The next generation of CryptPad should be even better - with stronger security guarantees ("perfect forward secrecy", post-quantum crypto), offline-first collaborative editing, and user-driven workflows like password resets. This project will take the first steps in this direction. We document the ways in which cryptography is used on the platform, review the state of the art in applied cryptography and then evaluate the right match with available technologies. Finally we will use these foundations to move forward to a new architecture for CryptPad that will allow for future developments, improved usability, and tighter security.

>> Read more about CryptPad Blueprints

DANCE4All — Implement DANCE specification in GnuTLS and MbedTLS

DANE (which stands for "DNS-Based Authentication of Named Entities") is a set of mechanisms and techniques standardised within the IETF that allow Internet applications to establish cryptographically secured communications by using information made available through the domain name system. By binding key information to a domain name and protecting that binding with DNSSEC, applications can easily discover authenticated keys for services.

The original DANE specification was built around server authentication. Recently a new initiative called DANCE (https://datatracker.ietf.org/wg/dance/about) emerged, extending DANE to include client authentication. The DANCE4All project's goal is to implement the DANCE specification in two major TLS libraries (GnuTLS and MbedTLS) such that client DANE will become widely available.

>> Read more about DANCE4All

DAVx⁵ WebDAV Push — Share Contacts, Calendars, Tasks, Notes & Journals

This project is about drafting an internet standard for push functionality in the WebDAV/CalDav/CardDAV protocols, and implementing it server-side (in NextCloud) and client-side (in DAVx⁵ and NextCloud Calendar). This standard should greatly benefit the already widely available WebDAV/CalDAV/CardDAV ecosystem in general.

DAVx⁵ is a two-way sync tool for Android that gives people the power of choice where to store their data, instead of being locked-in to big tech. Besides Google FCM we also want to use UnifiedPush as Push backend, so that this can be used without any Google services.

>> Read more about DAVx⁵ WebDAV Push

DMT — Implementation of MOSFET Parameter Extraction Flow for Sky130 into DMT

DeviceModelingToolkit (DMT) is a Python tool targeted at helping modeling engineers extract model parameters, run circuit and TCAD simulations and automate their infrastructure.

Open PDKs like Skywater130 and IHP SG13G2 have brought about significant disruption in the open-source semiconductor landscape, eliminating barriers and reducing costs for all participants. A reoccurring issue of such open-source PDKs are the compact models. In this project, a compact model parameter extraction flow will be implemented into the open-source device modelling software DMT for generating improved MOSFET compact models for open-source PDKs. These models can be leveraged by circuit designers for cutting edge designs. The parameter extraction tool will be applied to the recently released IHP SG13G2 PDK to demonstrate its usefulness.

>> Read more about DMT

DNSvizor — Privacy-enhanced DNS resolver and DHCP server

A secure and robust DHCP server and DNS resolver with a small resource footprint. We will develop a MirageOS unikernel providing these crucial network services. There are various privacy extensions (such as query name minimisation, and recently published opportunistic encryption between the resolver and the authoritative name server), as well as the possibility to deny resolution of configurable domain names (block lists). For enhanced security, we will implement DNSSec. We will provide DNS-over-TLS and DNS-over-HTTPS services. This will be a drop-in replacement for DNSvizor and Pi-hole.

The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MirageOS also supports using a strict security feature of the Linux kernel called seccomp.

>> Read more about DNSvizor

DUT Control — Unified Control Interface for Firmware Security Tests

The DUT Control project aims to create a unified control interface for real hardware used in firmware security tests. Firmware security plays a crucial role on the internet, especially for servers, as it ensures the reliability and trustworthiness of connected devices. However, firmware development poses unique challenges with regard to testing: Firmware runs directly on the hardware and therefore simulations often fail to cover all edge cases, making it essential to test on actual hardware. Furthermore, firmware is tailored to each hardware type, leading to individualized development. Thus, testing often requires manual intervention, increasing time and effort.

DUT Control addresses these challenges by providing an interface to real hardware and an abstraction of hardware inputs and outputs. It is supposed to become the open-source interface between hardware components and testing frameworks.

>> Read more about DUT Control

Delta Tauri — DeltaChat implemented in Tauri

The Delta Chat Desktop app is currently built with Electron and shipped to end-users on all platforms and many app stores. Delta Tauri will port it to instead use Tauri on all platforms, minimizing resource consumption and improving security. The download size is expected to decrease to around a fifth from the present situation, and the use of a system web view instead of the Electron-shipped full Chromium browser improves security because users benefit from operating-system managed security updates. Delta Tauri will also provide an important stepping stone towards a potential Delta Chat Web client, an often requested feature from users.

>> Read more about Delta Tauri

DeltaTouch — DeltaChat on UBports mobile phones

DeltaTouch is a Delta Chat compatible messenger app for the Ubuntu Touch mobile platform. In this project we will enhance Webxdc support, the last big feature missing compared to the mainline Delta Chat apps. Webxdc apps are small, portable web apps that are running inside a host application. At the moment, all official Delta Chat clients and Cheogram, an XMPP-based messenger, are able to act as a host for Webxdc apps. The DeltaTouch Webxdc implementation aims to support the current and also upcoming Webxdc specifications, allowing all existing Webxdc apps to function well with DeltaTouch.

>> Read more about DeltaTouch

DeviceCode — Structured technical information about consumer devices

This project is about reusing crowdsourced technical data about devices. This data is useful for researchers and tinkerers, but it is typically not the data that vendors are willing to give, let alone under a license that allows reuse. Think of: chipset information, serial port layout & speeds, amount of memory, and so on. Several groups of people have collected this data in several places (mostly wikis) under an open data license, but they are hard to reuse by other projects that could be interested in this data. The goal of "DeviceCode" is to collect this information, rework it into a format that is easy to reuse by other projects without having to resort to Wiki scraping, and also clean up the data (as humans make data entry mistakes and put useful data in places where it shouldn't be), cross-correlate different sources and automatically enrich the data where possible.

>> Read more about DeviceCode

Distributed GNU Shepherd — A Secure Distributed System Layer for Networked Cluster Computing

The project to convert the GNU Shepherd to a distributed program by porting it to use Spritely's Goblins library will empower users to more securely connect computers for clustered and other forms of cooperative work. As a daemon-managing daemon, the Shepherd exposes control of the system layer. Goblins, as an implementation of the object-capability security paradigm, provides both networking and security abstractions. Together, they will simplify and increase the efficiency of existing networked workflows without sacrificing security while also enabling entirely new kinds of cooperation between disparate machines.

>> Read more about Distributed GNU Shepherd

Dokieli — Decentralised article publishing, annotations and social interactions

Dokieli empowers users with full control and ownership of their content through self-publishing capabilities. As a decentralised authoring, annotation, and notification tool, dokieli enables users to create and share human-readable and machine-processable content.

Users can author and annotate a wide range of creative works, including articles, reviews, technical specifications, research and academic works, resumes, journals, and slideshows. They can link significant units of information from various open sources, store their content using their preferred storage systems, and share it with their contacts.

Dokieli is committed to leveraging open internet and web standards to ensure interoperability and universal access. Content produced by dokieli is decoupled from the application, allowing users the autonomy to switch to any other standards-compliant application and storage system.

The project's goal is to make it usable and accessible for all. To this end, we will replace several key libraries; improve the UI; expand test coverage (including accessibility tests); increase support for offline use; perform security audits; and expand implementation of web standards, and provide implementation experience feedback to technical standards bodies.

>> Read more about Dokieli

Dolphin authorisation — Avoid privilege escalation in the Dolphin file manager

While acting with elevated privileges, software needs to be distraction-free, clear and user-friendly to avoid security issues and other ways of impairing a system. This project is about enabling average users to do administrative file manipulation within the popular file manager Dolphin securely and with confidence. There is a strong demand for proper integration, enabling less technically-savvy users to safely work with all kinds of files. This project will bring improvements to technical and user-friendliness aspects, so the user will know how to securely accomplish their tasks. This will remove some attack vectors, reduce the risk of falling for social engineering, and reduce user error.

>> Read more about Dolphin authorisation

EDeA — Repeatable, automated measurement data capture

EDeA is a set of tools and a web portal which makes it easier for people to share and collaborate on Open Hardware sub-circuits. The scope of this project is to further improve on the collaboration aspect of the portal and to build the EDeA Measurement Server. The EDeA Measurement Server is a tool for automated scientific data capture (not only) for sub-circuits and a library which enables test & measurement as code. This makes it possible to analyze, reason about and share open hardware in a repeatable and consistent manner.

>> Read more about EDeA

EEZ Studio — Open source tooling for measurement and test equipment

EEZ Studio is a free and open source cross-platform low-code visual tool that brings the functionality of legacy solutions for effective control of test and measurement devices. Modern user interface, modular design, debugger, drag&drop flowchart programming will enable easy collection of measurement data as well as automation of test procedures in different environments from classrooms, workshops, laboratories to production lines.

EEZ Studio also offers a development environment for efficient creation of GUIs for embedded systems that use touchscreens. Unlike similar solutions, EEZ Studio enables not only drag&drop programming, debugging and GUI simulator, but also the creation of complex business logic for interaction with the user and with underlying hardware functionality.

>> Read more about EEZ Studio

EEZ flow for EEZ Studio — Open Hardware Test & Measurement equipment

EEZ Studio is a free and open source cross-platform tool which offers a development environment for efficient creation of user interfaces for embedded systems that use touchscreens. This allows for visual development of embedded GUIs and dashboards through which which one can manage test and measurement equipment - including for test and measurement automation.

In this project, the team will improve communication with test and measuring devices, allowing to manage multiple instruments, add networking capabilities and support for non-SCPI instruments and devices. In addition the project will develop templates for more easily creating dashboards, make the creation of report and working with project scrapbook easier, and improve data and session management.

>> Read more about EEZ flow for EEZ Studio

ELF tools in Rust — Porting patchelf and install_name_tool to a flexible Rust crate

The "ELF tools in Rust" project aims to develop a versatile command-line tool/library for manipulating ELF and Mach-O binaries, with a particular focus on enhancing patching functionalities. It will leverage the patchelf tool as a standard, alongside Rust's efficiency and safety features. Additionally, it aims to provide seamless integration with Python via bindings created with PyO3 for enhancing accessibility and usability for a wider range of developers and use cases.

>> Read more about ELF tools in Rust

Elm Matrix SDK — Better moderation for Matrix rooms and servers

The Elm Matrix SDK project is an initiative within the Matrix protocol ecosystem, designed to streamline the functionality of Matrix bots into intuitive applications. The project, currently in its prototype stage, aims to enhance the accessibility of Matrix moderation tools, catering to users of varying expertise levels. The project focuses on developing lightweight client applications with specific use cases, ensuring a seamless and adaptable user experience.

Matrix is an overlay protocol used mostly for instant messaging and audiovisual calls, but it is branching out into VR/XR and other domains as well. In its evolution, the Elm Matrix SDK intends to create tools that improve the usability and security of moderating individual Matrix rooms and entire servers. Examples include a "suspicious users page" for managing users banned across multiple rooms and a dedicated "war room" to counteract spam attacks. By prioritizing simplicity and effectiveness, the project strives to address social challenges and eliminate barriers to widespread adoption of moderation tools.

>> Read more about Elm Matrix SDK

EventFahrplan — Conference schedule app with strong offline capabilities

EventFahrplan is a privacy-friendly app for attending conferences and events running on Android devices. The development of the project happens continuously by staying up-to-date with new technologies and Android versions, adding useful features and fixing bugs. Current challenges are the migration to Compose UI, architectural refactoring, Kotlin coroutines, accessibility improvements, translation management, behavior changes with Android 13, interface changes to address large devices - and many other topics. This project helps to sustain the development of the app and to work on a selection of these topics.

>> Read more about EventFahrplan

FABulous Demo SoC — SoC with open source FPGA based on FABulous

Until recently, integrated circuits have largely been treated as blackboxes in the realm of trustworthy hardware. FPGAs, devices that can be programmed by the user to implement arbitrary logic functionality, help to open up this realm. But even with open source software stacks such as Yosys and nextpnr compiling for them, FPGAs themselves are still proprietary silicon. Using the FABulous framework and a wide range of other open IP, we are building a FPGA SoC (combination of a FPGA programmable logic fabric and a Linux-capable RISC-V CPU) that is both itself open source and built with open tools, and also supports the open FPGA toolchain. to develop it. Simplicity is a key design decision throughout, so we can use our work to explain how modern computing systems work without the complexity of commercial platforms.

>> Read more about FABulous Demo SoC

FOSS Code Supply Chain Assurance II — Add approximate matching capabilities to software vulnerability discovery

It is of the utmost importance to ensure that FOSS packages from public repositories have not been tampered with by malicious actors. This type of compromise is described as an open source "supply chain attack" and these have been increasing significantly. This project is building a new system (which is FOSS itself) to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open source packages supply chains such as: detecting if a package in use is matching verified code by matching source and binaries exactly and approximately. Or detecting abnormal code changes that may be signs of malicious modifications and possible attacks on a package.

The key components of this open code and data solution are a Package and File Fingerprints Database, a Code Similarity and Changes Detection Engine, utilities to detect possibly malicious changes in upstream projects, and integration in build system(s). While existing approaches may require a tight control of the whole code supply chain, the approach of this project is designed for practical usage with limited changes to a build and CI/CD pipeline.

This is the second phase of this ambitious project, the focus of which is to enable approximate matching between a database of FOSS packages resources and an actual FOSS package or other code. Moreover, various architectural improvements will be performed to support use at larger scale.

>> Read more about FOSS Code Supply Chain Assurance II

FPGA Fault Injection Testing — Better testing towards preventing fault injection in FPGA's

Fault injection aims at disrupting the orderly way in which data and instructions in a chip are processed. This can be achieved, e.g., by malicious glitches that briefly interrupt the supplied voltage of the chip. To better protect against faults, countermeasures need to be implemented, such as glitch sensors that can detect these adversarial conditions. Due to the wide range of fault injection methods, the development of glitch sensors is time-consuming and requires a wide range of lab capabilities.

Within the context of FPGAs, such testing is often not feasible due to their unique configuration based on a bitstream. In this project we seek to demonstrate that in-situ fault injection by creating short-circuits in an FPGA is possible and that this can be used to emulate similar effects in the circuit that otherwise would require costly external instruments. In addition, since FPGAs can be reconfigured quickly, it is possible to rapidly test a wide range of fault injection configurations. We then implement and compare glitch sensor designs in the FPGA and compare them to the state of the art (attacks and countermeasures) with the expectation to improve over previous results, as the fine-grained in-situ fault injection process is expected to offer more control over the testing process, resulting in a better calibration of the glitch sensor.

>> Read more about FPGA Fault Injection Testing

Faircamp 1.0 — Self-hostable, maintenance-free websites for audio producers

Faircamp is a static site generator for audio producers, empowering artists, labels and everyone else working with sound to distribute their work on their own, with low resource requirements and little to no maintenance effort. The aims within this project are to address usability, accessibility and cultural concerns, to improve documentation, to implement missing core architecture components and complete the embedding functionality, as well as complementary bugfixing and smaller feature additions.

>> Read more about Faircamp 1.0

FastWave — Modern waveform VCD parser

Whilst the fields of open-source hardware design tooling (including synthesizers and layout tools, and open-source digital logic/VLSI gateware) have recently experienced a significant renaissance, simulation visualization tools have not enjoyed similar advancements. This is noteworthy given that verification comprises approximately 80% of the digital logic development cycle. Efficient visualization and debugging of SOC simulations are thus becoming ever more critical.

Fastwave, currently developed as a VCD (Value Change Dump) parser in Rust, along with its visualization frontend, Surfer, aims to address this gap. Future iterations of Fastwave will enable advanced visualization of simulation states through custom user plugins. Potential applications include, but are not limited to, visualizing CPU pipeline states with pipeline diagrams or representing mesh network activity by simply loading a VCD file. Plans for expanding the Fastwave suite include features like tracing signals to their source, allowing users to pinpoint the HDL conditions that prompted changes in simulation signal states. Ultimately, Fastwave intends to reduce the workload for digital logic designers by enabling them to align the tool's visual outputs with the mental models they already have of their hardware systems.

>> Read more about FastWave

Federated software forges with Forgejo — Add ActivityPub based federation to Forgejo

Forgejo is a self hosted software forge where developers can work together on software projects and users can report bugs or request features. As of Forgejo version 1.20, when a project is hosted on a Forgejo instance, every developer is expected to create an account on that instance in order to participate. Compared to email, it is as if it was necessary to create an account on gmail.com to send a message to someone with an @gmail.com email address and another on yahoo.fr to send a message to someone with an @yahoo.fr email address. But in 2022 there are two: the W3C ActivityPub protocol published in 2017 and forgefed, an emerging standard (since 2019) to describe activities happening on software forges. They can be used by Forgejo instances to communicate with each other and create a federation of forges continuously communicating with one another instead of a constellation of isolated silos. A federated Forgejo will enable software developers to work on the same project even when they use different Forgejo instances. There will be bridges between isolated Forgejo instances that software projects can use to synchronize in real time.

>> Read more about Federated software forges with Forgejo

Software metadata — Decentralized, federated metadata about software applications

Modern software systems (and the organizations building and using them) rely on reusing free and open source software (FOSS), which requires quality metadata. Existing FOSS metadata databases are centralized and "too big to share" with locked metadata behind gated APIs promoting lock-in and prohibiting privacy-preserving offline usage.

FederatedCode is a new decentralized and federated system for FOSS metadata, enabling social review and sharing of curated metadata along with air-gapped, local usage to preserve privacy and confidentiality. FederatedCode's distributed metadata collection process includes metadata crawling, curation and sharing, and its application to open source software package origin, license and vulnerabilities. The project strives to implement the concepts outlined in "Federated and decentralized metadata system" (Ombredanne 2023).

>> Read more about Software metadata

FediMod FIRES — Tooling for Fediverse moderation

FediMod is building a set of tools to help assist in the moderation of fediverse servers, thereby reducing the need for each fediverse software to reimplement moderation tooling from scratch.

FediMod FIRES (Fediverse Intelligence, Recommendations & Replication Endpoint Server) is a protocol for sharing moderation recommendations and advisories. It introduces two key ideas to the Fediverse, one being a firewall based approach to federation management, the second being that moderation decisions should be labelled using common vocabularies.

The current project aims to create a reference server implementation, along with a conformance test suite that can be run by anyone implementing the FIRES protocol. We also intend to contribute features to existing fediverse software to enable the usage of these tools.

>> Read more about FediMod FIRES

Fidus Writer — Real-time collaborative web-based online editor for academia

Fidus Writer is an open-source online editor that enables real-time collaboration among academic researchers. It supports exporting individual documents to various standard formats, but it lacks the ability to import and export document collections (books) to some of the most widely used formats, such as DOCX, ODT and JATS XML. This project aims to enhance the functionality and usability of Fidus Writer by adding import and export function for books (including tracked changes), as well as a generic pandoc export for documents, using the existing code base and infrastructure. This will allow Fidus Writer to reach a broader audience and increase its adoption in the academic community.

>> Read more about Fidus Writer

Flarum — Add federation and much more to the extensible forum software Flarum.

Flarum is a technically advanced, open and extensible discussion platform. Flarum aims to bring people interaction to a new level by how it is designed and engineered. Flarum's key features include a responsive user interface that works seamlessly across all devices, a powerful and flexible extension system that allows users to customize the forum to their specific needs, and a robust set of moderation tools to keep the forum safe and spam-free. Within this project Flarum will add among others support for the W3C ActivityPub standard, to make content accessible in a federated way.

>> Read more about Flarum

Fleetbase on Solid: A production-ready supply chain solution — Federated open source supply chain solution using Solid

One of the most exciting features of Solid is its ability to set up a knowledge graph that connects the data with different owners. This is useful for connecting personal data, but it's even more useful for connecting business data. As such, supply chain management is a field with a high potential for disruption with Solid. Individual companies can share supply chain data with their clients and suppliers, allowing for more insights across the entire supply chain. Building a supply chain solution on top of Solid doesn't only take knowledge of Linked Data, it requires partners who are experts in supply chain management. Fleetbase is an MIT licensed, open-source logistics platform serving companies around the world. The "Fleetbase on Solid: A production-ready supply chain solution" project seeks to make Fleetbase solid compatible and flesh out a real-world use-case that relies on the power of linked data sharing enabled by Solid. By the end of the project, shipping companies will be able to used Fleetbase on Solid to sharing information and coordinate with third party delivery companies.

>> Read more about Fleetbase on Solid: A production-ready supply chain solution

ForgeFed — Federating software forges with ActivityPub

The platforms that software developers use for hosting and collaborating on their projects, known as software forges, are centralized systems. And some of the most popular forge websites run proprietary software and controlled by a single company. The values, methods, policies and interfaces of the tools we use with our software projects often don't align with our values and needs, but despite having coding skills, we're powerless to change the situation. ForgeFed aims to put the power back into the hands of the Free Software community, and to allow for systems that are truly trustworthy and support inclusion, freedom, participation, censorship resistance and alignment with needs, by turning software forges into a decentralized network. ForgeFed is a protocol and vocabulary for federation of servers and services related to the Software Development Lifecycle, and an attempt to implement federation into existing free-software forges. ForgeFed has been based on the ActivityPub protocol, which is widely adopted on the Fediverse, and is augmenting it with Object Capabilities, an essential component for distributed secure flexible authorization of collaborative resource access.

>> Read more about ForgeFed

ForgeFlux — Software Forge independent federation with ActivityPub and F3

Federation accurately models the way free software dynamics work: people and organizations across the globe come together to work on a software project. However, current software forging tools do not reflect this model, which has resulted in centralization in a few software forge instances. This issue is further complicated since a limited amount of tooling creators is committed to implementing federation.

ForgeFlux is a project in the forge federation domain that is trying to make forges federate by building external adapters. We use the forge's native APIs and create a translation layer to talk to other nodes on the federating forge network. We aim to make Forgejo and GitHub federate for the first stable release.

We are also working on other supporting areas in the forge federation domain, name in search and discovery of software projects, and in developing testing and debugging tools.

>> Read more about ForgeFlux

Forgejo — An open source software forge with a focus on federation

In order to collaborate among global FOSS communities, free and open source software projects need to make their software repositories available somewhere online. Running such repositories on top of a third party proprietary service introduces significant liabilities, including stability and privacy risks. There are also geopolitical issues of depending on such pseudo-infrastructure, where the political situation in one country can have an impact on the availability of technology in other countries.

Forgejo is a new software forge designed to scale to millions of users and projects by combining ActivityPub based federated features developed for Gitea and optimizations developed for Codeberg.

Forgejo helps to decentralise by enabling many independent forges to emerge, and allow them to federae. Forgejo aims at lowering the technical barrier, facilitate moderation in a federated environment and provide the expected security updates.

>> Read more about Forgejo

Native IFC for FreeCAD — ISO-compliant Building Information Modeling in FreeCAD

IFC, or Industry Foundation Classes, is finally providing a true, gold, open, universal data format for BIM (Building Information Modeling), the CAD paradigm nowadays widely adopted by the architecture, civil engineering and construction (AEC) industry. The IFC format is open-source, maintained by a consortium, open and text-based, and also an ISO standard. FreeCAD, a popular open-source 3D modeling application, has been supporting the IFC format for years already. This project goes one step further, and turns IFC a default file format of FreeCAD. Without the translation layer needed to import and export IFC files, FreeCAD becomes a true, native IFC editor, with a wealth of advantages, such as having minimal, identifiable and version-control-friendly change sets, access to just any piece of IFC data, etc.

>> Read more about Native IFC for FreeCAD

Data packages — Specification + improved tooling for external data set descriptions

Frictionless Standards are lightweight yet comprehensive open standards to help data publishers and consumers to create and use data. The standards include Data Package to describe a dataset, Data Resource to describe a data resource, File Dialect to describe a file format, and Table Schema to describe tabular data. They can be used together within a data package, like when providing a data API within an open data portal, or separately as building blocks for other standards or metadata catalogues, like Table Schema catalogue for public data models. The ultimate goal of Frictionless Standards is fully aligned with the FAIR principles: Findability, Accessibility, Interoperability, and Reuse of digital assets.

>> Read more about Data packages

Funkwhale — ActivityPub-driven audio streaming and sharing

Funkwhale is a federated platform that provides tools for managing, publishing, and sharing audio content using the ActivityPub protocol. In this project, we aim to expand our use of ActivityPub and extend our integration with other ActivityPub-powered platforms. We also plan to improve our product offerings by redesigning our flagship web app, adding support for more content types in our API, creating new features that integrate with MusicBrainz, and making our Android offering feature-complete.

>> Read more about Funkwhale

GNS Migration and Zone Management — Registrar tools for adoption of GNU Name System

The GNU Name System is in the final stages of standardization. Consequently, calls for migration and large-scale testing as well as interest in running GNS registrars are increasing. In order to address this development this project aims to facilitate the management of GNS zones by administrators and to provide users with means to resolve real-world names.

To ease adoption, a framework for GNS registrars will be developed for zone management. The registrar framework will allow GNS zone administrators to provide a web-interface for subdomain registration by other users.The services may also be provided for a fee similar to how DNS domain registrars operate to cover running costs. The framework is envisioned to support integration of privacy-friendly payments with GNU Taler (https://www.taler.net).

To demonstrate the capabilities of GNS with respect to DNS migration, we plan to run multiple GNS zones ourselves which contain the zone information from real-world DNS top-level domains.A selection of existing top-level domains for which open data exists will be hosted and served through GNS in order to facilitate the daily use of the name system. We are are planning to integrate at least three DNS zones and publish them (regularly) in GNS for users to resolve.

>> Read more about GNS Migration and Zone Management

Taler for local currencies. — Free software banking backend for local currencies

This project is about extending GNU Taler’s LibEuFin software to make it suitable as a core banking system for local or regional currencies, in combination with the Taler payment system. The innovation comes from employing FLOSS technology, and having a centrally managed and yet privacy-preserving payment system.

Our focus will be on creating interfaces to allow regional currency administrators to control the platform, including account creation, controlling money supply, analyzing transactions, and setting of relevant policies. Additionally, we will support onboarding of customers, including offering them a way to trade fiat currency (e.g. EUR) for the local currency or vice versa (if permitted by the currency conversion policies of the platform).

We will work with cities and regions that have deployed regional currencies (or are planning to do so) to better understand their needs and adapt our plans according to their use-cases.

>> Read more about Taler for local currencies.

GNUnet CONG — Modernise the network stack of GNUnet

GNUnet-CONG is an intermediate abstraction layer for decentralized network stacks. The goal of this project is to create a common abstraction for the gnunet layer-2-overlay and libp2p, which can be used by higher level services of GNunet (DHT, CADET and others). In addition to the abstraction GNUnet-CONG adds E2E encryption and protocol versioning for protocols on higher layers. With wrapping these functionalities in a nice abstraction, CONG offers a usable secure protocol/service that enables a controlled way to deal with developmental progress on higher layers. In addition to integrating the latest changes to the layer-2-overlay of GNUnet with its other parts, this project is a step towards interoperability and collaboration between projects for a decentralized internet on a technical as well as on a organisational level.

>> Read more about GNUnet CONG

Garage — Lightweight geo-distributed data store compatible with Amazon S3

Garage is a lightweight geo-distributed data store that implements the Amazon S3 object storage protocol. Garage is meant primarily for self-hosting at home on second-hand commodity hardware, meaning it has to tolerate a wide variety of failure scenarios such as power cuts, Internet disconnections, and machine crashes or slow response times. It also has to be easy to deploy and maintain, so that hobbyists and small organizations can use it without a hassle. Garage focuses on allowing users to build geo-distributed clusters, with nodes connected through consumer-grade Wide Area Network (Internet) connections. Garage makes this possible by tolerating relatively high latency between nodes thanks to an innovative design based on the principles of the Dynamo database and that makes heavy use of Conflict-free Replicated Data Types (CRDTs). Garage is written in Rust, with a strong emphasis on stability and robustness. The funding from NLnet will allow development of Garage to continue, tackling in particular the following two aspects: improving compatibility with the S3 protocol and guaranteeing the stability and soundness of the core of Garage's storage engine.

>> Read more about Garage

Genealogos — Nix to SBOM generator targeting the CycloneDX format

With the increasing importance of understanding the software supply chain, both for security and legal purposes, it has become necessary to provide users, administrators, and developers with an accurate picture of what's in the software they use. Like with any bookkeeping task, doing that manually is cumbersome and hard to keep up to date. The better course of action is to use the information encoded within functional package management tools like Nix. With Genealogos you can generate a compliance-ready CycloneDX Software Bill of Materials (SBOM) for any package available in the nixpkgs repository or in fact from any nix flake -- and automatically keep it up to date.

>> Read more about Genealogos

Verilog-AMS in Gnucap (cont'd) — Analog/Mixed modelling and simulation in Gnucap

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. Gnucap is a modular mixed-signal circuit simulator that partially implements Verilog-AMS, that aspires to eventually implement the complete language. In 2023, with NLnet support, we made significant progress in support for Verilog-AMS, the "analog" part, also known as Verilog-A, both on the simulator side and in the model compiler. For 2024, we will extend the work, concentrating on three tasks. The first is extensions to modelgen, the model compiler, essentially completing the analog part of Verilog-AMS, with some digital. The second task is enhancements to the simulator, mostly related to fast simulation of large mixed circuits, with both analog and digital parts. The first and second tasks are related to the "mixed-signal" aspect of Verilog-AMS. The third task addresses interoperability with other software, including schematic entry and layout, ability for Gnucap to use device models from other simulators, for modelgen to generate code to be used with other simulators, and porting some analysis commands.

>> Read more about Verilog-AMS in Gnucap (cont'd)

Verilog-AMS in Gnucap — Mixed-signal modelling and simulation with Verilog-AMS

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. The language supports high-level behavioural descriptions as well as structural descriptions of systems and components. This Project will make substantial progress towards a Gnucap based free/libre Verilog-AMS implementation. Gnucap is a modular mixed-signal circuit simulator, and has been released under a copyleft license with the intent to avoid patent issues. Gnucap provides partial support for structural Verilog and encompasses an analog modelling language that has influenced the Verilog standards. We will enhance data structures and algorithms in Gnucap, and improve Verilog support on the simulator level. We will implement a Verilog-AMS behavioural model generator targetting Gnucap with the intent to support simulators with similar architecture later on.

>> Read more about Verilog-AMS in Gnucap

GoToSocial — Lightweight ActivityPub social network server

GoToSocial is an ActivityPub social network server, powered by Golang. It complements existing ActivityPub implementations by providing a lightweight, customizable entryway into decentralized social media hosting. GoToSocial places a high value on ease of deployment and maintenance; this means low system requirements, minimal external dependencies, and clear documentation. GoToSocial empowers self-hosting newcomers to deploy small, personalized instances, from which they connect to others across the Fediverse, using low-powered equipment lying around at home. With GoToSocial, you can follow people and have followers, you make posts which people can favourite and reply to and share, and you scroll through posts from people you follow using a timeline. You can write long posts or short posts, or just post images, it's up to you. You can also, of course, block people or otherwise limit interactions that you don't want by posting just to your friends.

>> Read more about GoToSocial

GoToSocial — Improvements to ActivityPub server written in Go

GoToSocial is an ActivityPub-enabled social network server. It complements existing ActivityPub implementations (Mastodon, Akkoma, etc) by providing a lightweight, customizable and privacy focused entry to decentralized social media hosting. GoToSocial places a high value on ease of deployment and maintenance; this means low power requirements, simple set up, and clear documentation. It empowers self-hosting newcomers and experts alike, to easily and reliably deploy decentralized communities at minimal cost. With something as low-power as a small single-board home server, you can deploy a personal instance to follow your favourite Fediverse users, post content and interact with the decentralized community at large, all while retaining ownership of your personal data. For more experienced and privacy conscious users we offer features like allow-list federation mode, to ensure your data is only circulated among those you explicitly permit. In this project, the team will add two factor authentication, improve interoperability, scalability and add some new features like better archiving capabilities.

>> Read more about GoToSocial

Gorgon CI — Continuous integration testing for PRs against software dependencies

A longstanding challenge of open source development is that few users test development versions of software. This means that bugs make it into stable releases, annoying thousands of downstream users. In extreme but common cases, this results in downstream software getting stuck on outdated versions of dependencies because they missed the opportunity to participate in the upstream release cycle. This is despite the fact that many of those downstream users will have their own CI setups that might have caught the bug had they been run against the development version of the upstream library.

Gorgon is a CI system that will test PRs for your project, but it will run your project's tests against PRs for your dependencies as well. By leveraging Nix, Gorgon can make smart decisions about which PRs to test. Changes affecting few derivations will be prioritized over mass rebuilds, to test as many PRs as possible despite limited hardware.

This will let you identify which changes to your upstream dependencies you should care about. You'll be able to find and report bugs before they make it into a release, and know which upstream discussions to get involved in.

>> Read more about Gorgon CI

Haphaestus — Lightweight JavaScript-free browser engine written in Haskell

In the pursuit of turning a document publishing system into an application delivery platform modern web browsers have become incredibly complex. Thus frustrating efforts to adapt and modify browsers to people's individual needs, including privacy and accessibility needs. Haphaestus aims to illustrate the potential of a more private JavaScript-free web to provide an optimal experience for any conceivable device, by building upon the dev's previous auditory web browser to prototype one that can conveniently navigate most (but the most popular) sites using a TV remote.

Haphaestus will strive to deliver a working independent web browser requiring minimal TV remote button presses, as well as reusable software components for laying out, rendering, & paginating richtext documents written in a range of alphabets.

>> Read more about Haphaestus

Hardware accelerated 2D graphics — Design hardware accelerated 2D graphics using C to Verilog

This project is to develop a hardware accelerated 2D video controller for easily adding user interfaces to industrial and commercial machines. Besides offering a useful product and fulfilling a long-standing need for embedded systems development, it will also encourage people to engage in FPGA-based hardware development by using more friendly tools.Traditionally, to make stand-alone machines and systems (i.e. not based on PCs but on custom computing boards), if developers need to add graphical user interfaces (GUI) they are offered only two inconvenient options: use a complex system like a Linux-capable board, or limit performance to low resolutions that are unsuitable for medium to large displays. The latter case simply prevents successfully marketing those products, while the former requires a high degree of qualifications in embedded systems development, to build simple products like signage systems or vending machines. This project is somewhat inspired by the success of the Arduino project, a product and ecosystem that greatly simplified the design of not too complex machines, and encouraged a lot of people to do their own designs. Currently, with the easier Arduino and similar systems, there's no way to control professional user interfaces, so many developers keep outside of the field. With the proposed system, instead, it is easy: you can send drawing commands to the board right from the Arduino system, through a provided library. The board then loads previously stored images and fonts to render the GUI at a high resolution. The drawing commands are implemented with hardware acceleration to meet speed needs, and the cores for achieving that (FPGA gateware) will be written in the widely known C language. This is solved with a custom tool for conversion to Verilog, that offers fast graphical simulations too. This will encourage people who know the language from software development, to enter the hardware design field. Also, the widely known and easy to learn Micropython language will be offered, to further ease implementing devices.

>> Read more about Hardware accelerated 2D graphics

OCap layer for Haskell actor library — Implement OCapN and Syndicate in Haskell's troupe

This project aims to develop a stratified framework for the Haskell language to utilize ocap-based protocols. This would enable modern, secure, and efficient communication in distributed systems. The target protocols are OCapN and Syndicate, both related to CapTP, but different in focus (RPC vs sharing state). The project will provide a set of packages necessary to participate in a cross-language P2P network of applications. That includes pluggable transports, message codecs, and handling patterns.

>> Read more about OCap layer for Haskell actor library

Icestudio — Visual developer tool for development of FPGAs

Icestudio is an open source integrated development environment (IDE) with a "no code" philosophy that, through a block and diagram oriented visual interface, simplifies and streamlines the design of digital electronics on FPGAs. The simplicity of the concept breaks with the complexity of other tools in proprietary EDA environments, being able to meet the educational needs of STEM disciplines for the youngest students in schools, institutes, and universities, as well as providing more advanced users with a tool that simplifies their workflow in a much more user-friendly and visual environment without losing power or control.

Through its frictionless installation system and the generation of Verilog code from the visual design, Icestudio allows users to get started immediately, acting as an integrating element between designers and manufacturers of open hardware, with developers of open software solutions for synthesis such as Oss Cad Suite and transpilers such as Silice, Amaranth, or Cflexhdl.

Icestudio has the vocation of becoming the standard as a visual IDE for digital design on FPGAs, allowing other code-oriented IDEs to integrate it as part of their solution in the near future.

>> Read more about Icestudio

Icosa Gallery — Open, decentralised platform for 3D assets

Icosa Gallery is an open source 3D model sharing platform, designed to give users total control over their 3D creations. Powered by ActivityPub, users are free to choose their own instance that suits their needs, while still being able to share their creations with the wider fediverse. Users have access to a versatile 3D viewer for the browser, can upload in a wide choice of formats, and have complete control over publishing, licencing, and terms of their own assets. 3D portfolios are made simple for sharing with clients. A powerful API, search, and tagging system allows users to easily integrate their creations into any 3D environment. Instance admins have a versatile toolbox for managing data, including multiple large file storage backends depending on their hosting needs.

>> Read more about Icosa Gallery

Inko — Programming language with deterministic automatic memory management

Inko is a statically typed programming language, aiming to make it easy to write concurrent, reliable, deterministic, and memory safe software. Memory is managed automatically, without the use of a garbage collector. Instead, Inko uses a form of single ownership and runtime reference counting, and memory management is deterministic. Inko's type system makes data race conditions impossible, without the need to use locks and similar synchronisation methods, and without the need to copy data structures when sharing them between threads.

As part of this project, we'll finish work on our upcoming native code compiler, overhaul and improve the compilation of generic types and functions, implement a type-safe C FFI, add support for cross-compilation, and expand the standard library with various networking protocols.

>> Read more about Inko

Inochi2D — Open source 2D animation/puppeteering framework

Inochi2D is an open source, BSD 2-clause licensed toolkit and ecosystem for real-time 2D puppet animation, for use in game development, virtual avatars and other multimedia applications. Our ecosystem features a SDK and two tools: Inochi Creator, which allows the user to create a puppet by rigging layered 2D art via warping meshes, physics, dynamic masking and real-time lighting, in order to create the illusion of depth and liveliness. And Inochi Session, which allows the use of Inochi2D puppets for livestreaming, teleconferencing and more, by mapping external tracking data to a puppet's rigging. The SDK and tools together allows anyone to express themselves without restrictive licensing terms.

With this grant our goal is to improve the user experience and portability of our tooling via the creation of a new UI toolkit which is purpose-built just for Inochi2D, called libsoba. We also plan to finish and release a major update to Inochi2D, version 0.9, which aims to make Inochi2D more future proof and portable, making it viable to use in game engines such as Godot and Unity, and on the web via WebASM, WebGL and WebGPU.

>> Read more about Inochi2D

Inventaire Self-hosted — Self-hosted book inventories that share the wikidata-powered bibliographic database

The Inventaire Association supports and promotes the use of libre/free software and open knowledge to share information on resources. This ideal results in inventaire.io: a libre book sharing webapp, inviting everyone to make the inventory of their physical books, say what they want to do with it (giving, sharing, selling) and who may see it (friends, groups, or everyone). To provide data on books, inventaire.io reuses, extends, and facilitate contribution to wikidata.org. This allows users to build their inventories on top of a huge open multilingual knowledge graph, connected to Wikipedia, national libraries, the fediverse, and many other resources.

As the inventaire software becomes more mature, it is now time to deliver on a promise made years ago: decentralization. Installing and maintaining a self-hosted data-federated inventaire server should soon be as easy as (cyber-)cake! This would allow association libraries, privacy-concerned collectives, or anyone preferring self-hosting, to run their own instance: they would fully control their inventory data ("We have this book"), while still having the possibility to benefit from a mutualized bibliographic database ("This author wrote this book").

>> Read more about Inventaire Self-hosted

Irdest - OpenWRT Image and Bluetooth LE — Add Bluetooth LE connections to Irdest

This project extends the Irdest mesh networking stack in two ways:

Firstly, adding Bluetooth Low Energy support to Irdest. Bluetooth Low Energy (BLE) is an important technology to support for the mesh to work seamlessly. BLE supports the same communication range as regular Bluetooth protocol, while substantially reducing the energy footprint. Given that almost all mobile devices support BLE, supporting it in Irdest is a great advantage.

Secondly, creating an OpenWRT image for Irdest. OpenWRT is a Linux distribution for embedded devices like routers. Like any other operating system, it has apps or packages. Irdest could see wider adoption if we publish an Irdest package for easy installation on OpenWRT.

>> Read more about Irdest - OpenWRT Image and Bluetooth LE

Irdest spec, db, route scoring — Route scoring and other routing improvements for Irdest meshnets

Performant ad hoc mesh networks are an important way to achieve more resilience and reduce the dependency on fixed infrastructure. Irdest is a mature, relevant and up-to-date effort for hardware- and end-user-agnostic mesh networking. This project tackles some of the largest remaining issues in the Irdest stack. The Ratman router is currently not yet usable in production settings without immense supervision. The main goal of this project is to elevate the quality and resilience of Ratman to reach a level that users, who are not directly involved in development, have the capacity to run an instance and get reasonable error messages when something goes wrong - while minimising the amount of intervention actually required. Additional implementation of a few key missing features will make Ratman more useful in a wider set of deployments, and should improve general performance and uptime.

>> Read more about Irdest spec, db, route scoring

Threat intelligence sharing — Privacy-Preserving Sharing of Threat Intelligence in Trusted Adversarial Environments

Iris P2P is a peer to peer system for sharing security detections and threat intelligence with trusted models resilient to manipulation attacks

Most P2P systems are designed for file sharing, storage, chat, etc. but they are not prepared to share security detections, threat intelligence data and alerts. The security world needs better ways to automatically share intelligence data with trusted organizations and peers. This sharing is better decentralized so no single organization has control or can censor, sell or modify the data. Especially due to privacy concerns of what is done with your data.

Iris is the first global P2P system that is designed to solve this problem. It implements: automatic sharing of threat intelligence data when you are attacked, controlling the spread in the P2P to spread slowly, alerting the network of a new attacker. Controlling the spread in the P2P to be fast, asking peers about the reputation of other peers, and defining ‘organizations’ in the P2P network using the DHT and private/public keys. Organizations can publish their keys in conventional communication systems to attest ownership (social media, etc.) All communication is encrypted with private/public keys. You can control the privacy of your data by defining to which organizations and peers you want to share your data. You can also control the transfer of data with epidemic algorithms. All data is evaluated according to the trust in the other peers.

Defining trust of each peer in the network with a new protocol (Fides) which computes the trust in each peer by balancing the direct interactions with peers and reputation of peers according to the rest of the peers. Fides implements a mathematical model to guarantee that no adversarial peer can lie to manipulate the reputation and the trust.

>> Read more about Threat intelligence sharing

JShelter Manifest V3 — Make JShelter compatible with Manifest V3

JShelter is a freely licensed anti-malware Web browser extension that informs and protects people's freedom and privacy through people's regular use of the Web. These programs often go unnoticed, but run on a user's system -- whenever the Web server says to run them. They are typically served to the user as minified JavaScript, and few provide the corresponding human readable source code, or a free license allowing users to lawfully inspect and modify the program. By definition, these programs infringe user freedom. This Free Software Foundation project started in 2020 and is continuously developing. It is currently used by thousands of users around the world as the project gears up to continue protecting users from potential threats from JavaScript, such as fingerprinting and tracking and data collection while migrating to Google's Manifest V3. Manifest V3 will restrict the capabilities of Web extensions -- especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the Web sites you visit. Because of that, Manifest V3 is a detrimental step back for Internet privacy. With the help of NLNet, JShelter will work to upgrade its functionalities and continue to protect user privacy on the Web, which is even more important after this transition.

>> Read more about JShelter Manifest V3

JellyfishOPP — Open Hardware device for power profiling

JellyfishOPP (Open Power Profiler) is an affordable open-hardware measurement device designed to provide advanced, bidirectional power measurements and profiling, power optimizations, and battery profiling/simulation. It primarily targets developers of ultra-low power devices such as IoT sensors and wearable electronics, while also serving engineers and hobbyists. OPP will be a portable USB device that can be controlled through a host computer or smartphone app. Additionally, it will feature a simple on-device user interface for basic functionalities, eliminating the need for a host device in certain scenarios.

>> Read more about JellyfishOPP

Kaidan Auth + portability — Account portability and Client/Server Authentication for the Kaidan XMPP client

Kaidan is a user-friendly and modern chat app for every device. It uses the open communication protocol XMPP (Jabber). Unlike other chat apps, you are not dependent on one specific service provider. Instead, you can choose between various servers and clients. Kaidan is one of those XMPP clients.

In contrast to many other XMPP clients, it is easy to get started and switch devices with Kaidan. Additionally, it adapts to your operating system and device's dimensions. It runs on mobile and desktop systems including Linux, Windows, macOS, Android, Plasma Mobile and Ubuntu Touch.

The user interface makes use of Kirigami and QtQuick. The back-end of Kaidan is entirely written in C++ using Qt and the Qt-based XMPP library QXmpp.

>> Read more about Kaidan Auth + portability

Improving and extending Kaitai Struct — Rust parsing for binary analysis tool Kaitai Struct

Kaitai Struct (KS) is a tool for working with binary formats. It introduces a declarative domain-specific language for describing the structure of arbitrary binary formats. Based on any specification, KS can automatically generate a ready-to-use parsing module in one of 11 programming languages (C++/STL, C#, Go, Java, JavaScript, Lua, Nim, Perl, PHP, Python, Ruby). Serialization is supported in Java and Python.

This project aims to add Rust as a target language for parsing and to port the JavaScript runtime library to TypeScript, which will allow type checking and better IDE autocompletion in users' projects. Web IDE has a severe limitation that parsing errors prevent any results from being displayed. This is planned to be fixed, along with several other nuisances that limit user-friendliness. Compiler will be improved too. Support for multi-byte terminators (needed for null-terminated UTF-16 strings) will be added in all target languages, GraphViz generation failures will be resolved by updating to support newer KS features. The `valid` key will be extended by the capability to validate whether a value is part of an enum. The support for imports and unused types will be enhanced.

>> Read more about Improving and extending Kaitai Struct

Karrot — Location-aware community self-organisation

Karrot is a tool to support grassroots community organizing. It is designed to enable community-building and a more transparent, democratic and participatory governance of groups. Some of its defining features are the self-assignment of tasks, full transparency of members’ actions and a trust-based role system that avoids all-powerful group admins. Karrot originates in facilitating food-saving and sharing initiatives but developed a wider scope of community support.

Equipped with a better understanding about the diverse ways in which people self-organize and practice commoning, we will further develop the existing roles and permissions system, add features through which groups can run polls and enact graduated sanctions according to their needs.

>> Read more about Karrot

Katzen Metadata Minimizing Messenger — Privacy preserving instant messaging using a modern mixnet

Katzen is a multi-platform messenger application that works with Katzenpost, a mix network framework for building anonymity-enhancing communication services. Katzen minimizes metadata that could potentially be used to reveal the identities, locations, and relationships of its users. Katzen currently supports one-to-one messages between paired users, while also not revealing who is speaking to whom.

This project aims to improve Katzen by adding group messaging, multimedia file transfers, and voice chat. These features require a new encrypted-at-rest database, additional UI for file transfers and push-to-talk voice messaging, and implementation of group messaging using the multiparty REUNION protocol, which allows group members to discover each other using a shared passphrase.

>> Read more about Katzen Metadata Minimizing Messenger

Kazarma Release — Bridge between ActivityPub and Matrix protocol

Matrix-Appservice-CommonsPub is a bridge between two decentralized protocols: Matrix and ActivityPub. This allows to exchange private messages between Matrix users and users of different ActivityPub-enabled platforms, like PeerTube, Pixelfed and Mastodon. The bridge comes as an easy-to-deploy, secure and scalable solution. In this project the team works on significantly improvement of interoperability with various ActivityPub-flavours, and extending the feature set - better moderation options, private bridges, internationalisation, etc.

>> Read more about Kazarma Release

Kbin — ActivityPub based link sharing and microblogging

Kbin is a decentralized content aggregator and microblogging platform running on the Fediverse network. It can communicate with many other ActivityPub services, including Mastodon, Lemmy, Pleroma, Peertube. The initiative aims to promote a free and open internet. The platform is divided into thematic categories called magazines. By default, any user can create their own magazine and automatically become its owner. Then they receive a number of administrative tools that will help them personalize and moderate the magazine, including appointing moderators from among other users. Content from the Fediverse is also cataloged based on groups or tags. A registered user can follow magazines, other users or domains and create his own personalized homepage. There is also the option to block unwanted topics.

Content can be posted on the main page - external links and more relevant articles or on microblog section - aggregating short posts. All content can be additionally categorized and labeled. Great possibilities to search for interesting topics and people easily is something that distinguishes Kbin. Platform is equally suitable for a small personal instance for friends and family, a school or university community, company platform or a general instance with thousands of active users.

>> Read more about Kbin

/kbin — Mobile app and feature additions to /kbin

The project summary for this project is not yet available. Please come back soon!

>> Read more about /kbin

KiKit — Tooling for automation of production of PCB designed in KiCAD

The EDA suite KiCAD is a widespread libre solution for designing electronics. KiKit is a Python library, KiCAD plugin, and a CLI tool to automate several tasks in a standard KiCAD workflow. The main goal of KiKit is to make the step from finishing a PCB design to having a physical PCB as easy as possible, as fast as possible, and as error-proof as possible. It achieves that via automation of manufacturing data preparation. The automated processes are reliable, repeatable, and require zero designer input. Thus, they are error-proof. KiKit allows you to perform sanity checks of the PCBs, build panels according to the description and generate manufacturing data (gerbers, assembly files, BOMs, stencils), PCB documentation, and more. All this can be fully automated and, e.g., integrated into continuous-integration pipelines. Not only KiKit provides ready-to-use pipelines for the most common scenarios, but it can also serve as a framework for building custom PCB post-processing setups.

>> Read more about KiKit

Wireguard-1GE FPGA — Implement Wireguard in Verilog

WireGuard is a modern data tunneling and encryption protocol for Internet security. Traditional VPN solutions such as OpenVPN and IPSec are outdated, bloated, and have security gaps. While WireGuard in many cases will be a superior alternative, the performance of a software implementation will not always be enough for high-throughput use cases.

The project will implement the WireGuard protocol on a cost-effective Artix-7 FPGA, targeting a board supported by open-source tools for Xilinx with four 1Gbps Ethernet ports. The corresponding gateware will be written in the industry-standard Verilog, welcoming everyone to contribute and review our code, helping us make it more secure and widely used.

This project promises to deliver a working prototype of WireGuard in hardware in complete alignment with the spirit of the open-source movement.

>> Read more about Wireguard-1GE FPGA

Krill High Availability — Making Krill RPKI daemon deployment more robust

Krill shows users which announcements are seen in BGP based on the resources on their certificate, and uses this information to give suggestions about ROA configurations. Currently, this functionality is built around RIPE Routing Information System (RIS) data, which can be up to 8 hours old. With this funding Krill will be extended so that it will be able to use a local BMP or even BGP feed. This will offer a number of major advantages to users. Most importantly it will allow for near-realtime insight and alerting, and it will ensure the visibility of RPKI Route Origin Validation "Invalid" announcements - as those are more and more commonly dropped and therefore increasingly invisible to RIS.

>> Read more about Krill High Availability

Collabora Online/LibreOffice Accessibility — Private and accessible collaborative editing with Collabora Online/LibreOffice

Collaborative online text editing has become undispensable for many, but not everyone can equally benefit from it. The goal of this project is to implement improved accessibility for Collabora Online. The core of the proposal is to add accessibility to the edit view of documents, which are currently just pixels for a screen reader. This means users should be able to migrate off public cloud offerings when it comes to office document editing and this project should improve privacy for the most vulnerable in the society.

>> Read more about Collabora Online/LibreOffice Accessibility

LibreOffice/Collabora Online typography — Add interoperability and state-of-the-art web typography to LibreOffice/Collabora Online line break

The project adds state-of-the-art ISO OpenDocument/web typography features and MS Office line break interoperability to LibreOffice open source office suite (reference application of ISO OpenDocument format) and Collabora Online (open source online office suite built on LibreOffice Technology). This includes the support of ISO OpenDocument text property fo:hyphenate and paragraph property fo:hyphenation-keep (same features in XSL, CSS3 and CSS4); restoring lost text layout interoperability caused by the new default line break algorithm of Microsoft Word; and improving hyphenation zone interoperability (Microsoft Word/CSS4).

>> Read more about LibreOffice/Collabora Online typography

Lemmy private communities — Add private communities to Lemmy federated link aggregator

Lemmy is an open-source, easily self-hostable link aggregator that you can use to share, discover and discuss interesting new ideas - and discuss them with the world. Lemmy is a good decentralized alternative to widely used proprietary services like Reddit. It is designed to work in the Fediverse by virtue of its implementation of the W3C ActivityPub standard, and communicate natively with other ActivityPub services such as Mastodon, Funkwhale and Peertube. User registered on one server from one of these services should be able to effortlessly subscribe to communities on any other server, where they can have discussions with users registered elsewhere.

In this project, the team will deliver many noteworthy upgrades ranging from a more stable API, to group federation, two-factor authentication and improved moderation. In addition the project will work on the new native client Jerboa (for the Android OS). Also for the nostalgically inclined, the project is working on a new frontend inspired by traditional web forums like phpBB.

>> Read more about Lemmy private communities

Libre-SOC HPC — Work on High Performance Compute capabilities for Libre-SOC

LibreSOC has made significant progress in the development of Digitally-Sovereign VLSI designs. This project will continue to further that initial research to create High Performance Compute capabilities for ultimate use in end-user products such as smartphones, desktops, laptops and Industrial Embedded PCs is clearly important. We therefore aim to further the IEEE754 Pipelines, associated Formal Correctness Proofs, and continue implementing unit tests, Simulator, Processor Core implementing Power ISA and Draft SVP64, as well as documentation. In order to engage with developers and solicit feedback we wlll present the progress and outcomes at relevant technical conferences.

>> Read more about Libre-SOC HPC

Libre-SOC OpenPOWER ISA WG — Steward ISA extension proposals through OpenPOWER External RFC Process

The Libre-SOC project has developed Draft SVP64 (a Vector Extension for the Power ISA), containing around a hundred new Draft instructions that dramatically improves the Supercomputing-class Power ISA. It also produced a Simulator, thousands of unit tests and over 350 pages of documentation. What we could not do however was submit a Specification to the OpenPOWER ISA Working Group - because the ISA WG was still in the process of being ratified. That has now been done, and we need to begin the formal process of writing up "Requests For Change" and submitting them. The end result will be an extremely powerful Vector ISA suitable for use in Digitally-Sovereign end-user products.

>> Read more about Libre-SOC OpenPOWER ISA WG

SCIM integrations — System for Cross-domain Identity Management (SCIM)

Most organizations have a digital work environment that is composed of many applications. With a Single Sign-on (SSO) system they get a unified login and logout experience, but there is a catch. Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. For instance, users are deleted in the SSO, but not in the applications. Hence, SSO implementations are not GDPR compliant by default, and organizations have to develop custom process to circumvent violations. SCIM is a standard developed within the Internet Engineering Task Force designed to solve exactly that. The project is to develop a SCIM client for Keycloak and a SCIM service provider for Nextcloud, RocketChat, Matrix and Stackspin.

>> Read more about SCIM integrations

Libre Car Control — Automotive development platform, protocol analyzer and hacking multi-tool

The Engine Control Unit (ECU) is a microprocessor-based system that receives input from various sensors, analyzes the data, and controls various driving functions based on the input. LibreCar is a small and affordable device which can emulate an actual ECU as an electronic control module that manages control of an automotive vehicle. Acting as an all-in-one device for building, testing, monitoring, and experimenting with Automotive ECUs, LibreCar is built around a unique FPGA-based architecture making its digital hardware fully customized to suit the application at hand. As a result, it can act as a no-compromise Automotive protocol analyzer, an Automotive-hacking multi-tool, or an Automotive development platform. It is a fully reconfigurable test instrument that provides all the hardware, gateware, firmware, and software you will need to work with—and, indeed, to master Automotive domain such as rapid prototyping of compliant and non-compliant Automotive devices, Protocol analysis for Automotive protocols like Diagnostics, XCP and DLT for security research etc.

>> Read more about Libre Car Control

LibreCellular — FOSS technology stack for 4G networks

The LibreCellular project makes it easier to create 4G cellular networks with open source software and low cost software-defined radio (SDR) hardware. Achieving this via validated hardware and software configurations that are subjected to rigorous end-to-end testing via a continuous integration (CI) platform, supported by tooling and documentation for repeatable deployment.

This NLnet funded work will build on previous efforts and enable the integration of a more advanced core network, together with support for Voice-over-LTE (VoLTE). In support of which the existing CI hardware platform will also be extended and tests developed to provide VoLTE coverage. Finally, a previously developed medium power RF amplifier will be further developed to create a complete RF front-end, and a deployment manual will be created which covers topics such as antenna selection, spectrum licensing and EMF assessments.

>> Read more about LibreCellular

LibreOffice CRDT — Real-time collaboration between several, distributed LibreOffice instances

LibreOffice is the most widely used free and open source office suite, available for desktop, mobile and in the browser. Its most popular application is the text editor Writer, which is used to write billions of document every year.

Due to the increase of connectivity and remote work, these days many users look for real-time collaboration capabilities - meaning the ability to work with multiple persons on a single document in parallel. This project seeks to add this critical feature to LibreOffice. As a significant first step towards that goal, this project will therefore embark to re-architect LibreOffice Writer's comment (and later on change tracking) implementation, to make use of a suitable CRDT data structure. This is the first step towards real-time collaboration between several, distributed LibreOffice instances (desktop, mobile and server/Online).

>> Read more about LibreOffice CRDT

LibrePCB — EDA software suite to develop printed circuit boards

LibrePCB is a free and open source electronics design automation (EDA) software suite to develop printed circuit boards (PCBs). It runs on all major platforms and aims to be easy to use, while still beeing able to create professional schematics and PCBs. The goal is to make creating electronics easier, more efficient and less error-prone by using modern technologies and user interface concepts. LibrePCB therefore streamlines the whole PCB design process — from installing part libraries to ordering the final PCB design. Having such a free, powerful EDA software is the basement for the whole open hardware community as it allows us to reduce the dependency to proprietary and expensive technologies and empowers everyone to develop hardware for free, from hobbyists to professionals.

>> Read more about LibrePCB

LibreQoS — Improve congestion control for wifi networks

LibreQoS is a Quality of Experience (QoE) open source platform that leverages state of the art (and IETF standardized) Flow Queueing (FQ) and Active Queue Management (AQM) algorithms to help Internet Service Providers (ISPs) enhance their customers' internet connections. It effectively manages latency and bufferbloat over existing infrastructure. LibreQos ensures fair sharing of bandwidth, prioritizes critical real-time applications and promotes connection quality, equity and access.

>> Read more about LibreQoS

Liminix — Nix-based OS for domestic WiFi routers, access points etc

Today you can reflash your broadband router with Linux (e.g. DD-WRT, OpenWRT, Tomato or variants) to provide unparalleled flexibility to do things that the manufacturer system was not capable of. However, managing this flexibility by hand is challenging, especially when keeping custom configuration in sync across devices or through version upgrades.

Liminix aims to provide an OpenWrt-style embedded Linux distribution based on the Nix language for congruent configuration management, and the Nix package system. On top of this we plan to implement seamless management of configuration and secrets across a network of Liminix devices, and robust dependency-based service/process management so that a device can respond usefully when hardware or network connectivity changes.

>> Read more about Liminix

LiteX — Developer framework for FPGA and ASIC designs

LiteX is a versatile Python-based framework designed for building FPGA SoCs, providing a useful tool for developers working with FPGA and ASIC designs. Within this project we will improve LiteX by simplifying its use across three main tasks: creating FPGA-based accelerators and innovative ASIC SoCs, and running CI tests on FPGA boards.

For supporting FPGA-based accelerators we will develop a user-friendly infrastructure for developers to create their own accelerators using their preferred HDL language, along with example projects and documentation for various FPGA boards. We will extend LiteX CI tests to hardware to maintain stability, avoid regressions when introducing new features and enable testing of configurations that are difficult or impossible to simulate. And by introduce ASIC support to LiteX we enable people to create innovative ASIC SoCs. We start with a SKY130 build backend, and will extend the framework to streamline switching between different flows: Simulation, FPGA prototyping, and ASIC. We subsequently collaborate with other NLnet-funded projects to create an innovative SoC to validate the toolchain.

By delivering these tasks, the project will support the LiteX ecosystem, encourage innovation, and share the outcomes within the open-source hardware community.

>> Read more about LiteX

LunaPnR Phase 2 — A versatile and fast new open-source place and route tool

Making a custom chip (ASIC) requires a vast arsenal of tools, to do synthesis, simulation, parasitic extraction and schematic entry. . LunaPnR aims to add a robust open-source automated place & route tool to the equation. Luna targets ASIC processes larger than 100nm, in which it can perform place & route, do clock-tree synthesis and timing verification. This allows to design e.g. mixed-signal (analogue + digital) chips used in sensors and IOT devices. LunaPnR integrates well with existing open-source tools, such as YosysHQ's Yosys (a logic synthesis tool) and KLayout (a manual ASIC layout tool), but also with commercial tools via industry standard file formats (LEF, DEF and GDS). A fully open toolchain allows for a complete chain-of-trust between the chip designer and the chip manufacturer, from digital design to GDS2 and back (via wafer inspection).

In this new project LunaPnR will implement and test detail routing algorithms, enhancing the quality of the parasitic extraction for use with the OpenSTA static timing analyzer, speed up the graphical user interface (so it can render very large design efficiently), implement and test the power structure/special net/padring placer & router, and integrate Logic Equivalence Check (LEC).

>> Read more about LunaPnR Phase 2

Mainstreaming Anonymity for Developers (MAD) — Add Onion Services to interactive internet applications

A library that allows software developers to build anonymous and secure peer-to-peer services and applications using Tor onion services.

Gosling enables a developer to easily build technologically-guaranteed secure, metadata-resistant and anonymous networked applications (both peer-to-peer or client-server). Gosling is a Blueprint for Free Speech-developed, open-source library enabling this functionality via the use of Tor's onion services.

Because effectively and safely using Tor onion services programmatically is difficult and requires specialised expertise, very few applications use this technology despite the benefits to users. Most of these existing applications are dependent on the web-browser technology stack and seek to 'bolt-on' anonymity and privacy guarantees to existing clearnet applications.

Gosling, inspired by Ricochet Refresh and subsequent peer-to-peer onion service-based instant messaging clients, starts from first-principles and provides developers a tailored, pluggable system for peer-to-peer connectivity with all of the security and privacy properties of Tor onion services. It provides a simple API surface which reduces the chance of errors by developers which may end up compromising users' security and anonymity.

Gosling contributes to globally expanding user's defences against ever-more-ubiquitous online surveillance. This project moves Gosling from a functional proof-of-concept toward a trusted library which developers will be happy integrating into their programs to build the next generation of privacy-preserving internet applications.

>> Read more about Mainstreaming Anonymity for Developers (MAD)

MNT Reform Next — New iteration of the MNT open hardware laptop

MNT Reform Next is a new, thinner and higher performance version of the renowned Open Hardware laptop MNT Reform. It adopts connectivity standards like USB-C and PD charging, remains modular and aligned with the Right to Repair, and is built with longevity in mind. The project aims to bring Open Hardware computing and Free and Open Source Software to a larger audience by lowering cost and increasing portability while delivering more processing power.

>> Read more about MNT Reform Next

The MacBook Liberation Project — Implement Coreboot support to various Apple devices

The MacBook Liberation Project aims to bring software freedom to the Apple MacBook by replacing its proprietary boot firmware with freedom respecting boot firmware. This will increase their longevity, privacy and security. Intel based models that are now partially compatible with coreboot will be made fully compatible with not only coreboot, but easily installable coreboot distributions like Libreboot as well. The focus will lie on support for all possible RAM and SPD configurations for these models as well as easy internal installation for end users.

>> Read more about The MacBook Liberation Project

Machdyne — Modular open compute hardware

Machdyne designs and builds small computers intended for timeless applications such as reading, writing, math, education, organization, communication, and automation. We are creating a new series of open-source computer designs based on European-manufactured FPGAs. These computers will use an updatable open-source System on a Chip (SoC) that can be fully audited, understood and trusted.

>> Read more about Machdyne

Mailpile 2 (moggie) — Building a secure, modern e-mail client for self-hosting

Mailpile's mission is to empower users to be more autonomous and private in how they manage, store and communicate over e-mail, simplifying the use of relevant encryption technology (OpenPGP, Tor and encrypted local storage). Mailpile 2 will be an Open Source, secure web-mail application, usable and powerful enough to be a compelling alternative to both mainstream desktop e-mail clients and proprietary web-mail services. Mailpile 2 will offer both local and remote access to an elegant, mobile-friendly web interface, built on web-APIs exposed by Moggie. Moggie is the project's technical toolkit for searching and working with e-mail. This stage of the project is about developing Moggie to the point where it is useful as a stand-alone tool in its own right, and feature complete enough that work on the Mailpile 2 user-interface can commence.

>> Read more about Mailpile 2 (moggie)

Makatea — An x86, 64-bit Virtual Machine Monitor for the seL4, verified microkernel

The security of any software system depends on its underlying Operating System (OS). However, even compartmentalization focused OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing base to implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) on. Makatea is a new hypervisor written from the ground up, capable of paravirtualisation, Hardware-Assisted Virtualisation and device emulation. Makatea also will allow to run software originally written for other platforms wherever seL4 can be made to run - and do so in a very controlled environment.

>> Read more about Makatea

Manas — Rust modules for Solid clients and servers

Manas project aims to make Solid ubiquitous by creating an ecosystem with well-tested, reusable components in rust and js, with which one can assemble customized, feature rich Solid storage servers, clients, and applications, and digital-commons with data-sovereignty collaboration at the core.

Using rust, the servers could be run on low resource raspberry-pies to low latency serverless clouds, or as lightweight developer test servers. Can use custom storages from filesystem, object-stores, or consumer cloud storages like google-drive as backends. Support for WAC, ACP authorization systems, Solid-OIDC, HTTPSig authentication schemes, multi pod management, solid-notifications, etc will be provided as reusable layers. And the layered architecture enables adding customized validation, or any other custom features.

For clients, a rust client, and other helper crates will be developed for Solid protocol, Solid-notifications, etc, with probable bindings to other languages, that enables small CLIs, and other server-side/client side applications.

For the applications, a reusable crate will be created to package them as native applications using tauri, and Manas. This could make Solid an attractive storage api to code web & native apps with a single code base. It can be extended to offer sync solutions, native-first apps, etc in future.

>> Read more about Manas

MapComplete — Thematics OpenStreetMap-viewer and editor.

OpenStreetMap is a libre and free online database of geodata which can be edited by everyone and is used by millions of people. However, contributing can be challenging or intimidating to non-technical users. MapComplete is a webapp whose goal is to make it trivial to see and update information on OpenStreetMap. This is achieved by showing only features related to a single topic of interest on the map - from playgrounds, public toilets and bicycle rental places to charging stations and public tap water spots.

MapComplete contains many thematic maps, each built for a certain community of users and use cases. By focusing on a single topic, contributors are not distracted by objects not relevant to them. Furthermore, this allows to show (and ask for) attributes that are highly specialized (e.g. a widget that determines tree species based on pictures) but also to reuse common attributes and elements (such as showing and adding opening hours or pictures). Within this project, performance will be improved and a user interface to create a new topical map will be built, which will allow for more people to contribute on more topics.

>> Read more about MapComplete

Marginalia Search — A fresh take on search

Marginalia Search is an experimental Internet search engine for the independent web designed and optimized to run on cheap consumer hardware. The overarching goal of the development effort is to bring the project into a more mature state; to improve search quality and range, reduce the amount of manual operations, and to produce and offer portable data in order to bolster adjacent efforts in the search and discovery space.

>> Read more about Marginalia Search

Catalogs in MariaDB — Enable true multi-tenacy in the MariaDB database

MariaDB Server is the open source database powering most of the internet. Many deployments of MariaDB are done as part of a shared hosting solution, where the underlying hardware is shared by many different tenants. To achieve scalability, hosting providers typically start a single MariaDB Server instance and impose artificial limitations to tenants, such as disallowing any new user creation, modifications, passwords, access control changes etc. The alternative of starting up dedicated database servers incurs a significant resource overhead, limiting the number of total tenants and implies wasted energy and compute power.

Catalogs is a feature built for MariaDB Server to eliminate the need for artificial restrictions, all while maintaining high scalability and user density. Catalogs introduce an extra separation on the SQL layer, allowing a user experience that is almost 100% identical to running a dedicated MariaDB Server instance, without the overhead of starting up multiple servers. With catalogs, hosting providers will be able to optimize hardware usage while their users will be able to modify their own dedicated system tables, without impacting other tenants.

>> Read more about Catalogs in MariaDB

ActivityPub Quote Posts — Quote Posts in ActivityPub and Mastodon

Quote posts are a popular feature of online social media platforms. They offer the ability to share another persons post to ones own followers, while adding a comment. Interestingly, so far this seemingly obvious concept has not been standardised - meaning there is no agreed way to implement this feature into an W3C ActivityPub implementation in a way that is automatically interoperable with the other applications in the Fediverse.

Quoting is a simple but powerful feature that can help to quickly grow audiences and convey trust and respect, but in the hands of the wrong people it can also be used for malicious purposes: to misquote people, or to intentionally quote someone out of context. Since people 'have actually said it', quotes can easily be levered to rally hate speech and harass people.

This project will design an ActivityPub implementation of quote posts that tries to avoid this. It will attempt to remove some of the liabilities, and reduce the risk of weaponisation. The goals is to write an ActivityPub protocol extension proposal (a so called FEP) for quote posting, which will be implemented directly in Mastodon to see if the design holds up. Having a specification, allows everyone to efficiently implement this same feature in an interoperable way.

>> Read more about ActivityPub Quote Posts

Modular Meta-Press.es — Reusable decentralised meta-search engine

Meta-Press.es is a search engine dedicated to online press. It can work from your computer being shaped as browser WebExtension and gives you back the control of your information sources allowing to choose (and pin-point) the newspapers to search in. Sources can be contributed by users, covering any domain where it's the chronological order that matters : press (TV, radios…), scientific press, online agendas…

Using Meta-Press.es is free, avoid ads and does not trigger the tracking mechanisms of online newspapers when discovering the results. With the new developments within this project, Meta-Press.es will break out of web browsers to become available server-side and for mobile users. Also, contributions for your favorite sources will finally be possible "all by mouse" and without computer science specific knowledge (traditional method via CSS selectors still being available).

>> Read more about Modular Meta-Press.es

MinetestEdu — Education platform centered around 3D/cube world Minetest

The MinetestEdu project is an open-source initiative designed to provide French teachers with tools for using the Minetest video game in the classroom. The aim is to encourage the adoption of open-source tools among educators and students in France and abroad, while contributing to the Minetest community with the development of educational features and customisable graphical elements with a focus on improved filtering of educational mods and enhanced manipulation of 3D data. This initiative follows on from the UNEJ (Urbanités Numériques En Jeux) project, which was developed in the north of Paris and is one of several projects using Minetest for education.

>> Read more about MinetestEdu

MobileAtlas — Taking roaming measurements to the next levelMobileAtlas

MobileAtlas is an international measurement platform for cellular networks that takes roaming measurements to the next level. Although mobile cellular networks have become a major Internet access technology, mobile data traffic is surging, and data roaming has become widely used, well-established measurement platforms (e.g., RIPE Atlas) are not well-suited for measurements in the mobile network ecosystem. This includes measurements of metered connections and consideration of roaming status and zero-rating offers.

MobileAtlas implements the promising approach to geographically decouple SIM card and modem, which boosts the scalability and flexibility of the measurement platform. It offers versatile capabilities and a controlled environment that makes a good foundation for accurate and fine-grained measurements. In the current phase we focus on increasing the coverage of the measurement platform and improving the support for emerging technologies (e.g. eSIM, IPv6, VoLTE, and 5G).

>> Read more about MobileAtlas

Mobroute — A minimalist FOSS public-transportation router/tool suite

Mobroute is a general purpose FOSS public transportation router, enabling people to e.g. plan their trips around town. It is a Go library and command line interface (CLI) that works by directly ingesting timetable data from transit agencies themselves (in GTFS format, obtained via the Mobility Database). After this data has been fetched, route planning can be done offline, on one’s own device. Overall, Mobroute aims to offer an open source framework for integrating data-provider-agnostic GTFS public transit capabilities (integrated GTFS ETL, GTFS multisource support, and routing algorithm) into applications to get users from point A to point B via public transit, without comprising privacy or user freedoms.

In addition to the Mobroute Go library & CLI, the related subproject, the Transito app offers fully integrated routing functionality on mobile devices (Android & Linux) utilizing Mobroute's Go library.

>> Read more about Mobroute

Caster — Open-hardware high-refresh-rate electrophoretic display controller

Modos is building an libre, open source and open hardware ecosystem of low-cost, affordable electronic devices that use an E Ink display and are driven by the first open-hardware high-refresh-rate electrophoretic display controller of our own design. Having such a controller will enable the creation of new devices and applications designed around the advantages of this dynamic medium: easier on the eyes, less power consumption, readable in direct sunlight, and persistence.

In this project, the team will incrementally improve upon the existing (working) prototypes and establish a Pilot Program . The team provides community support, and makes sure you contribute to the development of the open hardware ecosystem.

>> Read more about Caster

Monal IM UI — Modern UI for XMPP on iOS and macOS

Monal is an open source XMPP instant messaging client for MacOS and iOS which strives to be the go-to client for these platforms just like the app Conversations is for Android. Like other messaging apps on iOS and macOS Monal must deal with the limitations of these platforms. Yet, Monal is able to fully support push messages even for encrypted groupchats without resorting to non-XSF- standardized extensions to the long-lasting XMPP protocol.

Since Monal has a quite mature and stable XMPP backend now, the focus is shifting to rewriting the UI of Monal. And all this while adding new features, such as voice and video calls, which have only recently been added. In this project, Monal will receive a new chat UI that provides better UX and is way more maintainable for the developers. Additionally, the audio call functionality previously funded by NLNet, will be extended by a dialpad. This will allow calls to mobile and landlines via appropriated XMPP-VoIP-bridges like jmp.chat. To speed up connection establishment support for Bind2 and FAST will be implemented. This will result in better UX, especially for users on mobile connections with low bandwidth and high latency.

>> Read more about Monal IM UI

Mox — Modern full-featured open source secure mail server

Mox is a modern email server implementation that makes it easy for people and organizations to run their own mail server, allowing them to stay in control of their own email communication, and keeping email decentralized. While high-quality open source mail server software components exist, their code bases are growing old, and getting a working setup involves configuring at least half a dozen of them to work together. That complexity has turned people to a few (centralized) email providers. Mox gives users their power back! All important protocols/mechanisms needed for a modern email setup have been implemented in mox, including: IMAP4, SMTP, SPF, DKIM, DMARC, MTA-STS, TLSRPT, automatic TLS with ACME and Let's Encrypt, IP/domain/bayesian spam filtering, internationalized email, account autoconfiguration. Setting up mox takes just minutes with the quickstart, with no additional tools/dependencies required. The code base is lean, coherent, self-contained, well-tested, cross-referenced with specifications, liberally MIT-licensed, trivially reproducibly built and is defensively written in Go, a modern, safe programming language. Mox's integrated approach has allowed for novel functionality. Development continues on supporting more protocols and extensions, as well as quality improvements such as more automated tests. On the roadmap at the time of writing (but check the project site!): IMAP4 CONDSTORE, QRESYNC, THREAD extensions, DANE and DNSSEC, sending DMARC and TLS reports, OAUTH2, Sieve, JMAP, Webmail, Calendaring and more.

>> Read more about Mox

Naja — EDA tool focused on post logic synthesis

Naja is an EDA (Electronic Design Automation) project aiming at offering open source data structures and APIs for the development of post logic synthesis EDA algorithms such as: netlist simplification (constant and dead logic propagation), logic replication, netlist partitioning, ASIC and FPGA place and route, …

In most EDA flows, data exchange is done by using standard netlist formats (Verilog, LEF/DEF, EDIF, …) which were not designed to represent data structures content with high fidelity. To address this problem, Naja relies on Cap'n Proto open source interchange format.

Naja also emphasizes EDA applications parallelization (targeting in particular cloud computing) by providing a robust object identification mechanism allowing to partition and merge data across the network.

>> Read more about Naja

Naja DNL — Add Dissolved and Batch Netlists to Naja EDA

Naja is an EDA (Electronic Design Automation) project aiming at offering open source data structures and APIs for the development of post logic synthesis EDA algorithms such as: netlist simplification (constant and dead logic propagation), logic replication, netlist partitioning, ASIC and FPGA place and route, … In most EDA flows, data exchange is done by using standard netlist formats (Verilog, LEF/DEF, EDIF, …) which were not designed to represent data structures content with high fidelity.

To overcome this problem, Naja relies on Cap'n Proto open source interchange format. Naja also emphasizes EDA applications parallelization (targeting in particular cloud computing) by providing a robust object identification mechanism allowing to partition and merge data across the network.

The core of Naja is formed by two interrelated data structures: the Structured Netlist (SNL) and the Dissolved Netlist (DNL). SNL is tailored for high-fidelity representation of hierarchical netlists, while DNL offers a flattened netlist view, optimized for rapid, multi-threaded analysis and optimization tool development.

>> Read more about Naja DNL

NaxRiscv core improvements — Open hardware out-order Risc-V CPU

This project aims at extending the scope of the NaxRiscv project (a free and open-source out-of-order multi-issue RISC-V CPU, using innovative hardware description technics and optimized for FPGA deployment) by getting the CPU to run Debian in a stable manner and documenting the whole process used to build the required binaries/rootfs, implementing memory coherency, multicore support and a L2 cache to enhance the performances, and finally, optimizing and synthesizing the CPU for ASIC using the free and open-source tooling to pave the way for some future NaxRiscv based silicon chips.

>> Read more about NaxRiscv core improvements

Nitrokey 3 — PIV/FIPS 201-3 and extended hardware support for Trussed/Nitrokey

Nitrokey 3 is an open source hardware USB/NFC key aiming for data encryption and two-factor authentication. Currently it supports FIDO2 authentication and WebCrypt. This project will allow it to extend its Rust firmware, developing additional functionality which makes it into a full-featured open hardware security key. By adding support for new so called 'secure elements' to Trussed, any device using Trussed can benefit from more hardware options. Within the project we will also develop PIV support for Nitrokey 3. PIV is a smart card standard which is used in enterprises and also popular among users of some operating systems like Microsoft Windows. PIV allows for data encryption, signing and authentication.

>> Read more about Nitrokey 3

Nitter — Alternative privacy-preserving FOSS UI for Twitter

Nitter is an open source alternative Twitter front-end that prioritizes privacy and performance. It acts like a proxy by requesting data on the server using internal twitter APIs, and serving a lightweight front-end without JavaScript or ads, as well as RSS feeds. This bypasses the need for login credentials, and all requests including media go through the Nitter server. It's easy to self-host, and more than 100 public ins tances are available. The scope of this project is to implement features such as an account system for following Twitter users, tweet embeds, missing Twitter features, and general maintenance. The account system will store tweets in a database, paving the way for a future tweet archival feature.

>> Read more about Nitter

Debug Adapter with Nix — Implement the Debug Adaptor Protocol for Nix

The DAWN (Debug Adaptor with Nix) project intends to improve the Nix developer experience by making debugging Nix code easier. As with most programming languages, writing Nix code may be difficult and confusing for those both new to and experienced with Nix, so having a good debugger experience is essential. Today, debugging Nix may be performed either via the Nix debugger's repl or by print statements (builtins.trace). DAWN improves this debugging experience by implementing the adapter portion of Microsoft's Debug Adapter Protocol on top of the Nix debugger. DAWN will provide an ergonomic and first class debugging experience directly from all editors supporting the Debug Adaptor Protocol.

>> Read more about Debug Adapter with Nix

Nominatim as a library — Self-hostable address/location retrieval for OpenStreetMap

Nominatim is an open-source geographic search engine (geocoder). It makes use of the data from OpenStreetMap to built up a database and API that allows to search for any place on earth and lookup addresses for any given geographic location. The conventional wisdom is that geocoding is such a computationally heavy task that it can only be done through a webservice. So far, Nominatim has been following this convention. While it is easy to install your own instance, it is still expected to be run as a service. However, if you care about privacy, then location data is not something you would want to regularly send to an external geocoding provider because it allows to create detailed movement profiles. We need the possibility to do geocoding directly on the device. The goal of this project is to transform Nominatim's code base so that it cannot be only be used as a web service but also as a local application or as a library inside another application. In the first phase, the PHP code of the search frontend will be ported to Python, which is much better suited for such a multi-use task. In the second phase, we explore if the rather heavy-weight PostgreSQL database can be transformed into an SQLite database to even further simplify using Nominatim as a library.

>> Read more about Nominatim as a library

Nyxt Webextensions — Independent implementation of WebExtensions

Nyxt is a web browser that seeks to empower knowledge workers with access to better browsing tools. The Internet is the single largest corpus of human knowledge available. Effective tools to navigate, browse, and index it are important for research/work/empowerment. Nyxt provides these tools. A different take on the "browser", Nyxt is a power-browser, designed from the ground-up for work.

What was until now missing from Nyxt, and from other third party browsers, is support for common WebExtensions (such as NoScript, ad blockers, etc). In this project we'll extend Nyxt's capabilities to support WebExtensions which will allow users to customise their browsing experience and better protect themselves from abuse. Additionally, our work will pave the way for other libre WebKitGTK+ to support WebExtensions, and thus, increase adoption.

>> Read more about Nyxt Webextensions

OVT 13 — Open Hardware laptop

The open hardware laptop OVT 13 (Open Vision Technology 13" Laptop) will be a thin and light laptop that is on-par in terms of performance and look-and-feel with established solutions available from market dominating competitors. The OVT 13 is designed to meet the modern standards imposed on thin and light laptops. The fully open-hardware design as well as the modular approach will satisfy both the enthusiast and non-technical user in terms of design openness, upgradability and repairability, performance and formfactor.

The vast amount of engineering innovation that goes into designing consumer electronics devices goes unnoticed by many users. These innovations take place behind closed doors and do not advance the technical progress of our society, but only serve to increase the market share of a single company. The OVT 13 will not only be an open hardware design, but also a communication effort that shines a light on the design challenges and the innovations needed to overcome them. By publicly documenting the whole design process no knowledge will be kept behind closed doors and the innovation that goes into designing such a system can be used by everyone.

>> Read more about OVT 13

Oils for Unix — Bringing shell environments into the 21st century

Oil is a new Unix shell. Shell languages provide an (IEEE standardised) interactive command language and interactive scripting environment used to control computer operating systems. Shell scripts are deployed and used visibly and invisibly to command or glue together different applications and control the execution of tasks. Oil is the upgrade path from traditional shells like bash to a better and more structured language and runtime. It already runs thousands of lines of unmodified POSIX compliant shell scripts (as well as bash scripts which aren't compliant), but in a safer and more reliable way.

OSH can be smoothly upgraded to YSH, a new shell language influenced by Python, Ruby, JavaScript, JSON, and YAML. YSH also offers a basic interactive shell UI, and a "headless" API for building GUIs on top of shell. Through its set of specification languages, scripts can be translated to fast C++.

Goal of this project is to implement various new builtin YSH methods and functions (Str, Dict, IO, ...), implement JSON / J8 Data languages, create a Flag parsing lib and test framework, and significantly improve documentation throughout the entire project.

>> Read more about Oils for Unix

Oku — A browser and encrypted data vault based on IPFS

Oku is a free and open-source browser for the Web, which aims to bring several technologies, some new and some pre-existing, to everyday users of personal computers. It aims to promote the usage of peer-to-peer protocols, such as IPFS, onion routing (using the Arti implementation of the Tor anonymity protocols), and the WebKit browser engine. With the IPFS protocol built into the browser, users will be able to create, share, and view hypermedia without the need for servers; as a consequence, pages accessed through the IPFS protocol will require offline, local-first data storage on 'vaults' residing in the user's device. The browser facilitates the reading of data from the local storage vaults, prompting the user for a password so that the vault may be decrypted; afterwards, the 'hivepage' (a page accessible through a P2P protocol, as opposed to HTTP) is provided with the user's files residing in the relevant decrypted vault. This model will promote a more trustable alternative to the Web, while simultaneously reducing the cost of publicly sharing hypermedia on the Internet, as servers will no longer be responsible for hosting & serving the content.

>> Read more about Oku

Open Energy Profiler Toolset — Modular open hardware Energy Profiling

Battery-powered devices often incorporate high-speed communication protocols that consume power in high peaks. One of the main challenges is to provide a compatible set of hardware and software solutions that will enable easy and high-precision energy profiling tools which enable high-speed sampling rates and high current rates.Energy consumption profiling of such devices requires the use of various hardware and software solutions that are often not compatible, making them difficult to use, or do not provide suitable measurement accuracy. Our primary objective is to provide a unified toolset that encompasses an EEZ bus compatible hardware platform, open-source firmware, customized protocols for external firmware energy debugging, and a user-friendly graphical interface for widely used operating systems like Windows and Linux. This toolset will enable the end user to quantify overall MCU-based device consumption and identify energy-intensive software parts within an IoT end device. The project outcomes will include an EEZ Bus compatible standalone acquisition card that support sampling data rates up to 4 MSPS and high-speed data streaming through an Ethernet interface; an open-source library as support for energy debugging of end device firmware; and open-source GUI application for visual examination of different energy consumption parameters.

>> Read more about Open Energy Profiler Toolset

Ordie — Designing a SoC for Betrusted

The field of open silicon is still in its infancy, and while the story on digital logic generation is good, analogue is still a work in progress, and full system integration is only just beginning. The Ordie project will characterize available analogue and digital blocks, integrate them, and create simulation and test software to validate them both pre- and post-production. In this way, the Ordie project will create open, fully-verified silicon chips where every aspect of the part is inspectable down to the raw GDS files. These parts will be usable in some aspects of projects such as Betrusted, where they may be used to replace some of the proprietary silicon with open variants. Along the way it will develop a circuit that enumerates over USB, be able to address various debug structures using existing Wishbone USB and Spibone debugging, and develop a buck regulator, useful for powering on-die structures.The on-chip blocks will be documented using reference systems such as lxsocdoc.

>> Read more about Ordie

Organic Maps — Privacy-focused Android & iOS offline maps application

Organic Maps is a free and open-source mobile app, that offers fast detailed offline maps of the entire world based on the OpenStreetMap database maintained by millions of people across the globe. The app works with downloaded map files on your device, offering fast power-efficient map rendering, offline turn-by-turn navigation with walking/cycling/driving directions as well as robust offline search and trip planning features. Organic Maps is a community-driven app you can trust – no software bloat, no battery drain, no excessive permissions, no ads, no tracking, no personal data collection, no big tech's prying eyes. Pure and organic, made with love.

>> Read more about Organic Maps

Overte — Virtual reality based social platform

Overte is a virtual social platform that allows its users to socialize in a more involved way than traditional digital communications, by allowing them to enter worlds using Virtual Reality. It can be used not just for recreational activities, but also education, psychotherapy, congresses, and more. The goal is to support peoples need for immersive social platforms, by providing them with something that is privacy respecting and free.

As part of this project, we aim to take on bigger maintenance and development tasks that may otherwise happen slowly or remain undone. Such tasks include overhauling the build system, as one of our challenges is enabling volunteers to build, test, and contribute to a software with more than a million lines of code and many major dependencies on multiple different platforms.

>> Read more about Overte

p2panda: group encryption and capabilities — Add group encryption and capabilities to peer-to-peer SDK

p2panda is a protocol and SDK for building decentralised applications with authenticated data, which is stored and synced between computers. Most p2p protocols, including p2panda, face problematic security and privacy challenges, where sensitive data is distributed in a trust-less network. This application aims at the integration of a secure data encryption and fine-grained capability layer to give users more control and protection of their data.

Scaleable data encryption for large groups in a decentralised network is hard and has always involved a trade-off between UX and security. We believe that MLS is the first Internet Engineering Task Force (IETF) standard to tackle some of these challenges. p2p applications of all kinds, will benefit from a protocol that gives them a distributed, strongly encrypted database stack. MLS assures Post-Compromise Security (PCS) and Forward Secrecy (FS) and still stays performant for large groups. While MLS is capable of working in a decentralised environment it hasn’t been explicitly specified for it. With p2panda we have all the building blocks to realize MLS in a fully decentralised setting.

Highly collaborative p2p and offline-first applications require a robust capability system which facilitates giving and revoking permissions to/from identities on the network. With such a system it becomes possible to give permissions for certain actions to other authors or link devices which should be grouped under a single identity.

>> Read more about p2panda: group encryption and capabilities

PTP gateware with openXC7 — PTP on FPGA timing cards and SDR cards with openXC7

This project develops open-source gateware for the Precision Time Protocol (PTP), which is essential for accurate timekeeping across servers. Implementing this technology on Xilinx ZYNQ FPGA chips, it offers a secure, reliable alternative to proprietary gateware, reducing the risk of undetected security breaches through server backdoors. This initiative not only enhances Internet security but also enables diverse applications, from 5G networks to research instruments like particle accelerators, making advanced time synchronization accessible, and safeguarding the digital ecosystem for the general public.

>> Read more about PTP gateware with openXC7

Passthrough Authentication — Authentication proxy using Kerberos and SPNEGO

Adding authentication to an application is an ungrateful part of development - users don't like to log in and there is a lot of duplication of effort. This project proposes an interesting alternative which benefits from the fact that browsers have retained built-in support for HTTP SPNEGO (with Kerberos included) for many years: by forwarding Kerberos tokens through a lightweight proxy to a "kerberized" authentication server that is part of the same Kerberos realm where the user logged in at the beginning of the day. The goal of this project is to make web modules, such as Apache, for the proxy and implement the authenticator using Diameter or another broker, and do the same for SASL using GSSAPI.

>> Read more about Passthrough Authentication

Popularizing PeerTube — Decentralised video platform powered by ActivityPub

PeerTube is a software that empowers collectives to create their own video hosting and live-streaming solution, present a federated video catalog, and emancipate themselves from proprietary centralized platforms. It is nowadays used by institutions, educators, collectives of creators and citizens.

This development project is aimed toward improving on PeerTube's features and ecosystem in a way that facilitates adoption, experience and usability.

Such developments include: user's data export & import, a full accessibility audit (including integrations), splitting audio & video streams, comments review & moderation tools for content creators, automated filters to facilitate moderation, streaming in "audio only" mode, a redesign of the video management system, a new content warning/characterization system, a whole UI/UX audit and remodel.

We also want to develop the first version of an official mobile app dedicated (at first) to find and enjoy content on the PeerTube vidiverse.

>> Read more about Popularizing PeerTube

Peertube plugin livechat — Integrated chat for Peertube live streams

The Peertube project aims to offer a free, decentralized, and sovereign alternative to video-on-demand platforms. Since its 3.0.0 version it is possible to live stream. However, the Peertube team has chosen not to integrate a chat system, but rather to offer the necessary tools so that it is possible to integrate this functionality via plugins. It is in this context that the "Peertube Livechat" plugin was launched in 2021. This project - already installed on nearly 250 Peertube instances - has grown with time, and already provides a serious alternative to existing proprietary systems. However, there are still some steps to be done to offer the same level of service as these commercial platforms: manage the decentralization allowed by Peertube at the chat level, possibility of automatic moderation, streamer/viewer interaction tools, improve and complete the translations of the software, improve its documentation, think about the numerous requests of the community, and so on.

>> Read more about Peertube plugin livechat

PeerTube - Remote Transcoding — Remote Transcoding for distributed video sharing network

PeerTube is a free-libre and federated alternative to centralized video platforms such as YouTube, Twitch or Vimeo. It empowers content creators (institutions, video-makers and live streamers, communities, etc.) to self host their own collective video-platform without being isolated in the wide web. The technical choices behind PeerTube (ActivityPub Federation, peer-to-peer broadcasting) keep the source of this sugestion (the technical and financial bar to self & collective hosting: you no longer need Google's server farm and Amazon's money to host your own PeerTube servers (an instance) and synchronize it with other servers to share video catalogs!

There is still one technical bottleneck: video transcoding. This step is essential for a smooth video broadcasting experience. Transcoding happens at every video upload or during live-streams, and consumes a lot of CPU power. Instances hosting lots of content creators or live streamers tend to rapidly need to upgrade the CPU power of their server, to avoid a bottleneck that only happens episodically. Allowing transcoding work to happen remotely could solve a number of important logistical problems in a more efficient, resilient, affordable and eco-friendly manner.

>> Read more about PeerTube - Remote Transcoding

Manyfold — Manage private collections of 3D models

This project will build a web application for managing collections of 3d models, with a focus on the needs of the 3d printing community. It is designed to be self-hosted, and lets users browse, organise, and analyse their downloaded models. With NLnet’s support, we aim to develop it into a decentralized multiuser platform for hosting and distributing 3d content. Using ActivityPub, we aim to build a kind of 'decentralized Thingiverse', allowing anyone to run their own instance to distribute content, and subscribe to content on other servers using any one of the many ActivityPub services out there such as Mastodon. We also aim to develop an innovative open format for progressive transmission of 3d mesh data, allowing both quick previewing of remote models, and low-quality previews for commercial content.

>> Read more about Manyfold

Pimalaya: email — Open source personal information management

Pimalaya aims to improve open-source tools related to Personal Information Management (PIM) which includes emails, contacts, calendars, tasks and more.

Its first goal is to provide Rust libraries dedicated to the PIM domain. They serve as a basis for all sorts of top-level applications, which prevents developers to reinvent the wheel. Its second goal is to provide quality house-made applications built on top of these libraries, gathered into projects. Among others this includes Neverest, a command-line synchronisation tool. This grant will help Pimalaya to cover the email domain: improve lib structure, improve synchronization, implement autoconfiguration, implement thread view and initialize a REPL.

>> Read more about Pimalaya: email

PixelDroid/Media editor — Native PixelFed/ActivityPub image sharing app

PixelDroid is an Android app focused on sharing pictures and video through ActivityPub-based services such as Pixelfed and Mastodon. The scope of this project is two-fold: first to improve the application's features and make it more friendly to use for people new to the platform - we want PixelDroid to have the best onboarding experience of the fediverse. Secondly to work on photo and video editing, adding features and streamlining the editing user experience. We will also enable our work on photo and video editing to be used by others outside of the context of our app, by creating a standalone editing application and improving our 'Android media editor' library so that adding media editing to FOSS Android applications is easier than ever.

>> Read more about PixelDroid/Media editor

Pixelfed — Open source, federated photo sharing platform using ActivityPub

Pixelfed is a free and ethical photo sharing platform, powered by ActivityPub federation. The primary scope of this project is to build a federated Groups feature which will enable people to create communities across Pixelfed instances and other fediverse software. Pixelfed Groups will support text, photo and video posts on a separate Group-only timeline feed, as well as support a powerful role based membership system where admins can easily control who can join and the other actions they can perform.

>> Read more about Pixelfed

pretalx — Open source tooling for events and conferences

When attending events like conferences, visitors are often subjected to privacy-invading proprietary apps by organisers. With printed programmes typically no longer made available, visitors are put on the spot: either they install some unknown app and allow themselves to be tracked, or they don't know which sessions to attend. Pretalx is an open source project for events and conferences. It provides a Call for Proposals interface, tools for review (including fully double-blinded ones), scheduling, speaker communication, and attendee feedback. pretalx has a variety of plugins and can be self-hosted. This gives conference organisers, speakers and attendees complete control over the data they share. This project will completely redo the writable API of pretalx, making it a strong privacy-friendly option for any event being organised.

Pretalx is one of the leading open source tools capable of handling the full organisation of events from Call for Proposals to user feedback, and is used by many large open source events already (MozFest, FOSDEM, Pycon, NSEC, etc).

>> Read more about pretalx

Pythonic Slint — Add a full-blown Python API to Slint

Slint is a next generation declarative GUI toolkit that supports multiple programming languages such as Rust, C++, and JavaScript. Implemented in Rust, a language known for its memory safety and performance, Slint can run on platforms such as Windows, Linux, Mac, QNX, and microcontrollers. Next to JavaScript, Python is the most popular programming language. While Python developers already have a number of options when it comes to GUI frameworks, most of these are in the form of wrappers or bindings. We aim to make Python a first-class citizen with a dedicated and idiomatic API, to empower developers to create amazing user interfaces for their applications. Python developers will benefit from a modern open source GUI framework that is well-supported.

>> Read more about Pythonic Slint

RA-Sentinel — FPGA-based Radio Receiver for securing Wifi against hacking attacks

The proposed project aims to develop a cost-effective, small, and low-power wide band radio receiver device that automatically detects various malicious attacks on Wifi access points, such as Man in the Middle and Denial of Service attacks. The RA-Sentinel project is designed to protect your home WiFi from unwanted cyber threats. Think of it as a digital watchdog for your internet connection that barks when someone from the outside tries to break in. The device will enhance internet safety for ordinary users by monitoring any Wifi cell. It will consist of low-cost receive-only chips that digitizes 40 MHz of the Wifi radio spectrum at 2.4 GHz and extracts with the FPGA relevant properties from demodulated and decoded packets in real-time without storing them. These properties are fed into a neural network also implemented on an FPGA, which determines if the traffic is genuine or an attack. Only open source FPGA tools will be used.

>> Read more about RA-Sentinel

RADIUSdesk Multi WAN — Add Multiwan to RADIUSdesk

RADIUSdesk is a complete, open source solution for the provision and management of Internet connectivity. The main component is a feature-rich RADIUS server that includes features such as vouchers, BYOD and permanent users. Permanent users have support for Private PSKs and versatile Fair Usage Policies (FUP). MESHdesk allows you to quickly roll out WLAN connectivity over a large area. APdesk can be deployed in enterprise environments and offers support for guest networks and dynamic VLAN assignment. Bandwidth and data usage can be managed via one of the following options: a captive portal, a PPPeE server or private PSKs with RADIUS. MESHdesk and APdesk can be managed via your phone or a desktop browser. The system has an intuitive API that eases integration with other systems.

In this project, Multiwan support will be added, together with private Pre-Shared Key (PPSK), Multi-Dwelling Units (MDUs) and Software-defined Wide Area Network capabilities which will allow to support more VPN technologies.

>> Read more about RADIUSdesk Multi WAN

RAIJIN — Open Hardware brain measurements with near-infrared spectroscopy

Low-cost electroencephalographic (EEG) systems have been available for over a decade, such as the open hardware OpenBCI ecosystem. While EEG has been democratized to varying degrees, blood-oxygen-level-dependent (BOLD) methodologies are constrained to medical and niche realms. While magnetic resonance imaging is impractical for a hobbyist, functional near-infrared spectroscopy (fNIRS) may offer a more practical alternative. Similarly, non-visual and non-auditory feedback from a brain-computer interface (BCI) may be streamlined with a tactile or haptic device. Transcranial temporal interference stimulation (TTIS) can be directed and integrated with the existing ecosystem. The Rank-Adjusted Infrared Juxtaposed Interferential Neuromodulation (RAIJIN) marks three components that would significantly improve tools for citizen-scientists. Given recent low-cost projects, it may be possible to bring low-cost fNIRS, non-invasive deep brain stimulation, and tactile response into the OpenBCI ecosystem. Tactile and TTIS enable closed-loop computer-brain interference (CBI). By integrating BCI and CBI, the RAIJIN system will enable mobile, low-cost, BOLD-capable, closed loop, and non-invasive brain-to-brain interface (BBI).

>> Read more about RAIJIN

RETETRA3 — Security research into TETRA standard

Terrestrial Trunked Radio (TETRA) is a European standard for trunked radio used globally by government agencies, emergency services and critical infrastructure. Apart from most European police agencies (such as BOSNET in Germany or RAKEL in Sweden), military operators and emergency services, TETRA is also widely used for SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.

Through prior research we have extracted the secret cryptographic functions underpinning TETRA security and made them available for public scrutiny. We were able to present the first public in-depth security analysis of TETRA, uncovering five vulnerabilities including a backdoor (https://midnightblue.nl/tetraburst). We contributed various improvements and bugfixes to the open-source osmocom-tetra stack, as well as adding support for cryptography to the suite.

In this new project there are two main components. One is a continued contribution to the open-source community - developing support for uplink demodulation/decoding and message parsing and implementing a stack able to monitor both downlink and uplink traffic simultaneously, as well as working towards FOSS TETRA base station functionality.

The second part of the project involves further security research on TETRA. We plan to investigate the obscure TETRA End-to-End Encryption (E2EE), an optional proprietary solution on top of the TETRA standard that is used in the most sensitive of use cases for TETRA networks, and provide a security analysis as well as a FOSS implementation. This research should shed light on its suitability for mitigating the previously uncovered security issues.

Also, we will dig deeper into the security of TETRA as a whole, with a special focus on message injection vulnerabilities. We aim to provide definitive insight in to which extent adversaries are able to compromise confidentiality and integrity (particularly important when TETRA is used in critical infrastructure) of TETRA traffic, and which mitigations can be considered in order to be able to use TETRA securely and safely.

>> Read more about RETETRA3

Fast RSA + PQ Blind Signatures — Fast multiprecision integers for blind RSA and Post-Quantum signatures

We observed significant performance differences between the different implementations of classic RSA signatures in various widely used Free Software cryptographic libraries. Each of the libraries takes a different approach to implementing modular exponentiation, the core operation when generating and verifying RSA signatures. Naturally, RSA signatures would also not be safe in presence of large-scale quantum computers.

In this project, we improve the performance of libgcrypt, mbedTLS, GNU nettle and libgmp to ensure that they are on par with the best secure implementations available today. Furthermore, we implement one of the academic post-quantum blind signature schemes, make it available as Free Software and integrate it with GNU Taler.

>> Read more about Fast RSA + PQ Blind Signatures

Raptor Lake Desktop — Implement open-source firmware for modern mainboards and chipsets

The Raptor Lake Desktop project aims to deliver open-source firmware support for a modern day motherboard (the MSI PRO Z690-A WIFI DDR4/DDR5 workstation/desktop), enabling users to customize and enhance their hardware. Through open-source firmware, users will have the freedom to modify and adapt the software according to their specific requirements. Building on the success of the Alder Lake Desktop initiative, this project focuses on two key goals: adding support for 13th generation Raptor Lake-S CPUs on existing boards and implementing open-source firmware support for the MSI PRO Z790-P WIFI DDR4/DDR5 boards. The project also includes the development of additional firmware features to improve system functionality and security, such as selective Option ROM loading, ESP partition scanning, power state after power fail option, PCIe Resizable BARs, and XMP memory profile selection. Through community involvement and feedback, the project aims to provide a more personalized and flexible computing experience for board owners.

>> Read more about Raptor Lake Desktop

Python bindings to the rattler library —

Rattler is a Rust-based library to interact with the conda package ecosystem (which provides binary, cross-platform software packages for Windows, macOS and Linux). Rattler makes it easy to resolve package dependencies with a SAT solver, download the packages, and create virtual environments on the user’s computer.

This main focus of this project are the py-rattler bindings, that give users the power to use rattler from Python, to create virtual environments programmatically. Furthermore, py-rattler will be used by other tools in the ecosystem such as the bot infrastructure that powers “conda-forge”, the largest open source repository in the conda universe.

>> Read more about Python bindings to the rattler library

ReOxide — Improving Rust Decompilation

Modern compiled languages such as Rust and Go are notorious for producing binaries that are difficult to reverse engineer by default. As these languages grow in popularity, they are increasingly being used in proprietary products and are also attracting malware developers. In order to audit binary software and analyze malware, it is therefore necessary to improve reverse engineering tools with special support for specific languages. To fill this gap, we are developing the ReOxide framework, which targets the reverse engineering of Rust programs. In the presence of extensive compile-time code generation and strong memory optimizations, existing decompilers reach their limits when trying to recreate C-like languages. The design goal of ReOxide is therefore to build on top of the Ghidra decompiler and make it extensible for custom analysis passes. This will allow us to gather information that is readily available during decompilation itself, but not through Ghidra's public plugin API. We will use this information to address Rust specific language features, but also try to keep the extensions general enough for other languages.

>> Read more about ReOxide

Redox Flow Battery — Development Kit for Open-Source Hardware Redox Flow Battery

The clean energy transition is underway, and batteries are becoming more common in everyday life. Stationary batteries can perform many roles, like reversibly storing intermittent renewable energy or providing backup power and services to the electrical grid, including internet infrastructure. Right now, lithium-ion batteries—also used in portable electronics and electric vehicles—are increasingly used for stationary applications. Lithium-ion batteries are, however, not ideal in terms of lifetime, cost, safety, and supply chain sustainability. There are viable alternatives to lithium-ion batteries for stationary storage, such as flow batteries, which are being commercialized but are not yet widespread. We plan to democratize flow battery technology by developing an open-source flow battery and starting an associated community around it. We will start with a benchtop-scale development kit, suitable for educational and research use, before progressing towards larger cells. With this NLnet funding, we plan to finish our first release of a 5 cm² kit as well as design and test the subsequent 25 cm² cell.

>> Read more about Redox Flow Battery

Replicant on Pinephone 1.2 — Add basic support for the Pinephone 1.2 to Replicant

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it.

The goals is to first adapt support for the Pinephone and various other hardware (mainly from GLODroid), to make it generic and reusable by other Android distributions and smartphones to improve collaboration between Android distributions using mainline linux kernels.

>> Read more about Replicant on Pinephone 1.2

Reproducible F-Droid — Building a trusted app ecosystem with F-Droid

F-Droid maintains a complete free software build/sign/deploy stack for securely making signed releases of Android apps in a fully automated way. This has been used since 2010 to run the f-droid.org repository of free software Android apps. Reproducible builds means it is possible to make a strong link between the actual app running on our devices, and the source code which they were built from. When the source code has been thoroughly inspected and is trusted, it is then possible to apply that same trust to the install binary.

This project will make this stack much easier for other people and organizations to deploy and use on a daily basis. This allows organizations to run rebuilders to confirm that the releases available on f-droid.org or any F-Droid-compatible repository exactly match the source code. The resulting data can then be automatically consumed by the client app so it can communicate to the user that it was confirmed as a reproducible build.

>> Read more about Reproducible F-Droid

Reproducible-openSUSE — Reproducible distribution of openSUSE rolling release

The Reproducible-openSUSE project is creating a proof-of-concept of a general-purpose Linux distribution based on openSUSE-Tumbleweed. By employing reproducible-builds, it allows independent verification that all its binaries correspond to the sources. This greatly reduces the amount of trust that users need to place in the build infrastructure. It is not only a proving-ground, but also a staging-area for upstreaming changes to make them useful to millions of users.

>> Read more about Reproducible-openSUSE

pcb-rnd, sch-rnd — Open source EDA suite

Ringdove EDA is a modular, portable Electronics Design Automation toolkit mainly targeting the Printed Circuit Board design workflow. The two flagship projects in Ringdove are sch-rnd (schematics capture) and pcb-rnd (printed circuit board editing). Because of the modular layout of the code and the active management of dependencies, both projects are highly portable, both in time (old, present and future systems) and in workflows (interactive graphical design or interactive command line usage or headless automated processing). Ringdove also strives to support file formats of other EDA software, especially for loading proprietary formats, making existing/legacy hardware designs more accessible to the Open Source community.

>> Read more about pcb-rnd, sch-rnd

Rotonda Secure Extensions — Implement BGPSec in Rust and integrate into Rotonda

Rotonda is a modular routing project that brings BGP observability and easy BGP provisioning to networks. Its aim is to improve the safety and security of the inter-domain routing system. In this particular effort we will build two features that will help us further the goal of security and safety.

First, we will implement BGPsec as a first-class citizen in Rotonda. BGPsec is a standardised protocol for securing routes in the inter-domain routing system. As far as we know Rotonda will be the first open source routing software that supports BGPsec out-of-the-box.

Second, we will implement a run-time configurable plug-in system for Rotonda, that will not only increase its modularity and extensibility, but also its usability.

>> Read more about Rotonda Secure Extensions

WWW SCION — Path-aware web server/proxy deployment and browsing

The WWW SCION project aims to bring innovation to web applications by enabling seamless SCION support to the web ecosystem. SCION is a clean-slate, more secure, and robust path-aware Internet architecture designed to provide route control, fault isolation, and explicit trust information for end-to-end communication. The main outcome of this project will be a full software suite for path-aware web browsing that can be easily adopted by network operators to make their web resources available on the SCION network. To do so, this project will develop (1) a production-grade reverse proxy, which enables web resources to be accessed via SCION, and (2) much improved client-side support. This will have an immediate impact on thousands of users who are already connected to the SCION infrastructure, allowing them to access next-generation network features such as expressing path-selection policies that implement their preferences. For instance, a web user could avoid traversing ASes (Autonomous systems) in certain regions when accessing their e-banking website. Another example from which users may benefit is using distinct paths depending on the web resources. In this case, the server could make use of a high-bandwidth path to increase the throughput when loading a large resource, while it could use a low-latency path for a latency-sensitive resource, e.g., a server control message.

>> Read more about WWW SCION

SDCC — Small Device C Compiler compiler for 8-bit microcontrollers

The Small Device C Compiler (SDCC) is free and open source software for 8-bit microcontrollers. While such 8-bit microcontrollers might seem like outdated technology (most of the popular chips sold today use 32 bit or 64 bit solutions), the fact that there are less transistors to fire up with every cycle means there are quite a few basic use cases where 8-bit systems might very well remain the most energy-efficient option despite . SDCC is competing head to head with various proprietary compilers - such as Keil, IAR, Comsic, Raisonance. The tasks in this project will significantly boosts the capabilities of SDCC and allow developers a more mature tool to design for e.g. eco-friendliness. The project will deliver various improvements in SDCC, in order to make it more complete and competitive in terms of features and workflow.

>> Read more about SDCC

SIP RELOAD — REsource LOcation And Discovery, a peer-to-peer (P2P) signaling protocol

SIP is a mature internet technology to establish sessions of any type across the internet. RELOAD stands for REsource LOcation And Discovery and is a peer-to-peer (P2P) signaling protocol standardised in IETF that provides its clients with an abstract storage and messaging service between a set of cooperating peers that form an overlay network. RELOAD defines a security model based on a certificate enrollment service that provides unique identities. NAT traversal is a fundamental service of the protocol.

The goal is to implement a P2P communications network based on IETF standards that allows people to communicate securely without the traditional interposed third parties like SIP service providers.

This is done both by establishing direct encrypted channels between the participants as well as using digital identities based on X509 certificates to identify the participants in a conversation, which will prevent third parties from inserting themselves into the conversation by attempting to impersonate one of the participants.

The outcome would be a working RELOAD implementation, with a functional backend for connecting and discovering peers based on their identity which is backed by an email address that will then also function as a working SIP address.

>> Read more about SIP RELOAD

Cell broadcast support for the Linux Mobile Stack — Implement SMS-CB for emergency messages on Linux

Cell broadcast is the capability of the mobile network to send messages to multiple mobile devices in an area. It is the common way to alert users about disasters and emergencies. Phosh is a user friendly, graphical interface for Linux based mobile phones using GTK, GNOME and the wlroots compositor library. It uses ModemManager for it's mobile broadband connections. ModemManager is used on Linux systems to control mobile broadband devices and connections.

The aim of this project is to add cell broadcast support to ModemManager and the necessary UI elements to Phosh so cell broadcast messages sent to devices running this platform can be properly received and displayed.

>> Read more about Cell broadcast support for the Linux Mobile Stack

Software Heritage listers + tooling — Performance improvements and new listers/tooling for Software Heritage

Software Heritage's ambition is to collect, preserve, and share all software that is publicly available in source code form. The platform currently list and load more than 200 million free and open source projects. One of the bottlenecks for collecting sources is the speed at which these can be collected. We want to address performance improvements on data discovery and ingestion through the usage of the PyPy interpreter, which should help in reducing CPU bound in highly repetitive area of the Python code responsible for data analysis and validation. To expand the list of existing source code origins we will create new listers and loaders for Dlang, Julia and Elm package managers.

>> Read more about Software Heritage listers + tooling

SeedVault Integrity — Add integrity checking and WebDAV support to SeedVault Android backups

SeedVault Backup is an independent open-source app data backup application for Android and derived mobile operating systems. By storing Android users' data and files in a place the user chooses, and by using client-side encryption to protect backed-up data, SeedVault offers users maximum data privacy and resilience with minimal hassle.

SeedVault uses Android's storage access framework (SAF) to read and write encrypted app data. This allows it to backup and restore application data on a wide range of platforms (such as Nextcloud) and even USB flash drives.

The project will improve the current implementation to allow storing files also on generic WebDAV-based storage without the SAF abstraction layer for improved performance and reliability. It will be possible to decide what apps and files should be restored and to verify the integrity of the backups made.

>> Read more about SeedVault Integrity

SelfPrivacy — Reproducible self-hosting stack based on NixOS

Self-hosting can be a challenge even for a professional, let alone an unprepared user. SelfPrivacy is a free application that helps you set up and manage your self-hosted services. The goal of the project is to create an accessible tool that gives everyone an opportunity to create their own self-hosted infrastructure.

Selfprivacy supports multiple platforms and to use it, all you need is to register with a provider and copy the access token into the application. SelfPrivacy will set up the system, domain, DNS and install open source services such as E-Mail, Nextcloud, Jitsi, etc. SelfPrivacy automates the entire lifecycle: provisioning, updates, configuration changes, monitoring, backups and space management.

>> Read more about SelfPrivacy

#Seppo! — Portable ActivityPub implementation

Posting and liking self reliantly and still have a life. #Seppo! empowers you to publish short texts and images to the internet as easily as using an online service but retain full agency and responsibility. What you publish is solely subject to public law. No 3rd parties hold a stake, nobody else imposes any rules on you. This is because you publish on your own property. Which is possible because housekeeping is no more than the known follow/unfollow/block/unblock content moderation of your own single account. You do that by yourself. There are no scripting engines or databases, no technical updates required. You can focus solely on the message to deliver. You build an online presence on your own digital property, robust for decades if you decide so. #Seppo! is built on mature web standards (e.g. ActivityPub), a european technology stack, inspectable plain-text storage, is security aware and decentralised. It is made for but not limited to off-the-shelf static webspace as offered by numerous vendors all over the EU. #Seppo! targets individuals and small organisations joining the #Fediverse with max. 10k followers, optionally cross-posting to the closed platforms.

>> Read more about #Seppo!

Servo — Independent Rust-based browser engine

Servo aims to provide an independent, modular, embeddable web rendering engine, allowing developers to deliver content and applications using web standards. Servo is written in Rust, taking advantage of the memory safety properties and concurrency features of the language. As part of this project we'll add support for more CSS features to the Servo layout. The main areas of work on this project would be support for floats, writing modes and tables; which will increase the number of web pages and applications render properly in Servo.

>> Read more about Servo

Servo CSS — CSS feature parity for Servo browser engine

Servo is a web rendering engine written in Rust, with WebGL and WebGPU support, and adaptable to desktop, mobile, and embedded applications. Built with safety, speed, and concurrency in mind, Servo showcases the potential of Rust for modern web development. Servo's modular design allows for easy adaptation to various use cases. As part of this project we'll continue the work on adding support for more CSS features to the Servo layout. The main areas of work would be to finish Tables and Flexbox support; which will increase the number of web pages and applications render properly in Servo.

>> Read more about Servo CSS

SiCl4 — Tool for interactive reverse engineering of digital logic.

SiCl4 (silicon tetrachloride) is a tool for reverse-engineering digital logic designs. Starting from an FPGA bitstream or other types of netlists, this tool will assist users in interactively recovering higher-level structures. Algorithms will help with tasks such as finding shared subcircuits or identifying known patterns such as adders, counters, comparators, state machines, etc., so that the user can focus on understanding the higher-level functions of the target design. SiCl4 will be scriptable in order to allow for easy extension, and it will also integrate with the existing open-source EDA ecosystem.

>> Read more about SiCl4

Silicon verification — Non-destructive, in-situ inspection of physical chips

The global nature of supply chains presents an existential question for the trustworthiness of hardware: how do I know the chips in my device are genuine and pristine? Trusted domestic fabs only solve a facet of the problem: after a silicon wafer leaves the fab, it criss-crosses the globe multiple times as it is packaged, tested, and assembled into an end user product, presenting a huge attack surface for post-fab substitutions and alterations. The "Silicon Verification" project lays foundations for high resolution end-user, direct, and non-destructive optical inspection of chips. Our research aims to create a set of techniques for hardware packages that fill the analogous role of "digital signature verification" for software packages: a ubiquitous method to establish trust in a package, after it has been delivered to the user.

>> Read more about Silicon verification

FuSa proven Slint — Certifiable functional safety for Slint UI toolkit

Functional safety (FuSa) is a core requirement in domains like automotive industry, the medical sector, and aerospace. For safety-critical systems often certifications for entire solutions are part of the regulatory requirements before a solution may be deployed, including all free and open source components which are part of such a solution. The entire solution often also includes graphical user interface elements as well, meaning of course that any underlying frameworks for developing GUIs need to be functional-safety-proven to even be considered.

Slint is a versatile declarative UI solution written in Rust. Rust's strong guarantees of memory safety and thread safety make it a suitable language for developing applications that require Functional Safety (FuSa) certification. The goal of this project is to make Slint compliant with the requirements for certification, making it into a compelling option for building robust graphical user interfaces requiring functional safety. Having FOSS solutions opens up the door for trustworthy and user friendly tools within industry - open for scrutiny and wide reuse.

>> Read more about FuSa proven Slint

Solid Compound — A software library/framework to simplify designing for W3C Solid

Solid Compound is an innovative library designed to streamline the integration of web applications into the Solid ecosystem. It provides functionality to Solid App developers to make their Solid Apps usable without end-users needing a Solid Pod or a WebID. This lowers the barrier of entry for new end-users and allows everyone to use newly crafted and innovative Solid applications.

Solid Compound offers a hybrid data storage approach, allowing for data to be stored either in the application's datastore (but Solid-ready) or in the user's Solid pod. It also enables user authentication (either done by the application or Solid-OIDC). This merging of traditional web development with Solid-compatible systems also extends the functionality to include a feature that enables data and identity migration from an application's datastore to a user's pod when they are ready.

The hybrid approach ensures a smooth transition towards a more decentralized web, while simultaneously broadening the reach of Solid developers to users who may not yet be familiar with the Solid ecosystem.

>> Read more about Solid Compound

Solid Data Modules — Improve data accessibility and prevent data corruption in Solid Pods

The Solid Project enables a "Bring your own Data" architecture, but this is only useful if apps understand the data they find on the pod.

Client-client specs are the crucial but underdeveloped core part of the Solid project which needs urgent attention now. Solid Data Modules will build on the existing remoteStorage modules work and the Solid Application Interoperability spec. They will support the data types already documented in the PDS Interop (https://pdsinterop.org/conventions/overview) and Shaperepo (https://shaperepo.com) initiatives.

Apart from making data more easily accessible, reliably updating index files, and preventing data corruption, the Solid Data Modules will also automatically show the app developer which fine-grained Data Grants to request. That way, we hope to finally stop the bad practice of even demo apps that request root access to your pod.

>> Read more about Solid Data Modules

Solid Application Interoperability — Interoperable Data sharing flows and discovery for Solid

Solid Application Interoperability specification details how Agents in the Solid ecosystem can read, write, and manage data stored in a Solid pod using disparate Applications, either individually or in collaboration with other Agents. Solid is a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it. Solid Application Interoperability provides clear way to create intuitive data boundaries and higher level patterns to manage access to that data following the principle of least privilege.

The focus of this project is on three parts: i18n for the Authorization Agent, data sharing flows and verifying WebID of social peers.

>> Read more about Solid Application Interoperability

Solid Usable App Tools Project — Improve developer experience for W3C Solid

The Solid project is one of the best known efforts promising to bring individual data ownership to the people of Europe and the world. While Solid has many use cases, a common example is an alternative to Facebook, Instagram, and Twitter where a user can own their own social media data. But, Solid's current specification, implementations, and developer tools are not yet able to support a full-fledged social media alternative. This project will aide the ongoing specification and developer tool development for Solid by filling in the gaps that are currently preventing a "home-run" app from being created on Solid.

Particular areas of concern for this project are: Authentication for Mobile Apps and Bots, Real-Time Notifications, and Easier Devtools (which caters also for developer that lack much prior knowledge of linked data). In addition, the project will produce a tutorial series to make developing apps on Solid as easy as learning how to use more mainstream technologies like React.

>> Read more about Solid Usable App Tools Project

Space Tube — Group-to-group instant messaging

Space Tube is a service utilising the Matrix protocol to allow groups to communicate with other groups. A group member adds the Space Tube bot to their shared chat platform e.g. discord server, slack organisation, element space etc, then they can create a channel (or tube) that sends messages to and from another group's chat platform. This allows groups to form relationships as groups that don't rely on individual people within those groups connecting them together. These group relationships can then scale to much larger directly participatory structures.

This project will automate the process of creating tubes so that it can be done in a few seconds by a non-technical user. It will also expand tube functionality by allowing tubes to connect more than two groups at once and providing links to a graphical interface to support more complex group interactions such as agreeing to proposals or sharing resources.

>> Read more about Space Tube

Spectrum Applications — Add running graphical applications to the compartmentalized desktop OS Spectrum

Spectrum is a project that aims to develop a secure, compartmentalized desktop operating system with security and usability improvements over other existing implementations. This project will improve Spectrum's support for running graphical applications. Currently, users have to manually create virtual machines by laying out a configuration directory themselves (or using a helper Nix function). Running a new application often requires some customisation work on the VM to set up the environment suitably for the application to run and defining access controls - and there is no facility to create a VM on the fly.

After this project is done, the system will be able to automatically start VMs on the fly for applications packaged as AppImages, and applications will be able to dynamically request access to files using the existing XDG Desktop Portals interface that is already implemented by major toolkits (so File→Open… will just work in unmodified applications, with the user able to select from all their files without the application being able to see them). The foundations will have been laid to go on to support applications packaged in other ways, such as Flatpak (which could be follow-up work, should this initial stage be successful).

>> Read more about Spectrum Applications

Squishy — SCSI multi tool and gateware library

Squishy is a SCSI multi-tool aimed at long term access to computer systems and equipment. It accomplishes this by having capable hardware combined with an extremely flexible software ecosystem, allowing Squishy to act not only as nearly any device under the sun, but also as a SCSI bus initiator with high flexibility. Enabling it to be used for archival work to interact with obscure or arcane hardware to read magnetic tapes, or allowing modern systems to interface with and control older, but still reliable and used lab and scientific equipment. Squishy is currently in it's second prototyping phase, after lessons were learned from the first revision of the hardware. This involves a full redesign to grant it more capabilities and serve as a more solid foundation. The end goal is a relatively  small fully compliant device for multiple SCSI standards along with a robust software ecosystem, allowing for it to speak to any equipment be it a SCSI-1 tape drive, or an ULTRA-320 SCSI-based data acquisition system.

>> Read more about Squishy

Stalwart Mail Server — Robust full featured mail infrastructure in Rust

Self-hosting an e-mail server is notoriously difficult. While privacy is a top concern for many individuals and businesses, the complexities of self-hosting a mail server often outweigh the benefits, leading many to choose to sacrifice some privacy and pay a third-party provider to manage their email instead. One of the key challenges of self-hosting an email server is the outdated and complex nature of most available open-source mail server software.

Stalwart Mail Server is an open-source email server written in Rust that aims to help modernize, democratize, and promote decentralization of email. The server offers a robust and privacy-focused solution that is easy for individuals and businesses to set up and maintain on their own.

Stalwart Mail Server consists of three components: a JMAP server, an IMAP4 server with support for ManageSieve as well as many extensions, and an SMTP server with support for DMARC, DKIM, ARC, and SPF. The server does not require any external software or databases to run and can easily scale to multiple servers thanks to its native Raft support.

Furthermore, the use of Rust in Stalwart Mail Server allows it to offer improved performance, safety, and concurrency compared to other solutions, making it a versatile and robust choice for those looking to self-host their own email server.

>> Read more about Stalwart Mail Server

Stract — Explorative search engine

Search has become an intrinsic part of the way we explore the web. Sadly as of late, most of the current search engines fail to live up to this responsibility.

Stract is a fully open source, independent and user-centric search engine for the web. In short, our goal is to do web search right.

The funding from NLnet will be used to improve the performance of our index, improve the performance of our web graph, adding a live index for news articles and blog posts and finally improving our currently insufficient documentation.

>> Read more about Stract

StreetComplete/AllThePlaces — Ingest data from AllThePlaces into StreetComplete

This project will contribute to more accurate data about shops and other businesses in OpenStreetMap, by suggesting mappers at which places shops might be missing. The detection of places where a shop may exist but nothing is mapped in OpenStreetMap will be powered by the All The Places project, which crawls store location webpages across of many businesses. Mappers will thus be able to quickly add a shop to OpenStreetMap, after adjusting location as needed.

>> Read more about StreetComplete/AllThePlaces

TISG trustable image sensor gateware — FPGA based camera providing encrypted video streams

The TISG project is set to develop a groundbreaking open-source, FPGA-based camera system, focusing on the implementation of the MIPI-CSI2 standard for connecting a wide range of image sensors to FPGAs. The development process involves leveraging open-source FPGA tools and formal verification methods to ensure robust security and functionality. The primary purpose is to create a secure, versatile, and accessible video processing platform that addresses current security vulnerabilities in video-based systems. By eliminating reliance on proprietary software and enabling formal hardware verification, the project aims to significantly reduce the risk of backdoors and cyber threats. The general public will benefit from enhanced security in areas like home surveillance, public safety, and infrastructure monitoring. Additionally, the open-source nature of the project promotes innovation and inclusivity, allowing developers worldwide to contribute and extend the technology. This democratization of advanced video processing technology not only fosters global collaboration but also paves the way for further advancements in various fields reliant on reliable and secure video surveillance.

>> Read more about TISG trustable image sensor gateware

TOS;DR OTA backend — Integrate Terms of Service;Didn't Read with Open Terms Archive

Open Terms Archive is a digital common that produces (since 2020) datasets of the evolution of contractual documents (Terms of Service, Privacy Policy…) over time, enabling analysis and comparison. It aims at shifting the power balance from big tech actors towards researchers, end users and regulators. The “Terms of Service; Didn't Read” (ToS;DR) project enables (since 2011) crowd-reading and rating of these same contractual documents. These documents are obtained from the web with a dedicated engine that stores them in a private database and suffers from lack of maintenance.

The goal of the effort is to replace the historical ToS;DR crawler with the public Open Terms Archive datasets, thus increasing the reliability and auditability of the source data, since the annotations will be based on public datasets produced by replicable instances instead of being based on a one-off database used only by ToS;DR itself. This will also enable establishing a common data format for annotating documents.

>> Read more about TOS;DR OTA backend

GNU Taler wallet app for iOS — Mobile GNU Taler payments for portable Apple devices

GNU Taler (Taxable Anonymous Libre Electronic Reserves) is a privacy-preserving electronic instant payment system that is fully free software. It uses electronic coins stored in wallets on customer’s device. Coins are like cash. Users can use Taler to pay in existing currencies (i.e. EUR, USD, BTC), or use it to for instance create new regional currencies. The Taler wallet is currently available as a browser-based WebExtension and as Android app, but not yet as iOS app. This project will develop a user-friendly and accessible iOS wallet app for the GNU Taler payment system. With the iOS Taler wallet app, users will be able to make payments with their iPhone -- similar to how they would use proprietary payments systems like Apple Pay.

>> Read more about GNU Taler wallet app for iOS

TerosHDL: OSS, GHDL, NVC — IDE with support for Open SYthesis Suite and GHDL/NVC simulators

TerosHDL is an open-source graphical IDE tailored to FPGA/ASIC development. The goal is to empower engineers, hobbyists, and students to easily engage in RTL design, fostering innovation and growth in the field. TerosHDL serves as a comprehensive platform, supporting RTL design, synthesis, simulation and common code edition (linting, formatting, etc).

In this project, TerosHDL will incorporate support for a number of additional powerful RTL design tools: Yosys, GHDL, and NVC. This will give users an interface which is friendly to first time users, equipped with real-time feedback and debugging capabilities. This further streamlines the chip design process, enhancing efficiency and making RTL design more accessible and productive.

>> Read more about TerosHDL: OSS, GHDL, NVC

Threshold OPRFs — Bringing the power of Threshold OPRFs to the people

"Bringing the power of Threshold OPRFs to the people" is a project trying to jump the gap between academic research and robust free software implementations. Oblivious Pseudo-random Functions (OPRFs) and Threshold constructions bring some very interesting and strong security properties that go beyond the state-of-the-art. Besides low-level implementations, reusable libraries, servers, and command-line clients, also concrete applications will be delivered, such as password and secret storages, encrypted data-at-rest, authentication, and secure channel setup.

>> Read more about Threshold OPRFs

Topola — Topological (rubberband) router for printed circuit boards

Topola is an open-source topological (rubberband) router for printed circuit boards (PCBs). Unlike traditional maze routers, topological routers like Topola are not constrained by a grid or 45° angles, allowing for more efficient circuit board layouts (denser arrangement of components and traces, lower crosstalk, reflection, and electromagnetic interference). The goal of the project is to develop a dutifully maintained engine for interactive and automatic routing that can be used both as a standalone application and reusable software library integrated in popular open-source PCB electronic design automation (EDA) packages, giving designers a tool for developing high-quality open hardware designs without having to pay for expensive proprietary software.

>> Read more about Topola

Tracking weasel — Detect privacy violations in mobile apps

Privacy and data protection are fundamental rights and already well protected by legal frameworks in the EU. Yet, tracking—often without consent—is ubiquitous and often unavoidable. While tech-savvy users can defend themselves against that to a certain degree with tools like tracking blockers, we want to attack the problem at its root to make the web safe for everyone, regardless of expertise. With this project, we want to build infrastructure to detect privacy violations in apps on Android and iOS and crowdsource complaints against this behaviour with the data protection authorities. The result will be a web app where users can select an app from the app stores, which we will then download and run in an emulator or on an actual device. We will analyse the apps’ network traffic and detect privacy violations not just based on server connections but the actual data being transmitted. We will also check any consent dialogs. The website will then show a report to the user and, depending on the results, give them the option to generate a complaint under the GDPR and ePrivacy Directive, complete with the collected evidence from the analysis in the form of screenshots and traffic dumps.

>> Read more about Tracking weasel

TrenchBoot for AMD platform in Linux kernel — Upstream TrenchBoot AMD support to the Linux kernel

TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. Trenchboot is a unified framework to verify if bugs or vulnerabilities have compromised a system, based on dynamic RTM (DRTM). The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that integrity actions were not subverted is derived.

A previous effort successfully developed support for DRT technologies for AMD platforms in the Linux kernel. This project intends to upstream TrenchBoot support to the mainline Linux kernel and to the widely used GRUB boot manager.

>> Read more about TrenchBoot for AMD platform in Linux kernel

Trenchboot as Anti Evil Maid — Integrate Trenchboot into Qubes OS as defense mechanism against physical compromise

Enhancing the security measures of Qubes OS is the primary objective of this initiative, which involves integrating the TrenchBoot Project into the Anti-Evil Maid (AEM) implementation. Traditional firmware security measures, such as UEFI Secure Boot and measured boot, have limitations that can be overcome by leveraging Dynamic Root of Trust (DRT) technologies and TPM 2.0.

TrenchBoot provides a secure environment for operating system launch and integrity measurements, ensuring greater protection. The project aims to extend support to both Intel and AMD hardware, addressing the current lack of TPM 2.0 support and AMD compatibility in the AEM implementation. Key objectives include implementing TPM 2.0 support in Xen, updating AEM scripts, and ensuring seamless integration with AMD hardware. The successful execution of this initiative will significantly enhance the security of Qubes OS and promote the adoption of DRT technologies in open-source and security-oriented operating systems. Thorough testing on various hardware configurations will validate the solution's effectiveness and reliability.

>> Read more about Trenchboot as Anti Evil Maid

UEFI Capsule Update for coreboot with EDK II — Implement more robust firmware updates in coreboot

UEFI capsule update is an industry-standard approach widely supported by hardware vendors, providing a secure method for delivering firmware updates. By adopting capsule update methods, the project aims to simplify the update process and enhance the user experience, providing a more reliable approach compared to complex flashrom-based updates, which are still common in the open-source firmware distributions based on coreboot. Due to security measures, OS-level access to firmware is intentionally restricted, which in turn makes it increasingly challenging to apply firmware updates from the operating system. This limitation poses difficulties in utilizing traditional flashrom-based methods for firmware updates. The expected outcomes of the project include enhanced firmware update capabilities, a simplified user experience, heightened security, and enhanced compatibility, all achieved by seamlessly integrating with fwupd, a popular firmware update management tool for Linux systems.

>> Read more about UEFI Capsule Update for coreboot with EDK II

UberDDR3 — Open Hardware DDR3 memory controller

UberDDR3 is set to transform the landscape of open-source technology as this will be above and beyond any previous opensourced DDR3 controller gatewares. This aims to unlock the full potential of DDR3 memory, aligning with the latest technological needs. We are dedicated to enhancing compatibility across diverse memory types and reaching higher speed. By integrating innovative features such as on-the-fly configuration, thermal management, ECC integration, and self-refresh mode, our goal is to elevate this open-source gateware to rival the performance of proprietary DDR3 controllers. This endeavor will empower the open-source community, ensuring that dependence on proprietary DDR3 controllers becomes a thing of the past, and setting a new benchmark for open-source hardware capabilities.

>> Read more about UberDDR3

Reverse Engineering Toolkit — Reducing e-waste through Reverse Engineering

According to the Global E-waste Statistics Partnership (GESP), electronic waste is estimated to increase to 74.4 Million Tonnes by 2030. A strong factor in the continuing increase of e-waste is the electronic industry artificially shortening the lifespan of their devices. Planned obsolescence, the inability to repair and abandoned software support all contribute to devices prematurely ending up in a waste stream. Older high-end consumer electronics devices have powerful components that, once open schematics, firmware and documentation has been created for them through reverse engineering, can be repurposed to create new and different devices.

To meet this aim, Unbinare is creating an open hardware reverse engineering toolkit consisting of the OI!STER (a tool for debugging and glitching MCUs), the UNBProbe (a passive, spring-loaded needle probe for probing PCBs), the UNBProbebase (a magnetic base with a prototyping area) and a breakout board - which allow to repurpose components salvaged from e.g. discarded mobile phones.

>> Read more about Reverse Engineering Toolkit

Enhancing vula with IPv6 and REUNION rendezvous — IPv6, hybrid post-quantum improvements & REUNION support for Vula

With zero configuration, Vula automatically encrypts IP (v4) communication between hosts on a local area network (LAN) in a forward-secret and transitionally post-quantum manner to protect against passive eavesdropping. When the local gateway to the internet is a Vula peer, internet-destined traffic will also be encrypted on the LAN. With simple verification using QR codes or other peer verification methods, Vula is also able to disrupt active surveillance adversaries. Vula combines WireGuard for forward-secret point-to-point tunnels with cryptographically enhanced mDNS and DNS-SD for local peer discovery. Vula enhances the confidentiality of WireGuard tunnels by using CSIDH as provided by highctidh, a post-quantum non-interactive key exchange primitive, to generate a peer-wise pre-shared key for each tunnel configuration. Vula avoids the need for any Single Point of Failure (SPOF) such as a trusted third party. Vula is equally functional on otherwise air-gapped networks.

>> Read more about Enhancing vula with IPv6 and REUNION rendezvous

DeltaChat/WebXDC — Portable private apps that can be shared in e.g. chat

Webxdc is a fresh and still evolving effort to explore "private apps", essentially 'portable' web apps through which users can interact in any number of ways outside of the traditional client-server paradigm, e.g. over E2EE chat. These mini-apps offer interesting interaction patterns -- without any dependency on centralised infrastructure, additional logins etc. It grew from Delta Chat, a highly innovative solution that uses secure email-based communication technology for social networking, protected with OpenPGP/Autocrypt.

The project will further develop the concept of Webxdc apps, and make it for instance possible for users to make data portable (which is currently not possible due to missing security controls for that).

>> Read more about DeltaChat/WebXDC

webxdc PUSH — Towards an usable, interoperable and trustworthy web app ecosystem

Webxdc PUSH advances a new paradigm for writing and distributing web apps, majorly improving interoperability, usability, reliability, trustworthiness and and interactivity of chat-shared web apps (webxdc) across messengers and platforms.

PUSH enables webxdc app developers to use new P2P real-time messaging facilities, new notification, deeplinking and context APIs, majorly leveling up the cross-messenger webxdc effort and specifications.

>> Read more about webxdc PUSH

WebXDC XMPP — Standardisation effort for WebXDC integration in XMPP

WebXDC is a fresh and still evolving effort to explore "private apps", essentially 'portable' web apps through which users can interact in any number of ways outside of the traditional client-server paradigm, e.g. over E2EE chat. Originally developed for Delta Chat over SMTP, we will bring the latest version of this experience to the XMPP ecosystem, including a standardized interchange format for other XMPP clients to use, and a gateway for communication with existing Delta Chat WebXDC users.

>> Read more about WebXDC XMPP

Whisperfish — Cross-platform mobile client for Signal and derivatives

Whisperfish is a third-party open source client for the popular Signal instant messaging network. Whisperfish is an advanced beta stage, and is available for SailfishOS. In collaboration with the Axolotl project, within this project we aim for implementing full-fledged clients for various mobile operating systems.

>> Read more about Whisperfish

WireGuard on FPGA — FPGA implementation of Wireguard protocol written in SpinalHDL

This project will do an open hardware implementation of the WireGuard VPN protocol. The data plane with symmetric cryptography is implemented in HDL and should be able to handle 100 Gbit/s IP/Ethernet, whereas the asymmetric handshake is implemented on VexRiscv with accelerators and will be capable of maintaining thousands of concurrent connections. An off-the-shelf FPGA card handles the full protocol transparently: Ethernet/Ethernet or Ethernet/PCIe with one side ciphered and the other side plaintext.

>> Read more about WireGuard on FPGA

Wolvic — Web browser designed for use in XR devices

Everybody will meanwhile have come across people wearing strange glasses, immersed in a world beyond the here and now. But what are they looking at, and how does the web fit in there? Wolvic is a web browser dedicated to work with virtual reality (VR) and enhanced reality (XR). The goal of this project is to add a number of important features such as VR peripheral awareness (placing contextual information on the edge of the user's vision) and spatial reasoning (3D representation of navigation-related information) to the Wolvic browser. Wolvic is the only open source browser available in the XR space, and as such any device maker or other third party can create their own version of Wolvic to explore the burgeoning XR space.

>> Read more about Wolvic

Wolvic User Interface — Flexible windows, tabs, zooming and web rendering in Wolvic

Wolvic is an Open Source Web browser developed for XR (Extended Reality) devices, focusing on delivering both traditional web browsing and immersive experiences across multiple platforms. Led by Igalia, with its significant expertise in browser engine development and standards organizations, Wolvic aims to broaden the accessibility and functionality of web browsing in the XR space. This project will further the development of Wolvic by improving its user experience and adding support for more content, standards, and platforms. We will enhance the flexibility of window management, improve browsing functionality like tabs and zoom, and refine hand tracking and related features in the 3D space. Although Wolvic currently uses the Gecko browser engine, its architecture is designed to be independent of any particular engine; for improved support and performance, we will integrate the Chromium engine and make available a Chromium-based version of Wolvic alongside the existing Gecko-based one. Furthermore, we will extend compatibility to new device formats, such as lightweight Augmented Reality (AR) glasses. Finally, we are enhancing our support of AR experiences on the Web and implementing the WebPayments standard for secure online transactions.

>> Read more about Wolvic User Interface

Event Federation Plugin for WordPress — Add ActivityPub to events created with most common WordPress event plugins

Freedom in announcing events. The WordPress Event Federation plugin allows events created in WordPress with the most popular event plugins to be seamlessly published to Fediverse via ActivityPub. The core problem is that events need to be discoverable, listable and subscribable by potential visitors. Since organisers' personal websites do not meet this requirement, most of them publish their events on multiple (commercial) platforms, which results in people searching for events being tied to these platforms. Currently, many to most event organisers use WordPress to run their own website. With this plugin, they can make their events even more visible without changing their workflow. At the same time, they gain data sovereignty and independence from traditional search engines and platforms that give less control over how content can be filtered. The goal is to realise typical use cases, such as server-to-server federation with Mobilizon instances, or another example: to allow Fediverse users, such as those of Mastodon, to follow events directly from the organisers.

>> Read more about Event Federation Plugin for WordPress

XR Fragments — Discover, reference, navigate and query 3D online content

After the hype of early (and proprietary) virtual reality technologies like Second Life cooled down, there is recently a renewed push towards the “3D” web which uses virtual reality technologies (also marketed under new brand names like "Metaverse"). While many technological building blocks are meanwhile available, seamlessly surfing the 3D web however seems quite far away still for a simple reason — browsers exit fullscreen/WebXR mode when switching web addresses, essentially removing the immersive experience when navigating. While such a limitation comes from obvious security considerations, it also pushes VR/AR-Headset owners into walled gardens for a more pleasant experience.

XR Fragments is developing a simple public protocol for networked 3D webrings to discover, reference, navigate and query 3D online content (read-only). This allows to enable immersive 3D navigation, liberate 3D content from being locked away inside games / walled gardens and to query objects inside a 3D asset files, without the need of serverside backends.

>> Read more about XR Fragments

Yrs weak links — More efficient CRDT by interconnecting and synchronising data structures inside documents

Yrs weak links project aims to extend existing implementation of Yjs/Yrs - one of the most popular free and open source libraries for building collaborative peer-to-peer applications - with new primitives such as cursors allowing for a seamless integration with rich text editors, and an ability to cross-reference and react to changes occuring in a different parts of an application: be it for display or other evaluation purposes like referencing cells in spreadsheet calculations. All of these will be possible while preserving eventual consistency in an environment where applications need to be operable and accept changes coming from many different users even when offline or when the standard Internet access is not available.

>> Read more about Yrs weak links

Bcachefs — Next generation file system

bcachefs aims to be a next generation Linux filesystem, with a fully modern featureset and vastly improved performance, scalability and reliability as compared to other next generation filesystems. Additionally, we aim to improve upon the state of the art in a number of areas such as extensibility, which will aid in development in other areas that have historically had to reinvent technology that already exists in local filesystems (distributed systems), repairability (online check and repair, self healing), and ease and correctness of development with the use of Rust.

>> Read more about Bcachefs

Cpdf Accessibility — Implement PDF/UA in cpdf

The Cpdf accessibility project extends the popular open-source PDF processing tool Cpdf to support PDF/UA (ISO 14289), the standard for accessible PDF. PDF/UA helps those with disabilities who use screen readers and other tools to navigate documents by tagging PDFs with metadata describing the logical structure of the content. Such metadata can also help all users by allowing reliable text re-flow, and better searching within documents. There is very little open-source tooling for accessible PDF at present, so this will represent a significant step forward. The work will involve adding functionality to Cpdf for the inspection and manipulation of existing PDF/UA files, and the creation of new ones from scratch. These tools will be useful to PDF/UA developers as well as to end users.

>> Read more about Cpdf Accessibility

cables.gl — Creative tool for graphics and 3D content

Cables is a tool which allows people to create beautiful, interactive, visual web content without knowing how to type a line of code. Your work is easily exportable at any time, so you can embed it into your website, use it an immersive VR experience, or integrate into other kinds of creative output. Cables patches can be published, shared, copied and remixed by the entire community. This allows people to constantly learn new things from each other.

By developing a standalone version, that works outside of the browser, cables will open up even more for contributions from the open source community. It will be, at the same time, a development environment for contributors, and an offline version of the cables editor. As a side effect, using it with native modules on any major platform and operating system will open up a whole new area of how and where to use cables to create content.

>> Read more about cables.gl

Elliptic curve encryption speed-up using SIMD — Low-level instructin optimisation for curve25519-dalek & Arkworks

This project aims to enhance the speed and security of elliptic curve cryptography using the Rust programming language, with a particular focus on mobile and IoT devices. Leveraging SIMD instructions, specifically ARM NEON, we can speed up elliptic curve cryptography in existing libraries such as curve25519-dalek with the goal to optimise encryption processes in software such as Signal. Additionally, we implement double-odd curves in Arkworks to bolster zero-knowledge protocols, and aim to abstract our optimisations to work on any CPU architecture and elliptic curve. By implementing improvements in these libraries, this project seeks to address the growing demand for efficient and secure cryptographic solutions, especially in mobile and IoT environments.

>> Read more about Elliptic curve encryption speed-up using SIMD

django-allauth — Versatile authentication for Django

The goal of django-allauth is to offer a free, secure, well integrated, reusable authentication solution for the Django framework, covering all functionality related to local and social user accounts, multi-factor authentication, in various configurations, with flows that just work. By simpliyfing the complexities associated with user authentication, django-allauth empowers Django developers of all kinds to focus on building their web applications without compromising on the authentication features provided to their end users.

>> Read more about django-allauth

it — Radically decentralised version control with CRDTs

The project summary for this project is not yet available. Please come back soon!

>> Read more about it

jaq — Implementation of jq in Rust with formal semantics

JSON is a data format that is frequently used to publish Open Data. jq is a widely used programming language that allows citizens to easily process JSON data. There are several tools to run jq programs, including jq, gojq, and jaq. Of these three tools, jaq is the fastest (judging from several benchmarks), despite having the smallest code base. This project centers on improving jaq and the wider jq ecosystem: First, we want to advance the development of jaq, in particular to support more features of jq. Next, we want to make jaq more accessible, by creating JavaScript bindings for jaq. This will allow developers to integrate jaq into websites. Furthermore, this will allow users to run jaq from a browser, respecting their privacy by processing data on their machines. Finally, we want to create formal semantics for jq, based on jaq's execution approach. This will allow users to better understand how jq programs behave.

>> Read more about jaq

lib25519 for ARM — Add 64bit ARM optimisations to lib25519

Modern network protocols rely on elliptic-curve cryptography (ECC) to protect communication against espionage and sabotage. lib25519 is a new software library for the Curve25519 elliptic curve, including the X25519 encryption system and the Ed25519 signature system. Curve25519 is the fastest curve in TLS 1.3, and the only curve in Wireguard, Signal, and many other applications. So far lib25519 has exploited the features of Intel CPUs to provide top speeds for those CPUs, while meeting the security constraint of not leaking secret information through timing. This project will extend lib25519 to target 64-bit ARM CPUs, and in particular the Cortex-A53 CPU, which for instance powers the Raspberry Pi 3.

>> Read more about lib25519 for ARM

libspng APNG — Add Animated PNG (APNG) image read- and write support to libspng

libspng is a modern C library for reading and writing images in the Portable Network Graphics (PNG) file format. Created from the ground up with security and ease of use in mind, it provides an alternative to the reference implementation and a migration path to a simpler API, an extensive test suite ensures interoperability.

The goal of this project is to implement Animated PNG (APNG) support and make it a more viable alternative to the reference implementation.

>> Read more about libspng APNG

mCaptcha — Privacy-friendly Proof of Work (PoW) based CAPTCHA system

Existing CAPTCHA systems expect visitors to identify objects to prevent spam, which makes the web inaccessible to persons with cognitive, auditory, and visual special needs. They log Internet Protocol (IP) addresses and use tracking technologies, like cookies, to track and profile their users across the internet. IP logging and cookie-based tracking are privacy-invasive, inaccurate, and impossible to use with anonymizing technologies like Tor and VPNs. Censors can abuse the opaque nature of these systems to prevent certain groups from accessing certain types of information. Independent testing for bias is not possible since the documentation doesn't exist for their methods and algorithms.

mCaptcha is an attempt at creating a self-hosted alternative to reCAPTCHA and hCaptcha with a focus on privacy, transparency, user experience, and accessibility. mCaptcha’s Proof of Work (PoW) mechanism uses strong cryptographic principles that guarantee idempotency and transparency. mCaptcha doesn’t log IP addresses and doesn’t require tracking user activity across the internet. Censors can’t use mCaptcha to deny access to information without detection. Also, the PoW mechanism requires minimal user interaction to solve the CAPTCHA, which will significantly improve the accessibility of the web.

>> Read more about mCaptcha

mikroPhone — Open Hardware feature phone

mikroPhone is currently a basic feature phone with extensible open source firmware. It is a fully open hardware device and it can easily be built in a home lab. It is intended to protect user's privacy to the highest possible level and to bring data sovereignty back to its users.

This project focuses on further improvement of the basic phone device and integration of ARM module that runs GNU/Linux OS. Since linux module is entirely optional, it is not used for handling any critical functions of the device (e.g. cellular voice and secure VoIP calls, SMS messaging) and it can be powered-up on demand. This would solve common problems of linux smartphones such as poor basic phone functionality and short battery life. The goal of the project is to provide an option of enjoying a fully usable linux smartphone.

>> Read more about mikroPhone

mitmproxy — HTTP/3 Support and OS Proxy Mode for intercepting local proxy

mitmproxy is a versatile tool for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay network communication from websites and mobile applications.

This project is about the development of two new major features to mitmproxy: HTTP/3 Interception and a new OS proxy mode. With an increasing number of apps using the HTTP/3 protocol to communicate, we are adding support for it in mitmproxy so that it can be observed just as well as other protocols. For the second part of this project, we will be adding a new operating mode that makes it possible to inspect applications running on the user's device with a single click. These features collectively empower users to gain insights into what data their own devices are sending out.

>> Read more about mitmproxy

Improvements for next generation Linux firewalling — Netfilter kernel improvements, user space tools and testing

This project comprises a series of preventive and corrective actions as well as improvements for the next generation firewall software offered by the Netfilter project (https://www.netfilter.org) available in the Linux kernel, such as the enhancement of the set and map infrastructure, the resolution of existing limitations in the user space tool and libraries, enhancements to the filtering policy optimisation infrastructure, improved string match support and the extension of the test coverage for early detection of regression.

>> Read more about Improvements for next generation Linux firewalling

Strengthening NTP and NTS in ntpd-rs — Memory-safe implementation of IETF time standards including NTPv5 and NTS

NTP is one of the building blocks of the internet, and it and its security improvements are, therefore, of vital importance for a safer internet. Over the last year, we have created a new implementation of the Network Time Protocol called ntpd-rs, which includes Network Time Security support.

In this project, we will work on growing adoption and strengthening our implementation. On the one hand, that means expanding platform support, packaging options, and implementing improvements suggested by early adopters. On the other hand, we see the need to increase the usability of NTS, which is not deployed widely. By contributing to improvements of NTP (NTPv5) and exploring the creation of an NTS pool, we aim to foster NTS adoption.

>> Read more about Strengthening NTP and NTS in ntpd-rs

openCologne — CM4 form factor SoM for GateMate chips

Currently there are few FGPA vendors in Europe. One of these vendors, CologneChip, produces the GateMate chips which have some high quality features compared to other FPGA's, such as a high speed SerDes. Recently we have seen the appearances of a number of affordable boards with these FPGA's. The challenge (and opportunity) is now to make sure that the open hardware community can benefit from these FGPA's as soon as possible.

This project will design a new iteration of the popular open hardware ULX-boards (ULX5M) featuring GateMate chips, which will be compatible with the widely used CM4 form factor - so it can be slotted into many existing designs instantly. This opens up this strategic new FPGA target for a broader audience, and help breach the market. In addition, the project will make a portfolio of entry level projects that selectively put GateMate resources to good use, including its unique SerDes. Be they in RTL or HLS, implemented as pure hardware FSMs, or by using HW/SW co-design and SOC techniques, or integrated with LiteX - delivering a variety of real-life use cases.

>> Read more about openCologne

openXC7 — Improve hardware support for open source FPGA tooling

FPGAs are reconfigurable chips capable of handling many electronic signals in parallel. They are used in network equipment like backbone switches, firewalls, video devices like surveillance cameras and radio equipment like mobile-phone base stations, radar systems and satellites to process high volumes of data with very low latency. FPGAs are also used to test digital circuit designs before they are manufactured as chips.

The functionality of FPGAs is determined by a configuration file which is loaded into the FPGA at power-on. The configuration file is usually generated from a design file by a proprietary tool provided by the manufacturer of the FPGA.

openXC7 will provide a complete set of open source tools to generate a configuration file for the widely used family of Xilinx Series 7 FPGAs from manufacturer Xilinx/AMD without having to use any proprietary tools. This will empower digital design engineers to have the guarantee that no backdoor is implemented on FPGA based devices by the proprietary design tool provided by the vendor.

The availability of the source code of the FPGA design tool will also allow anyone to come up with new use cases for FPGAs currently not possible with existing tools.

In this project the team will implement gigabit transceiver support, both for the widely used Artix7 and the Kintex7 families of devices, thus enabling complete open source network infrastructure (e.g. an open source 10 GB Ethernet switch). The second focal point will be identifying and fixing issues that arise from the community of users of the toolchain.

>> Read more about openXC7

S-SATA for openXC7 — Open source SATA phy and interface for FPGA's

This project develops an open-source SATA controller for use with FPGA technology, specifically targeting the Xilinx Kintex/Artix7 family. SATA, which stands for Serial Advanced Technology Attachment, is a technology used to transfer data between a CPU and an attached persistent storage device. By creating an open-source hardware controller, this project will make it easier and more affordable for researchers and developers to implement dependable high-speed data storage solutions in their FPGA-based projects. Initially, the controller will support the 1500Mb/s data transfer speed typical of earlier SATA versions. Our development plan includes both building this controller, a hardware simulation of it, and software to demonstrate it. We then intend to implement it on actual hardware and prove it works.

>> Read more about S-SATA for openXC7

purl2all — Discover metadata for software packages

While we often simplify our mental model of the software supply chain by only looking at how source code is maintained and compiled with other source code into binaries which are distributed, in reality there are many more stakeholders that provide or curate information about software which is used by others as part of their decision process - and there are many supply chains concurrently, some of which are intertwined. The purl (package-url) initiative allows this information to be aggregated from all the different stakeholders in the software supply chains.

The purl2all project aims to build a real-time, on-demand, decentralized and distributed knowledge base for all kinds of software packages metadata that can be used by other services that need the metadata; such as ScanCode, VulnerableCode, or any system, application or library using package-url (purl) as a way to identify packages and versions to lookup this data.

The outcome will be a decentralized, on-demand software metadata collection system that will complement or replace centralized batch systems.

>> Read more about purl2all

purl2sym — FOSS code symbols indexing system

Identifying corresponding source code compiled in natively compiled binaries is complex and important – only by knowing the code origin can one know if the code is subject to known vulnerabilities or licensing issues. In IoT and embedded devices, most of the code is composed of natively compiled binaries, with a significant Android-based ecosystem using Java with specific constraints: multiple programming languages (Java and Kotlin) and bytecode-compiled binaries. Many devices also embed secondary code (typically for admin and UI), such as Lua, JavaScript, Python, or PHP.

To help with identification of binaries, it is important to aggregate collection of identifiers and symbols from FOSS code and index them to easily retrieve the data in efficient detection engines, based on automations and binary scanners. These symbols or identifiers are essential to software identification tools such as BANG that can match symbols in source and binaries and determine the corresponding source code for a given binary code input.

purl2sym is a new data collection and indexing system to collect code symbols from FOSS source packages (and binaries in the future) and store them for reuse in other software analysis processes.

>> Read more about purl2sym

scalePNR — New place and route algorithms for large FPGAs

The scalePNR project focuses on enhancing digital circuit design for large Field-Programmable Gate Arrays (FPGAs), which are complex chips used in everything from consumer electronics to mobile phone base stations to cameras to AI accelerators to internet backbone infrastructure to advanced computing systems. Traditionally, designing these chips has been a highly specialized and time-consuming task, due to the complexity and computational demands of arranging and determining efficient wiring between the millions of tiny logic blocks they contain.

The goal of this effort is to tackle larger, more advanced FPGAs and make the process of designing circuits for these high-capacity chips more accessible and efficient, potentially leading to faster, more energy-efficient electronic devices. By researching and implementing new algorithms, the project aims to make it easier and quicker to design circuits that run cooler, faster, and more reliably, bringing the benefits of the latest technology to a broader audience and fostering innovation in numerous tech-driven sectors.

>> Read more about scalePNR

Σ-protocols — Formalise and implement zero-knowledge proof Σ-protocol

Σ-protocols are mature and widely-used cryptographic protocols used for digital signatures and for zero-knowledge proofs. This project is centered around their standardization and the development of a comprehensive specification and reference implementation.

The main goal is to create a detailed and accessible specification for Σ-protocols and the Fiat-Shamir heuristic, to be presented in formats like HTML or PDF, along with a reference implementation. This effort aims to make these technologies understandable and usable by a broad audience, including developers, practitioners, students, and engineers. The end goal is to make this technology more accessible for privacy-preserving applications and non-cryptographers.

>> Read more about Σ-protocols

uFork — A memory-safe pure-actor virtual machine

Applying the design principle of actors-all-the-way-down, uFork implements a virtual-machine that is memory-safe at the level of assembly-language instructions. All operations occur in the context of an actor message-event, which provides object-capability security throughout the system. The effects of individual instructions are isolated so they can only affect the state of their host actor until a transactional commit releases additional asynchronous message-events into the system. This isolation allows interleaved execution of multiple instruction streams, so multiple actors can make progress concurrently. The virtual-machine implements automatic memory management with garbage-collection, and fine-grained resource quotas are enforced by the processor.

>> Read more about uFork

uMap — Collaborative custom mapping with OpenStreetMap data

uMap is an online open source application to make custom maps. It aims to make creating maps easy for anyone in a few clicks. It’s simple for basic use cases, whether you want to prepare a bike travel with your friends or communicate the current roadworks for your city. But it’s also flexible and extendable for more complex or custom ones: drawing or importing data, customizing style and interface, sharing access to a map… uMap is also easy to install and to maintain to enforce a decentralized model. It is already deployed in several European countries, and is translated in dozen of languages. Plus, it also allows to create maps anonymously. In this project, we will adding real-time collaboration on maps with local-first support - which will for instance help a lot with live events and mapping sprints - and clean up the user interface.

>> Read more about uMap

vdirsyncer/pimsync — Synchronise calendars and contacts

In this digital age, we all have digital address books with the phones and addresses of our loved ones, friends, and those with whom we work. We keep calendars with meetings we need to attend and places we are expected to be. And we need to keep this information synchronised across devices, shared with others, but only with those whom we choose to collaborate.

Like its predecessor Vdirsyncer, Pimsync synchronises address books and calendars between webcal, caldav, and local vdir collections. This empowers users to manage their own data, synchronising with servers of their choice - and take their data offline to their own devices at any point, to interact with it any way they please. Pimsync is written in Rust.

>> Read more about vdirsyncer/pimsync

xrsh — Interactive text/OS terminal inside WebXR

xrsh (xrshell) brings the FOSS-soul of unix/linux to WebXR, promoting the use of (interactive text) terminal and user-provided operating systems inside WebXR (=xrsh). Technically, xrsh is a bundle of freshly created re-usable FOSS WebXR components. These provide a common filesystem interface for interacting with WebXR, offering the well-known linux/unix toolchain including a commandline to invoke, store, edit and run WebXR utilities - regardless of their implementation. Think of it as termux for the VR/AR headset browser, which can be used to e.g. livecode (using terminal auto-completion!) for XR component (registries).

>> Read more about xrsh