Send in your ideas. Deadline October 1, 2024

NGI Zero Core

Moving the internet forward

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI Zero Core (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

The internet was never designed with our modern usage in mind. Important decisions that shaped how the internet works today were made in the distant past, and we continue to run into the consequences — cascading effects and limited resilience, scalability issues, lack of strong privacy and security and a blind spot for energy efficiency. These may have seemed less important at the time, but currently they certainly are not, and we need to act.

NGI Zero Core is an ambitious grant programme led by NLnet as part of the Next Generation Internet initiative, which focuses on moving the internet forward according to the vision of a resilient and trustworthy technology stack that empowers users, and grants everyone full autonomy.

All projects become available under a free and open source license so you will be able to study, use, modify and share everything with anyone you want! Why not propose a project yourself, calls are currently open!

Logo NLnet: abstract logo of four people seen from aboveLogo NGI Zero Core: letterlogo shaped like a tag

Applications are still open, you can apply today.

AI Horde — Collaborative infrastructure for running generative AI models

The AI Horde is a crowdsourced, free, libre and open sourced service with the aim to truly democratise access to Generative AI. It supports both generating text via Large Language Models and images via Stable Diffusion via a simple REST API, allowing everyone to integrate this technology to any product.

One of the biggest challenges with Generative AI is the amount of resources required to run even simple models, leaving the vast majority of humanity without access to this technology. The AI Horde delivers a groundbreaking smart-queuing clearing house where enthusiasts can volunteer their idle compute for everyone in the world to generate images or text without any further commitments or budget.

>> Read more about AI Horde

Alive2 — Translation validation for LLVM

Modern compilers, such as LLVM, perform advanced optimizations to improve performance and reduce binary size of programs. However, getting these optimizations correct is very challenging: there are many corner cases, tricky issues with undefined behavior, modular arithmetic, and so on. On the other hand, programs rely on compilers being correct. A single bug in the compiler may introduce security vulnerabilities in the compiled programs. Alive2 aims to solve this issue by verifying that LLVM is correct. It is an indispensable tool for compiler developers and for anyone that wishes to validate the compilation of their program.

>> Read more about Alive2

Arcan-A12 Directory — Server side scripting API for Arcan's directory server

A12 is an explorative p2p protocol for fast and secure remote application interactions. Current desktop protocols are locked inside the constraints of their origins, and most of these have significant security and privacy issues. As a result, we've come to depend heavily on web frontends as the universal desktop application corset - which in return has caused a massive complication and overloading of the browser.

A12 establish a secure and interconnected network of personal compute devices, includes peer-to-peer channels and cryptography components. This project add a directory server that can be used as a trusted 3rd party rendezvous to establish such channels. It will expand the scripting API towards writing assistive 'apps' that can complement or split the workload handled on client devices; provide state synchronization and indexing/search between dynamic mesh networks created by linking directory servers together; dynamically launch and attach controlled sources.

>> Read more about Arcan-A12 Directory

Arcan-A12 Tools — A12 clients for different platforms and devices such as drawing tablets

The interaction patterns with our compute devices have switched from "one device - multiple users" over to "one user - multiple devices" and this new reality requires shift in how user personal data is shared and synchronised between their devices.

A12 is a network protocol designed to establish a secure and highly interconnected network of personal compute devices that has been developed as part of a larger Arcan umbrella project. The protocol includes peer-to-peer channels and cryptography components.

This follow-up project sets out to implement lightweight applications that will be capable of networking over A12 protocol to enable remote control, sensor and screen sharing, file sharing, notification sharing and enable other personal data flows. The end goal is convenience of having interconnected devices without sacrificing privacy and performance.

>> Read more about Arcan-A12 Tools

Automerge — Add Merkle Search Tree support to Automerge

Automerge is a CRDT library for building local-first collaboration software, allowing several users to concurrently edit a file, both in real-time and offline. It is currently optimized for working on a single document; this project aims to improve Automerge's support for synchronizing large collections of documents across multiple devices (for example, all of a user's notes in a note-taking app). The challenges here are efficiently determining which documents need to be synced, syncing multiple documents in parallel, giving users a progress indicator during large data transfers, and making the protocol efficient in terms of computation, memory, and bandwidth. Our protocol will be compatible with both client-server and peer-to-peer synchronization.

>> Read more about Automerge

Interpretation feature for Big Blue Button — Adding translator streams for live interpretation to BBB conference software

BigBlueButton is one of the leading open source videoconference solutions. The project will add support for simultaneous interpretation to BigBlueButton. Participants of a meeting will be able to choose the language they would like to listen to. Interpreters can choose which language they listen to and into which language they interpret. The solution can be combined with classical radio setups for interpretation already used in grassroot events to enable interpretation in hybrid situations.

>> Read more about Interpretation feature for Big Blue Button

BIDS: Binary Identification of Dependencies with Search — Identify known open source elements present in binaries

Embedded device firmware is assembled from many FOSS package dependencies. Knowing which dependencies have been used is essential for security and licence compliance. However this is a complex task for native ELF binaries built from languages such as C/C++ that do not have package managers for metadata and simpler conventions for bytecode like Java or Python. The BIDS (Binary Identification of Dependencies with Search) project will build a tool (in Python) to analyse ELF binaries and find dependencies contained and built in these binaries. The BIDS project will deliver tooling to analyse ELF binaries and extract key features and store these for indexing, tooling to index these binary features in a search engine using inverted indexing, and a query tool and library to process large binaries to query this inverted index. The latter will return results as lists of ranked FOSS packages and files found to be present in the analysed binary. The data and tools will also be packaged to allow for further integration and reuse by other FOSS tools and analysis pipelines.

>> Read more about BIDS: Binary Identification of Dependencies with Search

Back2Source next — Better matching of binaries with source code

Sometimes, the released binaries of an open source package do not match its source code. Or the source code does not match the code in a version control repository. There are many reasons for this discrepancy, but in all cases, this is a potential serious issue as the binary cannot be trusted. Additional (or different) code in the binary could be malware or a vector for unknown software vulnerabilities, or create FOSS license compliance issues.

"Back to source" creates analysis pipelines in to systematically map and cross-reference the binaries of a FOSS package to its source code and source repository and report discrepancies. We call this the deployment to development analysis (d2d) to map deployed code (binaries) to the development code (the sources) and we enable applying this "trust but verify" approach to all the binaries.

>> Read more about Back2Source next

Tracing and rebuilding packages — Improved metadata/provenance for build artifacts

For many end users the smallest unit of software is the "package": a collection of programs and configuration files bundled in a single file, typically shipped as a single archive. Examples are "util-linux", "glibc", "bash", "ffmpeg" and so on.

Open source distributions install packages using their package management systems. The package management system writes the contents of a package to disk when the package is installed or updated and removes the contents if the package is removed. The packages themselves contain metadata maintained by the distribution maintainers. This information includes the name of the package, project URL, description, dependency information and license information, etc.

This granularity can be too coarse. For example, the license information is aggregated at the package level. If there are separate files that are under different licenses, then this will not always be clear from the license information at the package level.

This project will make it more easy to understand by looking at what goes into each individual binary in a package, and assign metadata to the individual binaries instead of to a package. It will do so by tracing the build of a package and recording which files are actually used. By building packages in a minimal (container) environment, capturing the build trace, processing the build trace to see exactly what goes into which binary it becomes much easier to zoom in and answer specific questions such as "what license does this binary have" or "which binaries use vulnerable file X" and combining it with efforts like VulnerableCode and PurlDB.

>> Read more about Tracing and rebuilding packages

CAKE-MAINT — Improve network queue management algorithms on Linux

With the wider and wider adoption of the fq_codel (RFC8290) and cake codebases in shipping products, many issues in the field have been discovered, and features to address them proposed but not mainlined into Linux (or the BSDs). This project intends to tighten up the corner cases, fix up multiple observed problems, and add some needed new features if possible, as well as take a stab at addressing the biggest observed problem in the field for cake - not scaling shaping well to ever more popular multi-core routers.

>> Read more about CAKE-MAINT

CokoDocs — Add ODF, legacy office and PDF capabilities to CokoDocs

CokoDocs is an open-source, web-based Word Processor that is collaborative by design. In this project we're actively extending CokoDocs' use cases to include paging support (through PagedJS), OpenDocument Format import/export as well as support for some legacy file formats. In addition we will add backend system configuration, asset management, text chat and more. CokoDocs aiming to become a best in breed, highly customizable, and innovative word processor with strong privacy and security properties and elegant accessible design.

>> Read more about CokoDocs

COCOLIGHT — Lightweight version of Communecter

COmmunecter is an open source social and societal platform. COCOLIGHT is an low tech light weight client able to connects to any COmmunecter server, allowing both read and contribution modes. Easy to Install, fully Activity Pub compliant, federating organizations, events, projects and open badges. It allows to create networks of many COPI instances interconnected together and exchanging information and data.

>> Read more about COCOLIGHT

Diesel — Safe and performant query builder and ORM written in Rust

Diesel is a safe and performant query builder and ORM written in Rust. It aims to eliminate security issues like SQL injections by providing a type safe domain specific language to express your SQL query as Rust code. This enables checking the query at compile time to turn insecure or otherwise invalid SQL queries into compile time errors. As part of this project we want to extend Diesel to provide built-in support for `WINDOW` functions, to enable the usage of secure and type safe queries in more places.

>> Read more about Diesel

Draupnir — Moderation bot for Matrix servers

Draupnir is a comprehensive moderation bot for room moderators using Matrix (the open source decentralized instant messaging protocol). Draupnir assists room moderators in managing their community and provides continuous protection from spam and harmful content. This is done by utilising sharable and interoperable policy lists that allow different communities to work together to combat new threats. Draupnir also provides a plugin system that can adapt Draupnir to the different needs of every community. Our ongoing efforts to further modularise Draupnir's code base in the interests of maintainability should provide groundwork for future Trust & Safety related projects in the Matrix ecosystem.

>> Read more about Draupnir

Open source ESP32 802.11 MAC — Open source wifi drivers for ESP32

The ESP32 is a low-cost microcontroller with Wi-Fi connectivity. Currently, the Wi-Fi MAC layer of the ESP32 is closed-source. This project aims to change that: by reverse engineering the hardware registers and software, we can build a networking stack that is open-source up to the hardware, instead of having to use the proprietary MAC layer. This will improve security auditability, open up the possibility for features not supported in the proprietary implementation (for example, standards-compliant mesh networking), improve interoperability and make research into Wi-Fi networks with lots of nodes more affordable.

>> Read more about Open source ESP32 802.11 MAC

Email <=> XMPP gateway — Bridge instant messaging with email

Libervia is a versatile communication ecosystem offering features like instant messaging, blogging, event planning, photo albums, file sharing, audio/video calls, and more. It can additionally function as an XMPP component, providing server-side features. This initiative focuses on creating an Email <=> XMPP gateway, enhancing file management for attachments, transforming mailing list threads into interactive, forum-style discussions with modern elements such as tags and mentions, and ensuring support for end-to-end encryption. The Libervia interface will also see improvements for a better user experience, with clear indicators of message origins and security status. This gateway is a move toward unifying various communication methods within single clients, following Libervia's philosophy as seen with its ActivityPub <=> XMPP gateway and is in harmony with other projects like Slidge, Spectrum 2, or Biboumi. With the introduction of this component, not only will Libervia's functionality be elevated, but it will also equip other XMPP ecosystem projects with the ability to connect their users with the email world, fostering deeper integration of XMPP across the spectrum of communication tools.

>> Read more about Email <=> XMPP gateway

Ethersync — Real-time co-editing of local text files

Ethersync aims to enable real-time collaborative editing of local text files. Similar to Etherpads, it facilitates multiple users to work on content simultaneously, enabling applications such as shared notes or pair programming. However, following a "local-first" approach, all files reside on the users' computers, allowing them to use their familiar editors and workflows, and to retain user control. This design enables a kind of collaboration that is simple and direct, stable and flexible, and preserves privacy. Ethersync will be a supplement to tools that track larger changes on text files, like Git, and can be used in combination with it. The project will leverage CRDTs, and consists of a server component, a cross-platform local synchronization daemon, and editor plugins.

>> Read more about Ethersync

Exter — Proxy-based external browser extensions

Exter is a web based plugin platform which allows addons to alter websites behavior/style/functionality. Instead of trusting the browsers' plugin ecosystem, let's modify the websites before browsers receive them! The goal of this project is to provide a stable and free website-extension-platform to allow future proof and flexible addon development.

As a web application, Exter opens URLs, rewrites the static content and injects client scripts to wrap default javascript functions, applies addons, then sends the sanitized/modified website to the browser. This way we have the ability to write plugins that can intercept/modify not only HTTP requests, but even client side functionalities, such as sanitizing 3rd party content or appending new DOM elements to the website or altering cookie handling from javascript and much more.

>> Read more about Exter

FPGA-ISP-UVM-USB2 — Open hardware FPGA-based USB webcam

The USB UVC project is designed to create an innovative and adaptable webcam that easily connects to any laptop, providing high-quality video without the need for special drivers. Unlike ordinary USB webcams that often come with proprietary software and limited functionality, this project aims to deliver a flexible, open-source solution that can be tailored and improved by anyone. The webcam will offer superior video quality with features like automatic brightness adjustment, color correction, and real-time video compression, making it ideal for video calls, streaming, and other visual applications. By focusing on open-source principles, this project ensures that the technology is accessible, modifiable, and transparent, allowing for continuous community-driven enhancements.

This project stands out because it is not locked into proprietary ecosystems, offering users greater control and flexibility over their hardware. It can work with a wide range of computer models, providing a versatile tool for both personal and professional use. Additionally, the open-source nature of the project means that it can be continuously improved and customized by developers around the world, fostering innovation and collaboration.

>> Read more about FPGA-ISP-UVM-USB2

Feather UI — Declarative cross-platform UI toolkit

Feather is a universal UI library that applies user inputs to application state, and maps application state to an interactive visualization using a custom graphics rendering language capable of compiling to arbitrary GPU code or vectorized CPU code. By building on top of a well-typed graphics abstraction, it is possible to make custom shaders "write once, run anywhere" with confidence and no overhead. This allows the creation of UI Fragments, which no longer need to be built on top of a library of UI widget elements, allowing the creation of arbitrarily complex UI elements that are no longer bound to traditional widget designs. This level of abstraction allows targeting anything from embedded devices to webpages, or even mixed-reality devices.

>> Read more about Feather UI

Fediverse Test Framework — Test bench for ActivityPub implementations

The Fediverse consists of individual servers, possibly running different software, that talk to each other. One of the challenges in developing for the Fediverse is to stay interoperable with all the different deployed software. As the message format standard, ActivityStreams, is extensible through JSON-LD, judging how a message is parsed, can be a hard task.

By using ideas from automated testing, we provide an application that determines a baseline how messages are processed and rendered. The process being simply: run end to end tests and record their result. From the test results a webpage is generated that provides developers the information how a message is rendered in different applications. We aim to make the framework extensible so new applications can be included.

>> Read more about Fediverse Test Framework

Fediverse Test Suite — Interoperability effort for W3C ActivityPub

The Fediverse is a global, standards-based, decentralized social network accessible to all and not subject to algorithmic manipulation or platform surveillance. While best known for Mastodon, an open-source alternative to X/Twitter, it already successfully connects dozens of independently developed software applications running on tens of thousands of independently operated servers and implementing feature sets that go far beyond traditional social networking.

To enable even more innovative developers to successfully connect their applications to the Fediverse, and their users to successfully interoperate with users using different software, it needs to become much simpler and cost-effective for developers to 1) know that they have implemented the relevant standards (notably ActivityPub) correctly, that their implementation is not regressing and that 2) their software indeed delivers the experience users expect from interoperability with other software developed independently by other developers.

This project brings together a group of fediverse developers to set up an automated test framework and initial test cases in an open-source project that will systematically test standards conformance, ensure meeting user expectations for interoperability of Fediverse apps, and enable a new wave of innovation based on more trustworthy infrastructure.

>> Read more about Fediverse Test Suite

Flashkeeper — Write Protection on SOIC-8 flash chips without soldering

Firmware security projects such as Heads assume the firmware itself to be protected against tampering. Outside of proprietary solutions Boot Guard, partial write protection (WP) of the SPI flash chip (recently implemented by 3mdeb) is one solution. However, WP requires grounding the chip's WP pin, something that currently requires users to solder to the chip. As many users find this difficult, this has limited "retrofit" adoption of WP.

This project is developing Flashkeeper, a device that can be permanently installed on a common SOIC-8 flash chip. It attaches to the chip with a peel-and-stick layer and spring-loaded contacts or low-profile solder-down flex cable, interfacing with the SPI flash pins for easy write protection and external reprogramming (unbricking). For users concerned with physical attacks on their systems, for whom easy access to SPI flash pins may be seen as a risk, a variant including a microcontroller (MCU) is also being developed, allowing authenticated external reprogramming and WP control, and independently verifying the SPI flash image against a user-controlled signature each boot.

>> Read more about Flashkeeper

GPGPU Playground — A virtual GPU to learn GPU programming

GPUs are an extremely effective and widely deployed vector co-processor, and yet those interested in adapting their capabilities are faced with a very high barrier to entry. Tools like OpenCL, CUDA, and WebGL all require a broad background to get started solving even simple problems, and mistakes in larger programs can be nearly impossible to identify without an even deeper level of experience. This project takes advantage of WebAssembly and Vulkan's SPIR-V format to deliver a safe, on-demand toolkit for exploring the potential of GPUs, focused on applications outside the bounds of traditional graphics acceleration.

>> Read more about GPGPU Playground

Gancio — Shared agenda for local communities that supports Activity Pub

Gancio is a shared agenda for local communities, and was the first one to support Activity Pub. Gancio focuses on cross-cutting collaboration through its decentralized instances that allow to connect communities. This enabling users to easily discover and engage in events in their neighborhood, as well as elsewhere - while avoiding attention-based business models and intrusive advertisements.

The focus of this project are a numberof new features such as implementing HTTP Signatures, moderation and onion routing, as well as improving compatibility with other Fediverse event tools. In addition, the team seeks to establish a common agreed upon event format to make the interaction with such tools more streamlined.

>> Read more about Gancio

Collection of Verified multi-platform Gatewares — Comprehensive repository of open source gateware designs

The "Verified Multi-Platform Gatewares" project will create a comprehensive repository of gateware designs that are compatible with various FPGA development environments and boards. The goal is to reduce the barriers to FPGA development by providing designs that are rigorously tested and maintained for compatibility. The project will host these open source designs on a dedicated website, ensuring they work seamlessly across multiple toolchains and boards. The collection will range from beginner to advanced designs, serving as educational resources and benchmarking tools, continually updated to prevent bitrot.

>> Read more about Collection of Verified multi-platform Gatewares

Guix-Daemon — Transition to a Guile implementation of the guix-daemon

GNU Guix is a transactional package manager and a distribution of the GNU system that respects user freedom. A key component in Guix is the guix-daemon, currently implemented in C++. Much of the power and flexibility of Guix comes from all of the package definitions and surrounding tooling being implemented in GNU Guile, however this doesn't extend to the guix-daemon. This difference has been a limiting factor in making changes and improvements to the way the guix-daemon works and is interacted with. The expected outcome of this project is to have a Guile implementation of the guix-daemon, and to transition to this being the default guix-daemon used. This will improve the maintainability and portability of the guix-daemon and Guix overall, as well as unlocking future improvements to the guix-daemon and connected tools.

>> Read more about Guix-Daemon

Open Hardware Manuals — Automatically generate user-friendly documentation for open hardware elements

This project will create a tool that automatically generates Computer-Aided Design (CAD) models, assembly documentation, graphics, and user guides based on user provided configurations. These documents can be continuously updated, localized, and are shareable - akin to an always up-to-date Ikea-style assembly guide. The tools developed during this project will also be applicable to other open hardware projects, empowering designers to produce hardware that is more adapted to specific contexts, without creating fragile documentation that always goes out of date when a change is made to the design.

>> Read more about Open Hardware Manuals

SCE, DelTiC and Antler — High-Fidelity Congestion Control

Some Congestion Experienced (SCE) is a project in high-fidelity congestion control (HFCC) that aims to stabilize transport congestion windows, thereby reducing queueing delay and jitter, and increasing link utilization. Our goals under NGI Zero are to complete the DelTiC (Delay Time Control) AQM algorithm, implement a new MIMD transport response aiming for max-min-fair flow competition at shared bottlenecks, and release a purpose-built congestion control testing tool, Antler v1.0. We will inform the CC community about our work, and update our Internet Drafts to keep the door open for future standardization, should the opportunity arise.

>> Read more about SCE, DelTiC and Antler

Holo Routing — A novel routing stack in Rust, including IS-IS routing

Holo is a suite of routing protocols designed to address the needs of modern networks. Holo was started in response to the increasing trend in the networking field towards automation, where network devices are expected to be managed programatically using a variety of standard interfaces. Written in Rust, a memory-safe language, Holo prioritizes reliability, ease of maintenance, and security.

This project aims to extend Holo by incorporating support for the IS-IS protocol, one of the most widely used interior routing protocols. The IS-IS implementation will encompass both IPv4 and IPv6 support, cryptographic authentication, and extensions for traffic engineering. Rigorous testing against multiple vendors and comprehensive conformance tests will ensure the interoperability and robustness of the implementation.

>> Read more about Holo Routing

IPv6-monostack - upstream Linux SIIT/NAT64 — Commoditizing NAT64 and IP/ICMP translation to accelerate IPv6 deployment

NAT64/SIIT technology is critical in enabling networks to transition away from the legacy internet protocol IPv4, yet this network function is currently expensive and hard to deploy, seriously hampering adoption. We believe we can remedy this situation by getting this translation technology accepted into the upstream Linux kernel thus paving the way to rapid and widespread adoption, accelerating IPv6 adoption overall.

>> Read more about IPv6-monostack - upstream Linux SIIT/NAT64

IotECC — Lightweight Elliptic Curve Cryptography for small chips

This project is building an open-source software library for modern Elliptic Curve Cryptography (ECC). To achieve this, the project aims for a unique trade-off between three different (and partly conflicting) goals that is currently not offered by any of the existing ECC libraries for small 8/16/32-bit microcontrollers. The first goal is efficiency, which includes not only fast execution times, but also small code size and low RAM usage. Equally important as efficiency is the second goal, namely security, and this includes not only the absence of subtle bugs that could leak secret information, but also robustness against timing-based side-channel attacks. The third goal is usability, which is achieved by a simple and intuitive API, an easily readable and well-commented source code, and a rich documentation with examples for common use cases.

IoTECC will come with highly-optimized Assembly functions for the low-level field-arithmetic for 8-bit AVR, 16-bit MSP430, as well as 32-bit ARM Cortex-M3 and RISC-V microcontrollers. The higher-level functions are written in C and shared among the different platforms to minimize the code base and reduce complexity.

>> Read more about IotECC

IronCalc — Embeddable spreadsheet engine written in Rust

IronCalc is a versatile open-source spreadsheet engine written in Rust from the ground up, employing modern programming best practices. It can be used from any programming language or from end-user products like Web IronCalc. Around the world, millions of spreadsheets are used for accounting, data analysis, processing, educational purposes, collaboration, sharing, etc. IronCalc aims to be an all-purpose alternative to Excel or Google Sheets, filling an important gap in the democratisation of spreadsheets. Suited for companies, individuals, and schools alike, the project aims to be feature-rich, international, fast, and lightweight.

>> Read more about IronCalc

JSON-Joy Peritext — Rich-text CRDT implementations for json-joy CRDT

json-joy is an open source library for building distributed collaborative web applications, its major focus is on implementing performant state-of-the-art CRDT algorithms. This project aims to implement a Peritext-like rich-text CRDT on top of the JSON CRDT Specification as part of the json-joy library. The goal of the project is to implement a production-ready collaborative rich-text editing algorithm, Peritext, and supporting modules for the json-joy library. The project will also improve on the originally proposed Peritext algorithm by leveraging JSON CRDT data structures to make various rich-text annotations mutable and block elements nestable.

>> Read more about JSON-Joy Peritext

KDE Plasma Wayland — Accessibility and advanced graphics input support for KDE Plasma Wayland

Plasma is the desktop provided by the KDE project, one of the largest and most successful open source initiatives in the world. Wayland is the successor of X11 for Unix desktops and the future for many reasons, including security and privacy. However there are some user groups that currently do not have their requirements satisfied. Some people have motor impairments of their arms/hands (such as restricted movement, tremors, or missing fingers) that make it hard or impossible to operate a traditional computer keyboard. Operating systems provide a number of options like sticky keys, slow keys, or bounce keys to accommodate for such disabilities. Another pain point is configuration of graphics tablet input devices. This includes things like mapping the tablet area to an output area, binding tablet/stylus buttons to actions, or configuring pen pressure curves. This project will implement support for these special user groups in KDE Plasma on Wayland.

>> Read more about KDE Plasma Wayland

Knowledge Graph Portal Generator — Automatically generate custom web interfaces for structured data

The Knowledge Graph Portal Generator is a toolkit designed to create user-friendly web portals for Knowledge Graph (KG) datasets, making data from public SPARQL endpoints accessible to users without expertise in semantic technologies. Built on the LinkedDataHub framework, our solution will feature paginated collections, faceted search, and detailed entity views. It will extract RDF ontologies from datasets, generate content configurations, and use these to extend the default LinkedDataHub into a dataset-specific web application.

>> Read more about Knowledge Graph Portal Generator

Kami — Choreography programming language integrated with the Rust ecosystem

Kami is a new programming language, based on the Rust ecosystem, designed from the ground up for correct-by-construction distributed systems. In its core it is pure and functional, thus ideal for building complex concurrent systems. It takes cues from multiparty session types and choreographic programming language research: The behaviour of all roles in a distributed application can be implemented at once from a global point of view. This high-level description is compiled to rust code for all participating roles, with the guarantee that the system will be deadlock-free. Developers can seamlessly drop down to using rust, and all of its ecosystem, for writing local code, while using Kami for composing the local computations into a coherent distributed system. In this project we implement the type-checker, compiler and other developer tools for Kami, to provide for a similarly friendly developer experience as Rust.

>> Read more about Kami

KiCad-IPC — Add RPC API, multichannel designs and schematic variant system to FOSS EDA suite

KiCad is an open source electronics design application (EDA) suite. The program includes schematic capture, printed circuit board (PCB) layout, circuit simulation, 3D viewer, and many other tools to provide the best possible user experience for professional electronics designers while still remaining approachable for new and inexperienced users. It is available for Windows, macOS, and Linux and is released under the GPL3+ license.

>> Read more about KiCad-IPC

LabPlot — Scientific and engineering data analysis and visualisation

LabPlot is a free, open source and cross-platform data visualisation and analysis software. It focuses on ease of use and performance. It provides high quality data visualisation and plotting capabilities, as well as reliable and easy data analysis, without requiring any programming skills from the user. Data import and export to and from a variety of formats is supported. LabPlot also allows calculations to be performed in various open source computer algebra systems and languages via an interactive notebook interface.

In this project the team will work on extending the current feature set of the application to reach a wider audience. This includes scripting capabilities (in Python only in the initial implementation) to script and automate repetitive data visualisation and analysis workflows and to allow control of LabPlot from external applications via a public interface. The second feature that will be worked on is the ability to apply analysis functions such as FFT, smoothing, etc. to live/streaming data (data imported into LabPlot and modified externally). And thirdly, statistical analysis including common hypothesis tests, correlations, regressions and data panning.

>> Read more about LabPlot

Lemmy Scale — ActivityPub-powered social link aggregation and discussion

The project summary for this project is not yet available. Please come back soon!

>> Read more about Lemmy Scale

LANShield — Constrain local network access for mobile devices

LANShield is a tool that will give users control over which apps and programs are allowed to access devices in the local network. This is done to defend against malicious apps that may try to scan the user's local network and subsequently leak sensitive information. For instance, when an app tries to access the local network for the first time, the user is asked whether this app should be allowed to access local devices. The project will also investigate models and protocols to safely enable an app to communicate with local devices, with the idea that apps can use this protocol to access local devices without requiring explicit user permission. The project will also investigate how to integrate this defence into Android.

>> Read more about LANShield

MEGA65 Phone Modular MVP — OSHW mobile device with form-factor of hand-held game consoles

The previous MEGAphone project laid the groundwork for creating personal communications devices that are secure through simplicity. This project extends that work by making the hardware modular, at some cost of minimum size, so that it becomes much more feasible for small communities to produce and maintain their own units, even in the face of supply chain challenges and other contributors to the "digital winter", i.e., the situation where open innovation becomes more difficult due to number of factors. This will also make it easier to include diverse resilient communications options, whether RF, optical or acoustic, so that peer-to-peer communications networks can be sustained even in environments that are hostile to freedom of communications. For this reason energy sovereignty will also be part of the design, so that even if all civil infrastructure is denied, that basic communications and computing functions can be sustained, with a single device whose security can be much more easily reasoned about.

>> Read more about MEGA65 Phone Modular MVP

Improving the deployability of Multipath TCP — Improve MPTCP support in the Linux kernel

Multipath TCP (MPTCP) is a standardised technology extending TCP and invented in Europe. TCP is one of the key protocols of the TCP/IP protocol stack, designed in the 1970s when hosts were attached to the network through a single cable. Today's hosts have several network interfaces, but TCP only uses one of them for a given connection. Multipath TCP solves this problem by enabling TCP connections to exchange packets over different network interfaces. With the current version of MPTCP in the Linux kernel, most of the features listed in the RFC8684 are implemented. Basic use-cases are supported but still it doesn't mean the solution is covering all needs and is easy enough to use. In short, MPTCP works well in some controlled environments but not as good in too heterogeneous ones like it is common to see on the Internet. Also its configuration is sometimes seen as difficult and/or confusing for the moment. Some work is then still needed to cover more use-cases plus to improve the usability and performances in order to have Multipath TCP adopted by a broader audience.

>> Read more about Improving the deployability of Multipath TCP

MailBox renewal — Performance upgrade of MailBox mail modules

Email is still the workhorse of the internet, and behind the screens some of the heavy lifting is by applications like the Mailbox modules. Under the hood, this software is processing billions of emails every day at some of the largest players in the industry.

The project will deliver a major update of the code after two decades. This is not only long overdue, but actually offers interesting opportunities to take into account new email related RFCs, investigate new possibilities for code optimisation as well as tackling new threats like SMTP smuggling.

As a bonus, the project will work on a standalone tool to be able to once more properly forward emails in the SPF/DMARC era - a very welcome capability, the lack of which is currently causing a lot of headache and lost email for users.

>> Read more about MailBox renewal

Miru — Multi-track video editing and real-time AR effects

Miru is a new set of modular, extensible Web platform tools and components for still image and multi-track video editing and state-of-the-art, real-time AR. Using WebGL, WebAssembly, and open source, mobile-optimized machine learning models, Miru will give people on the social web the tools to edit images and apply interactive effects to recorded video without compromising on privacy and transparency. Miru aims to provide intuitive and user-friendly UIs which developers can easily integrate into their Web apps regardless of the frontend frameworks they use.

>> Read more about Miru

postmarketOS/phosh-mobile-settings integration — Consolidate functionality of FOSS mobile settings applications

Currently, there is no easy way for applications to install settings that then show up in the system's settings app on desktop Linux systems. As part of bringing desktop Linux to mobile phones in postmarketOS, we have created a "tweaks" app for phone-specific configuration options. With this project, the options in this tweaks app will be converted to a format described by a specification which settings apps then can implement. This in turn is part of a broader effort to make desktop Linux suitable for running on mobile phones as a means to create an operating system for phones without excessive user tracking or built-in ads, with a focus on the user instead of money.

>> Read more about postmarketOS/phosh-mobile-settings integration

Mobilizon UX — Share events on the fediverse

Mobilizon enables the creation of community venues for organising and promoting local and topical events, activities, and groups. These instances can share information using the ActivityPub protocol, allowing users to publish their events on one Mobilizon server and propagate these elsewhere. Mobilizon is designed to be user-friendly and empowering.

In order to reach a wider audience with Mobilizon, we need to make sure we serve the needs of users well - whether they are instance administrators, event organisers, or end users. We will conduct workshops to study how each of these interacts with Mobilizon and understand their expectations, so that we can develop Mobilizon accordingly. Additionally, we will test, document and improve interoperability with other Mobilizon instances, other fediverse applications, and other websites in general. This can be achieved through plugins, APIs, and aligning on standard formats such as Ical. Ultimately, communicating about local activities will become more efficient and finding local activities easier.

>> Read more about Mobilizon UX

Movedata — Privacy-preserving, energy efficient data replication and verification

MOVEDATA is an efficient and privacy-preserving tool to distribute large blocks of data, such as the contents of a whole storage device (or a device image), with zero knowledge of the structure or meaning of the data to enhance the privacy aspect, and using multicast and other technologies for efficiency, both in terms of network bandwidth and of energy usage. Ease of use is also of particular concern, providing different interfaces adapted to different use cases.

>> Read more about Movedata

Movim — Add end-to-end encrypted videocalls to Movim XMPP

Movim is a web-based social and chat platform that acts as a frontend for the XMPP network. The goal of this project is to modernize and extend the long-existing audio and video conferencing features in three major steps. First, the existing UI will be completely refactored and redesigned to better integrate the conferencing features into the existing pages and flows. Secondly, Movim will support one-to-many call features and offer full compatibility with other XMPP clients building upon the step-one features but without relying on a central server to handle the media streams. And finally, to handle conference calls with a large number of participants, Movim will standardize and integrate SFU (Selective Forwarding Unit) support that will then lift the streams network bottlenecks offering a complete and scalable experience to its users. With those three steps fulfilled Movim will then be able to greatly simplify fully standard XMPP audio and video conferencing calls on the web.

>> Read more about Movim

NixBox — Nix integration with netbox

NixBox is a modern approach to network deployments, it combines the configuration management powers of nix with the documentation capabilities provided by NetBox. It focuses on testability, reliability and automation while making your network documentation your configuration. Our goals are to reduce downtime and improve network visibility. Utilizing virtual machine tests we can ensure that your deployment will actually work before you ship it to production.

>> Read more about NixBox

NodeBB — ActivityPub support and accessibility improvements for forum software

NodeBB is a Node.js based community forum software utilizes web sockets for instant interactions and real-time notifications. NodeBB benefits from modern features like real-time streaming discussions, mobile responsiveness, and rich RESTful read/write APIs, while staying true to the original bulletin board/forum format — categorical hierarchies, local user accounts, and asynchronous messaging.

In this project, the team will be working on bringing ActivityPub integration to NodeBB, in order to allow forums to become truly interconnected with other ActivityPub-enabled applications throughout the wider Fediverse (of course including other NodeBB forums). The absolute hardest part of starting a community — forum or otherwise — is gaining a critical mass of adoption in order to sustain interest and content. What if we could bypass this hurdle altogether?

>> Read more about NodeBB

O-ESD: Open-hardware for ElectroStatic Discharge testing — Open-hardware for ElectroStatic Discharge testing

The goals of the Open-hardware for ElectroStatic Discharge testing (O-ESD) is to design, produce and verify an open-hardware and accompanying open-software for a device for electrostatic discharge testing. Electrostatic discharge is a phenomenon that occurs daily between humans and electronics and can irreversibly damage the electronics. All consumer electronics sold in EU, including all internet hardware, must satisfy Electromagnetic Compatibility (EMC) Directive. One of the most hardest tests within EMC directive deals with electrostatic discharge as defined by IEC/EN 61000-4-2 standard. Standardized tests are typically done with special equipment in accredited EMC laboratories and are costly. The O-ESD tester will minimize the costs of pre-compliance testing and make it publicly available.

>> Read more about O-ESD: Open-hardware for ElectroStatic Discharge testing


HTTP/3 is the most recent version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web. Like the QUIC transport layer protocol it uses, it is standardized by the Internet Engineering Task Force (IETF). OCaml-QUIC is an implementation of QUIC (RFC9000), QPACK (RFC9204), HTTP/3 (RFC9114) and associated protocols in OCaml, an industrial, functional, memory safe programming language, used in sectors ranging from finance and research to social media and web application.

The project aims to provide an open, complete implementation of the aforementioned protocols to be used and deployed in embedded devices, POSIX/UNIX operating systems and unikernels (self-contained, library operating systems).

>> Read more about OCaml-QUIC

OWASP dep-scan — Security and risk audit tool

OWASP dep-scan is a next-generation Software Composition Analysis (SCA) tool based on known vulnerabilities, advisories, and license limitations for applications, container images, and Linux virtual machines. Powered by abc - AppThreat atom, OWASP blint, and CycloneDX Generator (cdxgen) - dep-scan performs a range of advanced code hierarchy and lifecycle analysis (for example, reachability analysis) to improve precision and reduce false positives, thus helping developers and AppSec people focus on supply chain vulnerabilities and risks that needs real attention.

Dep-scan is purpose-built to be integrated in CI, Vulnerability Management platforms, and air-gapped environments. Dep-scan can perform all the analysis offline, with no code or SBOM leaving your environment. The tool supports generating reports in CycloneDX VDR, OASIS CSAF VEX, HTML, PDF, and Markdown formats.

>> Read more about OWASP dep-scan

owi — Symbolic evaluator and fuzzing of WASM software

WebAssembly (Wasm) is a post-JavaScript code format for the web, enabling efficient computing, with built-in sandboxed execution. Its usage is expanding: it is now used in online services, in embedded systems and to create portable binaries.

Owi is a toolkit tailored for Wasm. In particular it can perform efficient symbolic program execution. That is to say, for a given program, it is able to find input values leading to a crash. Many languages are compiling to Wasm, e.g. C/C++/Rust. Owi can thus be used as a bug-finding tool working on any of these languages. We're currently improving the usability of the tool as a part of the testing workflow for developers, the first step of this work is to provide an interface making Owi a drop-in replacement for AFL.

>> Read more about owi

Omnom — Add social layer to personal bookmarking

Omnom is a web-based, self-hosted bookmarking and snapshotting platform that can create identical snapshots of any opened webpage to what it looks like in the browser at the time of creating the snapshot. It consists of a browser addon compatible with Firefox and Chrome based browsers and a multi-user web based application. The goal of this project is to add social features and improve user experience.

>> Read more about Omnom

OpenCarLink — Security tooling for vehicle ODB2 ports

OpenCarLink is an initiative aimed at revolutionizing vehicle diagnostics and security through the development of an open hardware device for vehicle OBD2 ports. By supporting communication protocols such as DOIP, CAN, Kline, and Single-Wire CAN, OpenCarLink enables users to perform remote diagnostics, real-time emissions tracking, enhanced vehicle security through penetration testing, and increased driver safety via behavioral data tracking. This project promotes an open and innovative future for the European mobility sector by help circumventing manufacturer limitations. By releasing the hardware design under an open-source license, OpenCarLink fosters a environment where enthusiasts, researchers, and professionals can contribute to and benefit from the advancements in vehicle diagnostics and control. With a focus on democratizing access to the DOIP protocol, OpenCarLink challenges the restrictive policies and secrecy that currently dominate the automotive industry, help paving the way for a more open and informed society.

>> Read more about OpenCarLink

Open Cloud Mesh — Improved specs and test suite for Open Cloud Mesh protocol

The Open Cloud Mesh protocol, at its core, defines a wonderfully simple JSON payload to notify another server when a user wants to share a folder or file with a user on that server. It is implemented by some major Enterprise File Sync and Share (EFSS) vendors, and used in production by several serious organisations - including major National Research and Education Networks (NRENs). But its specification and test suite are still lacking in substance and quality. In this project we will improve the specification text, flesh it out to a more strictly defined (RFC-style) text that addresses all aspects and considerations of the protocol. In addition we improve the test suite so that it can be run in Continuous Integration (CI) instead of requiring frequent manual intervention, and clarify any incompatibilities we find between implementations.

>> Read more about Open Cloud Mesh

OpenHarbors — Dynamic Tunneling of WPA over IP/L2TP

OpenHarbors wants to establish a novel approach for secure communication over an untrusted Wifi network - and beyond: Dynamic tunneling of WPA over IP/L2TP. Why? Because current, secure solutions are not satisfactory: They are either hard to set up, require extra software in advance or are not applicable on an open wireless community mesh network like Freifunk.

OpenHarbors will utilize and implement WPA Enterprise with an extra twist: Instead of providing an encryption channel only between your mobile device and the direct WLAN access point you will be able to securely dial-out at any location on the internet you trust and choose and are granted access to. Without the hassle of installing and setting up an extra VPN software on your phone. Without the need of a trusted WLAN access point operator model or closed source firmware, in contrast to current approaches with Passpoint/Hotspot 2.0/eduroam/WBA OpenRoaming and similar - which all are conceptually not applicable on open wireless community mesh networks.

>> Read more about OpenHarbors

Open Web Calendar Stack — Aggregate public and private web calendars

The Open Web Calendar stack is an open-source set of Python libraries and programs which read and write calendars based on the iCalendar standard. The Open Web Calendar displays a highly configurable website that can be embedded to show a calendar. Currently, ICS URLs are supported and a goal is to also support CalDAV.

Amongst the used libraries is the popular icalendar library to parse and write iCalendar (RFC5545) information. This cornerstone of Python's ecosystem requires some work to be up-to-date with common practice such as updating the timezone implementation. The updates to the icalendar library will be tested and also pushed up the stack to the Open Web Calendar.

The recurrence calculation of events is done by the python-recurring-ical-events library. Changes to icalendar will be tested against this library to find compatibility issues. As the iCalendar standard has been updated, recurrence calculation is affected, too. These updates need to be evaluated and possibly implemented for both icalendar and the recurrence calculation.

By implementing changes at the base, the whole stack is improved. We can use the Open Web Calendar project to make sure that possible transitions and updates are mapped out and communicated to other projects in the ecosystem. Improving a FOSS solution thus spreads the accessibility of iCalendar.

>> Read more about Open Web Calendar Stack

Openfire IPv6 support — Add IPv6 support to the Openfire XMPP server

Openfire is an open-source, mature, cross-platform, real-time collaboration server based on the XMPP protocol. Originating around the turn of the century, IPv6 was not explicitly supported when it was originally created. As shown by anecdotal evidence, some IPv6 functionality already ‘works’ in Openfire. This, however, is accidental, and not by design. This project intends to add explicit IPv6 support to Openfire.

>> Read more about Openfire IPv6 support

PTT — Unikernel Mailing list server in OCAML

Email is still one of the main channel of communication.Setting up and maintaining something as simple as a reliable mailing list in-house is significantly more complex than it ought to be. Out of convenience, many organisations and communities outsource running their maiilng lists service to third-party agents. However, this not only creates an unnecessary dependency but also reduces confidentiality, which can be a critical aspect.

This project has the ambition to win back the means of communication, developing a new mailing list application service that is easier to maintain securely (through unikernels using MirageOS), and is efficient in terms of resource usage. The service should integrate into existing infrastructures seamlessly.

>> Read more about PTT

Pijul ecosystem — A modern patch-based version control system

Pijul is a modern patch-based version control system that addresses many shortcomings found in existing tools. While its foundations are already mature and well-tested, it lacks many conveniences users expect from the ecosystems of popular tools such as Git. This project aims to significantly reduce Pijul's barrier to adoption by addressing common areas of user feedback - documentation, usability, robustness, and integration into other tools such as text editors or CLI prompts. We believe this will improve the workflow of existing users, and enable many more to adopt Pijul and its benefits without sacrificing other parts of their workflow.

>> Read more about Pijul ecosystem

Pleroma — Scalable ActivityPub server written in Elixir

Pleroma is an extendable ActivityPub communication server. Pleroma can be as light-weight as you want it to be, fit for both running from a homeserver or from more serious infrastructure. Pleroma embraces customization. Instead of trying to dictate how users should use our software, we give them options. From the backend to the frontend, there are hundreds of configurable options to satify the different needs of everyone. We know there's no single setup that works for everyone, and are more than willing to listen to users' feedback. Being part of fediverse of course means interacting with other servers and Pleroma provides the best experience when displaying other types of content, even non-microbliging. Fediverse nowadays is a very big place with a lot of different people, who don't necessarily agree with each other or have good intentions. To help with the insurmountable task to moderate the stream of incoming and outgoing content, Pleroma has Message Rewrite Facility, allowing instance administrators to automatically act upon activities including modifying them and deciding whether to show them in federated timeline or not. Having more detailed and partially automated moderation helps create a network where users don't have to worry about not being able to talk to someone else because the admins didn't have the rights tools at their disposals.

>> Read more about Pleroma

Pre-Scheme — Compile Scheme directly to portable C

Pre-Scheme is a statically-typed dialect of the Scheme programming language which compiles to C, suitable for low-level systems programming. Pre-Scheme is implemented using a sophisticated general-purpose compiler, written in Scheme, with demonstrated applications to other programming languages and compilation targets. This project aims to port the compiler to R7RS, the latest Scheme standard, so that it can run on a variety of modern Scheme implementations. The Pre-Scheme language and tooling will also be updated to meet the expectations of a contemporary developer audience, and the compiler framework will be documented and exposed to support future innovations in programming language development and research.

>> Read more about Pre-Scheme

Protomaps — Self-hostable maps based on OpenStreetMap data

Protomaps is a free and open source map of the world, deployed as a single file you can host yourself. It enables interactive, zoomable mapping applications with only static storage and HTTP Range Requests. It uses the OpenStreetMap dataset as a primary source; its configurable toolchain can create maps with specific areas, custom data, and different cartographic styles. It’s used in earth science, journalism and the public sector. Protomaps has no vendor lock-in, permits end-to- end data sovereignty, and can ensure end-user privacy. 

>> Read more about Protomaps

Py2HWSW — A tool to manage embedded HW/SW project

This project aims to develop an open-source Python framework for managing files, automating project flows of embedded hardware/software codesign projects, and partially generating Verilog hardware components. The framework simplifies the project structure, addresses challenges in Hardware Design Languages like Verilog and VHDL, and automates emulation, simulation, FPGA, and ASIC flows. The proposed Verilog generator offers flexibility, user control and ease of use, producing human-readable code compatible across FPGAs and ASICs.

>> Read more about Py2HWSW

Proper Webcam support in Qemu — Better virtualisation of camera interfaces

QEMU is one of the most popular open source machine emulators and virtualizers. It supports a wide range of architectures and is capable of emulating many types of hardware devices. Many people rely on QEMU to run alternative operating systems or even as a secure development environment.

Sometimes it is necessary to pass camera devices to the QEMU guest and make them available to the system. While it is possible to pass cameras using the generic QEMU USB host emulator, this only works with USB cameras and only makes them available to that single QEMU guest. However, many modern systems move away from USB cameras and provide other interfaces for the camera, and thus cannot be passed through.

Our solution is to use the operating system's video API instead to make the video device available. We will focus on providing proper support for the Video4Linux API to emulate a USB video device so that it works with the already existing OS drivers. With proper integration of a camera subsystem, this opens the door to supporting more camera APIs and even extending paravirtualized VirtIO devices in the future to improve video quality for next generation video devices.

>> Read more about Proper Webcam support in Qemu

Redox OS Unix-style Signals — Add Unix-style signal handling to Redox Operating System

Redox OS is a Unix-like microkernel based operating system written in Rust. It is intended to provide a secure and reliable alternative to Linux. Redox is continuing to add functionality to provide source-code compatibility for most Linux software. This project will provide Redox with Linux-compatible inter-process signals, including signalling to process groups, processes and threads, and improved process management.

>> Read more about Redox OS Unix-style Signals

Renderling — Real-time rendering library on top of WebGPU

Renderling is an innovative, GPU-driven real-time renderer designed for efficient scene rendering with a focus on leveraging GPU capabilities for nearly all rendering operations. Utilizing Rust for shader development, it ensures memory safety and cross-platform compatibility, including web platforms. The project, currently in the alpha stage, aims for rapid loading of GLTF files and handling large, animated scenes with many lighting effects. Development emphasises performance, safety, observability, and the use of modern rendering techniques like forward+ rendering and physically based shading.

>> Read more about Renderling

SCION-enabled IPFS and libp2p — Enhancing IPFS Performance and Resilience through SCION's Path-Aware Networking

SCION is a clean-slate Next-Generation Internet (NGI) architecture which offers a.o. multi-path and path-awareness capabilities by design. Moreover, SCION was designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design. The goal in this project is to leverage the path-awareness in SCION to align the storage and lookup in IPFS with the underlying network in an optimal manner, while at the same time using SCION to establish trust between the entities.

>> Read more about SCION-enabled IPFS and libp2p

Slint port for Android — Port the Rust-based Slint UI toolkit to Android

Slint is a next generation declarative GUI toolkit that supports multiple programming languages such as Rust, C++, and JavaScript. Implemented in Rust, a language known for its memory safety and performance, Slint can run on platforms such as Windows, Linux, Mac, QNX, and microcontrollers. The popularity of Android as a mobile phone operating system has influenced the standardisation of drivers on embedded systems to the extent that its possible to easily procure off-of-the-shelf embedded hardware that can run Android. Slint will be the first native (non-web based technology) Rust based toolkit for creating applications on Android and will allow designers and developers an alternative open source option to build the user interface for their applications.

>> Read more about Slint port for Android

Solid NC 2024 — Add more Solid capabilities to Nextcloud

The Solid Nextcloud project implemented a server component with the Solid specification for Nextcloud, which makes ones Nextcloud server a Solid server as well. This allows user to user their existing server for identity and storage within the Solid eco-system.

To enhance security and to enable easier cooperation and release of new versions we need to improve a number of things. The CI/CD of the project will be improved. Based on an earlier audit, we will implement a number of security enhancing features and we will release a PHP Solid Server next to the Solid Nextcloud module. These servers share a lot of code, which makes maintenance easier. The advantage is that PHP has a security maintenance cycle of three years, making it easier for users to stay secure when using a Solid server.

>> Read more about Solid NC 2024

Transitioning SMM Ownership to Linuxboot — More robust defense Against Firmware Vulnerabilities

The project summary for this project is not yet available. Please come back soon!

>> Read more about Transitioning SMM Ownership to Linuxboot

Standards Grammar Catalog/Toolchain — Open Standards Grammar Catalog/Toolchain

The Open Standards Grammar Catalog/Toolchain makes it easier to implement a format or protocol by translating its machine-readable definition, usually in a language such as ABNF, into forms readily compatible with popular programming languages, like regular expressions, YACC, ANTLR, and native code. By providing a toolchain for making these translations, assembling a catalog of commonly used formats & protocols, and publishing a developer-friendly website for browsing the grammars and generating translations, these tools will reduce the need to manually write a parser, ultimately reducing errors due to hand-written code, and enhancing interoperability.

>> Read more about Standards Grammar Catalog/Toolchain

Stencila v2 for ERA and EPP — Add editable, runnable code to scientific publications

Stencila offers a platform for collaborating on, and publishing, dynamic, data-driven content with the aim of lowering the barriers for creating data-driven documents and making it easier to create beautiful, interactive, and semantically rich, articles, web pages and applications from them. The latest version, a rewrite in Rust, is aimed at leveraging two relatively recent and impactful innovations: conflict-free replicated data types (CRDTs), for de-centralized collaboration and version control, and large language models (LLMs) for assisting in writing and editing prose and code. These technologies used together provide an advance in scholarly communication of research findings by powering the Enhanced Preprint Platform and Executable Research Articles at publishing venues such as eLife and GigaScience.

>> Read more about Stencila v2 for ERA and EPP

Structured Email for Roundcube — Add metadata awareness to open source email

Email is probably the only open and widespread technology bridging our private information space (Mobile, Desktop) and the public Internet. It can in fact be considered our "personal API". Structured Email for Roundcube develops a plugin for the popular Roundcube Webmail software, which extracts data embedded in email messages. Based on that, it allows for new ways of presenting emails and interacting with them.

>> Read more about Structured Email for Roundcube

Client Proof-of-Work in TLS — Mitigation against DoS amplification on the TLS handshake

The computationally expensive nature of asymmetric crypto in TLS makes it vulnerable to denial-of-service attacks. We propose an extension to TLS that mitigates this attack vector, shifting the advantage from the attacker to the defender. The project will deliver a draft spec, mergeable patches for leading TLS libraries, and a measurement report explaining the results.

>> Read more about Client Proof-of-Work in TLS

TSCH-rs — Time Slotted Channel Hopping implement in Rust

fTime Slotted Channel Hopping (TSCH) is a Medium Access Control (MAC) layer protocol described in IEEE 802.15.4e designed for low-power and lossy networks. Devices are allocated time slots in which they can transmit and/or receive frames. The rest of the time the radio is turned off, reducing energy consumption. Consecutive transmissions are done on different frequencies to tackle interference. Implementations of TSCH can be found in Contiki-NG and OpenWSN, both written in C.

TSCH-rs is a TSCH implementation written in Rust, providing ease-of-maintanance, security and reliability. Furthermore, the implementation aims to be hardware-agnostic, making it easy to port to different IEEE 802.15.4 based radios. The Rust network stack for IEEE 802.15.4 radios already contains an implementation for 6LoWPAN and RPL. TSCH-rs will be a valuable addition to the Rust based low-power IEEE 802.15.4 network stack.

>> Read more about TSCH-rs

Tau — Remote sharing of terminal sessions

A common problem among people working on a command-line interface is to share their terminal session with one or many other people via the internet, ideally along with an audio stream, without viewers having to install any specific software. This project creates a solution that enables anyone with a web browser to receive such a broadcast.

Unlike generic screensharing alternatives, a broadcast created by .tau will not be a stream of compressed video but rather a stream of ASCII characters with preserved timing as well as the broadcaster's terminal look & feel, and giving the ability to easily copy text. The broadcaster will have a nice and easy experience installing a piece of software which accomplishes this.

Upon completing a broadcast, a single resultant file is available for later viewing on the internet and or private distribution. Simple, portable and robust.

>> Read more about Tau

TrenchBoot as Anti Evil Maid - UEFI boot mode support — Add UEFI to the Qubes integration of Trenchboot with AEM

The project summary for this project is not yet available. Please come back soon!

>> Read more about TrenchBoot as Anti Evil Maid - UEFI boot mode support

Tvix-{Store/Build} — Improve store and builder component of Tvix

Tvix is a modern design and implementation of the Nix package manager (GPLv3). It brings a modular architecture in which components such as the build environment or package store are replaceable, which enables new use-cases and platforms. A graph-reduction evaluation model will make it possible to use Nix for package definitions and entire system configurations, its proven and tested use case, as well as for granular build definitions for individual components of software. Tvix will be fully compatible with nixpkgs, the existing package definition set for Nix, letting its users leverage more than a decade of community contributions and making it useful right out-of-the-box. This particular project focuses on the Store and Builder components of Tvix, upgrading the store protocol, improving the Builder API as well as providing more interop with Nix.

>> Read more about Tvix-{Store/Build}

UnifiedPush — Decentralized and open-source push notification protocol

Push notifications are essential to the modern mobile experience, as they enable applications to communicate with users in real time, even when not in active use. Major mobile operating systems provide a centralized service that they control, but depending on a centralized push notification system controlled by one company raises issues of privacy and independence. UnifiedPush is a decentralized and open-source push notification protocol. It is a set of specifications and libraries that allow the user to choose how push notifications are delivered. It is compatible with WebPush, the standard for web applications.

>> Read more about UnifiedPush

Toward a Fully-Verified SCION Router — Formal verification of the reference open source SCION Router

SCION is a next-generation Internet architecture that addresses many of the security vulnerabilities of today’s Internet. Its clean-slate design provides, among other properties, route control, failure isolation, and multi-path communication. This project will demonstrate the feasibility of verifying the core component of the SCION inter-domain routing architecture - the SCION router. Prior work has proved that the SCION data plane protocols are secure. The focus of this project is on verifying that SCION’s open-source router is memory-safe and implements those protocols correctly and, thus, provides the intended security and correctness guarantees.

>> Read more about Toward a Fully-Verified SCION Router

VexiiRiscv — Next generation of the VexRiscv in-order FPGA softcore

VexiiRiscv (Vex2Risc5) is a hardware project which aim at providing an free/open-source RISC-V in-order CPU which could scale from a simple microcontroller up to a multi-issue/debian capable cluster. While the project already surpasses VexRiscv in multiple domains (performances, 64 bits, debian), it still needs work and testing to reach feature parity (tightly coupled RAM, JTAG debug, optimization, ...), aswell to extend its scope (lightweight FPU, vector unit, ...). This grant would aim at filling those gaps aswell as improving its documentation.

>> Read more about VexiiRiscv

Vouivre — A dependent type system for machine learning in Lisp

Current machine learning frameworks are built around relatively weak type systems. This is a problem because, at scale, machine learning applications are exceedingly intricate and computationally expensive, therefore making costly runtime errors unavoidable. This is where Vouivre comes into play. Using a dependent-type system, the project aims at enabling users to write machine-learning applications that solve real-world problems with compile-time validation of their correctness, thus preventing runtime errors at a reasonable computational cost.

>> Read more about Vouivre

Enhance the vulnerability database — Enhance the VulnerableCode vulnerability database

Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structure and tools that are (1) designed primarily for commercial/proprietary software components and (2) too dependent on the National Vulnerability Database (funded by the US CISA and Dept. of Commerce). With the explosion of Free and Open Source Software (FOSS) usage, we need a new approach in order to efficiently identify security vulnerabilities in FOSS components that are the basis of every modern software system and applications. And that approach should be based on open data and FOSS tools.

This project delivers unique FOSS tools to aggregate software component vulnerability data from multiple sources, privileging upstream data directly from project maintainers. VulnerableCode organizes that data with a de-facto industry standard Package URL identifier (Package URL or PURL) enabling efficient and straightforward automation for the search for FOSS component security vulnerabilities. The benefits are to contribute to the improved security of software applications with open tools and data available freely to everyone and to lessen the dependence on a single foreign governmental data source, or a few foreign commercial data providers.

In the new context of the upcoming Cyber Resilience Act (CRA), the access to an open, free and curated FOSS package vulnerability data source is now an imperative. And the organization of vulnerability data by Package URL or PURL identifiers in VulnerableCode enables easy frictionless integration with Software Composition Analysis (SCA) code analysis tool chains, direct enrichment of SBOMs (Software Bill of Materials) to find if SBOM-listed packages have known vulnerabilities, and creation of VEX (Vulnerability Exploitability Exchange) document to communicate the impact of known vulnerabilities

>> Read more about Enhance the vulnerability database

WPE Android — Embedded-friendly Webview based on WebKit

WPE (Web Platform for Embedded) is a WebKit port for Linux-based embedded devices with a focus on flexibility, security and performance on lower-powered devices. Albeit less known than Chromium, Firefox or Safari, WPE is currently deployed in millions of embedded devices (e.g. set-top-boxes, smart home devices, kitchen appliances, infotainment, etc), but it hasn't yet reached those based on the Android Operating System, which has become an important actor for certain types of devices, such as phones, tablets, set-top-boxes and even IoT devices.

In such environments, the only option currently available to leverage the power of the Web Platform is to use Android's WebView, which is based on Chromium and therefore problematic in cases where using that is not an option. By bringing WPE to Android in the form of an Android WebView-compatible component, we aim not just to make WPE available in more platforms but also to expand the options Android developers currently have so that they can choose between a Chromium-based WebView and a WebKit-based WebView for their applications. This would be great to cover Web rendering needs in general on Android, and particularly beneficial for multimedia-intensive use cases (e.g. set-top-boxes, digital signage...), as well as for other less conventional use cases such as QA & testing (e.g. testing WebKit-based browsers on Android based systems).

Last but not least, as a side effect of widening the reach of WPE to Android-based devices, we believe that we would also be bringing more balance and diversity to the Web, by making sure that developers have a realistic alternative to the Chromium-based Web rendering engine they can use to develop their products.

>> Read more about WPE Android

Wayland input method support — Better specification for Wayland input methods

As Linux distributions switch to Wayland, some functionality is still incomplete. One of them is being able to input non-Latin scripts. It is a necessity for a large portion of the world, yet it's not standardized across Wayland environments. The same text input functionality is needed for typing on mobile Linux, which, considering how many people use smartphones rather than laptops, might be even more important for Linux adoption. This project wants to bridge that gap, by continuing the effort of standardizing input-method protocols started for Phosh in Squeekboard, gtk, and wlroots.

>> Read more about Wayland input method support

Improving WebKit on Windows — Improve Windows support for the WebKit browser engine

WebKit is an open source browser engine, used by Safari and others. Such a browser engine is used to lay out web pages, graphically render the content and perform all other kinds of tasks under the hood of a browser or WebView. In recent years, one engine (Google's Blink engine, which forked from Webkit in 2013) has started to become nearly pervasive due to the market share of Google.

Having a global dependency on a single piece of code maintained by a single entity is a significant liability, and isn't good for the open web either. It is important that applications on all platforms are able to choose from different engines like WebKit, Gecko or Servo. One weak part of Webkit in recent years has been its limited support for the Windows platform. This project will focus on enabling more features in WebKit’s Windows port, to make WebKit a more viable alternative choice when building a cross-platform web browser.

>> Read more about Improving WebKit on Windows

Webxdc evolve — Comparative analysis of HTML5 app containers is an evolving standard which defines a format for portable HTML5 applications and an API for local-first, peer-to-peer, end-to-end encrypted applications. For this project we will perform a comprehensive survey of historical and contemporary efforts with similar goals, including those by W3C working groups, independent open-source developers, and noteworthy proprietary platforms. We'll produce reference documents providing developers with a comprehensive overview of the space, summarizing their options for packaging portable HTML5 applications for different platforms, and highlighting affinities between closely aligned projects. As a follow-up, we'll propose additions to the webxdc API based on patterns observed in other projects, aiming to reduce the complexity of common designs and facilitate portability between or interoperability with existing platform implementations.

>> Read more about Webxdc evolve

Whippet — A new local maximum in safe, managed memory

Whippet is a new automatic memory manager (garbage collector) which is designed to be incorporated into the Guile Scheme programming language implementation. Switching to Whippet should improve the speed and scalability of Guix and other Guile-based software while also lowering total system memory usage. This project aims to push Whippet over the finish line, filling in missing functionality and doing the last-mile work to incorporate Whippet into Guile. The anticipated results should also give confidence to other language run-times looking for a state-of-the-art, embeddable, minimal, no-dependency garbage collector.

>> Read more about Whippet

Willow Sync — General Sync Protocol for Willow written in Rust

Willow is a protocol for syncable data stores, forming resilient data networks which can endure indefinite connectivity outages. This protocol brings qualitative advances to data deletion in distributed networks, supports completely decentralised fine-grained permission schemes, and has been designed to use memory, bandwidth (and consequently energy) efficiently. In this project, the Willow protocol will be implemented using the Rust programming language. This new implementation will be able to take advantage of Rust’s efficiency and safety guarantees, and make the protocol accessible to embedded devices, as well as provide a more efficient solution for smartphones, computers, and servers alike.

>> Read more about Willow Sync

MLS for XMPP — Add Message Layer Security to XMPP

XMPP (Extensible Messaging and Presence Protocol) is an IETF- standardized (RFC 6120/6121) communication protocol designed for instant messaging and other near-real-time exchange of structured data between two or more network entities. MLS (Messaging Layer Security) is an emerging, IETF-standardized (RFC 9420) protocol for end-to-end encryption of messages and a central part of the IETF MIMI (More Instant Messaging Interoperability) effort to allow communication across messaging apps, for example in the context of the EU Digital Markets Act.

This project adds support for MLS encrypted messaging to XMPP group chats. This includes creating a prototype implementation, standardizing an XMPP Extension Protocol (XEP) and introducing support in two existing XMPP clients.

>> Read more about MLS for XMPP

XMPP Interoperability and Protocol Standard Conformance Testing — Development of an XMPP Test Suite

XMPP is the Extensible Messaging and Presence Protocol. XMPP offers an open, extensible, standardised and mature set of open technologies designed for decentralised communication. With its flexible design and rich history, its utilisation is widespread.

To advance interoperability in its diverse ecosystem of developers and implementations of server software, this project will create an implementation-agnostic test suite for XMPP servers, testing for conformance with the XMPP protocol standards.

The suite will be designed to be integrated with various third-party CI components to minimise the complexity of including the suite in development processes of the various and varied parties that are developing XMPP server implementations.

>> Read more about XMPP Interoperability and Protocol Standard Conformance Testing

Zero-allocation web servers in roc — Web server framework with constant memory usage

Memory consumption in web servers is hard to predict and control. Our zero-allocation web server guarantees constant memory usage and per-request memory caps. These guarantees and capabilities make web infrastructure more reliable, because it is actually possible to calculate how much server capacity is required for a certain amount of traffic.

The vast majority of webservers are written in a language with automatic memory management. They cannot provide the guarantees that our webserver can, and often have other downsides like poor general performance and GC pauses.

The core of our webserver is written in rust, and while it works in a rust-only context, is meant to be used in combination with the roc programming language, a fast, friendly, functional language with automatic memory management, but without GC pauses. Users will be able to write web applications using roc, without having to consider how memory is allocated. At the same time, we manage the memory as efficiently as possible under the hood.

>> Read more about Zero-allocation web servers in roc

ZeroPhone Next — Hackable open hardware mobile phone

This project is building a hacker-friendly personal device platform, providing people with an assortment of building blocks that can be reused in building devices of their own. It sets out to deliver a featureful device for day-to-day use, with cellular and wireless connectivity, and bringing a powerful user interface that can easily be used in others' projects.

The platform's design prioritizes self-assembly capabilities, respect for the user's privacy, extensive documentation that makes the platform's building blocks all that more accessible, and forming a community aimed at helping other hackers build their own devices. The platform's inherent modularity also provides a testbench for designing open-source replacements for commonly closed-source parts of the DIY portable device ecosystem, as well as development of open firmware for currently-closed-source components.

>> Read more about ZeroPhone Next

Zilch — Tools for efficient granular builds and introspection

Zilch is an experimental test bed for alternative approaches to building programs, services, and full Linux distributions. Being built on top of Nix, it is entirely compatible with NixOS. The goal of this project is to research and develop a set of tools that allow a developer to write programs and patch existing upstream projects, while keeping the reproducibility and sandboxing afforded to them by Nix.

>> Read more about Zilch

bluetuith — Bluetooth connection/device manager for the terminal

bluetuith is a lightweight Text User Interface (TUI) based Bluetooth manager for the terminal, which allows users to manage a multitude of different Bluetooth based functions, like pairing, connection, file transfers, handling audio playback and networking and so on seamlessly via an easy-to-use interface. The project aims to extend support to as many other platforms as possible, to achieve multiplatform support, and provide users with a familiar interface to control Bluetooth across different platforms. The project also aims to solve the issue of communication and user-friendliness of platform specific Bluetooth stacks, by creating daemons/services native to that platform, and lightly wrapping native APIs and exposing a standard set of APIs that will allow any client to be built cross-platform and to connect and control Bluetooth (Classic especially) in a much more efficient and uniform manner.

>> Read more about bluetuith

f8 — Modern 8-bit instruction set

Among microcontrollers (µC), 8/16-bit µC are an important part of the embedded systems ecosystem since they tend to have substantially lower resource and energy costs than the larger, more powerful 32-bit and 64-bit µC.

However, existing 8/16-bit µC architectures tend to be either somewhat inefficient (e.g. MCS-51) or single-vendor (e.g. STM8, Rabbit). The latter are at a high risk of being discontinued when a vendor pulls out of the 8/16-bit market, and this has been announced recently for the STM8 and Rabbit architectures. One possible solution is to develop an efficient free architecture for 8/16-bit µC. The f8 is such an approach. It is based upon extensive experience from the large number of 8/16-bit architectures supported by the free Small Device C compiler (SDCC). Like RISC-V did for 32/64-bit architectures, f8 is based on lessons learned from the strengths and weaknesses of existing 8/16-bit architectures.

>> Read more about f8

foaHandler — Reverse engineer the OpenAccess file format

Commercial CAE programs still dominate the community that designs electronic circuits. One of the most widely used file format here uses the OpenAccess API controlled by Si2. Unfortunately, this API is available only for members of the OpenAccess coalition. The project "foaHandler" aims at creating open-source programs for reading and writing OpenAccess files. Their internal data structure will be investigated by reverse engineering the file content of schematics, component symbols and layouts. Then, routines will be created that make it easy to import and export OpenAccess files in open-source programs like circuit simulators, layout programs etc. Example files and documentation will be published, too. This makes the data exchange between free and commercial EDA applications possible.

>> Read more about foaHandler

lib1305 — Microlibrary for Poly1305 hashing

In modern network protocols, every packet is authenticated using a message-authentication code (MAC). Any data modified by an attacker is immediately caught and rejected by the MAC. The most popular MAC algorithms are Poly1305, normally used with the ChaCha20 cipher as part of ChaCha20-Poly1305, and GMAC, normally used with the AES cipher as part of AES-GCM. Many applications, such as WireGuard, require specifically Poly1305. This project will develop and release a new software library, lib1305, for Poly1305. The library will provide comprehensive and well-optimized software exploiting the 64-bit assembly instructions of Intel CPUs to provide top speeds for those CPUs, while meeting the security constraint of not leaking secret information through timing.

>> Read more about lib1305

libnix — Native Nix on MS Windows

The libnix project improves the Windows support of the Nix package manager, by making nix and nix-build work natively on the Windows platform. By creating a ‘libnix’ on top of this, it will allow package managers like node, cargo, pip, and vcpkg to use Nix for building their dependencies. The effort helps bring declarative, reliable packaging systems to a wider audience.

>> Read more about libnix

libvips — Add animated PNG and enhanced JPEG XL support to libvips

libvips is an image processing meta-library, whose development the European Commission funded back in the 1990s. Applications can outsource the heavy lifting of handling a variety of image types to this library. The library has meanwhile grown very popular with web developers around the world; the node binding, for example, is downloaded more than 5 million times a week at the time of writing.

In addition to scrutinizing the security of the library, this project will implement two key improvements to libvips: animated PNG support, and enhanced JXL support. The former capability (the addition of animated PNG support) can be gained from another NGI Zero project, libspng. libvips uses libspng for PNG read and write, so by extending libvips to use these new libspng features, they will become available to a large developer community very quickly.

Second, libvips has had preliminary support for the JXL format since libjxl v0.4. Since then, the libjxl API has evolved considerably and the libvips connector needs updating, especially in the areas of large image support and HDR, both increasingly important with the steady improvement of smartphone cameras.

>> Read more about libvips

nextpnr for GW-5 — Add support to nextpnr for Gowin GW-5 FPGA family

This project focuses on enhancing the open-source FPGA design toolchain (specifically nextpnr and Apicula), to support the Gowin GW-5 series of FPGAs. This initiative involves creating detailed documentation and developing tools to understand and utilize these FPGAs effectively. By extending nextpnr and Apicula to generate valid bitstreams for the GW-5 series, the project aims to make advanced FPGA technology more accessible and usable for designers and engineers around the world.

>> Read more about nextpnr for GW-5

p3pch4t — Decentralized chat platform built on i2p

P3pch4t is a decentralized chat platform built on i2p that aims to provide a feature-rich experience with huge privacy standards, so it will be easy for people to switch from well-known centralized/proprietary chat apps - such as Facebook Messenger, Telegram, Slack to one place that will have all features that user desire - including large file sharing, shared calendar, group chats, multiple devices and chat themes - all of that will come in a cross-platform app that will run on all major mobile and desktop platforms. Together with that, there will be a handful of libraries in different languages to interact with the network directly - to ensure that it is easy for other developers to extend the p3pch4t ecosystem, and to ensure that the standard for communication is well defined.

>> Read more about p3pch4t

postmarketOS: v23.12 and v24.06 Releases — New versions of the mobile operating system postmarketOS

postmarketOS keeps smartphones useful after they don't receive updates anymore: the original operating system gets replaced with an up-to-date lightweight open source software stack based on Alpine Linux. Oftentimes people use postmarketOS to upcycle their old smartphones to small home servers (like Raspberry Pis). While still experimental, we also work towards enabling all typical smartphone features too so postmarketOS can fully replace the original operating system. Besides extending the lifetime of smartphones, in postmarketOS we value the user's privacy, security and in general control over their own device. Unlike current mainstream smartphone operating systems, it is not needed to register an account and get tracked to use the operating system. Creating new releases allows us to keep the software stack up-to-date, to integrate important fixes, features and in general to get closer to provide a full smartphone experience.

>> Read more about postmarketOS: v23.12 and v24.06 Releases

postmarketOS daemons — Add modern service daemons to postmarketOS

postmarketOS keeps smartphones useful after they don't receive updates anymore: the original operating system gets replaced with an up-to-date lightweight open source software stack based on Alpine Linux. This project will add initial systemd support to postmarketOS, as well as making Pipewire the default audio server in postmarketOS. It will help switch the wifi backend to iwd by default, and design and prototype an immutable version of postmarketOS with an efficient A/B OTA mechanism with binary delta updates, and automatic rollback on failed updates.

>> Read more about postmarketOS daemons

Support for OpenPGP v6 in rPGP — Implement draft-ietf-openpgp-crypto-refresh in rPGP

rPGP is a high-quality implementation of OpenPGP in pure Rust (OpenPGP is a standard for encryption, digital signatures and key management). rPGP is used in production in different contexts, among them the popular "Delta Chat" decentralized and secure messenger that is used by hundreds of thousands of users, worldwide. The OpenPGP standard has recently been revised to reflect current best cryptographic practices. The revision of the standard defines "OpenPGP version 6" and is currently being finalized  for publication as RFC 9580. This project will implement the new formats and features of OpenPGP v6 for rPGP. This will bring the new features of OpenPGP v6 to users of rPGP, and ensures future interoperability with all other modern OpenPGP implementations.

>> Read more about Support for OpenPGP v6 in rPGP

tslib — Better configuration and callibration of touchscreen devices

tslib is somewhat older but widely used software for configuring the touchscreen of (mainly) embedded Linux devices including printers, mobile phones, etc. This nimble project concerns a bundle of improvements in terms of calibration, some accessibility research (to see if people with e.g. a tremor can be better served), and addressing a backlog of feature requests. In addition the project will use the help of NGI Zero to apply additional security scrutiny.

>> Read more about tslib

vm-builder — Virtual Machine Build, Life Cycle and Integration in monolithic and microkernel platforms

As each piece of software is built using other software, it is difficult to ensure that a program is not accidentally infected through malicious code interfering anywhere in this process. An important defence is reducing the amount of code one relies upon and strictly isolating the build from any other processes that could influence it, typically by using a virtual machine.

However, the are currently no minimal, portable and final virtual machine build systems which enable effective bootstrapping of operating systems. Delegating this task to container build systems is insufficient, since they are primarily available to the Linux kernel and provide weak isolation properties. Delivering those with a high portability and even (or especially) on low TCB microkernels is key to secure bootstrapping of operating systems and applications on (to be) trusted infrastructure.

The current prototype has proven successfully applicable to nowadays general purpose OSs, templating/inheritance and reproducible builds are to be implemented. An implementation in a more robust programming language like Rust is still lacking and will be completed in the course of this project. The long term goal is to easily build and provide legacy platforms and software especially on microkernels — allowing for a migration path towards operating systems with effectively manageable complexity.

>> Read more about vm-builder