We are a research and development collective working on technologies that enhance horizontal coordination. We strive to develop resilient and secure systems without compromising on privacy, autonomy and utility.

Admittedly baffled by the grandiose venture, yet equipped with guile and ardour, we arrived at an uninhabited intersection of the Venn diagram of technologies. Hence, we are looking for co-conspirators with drive, opinions and ideas, not only for candidates with relevant experience.

Yes, this couldn’t be more vague, but no particulars will do a good job of capturing what we do. Bear with us.

Project description

Autonomous Build Network (ABN) is a project that aims to create a protocol for distributed software supply chain with credible source/binary build transparency and no single points of failure. In other words - a distributed package index with strong guarantees of tamper resistance.

A task worthy of inclusion in both “forward thinking innovation” and “how did we even get here without it?” categories. If, at this point, one does not use a distributed version control system (e.g. Git), they would probably be receiving moral guidance on this issue every day. Yet, the industry is still ignoring the absence of transparency and integrity for deployments.

We are not starting from scratch. More than a decade of work conducted by Guile Scheme, Guix and adjacent communities in the areas of reproducible builds and declarative configuration, bootstrapping, and distributed programming environments cover the majority of the milestones on the path towards a secure software supply chain.

Technology stack and architecture

Build Systems, Operating Systems, Distribution, Orchestration

Reproducible builds and full-source bootstrapping are a baseline requirement for our design. We adopt Functional Deployment Model (pioneered by NixOS) and deeply integrate our work with Guix software distribution.

There will be a sufficient amount of work with Linux subsystems. Thus, experience with networking, filesystems, namespaces, virtualization, and/or anything else from an endless list of concepts a system engineer is deemed to acquire, is a prerequisite for a quick onboarding. We live in the user space (so far) but familiarity with Kernel side is a big plus, as we have been digging closer and closer to the center all along.

You will be interacting with compilers and build toolchains, all of them. Guix provides abstractions for the majority of commonly used build systems. Yet, experience with Rust, Go, Python, Elixir will be helpful to resolve and adapt to packaging convention inconsistencies inevitably present in all programming language ecosystems. Knowledge of C toolchain related concepts like dynamic linking, FFI, cross-compilation is especially welcomed.

Guile (a dialect of Scheme) is our primary implementation language. For those who have not worked with Guile, it might seem as a choice solely influenced by the Guix ecosystem. However, Guile is one of the few programming languages that fits our long-term roadmap. It has good support for system APIs, rich standard library, seamless two-way interoperability with C land while at the same time able to provide unconventional features such as:

• Expressive and safe macro system to easily create DSLs
• First class suspendable continuations hence concurentML-like concurrency (aka CSP)
• Sandboxing
• Staged execution with module closure propagation (implemented in Guix)
• Flexible compiler hacking platform (IRs and language front end API)
• VM, JIT compiler for common IS-es and Wasm compiler
• P2P framework (Goblins) with Object capability security, asynchronous communicating event-loops, distributed garbage collection and debugging, and time-travel (for real)

Familiarity with concepts listed above is a big plus, yet, any experience with Lisp, functional programming in dynamic languages, working with extension languages and FFI will suffice. Candidates should feel confident to be able to manage their development process learn new technologies and solving issues never mentioned on StackOverflow. We will not leave you floating on your own - we will need to row together and need your help as much as you will need ours.

System engineering

A part of the technology stack we have covered above mostly deals with orchestrating and configuring systems that have been built already. The next step is to lift the facilities currently used in client-server style into a P2P protocol. Readers who saw this coming, receive extra encouragement points. Whoosh!

The protocol side of the project is in the early stages of development, and some of the late-stage design goals would deserve research problem status. Warning: research papers ahead.

Some of the areas of future work include:

• Distributed database of build input-output pair attestations
  • Best effort service with explicit trust policy
  • Hardware-based remote attestation
  • Sybil resistance based on computation trace challenge
• Content addressed storage integration
• Privacy and fairness preserving supply/demand clearing

As mentioned before, you will be doing things that likely either have not been done before or applying relevant techniques from other domains to a task at hand. Be sure to let us know of any knowledge, experience, ideas or opinions you have in the fields of:

• Operating systems
• P2P technologies
• Sybil resistance techniques
• Confidential and verifiable computation
• Cryptography in general
• Free software community politics and tools for collaboration and co-maintenance
• choose your own

Team, environment, conditions

As some might already see - we provide an environment to geek out with no limits. At first, you will be closely working together with one (me) or two engineers on a codebase that is aimed at being integrated within efforts of several other teams. We have very bright people collaborating and sharing the workspace with us. As a result, strap yourself for heightened levels of arcane nerdery and a need to keep yourself on track if you tend to get consumed by new ideas.

We are based in Berlin but have people working remotely as well. We try to keep quasi-horizontal structure when it comes to decisions and to provide equal pay to all workers regardless of their position.

Since we are a small and new team we practise bring-your-own-framework approach to project-management, and, as we grow, things have the potential to inevitably change. We welcome you to be part of it.

Both employment and freelance contracts are possible.

Keywords

Reproducible Builds, Bootstrapping, Operating Systems, Compilers, Build Toolchains, Declarative Infrastructure, Guix, Guile Scheme, Staged Computation, Linux Kernel, Trusted Execution Environments / Secure Enclaves, SGX, TDX, Remote Attestation, Bootloaders, Init System, Virtualization, Linux Containers (not Docker), Micro-Hypervisors, Unikernels, Multi Party Computation (MPC), Zero Knowledge Cryptography (ZK), Zero Knowledge Virtual Machines (ZKVM), Root of Trust, Web of Trust, Mechanism Design, Verifiable Computation, Confidential Computation, Tamper Resistant Hardware, Physical Unclonable Functions (PUF), Object Capability Security, Side Channel Attacks.

Contact us: hello@poeticte.ch