Open Source & Innovation
We believe that the culture and best-practices of open-source development provide a powerful, efficient and transparent framework for sharing innovation and resources between independent entities, despite different economic interests. This framework can be adopted by teams working on closed-source projects (with inner-source), to yield similarly effective results.
Open-source code is reviewed extensively, guided by experts in the field, and is a very efficient way to distribute software to large commuities of developers and users. By fostering engagement in the open-source ecosystem, we can extend our reach to more partners, developers, users, and markets, all of which further promote the growth and development of the community. This strategy has allowed Tarides to bootstrap commercial projects, and to attract and hire top talent in related fields.
We collaborate with many institutions, both academic and commercial, sharing knowledge and resources to yield powerful results. Alongside honing the core OCaml tools, we continue to build on our academic foundations via public-funded grants and projects, PhD study frameworks, and by publishing academic papers of our original research.
In 2021, Tarides was selected for the NGI DAPSI initiative, an incubator supplying grants to innovators developing technology solutions and services in the field of data portability. Secure-by-Design Communication Protocols (SCoP) is an open-source, secure, and resource-efficient infrastructure used to engineer a modern basis for safe open messaging. It makes use of type-safe languages and unikernels to ensure that private information remains secure. SCoP is made up of several components. MrMIME generates an email, and then SMTP sends the email, signed by a DKIM key. We can correctly sign an email, generate a signature, and the DKIM field containing the signature. When the email is received, we check the DKIM signature and the SPF metadata, and that completes the cycle. The project was also made possible by a grant from Next Generation.I-Lab
In 2019 Tarides was recognised at the i-Lab innovation contest, a competition that rewards entrepreneurial and innovative solutions in tech. The contest is organised by the French Ministry of Higher Education, Research and Innovation, in collaboration with Bpifrance, a financial institution dedicated to promoting innovative entrepreneurship in France. We were one of 75 selected (out of 700 applicants) for our work on OSMOSE: a software infrastructure platform that deploys secure and distributed IoT applications, using low-resource constraints and providing low-latency performance.
CIFRE PhD Academic Partnerships
Tarides supports the CIFRE PhD framework, which provides “industrial agreements for training through research”. This mechanism allows companies registered under French law to recruit doctoral students to undertake a research project in collaboration with a recognised public laboratory. Students in this framework will defend their thesis, and will be awarded a doctorate if successful.
We currently have 3 active CIFRE PhDs: 2 in partnership with Inria, and 1 in partnership with Universite Paris-Saclay.
Our collaboration with OCaml Labs and Segfault Systems has produced many academic papers, some of which have been published in top-tier journals, as well as receiving awards. Tarides will continue to publish original research together with our academic partners, Inria, University of Cambridge, and IIT-Madras.
OCaml is an open-source, type-safe, functional programming language, which allows developers to write safer applications. The OCaml compiler has been developed for more than 20 years at Inria (Institut National de Recherche en Informatique et Automatique), and provides key “security-by-design” features by analysing programs to automatically detect common security issues (related to memory and type-safety) before the program even runs. Xavier Leroy, the creator of the OCaml language, has received numerous awards, and was awarded the first chair of Software Engineering Sciences at College de France.
Today, the use cases of OCaml extend from pure research to commercial ventures: from building verification software tools (Coq, Why3, and Imandra), to being the language of choice for industry leaders who rely on predictability, safety, and high performance.
Our work focuses on ensuring that the OCaml compiler retains its fine balance of ease of use, correctness, and performance, whilst still evolving to include new features. This includes developing new language-based tools for specification-based testing, fuzzing, and verification of OCaml code. In 2022, Multicore will introduce support for shared-memory parallelism and concurrency to OCaml 5.0, bringing years of development, award-winning research, and ground-breaking code in mainline OCaml.
We develop and maintain a number of core OCaml tools, ensuring their availability and compatibility with new compiler releases. The goal is to ensure that users of OCaml can rely on, and have easy access to, a set of high-quality, practical development tools backed by the latest research and innovation efforts. We aim to unify the installation process of platform tools, document the recommended tooling workflows, sync regular releases with the OCaml compiler, migrate existing workflows to the platform, and provide deprecation timelines for older tools.
Since 2012, OCaml.org has been the central knowledge base for the OCaml community to connect, access resources, and get the latest OCaml news. In anticipation of the OCaml 5.0 release, we are working with community contributors to update the site in order to appeal to both new and experienced OCaml users. This is the first major upgrade to the infrastructure of Ocaml.org since 2012, and new features include a modern, user-friendly design, integrated documentation and package management, updated tutorials and learning resources, and numerous ways to engage with the community.
MirageOS is an operating system that constructs unikernels for secure, high-performance applications across a variety of cloud computing and mobile platforms. Unikernels are fully standalone and specialised, and can run on the Xen and KVM hypervisors, on lightweight hypervisors like FreeBSD’s BHyve and OpenBSD’s VMM, as well as on bare metal. MirageOS was first released in 2013, and has made steady progress towards deploying self-managed internet infrastructure: it can securely deploy static website hosting, a secure SMTP stack, and decentralised communication infrastructure like Matrix, OpenVPN servers and TLS tunnels to ensure data privacy. A number of major commercial users rely on MirageOS libraries to secure their products, including Docker Desktop’s VPNKit, the Xen hypervisor from Citrix, and Nitrokey’s NetHSM.
The research and technology breakthrough associated with unikernels has received multiple awards (including Cambridge Computer Lab Ring’s “Best Company” and “Best Paper” awards in 2016), and led to the creation of the “Unikernel Systems” company in 2015, which was then acquired by Docker in 2016. At Tarides, we are continuing to develop and maintain the MirageOS project and to foster an active MirageOS ecosystem of developers and users.
Irmin is an open-source OCaml library for building high-performance, distributed data stores. It is based on distributed version-control systems (DVCs), which are extensively used in software development to enable users to keep track of change provenance and expose modifications in the source code. Irmin applies DVC principles to large-scale distributed data, and exposes similar functions to Git (clone, push, pull, branch, rebase). It is highly customizable: users can define their own types for the stored data; use custom storage layers (in memory, on disk or in a remote Redis database); and define specific dynamic behaviours (e.g. merging strategies or event-driven workflows based on event notifications).
As part of the OCaml ecosystem, Irmin comes with all the guarantees of the “security-by-design” approach. Moreover, Irmin can offer additional data protection through encryption and specialised data structures that detect any data tampering. An additional layer of security and safety is provided through compatibility with MirageOS, which makes Irmin portable on a variety of systems, from browsers to embedded devices.
We are developing and maintaining Irmin to support the existing set of commercial and community users: from storing the blockchain ledger state of Tezos to writing offline-first web applications via CRDTs and mergeable data types.
We want to ensure the high performance and quality of every tool, project, library, and piece of code that we produce. By conducting regular performance tests and predicting how updates will affect existing tools to ensure they remain operational, we keep our code running smoothly for the benefit of our commercial partners as well as the community at large. We have developed projects and services to allow us to improve the viability of our projects at scale.
OCurrent is the core framework that we have developed for quality assurance. It lets the developer specify a workflow or pipeline for keeping things up-to-date. It provides an OCaml eDSL for writing CI/CD pipelines, and allows the user to set up their own workflow or pipeline; it can fetch the head of a GitHub repository’s master branch, build it, run tests, and then deploy it and push a commit – after which the process repeats itself. OCurrent is used to develop all the CI services used by the OCaml community (opam-ci, opam-repo-ci, opam-health-check, etc.) to guarantee that the entire OCaml ecosystem performs at a consistent, high level. We are also operating these services to make sure they are always up and running for the community.
We have also extended OCurrent to manage continuous benchmarking and CI infrastructure that runs predictable, IO-bound benchmarks inside an OCurrent pipeline, with a UI that analyses results over time. We developed and now maintain Sandmark, a suite of OCaml benchmarks and a collection of tools used to configure different compiler variants, run and then visualise the results. Sandmark has been instrumental in assessing and tuning the scalability of parallel OCaml programs and ensuring new compiler updates don’t introduce performance regressions.