RFP Discussion: Engineering Lab Expansion

Heya! We’ve just posted an announcement with our intent to release a new Request for Partners to expand the services offered and supported by our Engineering Lab. You can see the draft RFP there and you can ask any questions or post comments here. We’ll be updating this post with more info as it develops. be sure and follow this post if you want to get notified of any changes.

Current schedule:

  • 26-Mar-2018: Draft RFP up for review
  • 09-Apr-2018, 09:00 and 16:00 ET (UTC -4): Public voice chats to discuss RFP (post here requesting call in info or email hello@opentech.fund)
  • 11-Apr-2018: Post of actual RFP for review and application
  • 02-May-2018, 23:59 UTC: Close of RFP application
  • 09-May-2018: Awarded applicants notified

We’re posting a topic here to answer any questions anyone may have, whether you’re the general public or a possible applicant. We’re going to try and answer as many of them as we can on the draft posting until 09-Apr-2018. From the feedback here and the call, we’ll make any changes needed post the actual RFP, with a link here as well. After we’ve posted the actual RFP, we’ll again take feedback here and answer what we can. If we make any changes, we’ll be sure and post them here.

We’re also offering two calls for those considering to apply to ask any questions. These calls will be recorded, with the recordings posted here for all to review. If you would like to join the call, please request the call-in info in a message to this thread or email hello@opentech.fund.

Heya! Here Fabio from GlobaLeaks, i’ve a couple of questions.

In the current, going to finish, latest GlobaLeaks’s OTF grant we’ve implemented and released Multi-Tenant (multisite) support in GlobaLeaks along with some basic provisioning APIs exactly and specifically with the goal to foster diffusion of “Whistleblowing SAAS providers” as a way to increase adoption and narrow the deployment complexity and costs. That has been announced at IFF and there are many “demo” activated on the self-signup system https://try.globaleaks.org/#/signup .

We’ve too setup in 2016 a Social Limited Company (Whistleblowing Solutions Social Enterprise Ltd), owner by the Hermes Center, as a juridical vehicle to provide managed services to end-users, to aggregators and professional services to service providers too, with the statutory binding commitment to invest whatever earning into the long term vision of GlobaLeaks project.

Looking at the RFP i feel that what we may offer to do at service of Internet Freedom Community, with Whistleblowing Solution Social Enterprise Ltd, is:

On Objective 2: Support easier deployment of internet freedom technology

  1. Provide Whistleblowing Software as Service directly (based on GlobaLeaks)

    With existing infrastructure we would be happy to provide a Whistleblowing SAAS service to all communities at risks, providing few-click-activation services along with an advisory services.
    That could be provided on a professionally run, DDOS protected infrastructure (integrating with existing providers providing those service to internet freedom community), that can be activated entirely trough a web-activation-process in a self-service manner.
    We could work to enable self-learning trough Totem infrastructure as a way to provide serious scalability in terms of advisory and training, usually a key human resource impacted tasks.
    On vertical area (such as community at risk in specific area/sectors) we could work on focus group and joint training session to make need-capturing with the goal to adjust the software (provided as a service) to better suit and service those group of users.

(nb: we need to provide the service that’s already configured and customised to be suitable for that specific community)

  1. Make and maintain ready-made images for deployments for easier self-managed infrastructure across the following:
    • Google Compute Cloud
    • Docker Cloud
    • Digital Ocean One-Click-Apps
    • Amazon EC2

That would enable direct self-hosting and self-deployment of the whistleblowing platform.

  1. Provide Whistleblowing SAAS Integration services to Service Providers

We want to enable the enabler, so we can service the provider that are already part of the internet freedom community to let them autonomously and easily provide WB SAAS services to their audience and communities (enabling the enablers).

Many providers already have management and provisioning platforms, such as WHMCS or others, that are used to manage users, services and billing.
We would love to help those providers to integrate those services, making the integration on the globaleaks side and on the “provisioning platform” side as a way to get the activation and deployment process straightforward and immediate.

Those are kind of technical services that as GlobaLeaks’s social enterprise we could provide to the direct and indirect benefit for the internet freedom community.

Do you this those would be a suitable path for the RFP Objective 2 and Objective 3?


Heya Fabio,

Thank you for following the RFP and your questions. I could easily see how your proposed objectives could fit with this RFP’s purpose. Within your submission, be sure to demonstrate how your proposed effort would be helping those who’s free expression online is being repressed, particularly in countries with a history of doing so.

Thanks again :slight_smile:

Heya y’all! We wanted to let you know that we’ve posed the actual Request for Proposals here: https://www.opentech.fund/requests/expanding-our-engineering-lab

Here is the updated timeline:

  • 16-Apr-2018: Posting of this RFP
  • 30-Apr-2018: Deadline for any posted questions (feel free to keep up but no promises we’ll get you answers)
  • 06-May-2018: Deadline for applications, close of this RFP
  • 09-May-2018: Finalist applicants notified
  • 28-May-2018: Estimated date for issuing contracts

Please let us know here if you have any questions at all. Thank you!

Another quick bump here to make it clear something we realized may not be so clear… if you (or an organization you work for) are an applicant who is providing general DevOp or DevSecOp work for one more more organizations or communities who are advancing global internet freedom, this may be right for you.

For example, I just put together a list of things OTF would love a DevOp minded person to work though, in addition to what’s actually listed in the RFP (if we had more of that capacity):

  • A survey of our team, AC, and other key members of our community for a list of top DevOp projects!
  • Creation of an OTF/donor-centric operational security / best practices guide (and then implementing it)
  • Refining our authentication escalation scheme for online assets, implementation, and auditing (username/password > Authed GAccount > Present U2F device > Approved/Known connecting device > Behind OTF managed VPN > Approved/Known location > etc)
  • Improving the management/implementation of our OTF intranet/vpn
  • Create/manage a .onion addresses for all online assets
  • Migrate all SSL certs possible to LetsEncrypt
  • Update/improve all external tests/monitoring of our online assets (and other asset/social media accounts, etc)
  • Deploy a Globaleaks/SecureDrop/Signal based (pseudo)anon contact function
  • Domain-fronting extension for our online assets
  • And much much more.

If you or your organization are already doing this or related work for internet freedom advancing groups (or would like to for OTF), this is the right application for you!

Again, do let us know if you have any questions at all :slight_smile:

After May 6, when is the next application period for the Engineering Lab?

Heya Elijah! We expect to do an RFP for these services annually.

Hey, @blah what does “Payment provisions requested” mean?

Not sure what your referring to. Could you point me to the specific section and language in the RFP?

I think it is in the form you full out to submit a response to the RFP. It is the last question.

Ahhh! We’ll definitely add in some help text there to make this more clear and thanks for raising it.

What we’re asking for here is how much you’re expecting to be compensated for the work you’re proposing to do. This could be an hourly rate of $XXX for a total number of YYhrs for all services you’re offering or with different rates/hours for specific services. Ideally, there is a clear total amount you’re requesting. It could also include specific dates or time-frames for when you could begin, how long you’d like the contract to last, how often you’d like to invoice and the terms (ie net 30) for invoice payments. You could provide all of that directly into the field provided, attach additional information, or link to it externally.

Let me know if that gets to it or if we’re missing anything and thanks for reaching out!

1 Like

Interesting. I guess we thought that was going to work more like the Usability Lab, where you wait for a group to request services, and then an amount/contract is negotiated based on what they need. We can definitely include what specific kinds of engagements would cost and look like, and estimate duration and level of effort.

It seems though, the way you’ve written here, is that we need to have a “clear amount” we are requesting, as a number to you?

I think you’ve got it generally right. We do the same thing for our Red Team as well. That’d mean definitely include the specific kinds of engagements and their associated costs.

For example, one might want to offer services under Objective 1 to embed PLUTO2 into existing Android apps. We’d want to see it clearly stated the types of time and costs for that effort. Maybe software development has one cost/hr and project management has another cost/hr for accomplishing these services under Objective 1. Total up the hours one reasonably thinks would support a years worth of doing that work with the cost and that’d be the overall request in your application.

It may not make sense to provide estimates of what one may think that overall effort would cost (knowing that every app is different and it could be hard to guess for each). That said, it may be useful to have an average amount of time and associated cost as a reference.

Under this arrangement (as with the Usability and Red Team Labs), our partners are on a sort of retainer, for services to be drawn upon as applicants apply to us (either us directly or via you). If we run short on hours with a service partner, we may chose to amend the contract and add more time/money. If we hit the contracts end date but there is still monies available, we may chose to extend the date of the contract with an amendment as well.

That make sense?

Yes, that sounds great. Almost there…