Amazon OpenSearch Service vector database capabilities revisited

2025-03-03 Jon Handler

Post Syndicated from Jon Handler original https://aws.amazon.com/blogs/big-data/amazon-opensearch-service-vector-database-capabilities-revisited/

In 2023, we blogged about OpenSearch Service vector database capabilities. Since then, OpenSearch and Amazon OpenSearch Service have developed to bring better performance, lower cost, and enhanced tradeoffs. We’ve improved the OpenSearch Service hybrid lexical and semantic search methods using both dense vectors and sparse vectors. We’ve simplified connecting with and managing large language models (LLMs) hosted in other environments. We’ve brought native chunking and streamlined searching for chunked documents.

Where 2023 saw the explosion of LLMs for generative AI and LLM-generated vector embeddings for semantic search, 2024 was a year of consolidation and reification. Applications relying on Retrieval Augmented Generation (RAG) started to move from proof of concept (POC) to production, with all of the attendant concerns on hallucinations, inappropriate content, and cost. Builders of search applications began to move their semantic search workloads to production, seeking improved relevance to drive their businesses.

As we enter 2025, OpenSearch Service support for OpenSearch 2.17 brings these improvements to the service. In this post, we walk through 2024’s innovations with an eye to how you can adopt new features to lower your cost, reduce your latency, and improve the accuracy of your search results and generated text.

Using OpenSearch Service as a vector database

Amazon OpenSearch Service as a vector database provides you with the core capabilities to store vector embeddings from LLMs and use vector and lexical information to retrieve documents based on their lexical similarity, as well as their proximity in vector space. OpenSearch Service continues to support three vector engines: Facebook AI Similarity Search (FAISS), Non-Metric Space Library (NMSLIB), and Lucene. The service supports exact nearest-neighbor matching and approximate nearest-neighbor matching (ANN). For ANN, the service provides both Hierarchical Navigable Small World (HNSW), and Inverted File (IVF) for storage and retrieval. The service further supports a wealth of distance metrics, including Cartesian distance, cosine similarity, Manhattan distance, and more.

The move to hybrid search

The job of a search engine is to take as input a searcher’s intent, captured as words, locations, numeric ranges, dates, (and, with multimodal search, rich media such as images, videos, and audio) and return a set of results from its collection of indexed documents that meet the searcher’s need. For some queries, such as “plumbing fittings for CPVC pipes,” the words in a product’s description and the words that a searcher uses are sufficient to bring the right results, using the standard Term Frequency-Inverse Document Frequency (TF/IDF) similarity metric. These queries are characterized by a high level of specificity in the searcher’s intent, which matches well to the words they use and the product’s name and description. When the searcher’s intent is more abstract, such as “a cozy place to curl up by the fire,” the words are less likely to provide a good match.

To best serve their users across the range of queries, builders have largely started to take a hybrid search approach, using both lexical and semantic retrieval with combined ranking. OpenSearch provides a hybrid search that can blend lexical queries, k-Nearest Neighbor (k-NN) queries, and neural queries using OpenSearch’s neural search plugin. Builders can implement three levels of hybrid search—lexical filtering along with vectors, combining lexical and vector scores, and out-of-the-box score normalization and blending.

In 2024, OpenSearch improved its hybrid search capability with conditional scoring logic, improved constructs, removal of repetitive and unnecessary calculations, and optimized data structures, yielding as much as a fourfold latency improvement. OpenSearch also added support for parallelization of the query processing for hybrid search, which can deliver up to 25% improvement in latency. OpenSearch released post-filtering for hybrid queries, which can help further dial in search results. 2024 also saw the release of OpenSearch Service’s support for aggregations for hybrid queries.

Sparse vector search is a different way of combining lexical and semantic information. Sparse vectors reduce corpus terms to around 32,000 terms, the same as or closely aligned with the source. Sparse vectors use weights that are mostly zero or near-zero to provide a weighted set of tokens that capture the meaning of the terms. Queries are translated to the reduced token set, with generalization provided by sparse models. In 2024, OpenSearch introduced two-phase processing for sparse vectors that improves latency for query processing.

Focus on accuracy

One of builders’ primary concerns in moving their workloads to production has been balancing retrieval accuracy (derivatively, generated text accuracy) with the cost and latency of the solution. Over the course of 2024, OpenSearch and OpenSearch Service brought capabilities for trading off between cost, latency, and accuracy. One area of innovation for the service was to bring out various methods for reducing the amount of RAM consumed by vector embeddings through k-NN vector quantization methods. Beyond these new methods, OpenSearch has long supported product quantization for the FAISS engine. Product quantization uses training to build centroids for vector clusters on reduced-dimension sub-vectors and queries by matching these centroids. We’ve blogged about the latency and cost benefits of product quantization.

You use a chunking strategy to divide up long documents into smaller, retrievable pieces. The insight for doing that is that large pieces of text have many pools of meaning, captured in sentences, paragraphs, tables, and figures. You choose chunks that are units of meaning, within pools of related words. In 2024, OpenSearch made this process with a straightforward k-NN query, alleviating the need for custom processing logic. You can now represent long documents as multiple vectors in a nested field. When you run k-NN queries, each nested field is treated as a single vector (an encoded long document). Previously, you had to implement custom processing logic in your application to support the querying of documents represented as vector chunks. With this feature, you can run k-NN queries, making it seamless for you to create vector search applications.

Similarity search is designed around finding the k nearest vectors, representing the top-k most similar documents. In 2024, OpenSearch updated its k-NN query interface to include filtering k-NN results based on distance and vector score, alongside existing top-k support. This is ideal for use cases in which your goal is to retrieve all the results that are highly or sufficiently similar (for example, >= 0.95), minimizing the possibility of missing highly relevant results because they don’t meet a top-k threshold.

Reducing cost for production workloads

In 2024, OpenSearch introduced and extended scalar and binary quantization that reduce the number of bits used to store each vector. OpenSearch already supported product quantization for vectors. When using these scalar and byte quantization methods, OpenSearch reduces the number of bits used to store vectors in the k-NN index from 32-bit floating numbers down to as little as 1 bit per dimension. For scalar quantization, OpenSearch supports half precision (also called fp16), and quarter precision with 8-bit integers for two times and four times the compression, respectively.

For binary quantization, OpenSearch supports 1-bit, 2-bit, and 4-bit compression for 32, 16, and 8 times compression respectively. These quantization methods are lossy, reducing accuracy. In our testing, we’ve seen minimal impact on accuracy—as little as 2% on some standardized data sets—with up to 32 times reduction in RAM consumed.

In-memory handling of dense vectors drives cost in proportion to the number of vectors, the vector dimensions, and the parameters you set for indexing. In 2024, OpenSearch extended vector handling to include disk-based vector search. With disk-based search, OpenSearch keeps a reduced bit-count vector in memory for generating match candidates, retrieving full-precision vectors for the final scoring and ranking. The default compression of 32 times means a reduction in RAM needs by 32 times with an attendant reduction in the cost of the solution.

In 2024, OpenSearch introduced support for JDK21, which users can use to run OpenSearch clusters on the latest Java version. OpenSearch further enhanced performance by adding support for Single Instruction, Multiple Data (SIMD) instruction sets for exact search queries. Previous versions have supported SIMD for ANN search queries. The integration of SIMD for exact search requires no additional configuration steps, making it a seamless performance improvement. You can expect a significant reduction in query latencies and a more efficient and responsive search experience, with approximately 1.5 times faster performance than non-SIMD implementations.

Increasing innovation velocity

In November 2023, OpenSearch 2.9 was released on Amazon OpenSearch Service. The release included high-level vector database interfaces such as neural search, hybrid search, and AI connectors. For instance, users can use neural search to run semantic queries with text input instead of vectors. Using AI connectors to services such as Amazon SageMaker, Amazon Bedrock, and OpenAI, neural search encodes text into vectors using the customers’ preferred models and rewrites text-based queries into k-NN queries transparently. Effectively, neural search alleviated the need for customers to develop and manage custom middleware to perform this functionality, which is required by applications that use the k-NN APIs.

With the following 2.11 and 2.13 releases, OpenSearch added high-level interfaces for multimodal and conversational search, respectively. With multimodal search, customers can run semantic queries using a combination of text and image inputs to find images. As illustrated in this OpenSearch blog post, multimodal enables new search paradigms. An ecommerce customer, for instance, could use a photo of a shirt and describe alterations such as “with desert colors” to shop for clothes fashioned to their tastes. Facilitated by a connector to Amazon Bedrock Titan Multimodal Embeddings G1, vector generation and query rewrites are handled by OpenSearch.

Conversational search enabled yet another search paradigm, which users can use to discover information through chat. Conversational searches run RAG pipelines, which use connectors to generative LLMs such as Anthropic’s Claude 3.5 Sonnet in Amazon Bedrock, OpenAI ChatGPT, or DeepSeek R1 to generate conversational responses. A conversational memory module provides LLMs with persistent memory by retaining conversation history.

With OpenSearch 2.17, support for search AI use cases was expanded through AI-native pipelines. With ML inference processors (search request, response, ingestion), customers can enrich data flows on OpenSearch with any machine learning (ML) model or AI service. Previously, enrichments were limited to a few model types such as text embedding models to support neural search. Without limitations on model type support, the full breadth of search AI use cases can be powered by OpenSearch search and ingest pipeline APIs.

Conclusion

OpenSearch continues to explore and enhance its features to build scalable, cost-effective, and low-latency semantic search and vector database solutions. The OpenSearch Service neural plugin, connector framework, and high-level APIs reduce complexity for builders, making the OpenSearch Service vector database more approachable and powerful. 2024’s improvements span text-based exact searches, semantic search, and hybrid search. These performance enhancements, feature innovations, and integrations provide a robust foundation for creating AI-driven solutions that provide better performance and more accurate results. Try out these new features with the latest version of OpenSearch.

About the Author

Jon Handler is Director of Solutions Architecture for Search Services at Amazon Web Services, based in Palo Alto, CA. Jon works closely with OpenSearch and Amazon OpenSearch Service, providing help and guidance to a broad range of customers who have generative AI, search, and log analytics workloads for OpenSearch. Prior to joining AWS, Jon’s career as a software developer included four years of coding a large-scale, eCommerce search engine. Jon holds a Bachelor of the Arts from the University of Pennsylvania, and a Master of Science and a Ph. D. in Computer Science and Artificial Intelligence from Northwestern University.

Boudoir Photography in Sydney Australia

2025-03-03 Matt Granger

Post Syndicated from Matt Granger original https://www.youtube.com/watch?v=72TdOElMbdk

Mozilla reverses course on its terms of use

2025-03-03 jzb

Post Syndicated from jzb original https://lwn.net/Articles/1012788/

Mozilla has issued
an update to its terms of use (TOU) that were announced
on February 26. It has removed a reference in the TOU to
Mozilla’s Acceptable Use Policy “because it seems to be causing
more confusion than clarity“, and has revised the TOU “to more
clearly reflect the limited scope of how Mozilla interacts with user
data“. The new language says:

You give Mozilla the rights necessary to operate Firefox. This
includes processing your data as we describe in the Firefox Privacy
Notice. It also includes a nonexclusive, royalty-free, worldwide
license for the purpose of doing as you request with the content you
input in Firefox. This does not give Mozilla any ownership in that
content.

Mozilla has also updated its Privacy FAQ to provide
more detail about its reasons for the changes.

[$] Guard pages for file-backed memory

2025-03-03 corbet

Post Syndicated from corbet original https://lwn.net/Articles/1011366/

One of the many new features packed into the 6.13 kernel release was guard
pages, a hardening mechanism that makes it possible to inject zero-access
pages into a process’s address space in an efficient way. That feature
only supports anonymous (user-space data) pages, though. To make guard
pages more widely useful, Lorenzo Stoakes has put together a patch
set enabling the feature for file-backed pages as well; in the process,
he examined and resolved a long list of potential problems that extending
the feature could encounter. One potential problem was not on his list,
though.

Security updates for Monday

2025-03-03 jake

Post Syndicated from jake original https://lwn.net/Articles/1012760/

Security updates have been issued by Debian (ffmpeg, kernel, linux-6.1, mariadb-10.5, proftpd-dfsg, and xorg-server), Fedora (chromium, cutter-re, iniparser, nodejs22, rizin, webkitgtk, wireshark, xen, and xorg-x11-server), Mageia (binutils and ffmpeg), Oracle (emacs and kernel), Red Hat (emacs and webkit2gtk3), SUSE (azure-cli, bsdtar, gnutls, govulncheck-vulndb, libX11, libxkbfile, libxml2, nodejs-electron, openssh8.4, ovmf, phpMyAdmin, python, python-azure-identity, python311-jupyter-server, tiff, trivy, u-boot, and wireshark), and Ubuntu (opennds and Ruby SAML).

Banish bots from your Waiting Room and improve wait times for real users

2025-03-03 Rachel Wyatt

Post Syndicated from Rachel Wyatt original https://blog.cloudflare.com/banish-bots-from-your-waiting-room-and-improve-wait-times-for-real-users/

With Cloudflare Waiting Room, you can safeguard your site from traffic surges by placing visitors in a customizable, virtual queue. Previously, many site visitors waited in the queue alongside bots, only to find themselves competing for inventory once in the application. This competition is inherently unfair, as bots are much faster and more efficient than humans. As a result, humans inevitably lose out in these high-demand situations, unable to secure inventory before bots sweep it all up. This creates a frustrating experience for real customers, who feel powerless against the speed and automation of bots, leading to a diminished experience overall. Those days are over! Today, we are thrilled to announce the launch of two Waiting Room solutions that significantly improve the visitor experience.

Now, all Waiting Room customers can add an invisible Turnstile challenge to their queueing page, robustly challenging traffic and gathering analytics on bot activity within their queue. With Advanced Waiting Rooms, you can select between an invisible, managed, or non-interactive widget mode. But, we won’t just block these bots! Instead, traffic with definite bot signals that have failed the Turnstile challenge can be sent to an Infinite Queue, a completely customizable page that mimics a real user experience. This prolongs the time it takes bots to realize they have not actually joined the queue, wasting their resources without impacting real users. This feature not only protects your site against bots, but also reduces wait times and protects inventory by ensuring the queue only consists of genuine users. To offset the environmental impact of wasting bot resources, we’re contributing to a tree planting initiative, helping to reduce the carbon footprint of inefficient bots.

The second solution we have launched to improve the visitor experience is Session Revocation, which allows you to end a user’s session based on an action, dynamically opening up spots and admitting users from the queue. This new capability allows you to integrate Waiting Room more seamlessly with your customer journey, resulting in increased throughput, decreased wait times, and increased fairness by giving more users the opportunity to make it through the queue during high demand events.

This feature has proven to be extremely impactful for our customers, including a large online retailer that frequently has high-demand limited edition product drops. A common challenge in this space is maximizing the number of customers who can make a purchase during a limited-time event, all while maintaining a fair and efficient system for everyone involved. Previously, this customer had to limit their users to only one item in the cart and force them to wait for a period of time after each checkout before allowing them to rejoin the queue. This led to an awkward experience for end users, longer wait times, and reduced site throughput. With session revocation, this online retailer can now end the user’s session immediately after a purchase is complete, placing the user back in the queue if applicable, without being forced to wait for a preset timeout period. This significantly improves the end user experience by reducing unnecessary wait times and streamlining the purchase process.

Let’s deep dive into these two capabilities and how they improve the overall user experience.

How bots impact the Waiting Room user experience

Waiting Room is often used to protect sites from being overwhelmed by traffic surges during high demand online events. These high demand events, such as ticket or e-commerce product sales, attract both a deluge of genuine users, and sophisticated bots, such as scalper bots. This type of bot traffic is unique, as they can complete the checkout process or user journey much quicker than normal human traffic. Bots in the queue negatively affect the user experience by increasing wait times, as they often occupy multiple spots. Additionally, their behavior can exacerbate the issue — if they don’t handle cookies properly, they fail to take their spot in the application when their turn comes, further preventing the queue from progressing smoothly. Once past the queue, bots can also contribute to inventory hoarding, as they often reserve or consume large quantities of stock without genuine intent to purchase. An example of this is the PlayStation 5’s launch in November 2020. Due to high demand and production limitations during the COVID-19 pandemic, scalper bots bought up stock quickly, making it difficult for average consumers to purchase the console at retail prices. This led to extreme frustration for retailers and consumers as these bots drove the prices up significantly.

Quantifying bot traffic to Waiting Room with an invisible Turnstile challenge

Waiting Room customers have long been curious about the nature of large traffic spikes. Historically, bot scores and managed challenges have been the primary methods of collecting this data and acting on it. While these can provide some insight into the distribution of traffic, the Turnstile invisible challenge gives us the ability to actively interrogate the browser, providing the most complete set of data on whether that browser is being operated by a human or a bot.

To start quantifying bot traffic to waiting rooms, we have added an invisible Turnstile challenge to all basic rooms. With the purchase of an Advanced Waiting Room, customers can select between invisible, managed, or non-interactive widget modes. This Turnstile team blog post has more details on the different widget modes.

Waiting Room’s integration with Turnstile aims to protect your site with minimal impact to the user experience by placing a Turnstile challenge on your waiting room’s queuing page. Unlike a standard WAF challenge, the Waiting Room Turnstile challenge is presented only when the waiting room is queuing. This way, users won’t face any interruptions once they are past the queue and into the application.

^{With an advanced waiting room, you can configure the type of Turnstile challenge from the Cloudflare dashboard and API.}

From the analytics we’ve gathered with the invisible Turnstile challenge on all basic waiting rooms, we’ve been able to determine that many large traffic spikes come from user agents that don’t even attempt to run the challenge, leaving it unsolved. In other words, we send the challenge widget in the HTML for the queuing page, but sometimes those challenges never get completed. By subtracting the number of times we see solved challenges from the total number of times we send challenges, we can get a count of requests that are likely from unsophisticated bots. These requests are reported to Waiting Room Analytics as “Likely Bots.” We’ve seen small businesses with low baseline traffic hit with tens of thousands of such requests (or more) in a short period of time. When a large influx of non-human traffic like this comes in, every visitor to the website ends up queued in a waiting room, not just the bots.

These bots could be any software that simply sends out HTTP requests. This data can help determine whether a traffic spike and subsequent queueing is coming from real human users, or a bunch of simple bots that don’t even bother to run JavaScript.

With the Turnstile integration, we are also catching sophisticated bots. While many of the bots we see don’t attempt to run the challenge, there are a few that do. Detecting these bots is more difficult than detecting simple bots that don’t run JavaScript. The Turnstile widget runs a series of checks against the browser to find evidence that a browser isn’t being operated by a human, and is instead being driven by something like Selenium. If Turnstile isn’t able to determine that the browser is being operated by a human, we count that as a failed challenge and report those users to Waiting Room Analytics as “Bots,” since we are quite confident that these users are not human.

About 1 in 20 “users” that run the challenge end up not passing. Just like the previously mentioned unsophisticated bots, these more sophisticated bots inflate the size of the queue, making it more difficult for real humans to make it through to your website.

The remaining 19 in 20 “users” that successfully pass the challenge are counted in Waiting Room Analytics as “Likely Humans.”

These new metrics related to Turnstile challenge outcomes are available in your Waiting Room Analytics dashboard and the analytics GraphQL API, so you can see the distribution of bot to human traffic in your waiting room. Once you know what your traffic looks like, the real question is: what can you do about it?

^{View the distribution of traffic and challenges issued in Waiting Room Analytics}

New Infinite Queue feature

Beyond logging your Turnstile challenge outcomes, Advanced Waiting Room customers have the option to select the Infinite Queue feature. With this feature, all traffic that fails the Turnstile challenge, such as a bot, will be sent to an Infinite Queue page. The Infinite Queue matches the normal queuing experience, prolonging the time it takes the bot to recognize they are being blocked and effectively consuming their resources. While the Infinite Queue will have the same look and feel as the Waiting Room page, the bot is not actually a part of the real queue.

With the infinite Queue enabled, all traffic will have to pass the challenge to enter the real queue. By blocking bots from joining the queue, we will reduce wait times for humans and prevent bots from using up server resources during a traffic spike.

^{Enable the Infinite Queue option through the Cloudflare dashboard or API.}

Bots will be none the wiser, wasting their time and resources waiting in an infinite queue that will never get them to where they’re trying to go.

We keep track of the traffic hitting the infinite queue, counting the number of times they refresh their queuing page in Waiting Room Analytics. This appears as the “infinite queue refreshes” count in the analytics dash and GraphQL API. This metric gives you a good idea of the amount of time these bots have wasted trying to reach your website.

How Waiting Room integrates with Turnstile

Turnstile is a powerful and versatile product that anyone, Cloudflare and others alike, can use to build systems to thwart bot traffic. Waiting Room integrates Turnstile the same as any other Turnstile user.

<!DOCTYPE html>
<html>
	<head>
		<title>Waiting Room</title>
	</head>
	<body>
		<h1>You are currently in the queue.</h1>
		{{#waitTimeKnown}}
			<h2>Your estimated wait time is {{waitTimeFormatted}}.</h2>
		{{/waitTimeKnown}}
		{{^waitTimeKnown}}
			<h2>Your estimated wait time is unknown.</h2>
		{{/waitTimeKnown}}
		{{#turnstile}}
			<!-- for a managed (and potentially interactive) challenge, you may want to instruct the user to complete the challenge -->
			<p>Please complete this challenge so we know you're a human:</p>
			{{{turnstile}}} <!-- include the turnstile widget -->
		{{/turnstile}}
	</body>
</html>

^{The Turnstile widget can be embedded in custom queuing page templates by including the}^{{{{turnstile}}}}^variable.

<!DOCTYPE html>
<html>
	<head>
		<title>Waiting Room</title>
	</head>
	<body>
		{{#turnstile}}
			<h1>This website is currently using a waiting room.</h1>
			<p>We use a Turnstile challenge to ensure you aren't waiting in line behind bots. Complete this challenge to enter the queue.</p>
			{{{turnstile}}} <!-- include the turnstile widget -->
		{{/turnstile}}
		{{^turnstile}}
			<h1>You are currently in the queue.</h1>
			{{#waitTimeKnown}}
				<h2>Your estimated wait time is {{waitTimeFormatted}}.</h2>
			{{/waitTimeKnown}}
			{{^waitTimeKnown}}
				<h2>Your estimated wait time is unknown.</h2>
			{{/waitTimeKnown}}
		{{/turnstile}}
	</body>
</html>

^{When using Infinite Queue (especially with managed challenges which may be interactive), you may want to tell users they will not be in the queue until they complete the challenge.}

We embed a plain Turnstile challenge in the queuing page by passing the HTML to the queuing page template in a turnstile variable. The default queuing page template and any newly created custom templates include this variable already. If you have an existing custom HTML template and wish to enable the Turnstile integration, you will need to add {{{turnstile}}} somewhere in the template to tell Waiting Room where the widget should be placed. Waiting Room uses Mustache templates, so including raw HTML within your template without escaping requires three curly braces instead of two.

^{A managed Turnstile challenge on the default Waiting Room queuing page template}

Once the challenge completes, fails, or times out, the page refreshes and passes the Turnstile token to Waiting Room’s worker. Next, we check in with Turnstile’s siteverify endpoint to make sure the challenge was successful. From there, we report the outcome to the Waiting Room’s analytics and optionally send failed traffic (bots) to an infinite queue.

The infinite queue itself is designed to be as close to normal queuing as possible. When a bot is sent to the infinite queue, we issue it a cookie which looks like a normal waiting room cookie. Inside the cookie’s encryption though, we have a boolean flag that tells our worker to send the bot’s requests to the infinite queue. When we see that flag, we skip all the normal queuing logic and just render a queuing page.

That queuing page shows a fake estimated time remaining. It’s based on an asymptotic curve which appears to decrease linearly from the start. As time goes on, the curve gets flatter (and progress through the “queue” gets slower), so the estimated time remaining never quite reaches 0.

^{This graph is an approximation of the time remaining (y-axis, minutes) that bots will see, compared to the amount of time they’ve waited in the infinite queue (x-axis, minutes).}

We reuse much of the same code for rendering the queuing page for the infinite queue and the normal queue. We do this to reduce the amount of signal bots may have that they are in the infinite queue rather than the normal queue.

let cookie
if (query['cf_wr_turnstile']) {
    const turnstileToken = query['cf_wr_turnstile']
    const tokenOk = await siteverify(turnstileToken)
    if (tokenOk) {
        analytics.turnstileSuccesses++
        cookie = newCookie()
    } else {
        analytics.turnstileFailures++
        cookie = { infiniteQueuing: true }
    }
    response.headers['Set-Cookie'] = encryptCookie(cookie)
}
if (!cookie) {
    cookie = decryptCookie(headers['Cookie'])
}
if (!cookie) {
    analytics.turnstileChallenges++
    return await queuingPage(await estimateTimeRemaining(), { turnstileChallenge: true })
} else if (cookie.infiniteQueuing) {
    analytics.infiniteQueueRequests++
    return await queuingPage(fakeTimeRemaining())
} else if (cookie.accepted) {
    return await sendToOrigin()
} else {
    // run Waiting Room's distributed queuing logic to check whether
    // this user has made it to the front of the queue, but only after
    // the user has completed a Turnstile challenge and isn't in the
    // fake infinite queue
    const { letThrough, timeRemaining } = calculateQueuing(cookie)
    if (letThrough) {
        cookie.accepted = true
        response.headers['Set-Cookie'] = encryptCookie(cookie)
        return await sendToOrigin()
    } else {
        return await queuingPage(timeRemaining)
    }
}

^{Approximate psuedocode for how we handle incoming requests when infinite queue is enabled in the Waiting Room worker}

Thanks to the versatility of Turnstile, we only needed to rely on public Turnstile APIs to build this integration.

Adding Turnstile to Waiting Room is a proactive step in managing traffic that directly contributes to a smoother, faster experience for end users. Building on that efficiency, let’s dive into how you can add an additional layer of control to increase throughput and minimize wait times for your customers.

Further improve wait times using session revocation

We have talked extensively in a previous blog post about how we queue users with respect to the current active users on the application and the defined limits, and, in the same blog post, what state and calculations we use to determine the amount of total active users. Here is a quick summary for those who have not read that post:

When a user navigates to a page behind a waiting room, they receive a cookie and are associated with a time period called a bucket. We use these buckets to track the number of users either waiting in the queue or accessing the application for that specific time period. Whenever a user makes a request, we move their session from their previous bucket to the latest bucket. Once a bucket is older than the configured session duration, we know that those user sessions are no longer valid (expired) and we can clean up those values. Thus, that user session expires, and new slots are opened for the next users to enter the application.

These buckets are aggregated at Cloudflare data centers and then globally via the internal state of the waiting room, which is structured as multiple CRDT counters and registers. This allows us to merge the distributed state of the waiting room stored in multiple data centers as a single global state without conflicts.

To calculate the total active users on an application, we first merge the state from all data centers. Then, we sum the active users for all the buckets where a session can still be active.

Because the Waiting Room runs per user request, we do not explicitly know when a user has stopped accessing the application, and instead we only stop receiving requests from them. So, we must consider their session active and as a contributor to the total active users count until it is older than the session duration limit. For waiting rooms that have a high session duration value configured, a user might navigate to the site for a small duration of time but contribute to the total active users count for up to the configured session duration even after they have stopped accessing the application. This can cause decreased throughput and longer wait times for users in the queue.

Introducing Session Revocation

With the Session Revocation feature, we now allow origins to return a command to the waiting room via an HTTP header (Cf-Waiting-Room-Command) to notify the Waiting Room to revoke the user session associated with the current response. This command removes the current user’s session and decreases the number of total active users for the bucket the session was last tracked in. This allows origins to terminate a user’s session early without needing to wait for the session to expire naturally.

This can improve the throughput of waiting rooms in front of applications which have a dynamic user flow where the session duration is set very high to account for users who send infrequent requests to the application.

To set up session revocation in your waiting room, in the user session settings section in the configuration, check the “Allow session termination via origin commands” box. You must also configure your origin to return a session revocation HTTP header (Cf-Waiting-Room-Command: revoke) on the response when you want the session associated with that response to be revoked. For more information on how to do this, refer to our developer documentation.

^{Enable session revocation in the user session settings configuration}

In Waiting Room Analytics, you can view the number of sessions revoked per minute. The sessionsRevoked field is the count of how many sessions were revoked in that minute in the analytics GraphQL API.

In summary, Waiting Room Turnstile Integration and Session Revocation work together to enhance both security and user experience. The addition of a Turnstile challenge in the Waiting Room helps identify and block bots, ensuring that legitimate users don’t face unnecessary delays. Meanwhile, the Session Revocation feature optimizes resource usage by allowing you to end user sessions after key actions, like completing a purchase, freeing up space for other users.

Together, these features successfully increase throughput and reduce wait times, providing a faster, more efficient experience for your customers. For more information on these features, check out our developer documentation.

The Weird History of Milk

2025-03-03 The History Guy: History Deserves to Be Remembered

Post Syndicated from The History Guy: History Deserves to Be Remembered original https://www.youtube.com/watch?v=yZJIfGvd2iw

Best practices for rapidly deploying Landing Zone Accelerator on AWS

2025-03-03 Lei Shi

Post Syndicated from Lei Shi original https://aws.amazon.com/blogs/devops/best-practices-for-rapidly-deploying-landing-zone-accelerator-on-aws/

Landing Zone Accelerator on AWS (LZA) enables customers to deploy a flexible, configuration-driven solution to establish a landing zone while also leveraging AWS Control Tower. At AWS Professional Services, we’ve helped customers deploy and configure LZA hundreds of times. A common request we encounter is integrating LZA configuration into customers’ existing GitOps workflows. GitOps has emerged as a leading model for Infrastructure as Code (IaC), helping organizations automate and manage their cloud infrastructure. The model uses Git repositories as the single source of truth for infrastructure configuration, enabling teams to maintain consistent, version-controlled environments.

In this blog, we will focus on common LZA implementation steps based on our experience, helping customers jump-start their LZA environment and implement GitOps for their AWS infrastructure management. First, we will demonstrate how to leverage LZA while complying with your organization’s policies such as private package repositories. Next, we will guide you through a new installation of LZA that takes advantage of an auto-generated starter set of configuration files. Finally, we will direct you to another blog post that will enable you to leverage GitOps for ongoing management of your LZA configuration.

Architecture overview

The LZA solution leverages two distinct repositories; one for the LZA source code, and another for your organization’s specific configuration files. LZA creates two separate AWS CodePipelines , which are used to install the LZA solution and apply your organization’s specific configuration. Figure 1 illustrates the association between repositories and pipelines. By default, when installing LZA, the solution uses GitHub as the source and pulls the installation files published by AWS from the official LZA GitHub repository.

a diagram with icons illustrating LZA solution components

Figure 1. Landing Zone Accelerator solution components

Deploy LZA as a new install

Step 1: Preparing your enterprise private GitHub to host LZA source code.
Customers may choose to deploy LZA from the official AWS GitHub repository for LZA, but we often we find customers have policies in place that require these types of packages to be deployed from a private repository managed by the organization. For customers using GitHub privately in their enterprise, this can be as easy as cloning the LZA source code repository into your own private GitHub repository, enabling you to take advantage of policies and controls within your organization. Before moving to the next step, take a moment and clone the repository into your own private repository. A GitHub personal access token stored in AWS Secrets Manager is required to enable the stack to access your private repository. Before deploying LZA, follow these instructions to enable stack access to your repository.

Step 2: In the organization management account, install LZA as a CloudFormation Stack.

To get started, we will be going through a new installation of the LZA solution. The following steps provide specific parameter options to the CloudFormation template to support a new installation of LZA.

Specify the following parameters for Source Code Repository Configuration, see Figure 2.

For Stack name, specify a name you like.
For Source Location, choose github.
For Repository Owner, specify your GitHub account owner ID.
For Repository Name, specify your cloned LZA source code repository
For Branch Name, specify the branch name of your LZA source code repository.

a screenshot of a set of parameters setting of LZA source code repo in a cloudformation stack

Figure 2. LZA installer stack parameters – source code repository

Specify the following parameters for Configuration Repository Configuration, see Figure 3.

For Configuration Repository Location, choose s3.
For Use Existing Config Repository, choose No.
For Existing Config Repository Name, Existing Config Repository Branch Name, Existing Config Repository Owner, and Existing Config Repository CodeConnection ARN, leave blank.

We intentionally want to use S3 for the configuration repository because as the LZA solution is installed, it will auto-generate a set of starter configuration YAML files and deploy them for us in S3. This makes it very easy to get started with an initial set of customized YAML files for your environment. We choose “No” in the Use Existing Config Repository field, to have LZA to perform a new LZA installation.

a screenshot of a set of parameters setting of LZA configuration repo in a cloudformation stack

Figure 3. LZA installer stack parameters – configuration repository

Choose Next, and complete the remainder of the stack settings.
Finally, choose Create stack to launch the CloudFormation stack.

The installer stack typically takes minutes to complete (See Figure 4).

a screenshot showing LZA installation cloudformation stack completed successfully

Figure 4. LZA installer stack completion

Step 3: Validate two LZA pipelines are created and successfully completed in AWS CodePipeline console.

After the CloudFormation stack completes, open the AWS CodePipeline console. You’ll see a new pipeline named “AWSAccelerator-Installer” running (See Figure 5). This is the LZA Installer pipeline, and it’s connected to the GitHub source repository you specified in Step 2 above with parameters from 2 to 5. This Installer pipeline automatically generates a set of LZA configuration files stored as a compressed ZIP archive in Amazon S3. It will be designated as configuration repository of the LZA solution.

a screenshot showing LZA installer pipeline created in AWS CodePipeline successfully

Figure 5. AWSAccelerator-Installer pipeline creation

When the AWSAccelerator-Installer pipeline completes, the solution automatically creates and runs a second pipeline named “AWSAccelerator-Pipeline” as shown in Figure 6. This pipeline connects to both the GitHub source repository, and the newly created configuration repository in Amazon S3. The AWSAccelerator-Pipeline is the pipeline that manages your landing zone deployment and customization.

a screenshot showing LZA core pipeline created in AWS CodePipeline successfully

Figure 6. AWSAccelerator-Pipeline created from the AWSAccelerator-Installer pipeline

After the AWSAccelerator-Pipeline completes, your LZA solution is ready for customization.

Step 4: Migrate the LZA configuration repository from S3 to GitHub

With the AWSAccelerator-Pipeline completed, your initial landing zone is now deployed, leveraging the configuration stored in your S3 bucket. For some customers, they may need to ensure that changes to the landing zone configuration are controlled through their existing GitOps processes and tooling. See Figure 7 as an example where the S3 configuration files have been copied to a customer owned GitHub repository. This transition step can be performed in future LZA upgrade window when there is a new release of LZA source code, or right after the initial LZA installation completes in Step 3. For more information on migrating from S3 to GitHub, follow this guide to configure your AWSAccelerator-Pipelines with AWS CodeConnection.

a diagram with icons illustrating LZA solution new components with LZA configuration repo migrated to GitHub

Figure 7. CodeConnection based LZA Configuration Repository

Conclusion

In this post, we explored key steps to streamline your LZA implementation journey. By demonstrating how to work with your private package repositories, providing guidance on leveraging auto-generated configuration files, and introducing GitOps-based management, we’ve outlined a practical path to establish and maintain a robust AWS infrastructure foundation. These approaches can significantly reduce the time and complexity typically associated with LZA deployments while ensuring compliance with organizational policies. We encourage you to try these implementation steps and explore the referenced resources to enhance your AWS cloud operations. For more information about Landing Zone Accelerator, visit the AWS Landing Zone Accelerator on GitHub.

About the authors

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Update 2025-03-21: This blog post is extremely long (if
you’re reading this, you must already know I’m terribly long-winded). I
was in the middle of consolidating it with other posts to make a final,
single “wrap up” post of the OSI elections when, in the middle
of doing that, I was told
that Linux
Weekly News (LWN) published an article written by Joe Brockmeier. As
such,I’ve carefully left the text below as it stood it stood 2025-03-20
03:42 UTC, which I believe is the version that Brockmeier sourced for his
story (only changes past the line “Original Post” have been
HTML format fixes). (I hate as much as you do having to scour
archive.org/web to find the right version.) Nevertheless, I wouldn’t have
otherwise left this here in its current form because it’s a huge, real-time
description that as such doesn’t make the best historical reference record of these event. I used my blog as a campaigning tool (for
reasons discussed below) before I
knew how much interest there would ultimately be in the
FOSS community
about the 2025 OSI Board of Directors election. Since this was used as a
source for the LWN article, keeping the original record easy to find is
obviously important and folks shouldn’t have to go to archive.org/web to
find it. Nevertheless, if you’re just digging into this story fresh, I
don’t really recommend reading the below. Instead, I suggest just
reading Brockmeier’s
LWN article because he’s a journalist and writes better and more
concise than me, and he’s unbiased and the below is my (understandably) biased view as a
candidate who lived through this problematic election.

Original Post

I recently
announced that I was nominated for the Open Source Initiative (OSI) Board
of Directors as an “Affiliate” candidate. I chose to run
as an (admittedly) opposition candidate against the existing status quo,
on a “ticket” with my colleague, Richard Fontana, who is
running as an (opposition) “Member” candidate.

These elections are important; they matter with regard to the future of
FOSS. OSI
recently published the “Open Source Artificial Intelligence
Definition” (OSAID). One of OSI’s stated purposes of the OSID is to
convince the entire EU and other governments and policy agencies will adopt
this Definition as official for all citizens. Those stakes aren’t
earth-shattering, but they are reasonably high stakes. (You
can read
i a blog post I wrote on the subject or Fontana’s and my shared
platform for more information about OSAID.)

I have worked and/or volunteered for nonprofits like OSI for years. I
know it’s difficult to get important work done — funding is always
too limited. So, to be sure I’m not misquoted: no, I don’t think the
election is “rigged”. Every problem described herein can
easily be attributed to innocent human error, and, as such, I don’t think
anyone at OSI has made an intentional plan to make the elections
unfair. Nevertheless, these mistakes and irregularities (particularly the
second one below) have led to an unfair 2025 OSI Directors
Election. I call on the OSI to reopen the nominations for
a few days, correct these problems, and then extend the voting
time accordingly. I don’t blame the OSI for these honest
mistakes, but I do insist that they be corrected. This really does matter:
since this isn’t just a local club. OSI is an essential FOSS org that works
worldwide and claims to have a consensus mandate for determining what is
(or is not) “open source”. Thus, (if the OSI intends to
continue with an these advisory elections), OSI’s elections need the
greatest integrity and legitimacy. Irregularities must be corrected and
addressed to maintain the legitimacy of this important organization.

Regarding all these items below, I did raise all the concerns privately
with the OSI staff before publicly listing them here. In every case, I
gave OSI at least 20-30% of the entire election cycle to respond privately
before discussing the problems publicly. (I have still received no direct
response from the OSI on any of these issues.)

(Recap on) First Irregularity

The first irregularity was
the miscommunication
about the nomination deadline
(as covered in
the press.
Instead of using the time zone of OSI’s legal home (in California), or the
standard FOSS community deadline of AoE (anywhere on earth) time, OSI
surreptitiously chose UTC and failed to communicate that decision properly.
According to my sources, only one email of 3(+) emails about the elections
included the fully qualified datetime of the deadline. Everywhere else
(including everywhere on OSI’s website) published only the date, not the
time. It was reasonable for nominators to assume the deadline was
US/Pacific — particularly since the nomination form still worked after
23:59 UTC passed.

Second Irregularity

Due to that first irregularity, this second (and most egregious)
irregularity is compounded even further.
All
year long, the OSI has communicated that, for 2025, elections are
for two “Member” seats
and one “Affiliate”
seat. Only
today (already 70% through the election cycle) did
OSI
(silently) correct this error. This change was made
well after nominations had closed (in every TZ). By
itself, the change in available seats after nominations closed makes
the 2025 OSI elections unfair. Here’s why: the Members and the
Affiliates are two entirely different sets of electorates.
Many candidates made complicated decisions about which seats to run
for based on the number of seats available in each class.
OSI is aware of that, too, because (a) we told them that during candidate
orientation, and
(b) Luke
said so publicly in their blog post (and OSI directly responded to Luke
in the press).

If we had known there were two Affiliate seats and
just one Member seat, Debian (an OSI Affiliate) would have
nominated Luke a week early to the Affiliate seat. Instead,
Debian’s leadership, Luke, Fontana, and I had a complex discussion in the
final week of nominations on how best
to run
as a “ticket of three”. In that discussion, Debian
leadership decided to nominate no one (instead of nominating
Luke) precisely because I was already nominated on a platform that
Debian supported, and Debian chose not to run a candidate against me for
the (at the time, purported) one Affiliate seat available.

But this irregularity didn’t just impact Debian, Fontana, Luke,
and me. I was nominated by four different Affiliates. My primary pitch to
ask them to nominate me was that there was just one Affiliate seat
available. Thus, I told them, if they nominated someone else, that candidate
would be effectively running against me. I’m quite sure at least one of
those Affiliates would have wanted to nominate someone else if only OSI had
told them the truth when it mattered: that Affiliates could easily elect both
me and a different candidate for two available Affiliate
seats. Meanwhile, who knows what other affiliates who nominated no one
would have done differently? OSI surely doesn’t know that. OSI has
treated every one of their Affiliates unfairly by changing the number of
seats available after the nominations closed.

Due to this Second Irregularity alone, I call on the OSI to reopen
nominations and reset the election cycle. The mistakes (as
played) actually benefit me as a candidate — since now I’m
running against a small field and there are two seats available. If
nominations reopen, I’ll surely face a crowded field with many viable
candidates added. Nevertheless, I am disgusted that I
unintentionally benefited from OSI’s election irregularity and I ask OSI
take corrective action to make the 2025 election fair.

The remaining irregularities are minor (by comparison, anyway), but I want
to make sure I list all the irregularities that I’ve seen in the 2025 OSI
Board Elections in this one place for everyone’s reference:

Third Irregularity

I was surprised when
OSI
published the slates of Affiliate candidates that they were not in
any (forward or reverse) alphabetical order — not candidate’s
first, last, or nominator name. Perhaps the slots in the voter’s guide
were assigned randomly, but if so, that is not disclosed
to the electorate. And, Who is listed first, you ask? Why,
the incumbent Affiliate candidate. The issue of
candidate ordering in voting guides and ballots has
been well
studied academically and, unsurprisingly, being listed first is known
to be an advantage. Given that incumbents already have an
advantage in all elections, putting the incumbent first without
stating that the slots in the voter guide were randomly assign makes the
2025 OSI Board election unfair.

I contacted OSI leadership within hours of the posting of the candidates
about this issue (at time of writing, that was four days ago) and they have
refused to respond nor have they corrected the issue. This compounds the
error, because OSI consciously choosing to list the incumbent
Affiliate candidate first in the voter guide on purpose.

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

It’s (ostensibly) a good idea for the OSI to run a discussion forum for
the candidates (and kudos to OSI
( in
this instance, anyway ) for using the GPL’d Discourse software for the
purpose). however, the requirements to create an account and
respond to the questions exclude some Affiliate candidates.
Specifically, the OSI has stated that Affiliate candidates, and the
Affiliates that are their
electorate, need
not be Members of the OSI. (This is actually the very first item in
OSI’s election
FAQ!) Yet, to join the discussion forum,
one must become a member of
the OSI! While it might be reasonable to require all
Affiliate candidates become OSI Members, this was not disclosed until the
election started, so it’s unfair!

Some already argue
that since there is a free
(as in price) membership that this is a non-issue. I disagree, and
here’s why: Long ago, I had already decided that I would not become a
Member of OSI (for free or otherwise) because OSI
Members who
do not pay money are denied voting rights in these
elections! Yes, you read that right: the election for OSI
Directors in the “Members” seat literally has a poll
tax! I refuse to let OSI count me as a Member when the class of
membership they are offering to people who can’t afford to pay is a
second-class citizenship in OSI’s community. Anyway, there is no reason
that one should have to become a Member to post on the discussion fora
— particularly given that OSI has clearly stated that the Affiliate
candidates (and the Affiliate representatives who vote) are not required
to be individual Members.

A desire for Individual Membership is understandable for an nonprofit.
Nonprofits often need to prove they represent a constituency. I don’t
blame any nonprofit for trying to build a constituency for itself. The
issue is how. Counting Members as “anyone who ever posted
on our discussion forum” is confusing and problematic — and
becomes doubly so when Voting Memberships are available for
purchase. Indeed, OSI’s
own annual reporting conflates the two types of Members confusingly, as
“Member district”
candidate Chad
Whitacre asked about during the campaign (but received no reply).

I point as counter-example to the models used
by GNOME Foundation
(GF) and Software In the
Public Interest (SPI). These organizations are direct peers to the OSI,
but both GF and SPI have an application for membership that evaluates on
the primary criterion of what contributions the individual has made to FOSS
(be they paid or volunteer). AFAICT, for SPI and GF, no memberships
require a donation, aren’t handed out merely for signing up to the org’s
discussion fora, and all members (once qualified) can vote.

Fifth Irregularity

This final irregularity is truly minor, but I mention it for completeness.
On the Affiliate candidate page, it seems as if each candidate is only
nominated by one affiliate. When I submitted my candidate statement, since
OSI told me they automatically filled in the nominating org, I had assumed
that all my nominating orgs would be listed. Instead, they listed only one.
If I’d known that, I’d have listed them at the beginning of my candidate
statement; my candidate statement was drafted under the assumption all my
nominating orgs would be listed elsewhere.

Sixth Irregularity

Update 2025-03-07. I received an unsolicited (but
welcome) email from an Executive Director of one
of OSI’s Affiliate
Organizations. This individual indicated they’d voted for me (I was
pleasantly surprised, because I thought their org was pro-OSAID, which I
immediately wrote back and told them). The irregularity here is
that OSI told candidates that the campaign period would
be 10 days, including two weekends in most places —
including orientation phone calls for candidates. They started the
campaign late, and didn’t communicate that they weren’t extending the
timeline, so the campaign period was about 6.5 days and included
only one weekend.

Meanwhile, during this extremely brief 6.5 day period, the election
coordinator at OSI was unavailable to answer inquiries from
candidates and Affiliates for at least three of those days. This
included sending one Affiliate an email with the subject line ”Rain
Check” in response to five questions they sent about the election
process, and its contents indicated that the OSI would be
unavailable to answers questions about the election — until after the
election!

Seventh Irregularity (added 2025-03-13)

The OSI Election Team, less than 12 hours after sending out the ballots
(on Friday 2025-03-07) sent the following email. Many of the Affiliates told
me about the email, and it seems likely that all Affiliates received this
email within a short time after receiving their ballots (and a week before
the ballots were due):

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

This email is problematic because candidates received no specific
guidance on this matter. No material presented at either of the
two mandatory election orientations (which I attended) indicated that
contacting your constituents directly was forbidden, nor could I find such
in any materials on the OSI website. Also, I checked with Richard Fontana,
who also attended these sessions, and he confirms I didn’t miss
anything.

It’s not spam to contact one’s “FOSS Neighbors” to
learn their concerns when in a political campaign for an
important position. In fact, during those same orientation sessions, it
was mentioned that Affiliate candidates should know the needs of their
constiuents — OSI’s Affiliates. I took that charge seriously, so I
invested 12-14 hours researching every single of my constituents (all ~76
OSI Affiliate Organizations). my research confirmed my hypothesis:
my constituents were my proverbial “FOSS
neighbors”. In fact, I found that I’d personally had
contact with most of the orgs since before OSI even had an Affiliate
program. For example, one of the now-Affiliates had contacted me way
back in 2013 to provide general advice and support about how to handle
fundraising and required nonprofit policies for their org. Three other
now-Affiliate’s Executive Directors are people I’ve communicated regularly
with for nearly 20 years. (There are other similar examples too). IOW, I
contacted my well-known neighbors to find out their concerns now that I was
running for an office that would represent them.

There were also some Affiliates that I didn’t know (or didn’t know well)
yet. For those, like any canvasing candidate, I knocked on their proverbial
front doors: I reviewed their websites, found the name of the obvious
decision maker, searched my email archives for contact info (and, in some
cases, just did usual guesses like <[email protected]>),
and contacted them. (BTW, I’ve done this since the 1990s in nonprofit work
when trying to reach someone at a fellow nonprofit to discuss any issue.)

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

Most importantly, though, election officials should never comment
on the permitted campaign methods of any candidates before voting
finishes in any event. While OSI staff may not have intended it,
editorializing regarding campaign strategies can influence an election, and
if you’re in charge of running an impartial collection, you have a high
standard to meet.

OSI: either reopen nominations or just forget the elections

Again, I call on OSI to correct these irregularities, briefly reopen
nominations, and extend the voting deadline. However, if OSI doesn’t want to
do that, there is another reasonable solution. As explained
in OSI’s by-laws
and elsewhere,
OSI’s Directors elections are purely advisory. Like most
nonprofits, the OSI is governed by a self-perpetuating (not an elected)
Board. I bet with all the talk of elections, you didn’t even
know that!

Frankly, I have no qualms with a nonprofit structure that includes a
self-perpetuating Board. While it’s not a democratic structure, a
self-perpetuating Board of principled Directors does solve the problems
created in a Member-based organization. In Member-based organizations,
votes are for sale. Any company with resources to buy Memberships for its
employees can easily dominate the election. While OSI probably has yet to
experience this problem, if OSI grows its Membership (as it seeks to),
OSI will sure face that problem. Self-perpetuating Boards aren’t
perfect, but they do prevent this problem.

Meanwhile, having now witnessed OSI’s nomination and the campaign process
from the inside, it really does seem to me that OSI doesn’t really take
this election all that seriously. And, OSI already has in mind the kinds
of candidates they want. For example, during one of the two nominee
orientation calls, a key person in the OSI Leadership said (regarding items
4
of Fontana’s
and my shared platform) [quote paraphrased from my memory]: If you
don’t want to agree to these things, then an OSI Directorship is not for
you and you should withdraw and seek a place to serve elsewhere. I was
of course flabbergasted to be told that a desire to avoid proprietary
software should disqualify me (at least in view of the current OSI
leadership). But, that speaks to the fact that the OSI
doesn’t really want to have Board elections in the first place.
Indeed, based on that and many other things that the OSI leadership has
said during this process, it seems to me they’d actually rather hand-pick
Directors to serve than run a democratic process. There’s no shame
in a nonprofit that prefers a self-perpetuating Board; as I said,
most nonprofits are not Membership organizations nor allow any electorate
to fill Board seats.

Meanwhile, OSI’s halfway solution (i.e., a half-heartedly organized
election that isn’t really binding) seems designed to manufacture
consent. OSI’s Affiliates and paid individual Membership are given
the impression they have electoral power, but it’s an illusion.
Giving up on the whole illusion would be the most transparent choice for
OSI, and if the OSI would rather end these advisory elections and just
self-perpetuate, I’d support that decision.

Update on
2025-03-07: Chad
Whitacre, candidate in OSI’s “Member district”, has endorsed
my suggestion that OSI reopen nominations briefly for this election.
While I still urge voters in the “Member district” to rank my
running mate, Richard Fontana first in that race, I believe
Chad would be fine choice as your second listed candidate in the
rank choice voting.

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)

OSI: either reopen nominations or just forget the elections

Repeated Mistakes Lead to Unfair OSI Elections

2025-03-03 Bradley M. Kuhn

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2025/03/03/osi-board-elections-problems.html

Original Post

(Recap on) First Irregularity

Second Irregularity

Third Irregularity

Note that this problem is not confined to the “Affiliate
district”.
In the
“Member district”, my running mate, Richard Fontana, is
listed last in the voter guide for no apparent reason.

Fourth Irregularity

Fifth Irregularity

Sixth Irregularity

Seventh Irregularity (added 2025-03-13)

Subject: OSI Elections: unsolicited emails
Date: Sat, 08 Mar 2025 02:11:05 -0800
From: “Staffer REDACTED” <[email protected]>

Dear REDACTED,

It has been brought to our attention that at least one candidate has
been emailing affiliates without their consent.

We do not give out affiliate emails for candidate reachouts, and
understand that you did not consent to be spammed by candidates for this
election cycle.

Candidates can engage with their fellow affiliates on our forums where
we provide community management and moderation support, and in other
public settings where our affiliates have opted to sign up and publicly
engage.

Please email us directly for any ongoing questions or concerns.

Kind regards,
OSI Elections team

All together, I was able to find a good contact at 55
of the Affiliates, and here’s a (redacted) sample of one the emails I sent:

Subject: Affiliate candidate for OSI Board of Directors available to answer any questions

REDACTED_FIRSTNAME,

I’m Bradley M. Kuhn and I’m running as an Affiliate candidate in the Open
Source Initiative Board elections that you’ll be voting in soon on behalf of
REDACTED_NAME_OF_ORG.

I wanted to let you know about the Shared Platform for OSI Reform (that I’m
running for jointly with Richard Fontana) [0] and also offer some time to
discuss the platform and any other concerns you have as an OSI Affiliate that
you’d like me to address for you if elected.

(Fontana and I kept our shared platform narrow so that we could be available
to work on other issues and concerns that our (different) constituencies
might have.)

I look forward to hearing from you soon!

[0] https://codeberg.org/OSI-Reform-Platform/platform#readme

Note that Fontana is running as a Member candidate which has a separate
electorate and for different Board seats, so we are not running in
competition for the same seat.

(Since each one was edited manually for the given org, if the org primarily
existed for a FOSS project I used, I also told them how I used the project
myself, etc.)