Yup, we just moved large chunks of our SaaS platform from the cloud to dedicated servers with Kubernetes serving as an internal cloud. Ended up reducing our cost to 30% (70% saved!).
We realized that instead of using scaling for peaks, by having additional dedicated servers available full time - it still worked out significantly cheaper. We also moved a lot of our internal processing to run in specific windows of time where the expected load was low to maximize server utilization in those periods.
The term "private cloud" has existed for easily 15 years, pretty much straight after Google coined the term "cloud computing". The current deifnition of "on-prem" actually changed after cloud computing reached mass adoption. Prior to then, on-prem referred to "in your office" vs. "in a datacenter". These days "on-prem" means "not in public cloud".
Yes, it's basically the same as "on prem", but instead just a bunch of individual (virtual) servers they are managed by a system that provides typical cloud APIs, such as OpenStack.
It will mean compute resources that can be transparently shared amongst different things (which is where the K8s comes in) as opposed to boxes dedicated to a single service.
I want to step in here - Facebook is in no-way trying to save a few bucks. I've reported a few bugs to Facebook and they go out of their way to pay you greater sums depending on the severity.
You just have to be professional and disclose in-detail with steps to reproduce.
Nobody would disagree with you that the disclosure message was poorly written.
Though the Facebook engineer conceivably could have offered to give the guy's email to a native speaker or tried to get more detail from him, I don't blame the initial Facebook engineer for dismissing it on the spot given that he probably had a few dozen other messages like that on the same day to review and deal with.
But it's all about perception here. The end result of this is a big PR loss for Facebook if they want to protect their users and get people to submit bug reports without having to fear that they'll lose out on money.
The next time an inexperienced foreigner discovers an exploit they'll research this topic and see that Facebook answered this guy with a "thanks for working for us for free" message. So what will happen is that when some spammer comes around with a few thousand dollars in cash vs the uncertainty of dealing with Facebook, odds are the exploit will go to him rather than Facebook. They won't read about the hundreds of times that Facebook did pay up, but the couple of times they didn't.
So this is just a big loss for the internet because Facebook made it that much more likely that people will sell their exploits to all kinds of nefarious people.
You are completely ignoring the fact that the reporter initially created massive negative PR for Facebook by posting on Mark's profile.
The bounty for Facebook is like a chocolate bar. They don't care about that.
And the message is not "thanks for working for us for free".
The message is "thanks...but next time remember not to exploit the bug you found".
The PR damage that he has caused for Facebook is probably many times greater than the bounty he was going to be paid.
He violated their terms of service and if Facebook just ignores the fact that he exploited it on two different users then the future reporters will expect that too.
Who said that only professionals can find vulnerabilities? The guy is clearly inexperienced, but catching the bug is no lesser favor to Facebook. They are being dicks. And they deserve the bad press.
I am really not too worried about this because - I know that corruption and incompetence will ensure this system never comes into place effectively.
On the few occasions that the government has tried to ban certain URLs - its almost always been simple DNS filters that can be bypassed by using Google DNS.
