self-hosting stuff, directed at security people I guess
One narrative I'm particularly tired of, is the "you shouldn't self-host anything, it's never going to be as secure as using something by Google/Microsoft/etc. who have entire security teams", especially coming from security people.
Like, aside from a completely unwarranted confidence in the security competence of those corporations (believe me, it ain't that amazing), and completely ignoring all the *very concrete* safety risks in using those services given who runs them and why... it's also just entirely unconstructive.
Okay, so maybe you think self-hosting is not secure enough. Why are you not spending your energy and skills helping to fix this problem, rather than going "oh well, guess nothing can be done"? *You are* one of the people directing all the expertise to corporate platforms!
re: self-hosting stuff, directed at security people I guess
I guess all this is really just an extension of "if you're privileged, then be the change you wish to see in the world"
re: self-hosting stuff, directed at security people I guess
(None of them are likely to affect Facebook's usage, only really third-party usage, so publicly disclosing them would probably not be a great idea)
re: self-hosting stuff, directed at security people I guess
Speaking of which, there are multiple security issues in this Facebook library that I'm currently reviewing