I just realized, they (or a government mandate) could force a redirect under specific circumstances to a site under google.com, and if they're using the browser engine for the request, they'd get the cookies of that user as soon as they get on the internet. Maybe even trigger an exploit in the browser.
This is the most fantastic way to target and exploit any single Android user anywhere in the world that I've ever heard of. Automatic, hard to avoid, easy to implement, and the user has no idea.
> could force a redirect under specific circumstances to a site under google.com, and if they're using the browser engine for the request, they'd get the cookies of that user as soon as they get on the internet
At first, I thought this can't be true because, surely, Google marks its cookies as HTTPS-only, right? So I checked, and turns out about half the cookies google.com has in my browser are not HTTPS-only. In fact, the HTTPS-only cookies it does have seem to be the same set of cookies, just with a '__Secure-' prefix. Similarly, about half (different set) of the cookies JS accessible.
> Though ISO/IEC 30170:2012 doesn’t specify details of the Integer class, Ruby had two visible Integer classes: Fixnum and Bignum. Ruby 2.4 unifies them into Integer. All C extensions which touch the Fixnum or Bignum class need to be fixed.
It's easier for AWS for accommodate all their customer's needs (MySQL, MongoDB, Postgres) and reduce the cost of switching than it is to convince them to rewrite an application or legacy application to leverage say DynamoDB. The benefit of DynamoDB is great, but it's just one slice of the computing pie.
