Using it since a decade, I faced bugs in the PGP encryption add on, they need to work on a lot of things to make it secure. This is my go-to Jabber client.
We spent like 12 years trying to create a medium sized business in electronics and we were at that time in an era when mobile phones were still getting popular. It was a nascent stage of refurb smartphone industry but even then it was a steep climb for us!
But there are companies operating in the same segment that started later, with VC and investor backing who rose quite fast.
Install code-server (https://github.com/cdr/code-server) on a server, and using it in your phone's browser to develop small web apps (works well in landscape mode with 6 -6.7 inch phones)
If you have a powerful processor and adequate RAM - you can do almost any thing that you do on desktop/pc
I am sorry but that can ruin your career as its illegal. You can't sell or, trade vulnerabilities on live websites like Google as per the terms and conditions of the Google VRP (Responsible Disclosure policy) while it may seem unfair, its illegal to do so.
docs.google.com didn't have X-Frame-Options: DENY nor a restrictive CSP so I think its a browser quirk (rather, a clever bypass) that works here. Also, the author had exploited a postMessage flaw which wasn't validating the host name properly that led to the cross-origin leak of screenshot data
this one technically requires some user interaction
Anyway, in the past I found a way to takeover an organization account in Google cloud acquisition and they rewarded me $100, saying their "Panel" decided that, Google's VRP panel sucks, so you're right about that.
SolarWinds earlier said the backdoored binaries were put into their servers in March 2020, and hinted that the breach happened in 2020 but seems like the breach happened way before.
AWS now sends emails if you commit access keys, even better they are catching loads of other sensitive info having privileged access to the GitHub API. Cool and creepy at the same time, right?
The researcher added there may be some certificates exposed in that repo which may have been used to sign the binaries. It's still a relevant update.
Especially the information that the repo was archived by Web Archive back in 2018. It's not easy to know the "who" but the how can be speculated and investigated.