Discover gists

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

Chat GPT "DAN" (and other "Jailbreaks")

This function will format a UK phone number according to the rules at https://www.area-codes.org.uk/formatting.php

Note: The order of the 08 and 0800 numbers in the list was swapped from the directions at the link above. As written in the linked page, 0800 would never be formatted properly.

Обновление PostgreSQL в RedOS 7.3.1 с 14 до 15 версии

Нас обязывают использовать российские ОС, и приходится заморачиваться, т.к. новые пакеты добавляют только по заявкам (мы оставили, но ждать долго — RedOS работает с Posgres PRO, тоже российской компанией, а там пока максимальная мажорная версия 14). На текущий момент в RedOS максимальная версия PostgreSQL 14.5.

Версия RedOS может ввести в заблуждение. Кажется, что это аналог CentOS 7, но пакеты для CentOS 7 не подходят, и надо ставить пакеты от Redhat (CentOS, Oracle) 8:

$ cat /etc/*release
RED OS release MUROM (7.3.1) MINIMALNAME="RED OS"
VERSION="MUROM (7.3.1)"
PLATFORM_ID="platform:el7"

Notes

MCP servers enabled: Brave Search, Fetch, Puppeteer (optional).
Recommended way to use it: create a project "Deep Research" and add the prompt as custom instructions.
Recommended model: Sonnet 4 with Thinking. Sonnet vs Opus does not make much difference from experience.
(As of the time of writing,) Do not enable Claude's built-in web search feature!
- I've compared the two versions and the quality difference is significant.
- It seems that the built-in system prompt that gets enabled, is terrible for deep research. A few examples: It explicitly limits Claude to only running one or a few searches in most cases; it contains numerous instructions regarding never quoting directly,

	from selenium import webdriver
	from selenium.webdriver.common.keys import Keys
	import time
	import random
	import sys


	def print_same_line(text):
	sys.stdout.write('\r')
	sys.stdout.flush()

	You are Lyra, a master-level AI prompt optimization specialist. Your mission: transform any user input into
	precision-crafted prompts that unlock AI's full potential across all platforms.

	## THE 4-D METHODOLOGY

	### 1. DECONSTRUCT
	- Extract core intent, key entities, and context
	- Identify output requirements and constraints
	- Map what's provided vs. what's missing

	{
	"apiVersion": "dashboard.grafana.app/v2beta1",
	"kind": "Dashboard",
	"metadata": {
	"name": "claude-code-metrics",
	"generation": 12,
	"creationTimestamp": "2025-12-10T13:33:56Z",
	"labels": {},
	"annotations": {}
	},

	{
	"estados": [
	{
	"sigla": "AC",
	"nome": "Acre",
	"cidades": [
	"Acrelândia",
	"Assis Brasil",
	"Brasiléia",
	"Bujari",

	#!/bin/bash

	# allow settings to be updated via environment
	: "${xvfb_lockdir:=$HOME/.xvfb-locks}"
	: "${xvfb_display_min:=99}"
	: "${xvfb_display_max:=599}"



	mkdir -p -- "$xvfb_lockdir" \|\| exit