Umar Hansa umaar

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

How large are large language models? (2025)

This aims to be factual information about the size of large language models. None of this document was written by AI. I do not include any information from leaks or rumors. The focus of this document is on base models (the raw text continuation engines, not 'helpful chatbot/assistants'). This is a view from a few years ago to today of one very tiny fraction of the larger LLM story that's happening.

History

GPT-2,-medium,-large,-xl (2019): 137M, 380M, 812M, 1.61B. Source: openai-community/gpt2. Trained on the unreleased WebText dataset said to 40GB of Internet text - I estimate that to be roughly 10B tokens. You can see a list of the websites that went into that data set here domains.txt.
GPT-3 aka davinci, davinci-002 (2020): 175B parameters. There is a good breakdown of how those parameters are 'spent' here [How d

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

NEVER use meta-phrases (e.g., "let me help you", "I can see that").
NEVER summarize unless explicitly requested.
NEVER provide unsolicited advice.
NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
ALWAYS be specific, detailed, and accurate.

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

	{
	"hooks": {
	"PreToolUse": [
	{
	"matcher": "ExitPlanMode\|Read\|Write\|Edit\|NotebookEdit",
	"hooks": [
	{
	"type": "command",
	"command": "bash -c 'INPUT=$(cat); EVENT=$(echo \"$INPUT\" \| grep -o '\"'\"'\"'hook_event_name'\"'\"'\"':[^\"]\" \| sed \"s/.:\\(.\\)/\\1/\" \| tr -d '\"'\"'\"'\"); TRANSCRIPT_PATH=$(echo \"$INPUT\" \| grep -o '\"'\"'\"'transcript_path'\"'\"'\"':[^\"]\" \| sed \"s/.:\\(.\\)/\\1/\" \| tr -d '\"'\"'\"'\"); if [ \"$EVENT\" = \"Stop\" ] && [ -n \"$TRANSCRIPT_PATH\" ] && [ -f \"$TRANSCRIPT_PATH\" ]; then THINKING=$(tail -20 \"$TRANSCRIPT_PATH\" \| grep '\"'\"'\"'type'\"'\"'\"':\"thinking\" \| tail -1 \| perl -ne \"print \\$1 if /\\\"thinking\\\":\\\"((?:[^\\\"\\\\\\\\]\|\\\\\\\\.)*)\\\"/;\" \| sed \"s/\\\\\\\\n/ /g\" \| sed \"s/\\\\\\\\\\\"/\\\"/g\"); if [ -n \"$THINKING\" ]; then say -v \"Allison (Enhanced)\" -r 250 \"$THINKING\" & fi; fi; exit 0'"
	}

	import os
	from google import genai
	from google.genai import types

	client = genai.Client(api_key=os.getenv("GEMINI_API_KEY","xxx"))

	# Repalce with the youtube url you want to analyze
	youtube_url = "https://www.youtube.com/watch?v=RDOMKIw1aF4"

	# Prompt to analyze and summarize the Youtube Video

	<div id="scrollBuddy" style="top: 0px;">
	<div class="head"></div>
	<div class="body"></div>
	<div class="left-arm" style="transform: rotate(90deg);"></div>
	<div class="left-arm-lower" style="transform: translate(6.12323e-16px, 10px) rotate(92.8284deg);"></div>
	<div class="right-arm" style="transform: rotate(90deg);"></div>
	<div class="right-arm-lower" style="transform: translate(6.12323e-16px, 10px) rotate(87.1716deg);"></div>
	<div class="left-leg-upper" style="transform: rotate(90deg);"></div>
	<div class="left-leg-lower" style="transform: translate(7.34788e-16px, 12px) rotate(75.8579deg);"></div>
	<div class="left-foot" style="transform: translate(2.44328px, 21.6969px) rotate(180deg);"></div>

	{
	"name": "example",
	"version": "1.0.0",
	"private": true,
	"type": "module",
	"scripts": {
	"start": "node dist/index.js",
	"dev": "node --conditions=development --watch src/index.ts",
	"build": "npm run typecheck && npm run clean && tsc",
	"clean": "rimraf dist",

	#!/bin/bash

	# Function to display usage information
	usage() {
	echo "Usage: $0 /path/to/input.mp4 [ /path/to/output_directory ]"
	exit 1
	}

	# Check if at least one argument (input file) is provided
	if [ $# -lt 1 ]; then

	# SETUP #
	DOMAIN=example.com
	PROJECT_REPO="[email protected]:example.com/app.git"
	AMOUNT_KEEP_RELEASES=5

	RELEASE_NAME=$(date +%s--%Y_%m_%d--%H_%M_%S)
	RELEASES_DIRECTORY=~/$DOMAIN/releases
	DEPLOYMENT_DIRECTORY=$RELEASES_DIRECTORY/$RELEASE_NAME

	# stop script on error signal (-e) and undefined variables (-u)

Umar Hansa umaar

How large are large language models? (2025)

History

say hello to zendesk

your weakest link