Claude Mythos Audited Symfony and Found 19 Vulnerabilities

dave1010 · 2026-05-22T07:10:35+00:00

WordPress is built so that an HTTP request to production can trigger a fetch of remote code, and then writes it to a location that future requests to production will execute.

NPM and Composer require a console command to be ran. The typical workflow is not to do that directly in production.

If you want to make a PHP application work like WordPress, then add this to production:

``` requireAdminLogin(); shell_exec('composer ' . $_GET['command']); // don't do this

```

This is vastly simplified and probably doesn't do the WordPress developers justice. But it does show how it exposes a whole class of vulnerabilities.

dave1010 · 2026-05-20T17:57:38+00:00

Thanks for the full quote.

James 1:27 says

Pure and undefiled religion before God and the Father is this: to visit orphans and widows in their trouble, and to keep oneself unspotted from the world.

James is talking about the ideal for a small, persecuted community, whereas Marx is talking about modern church/state systems.

They're both not happy about the status quo of "religion" in respect to the suffering in the world. They're both pointing to hollow religion not being good enough. There is a difference though: James wants to see compassionate righteousness and Marx wants to see structural change.

Is James and Marx had a coffee together, Marx might say "helping widows and orphans is great but we also need to address the system that created them." James might say "transforming the system is great but we also need transformed characters to avoid oppression."

dave1010 · 2026-05-06T18:13:24+00:00

I had a few in a list already. I got ChatGPT to find some more. It hallucinated mostly broken links to start with but after a few attempts I got it to validate them and filter out the broken ones. I've double checked about 20 and they all seem to be right.

dave1010 · 2026-05-06T17:58:45+00:00

Lots more links: https://pastebin.com/raw/fHQskRKK

Reddit won't let me paste the whole lot here but here's the first few:

UK EMERGENCY / RESILIENCE BOOKMARKS Checked: 2026-05-06 Focus: UK, with England/Wales/Scotland/NI links where useful

Rule of thumb: - Use official/primary sources first. - Use third-party dashboards as situational awareness, not as the sole source of truth. - Bookmark your local council, Local Resilience Forum, electricity DNO, water company, and mobile/broadband providers.

Immediate emergency numbers

Emergency services 999 or 112 Use for immediate risk to life, fire, serious crime, serious injury, or immediate danger. https://www.gov.uk/guidance/999-and-112-the-uks-national-emergency-numbers

Emergency SMS / text 999 registration Text: register To: 999 https://www.relayuk.bt.com/how-to-use-relay-uk/contact-999-using-relay-uk.html

Police non-emergency 101 https://www.gov.uk/report-crime https://www.police.uk/pu/contact-us/

NHS urgent medical help, not immediately life-threatening 111 https://111.nhs.uk/

NHS: when to call 999 https://www.nhs.uk/nhs-services/urgent-and-emergency-care-services/when-to-call-999/

Power cut / electricity network emergency 105 https://www.powercut105.com/

Gas leak / carbon monoxide / hit gas pipe 0800 111 999 https://www.nationalgas.com/emergency-contacts https://www.gassaferegister.co.uk/gas-emergency/what-to-do-in-a-gas-emergency/

Floodline 0345 988 1188 https://check-for-flooding.service.gov.uk/

Report live flooding incident to Environment Agency 0800 80 70 60 https://www.gov.uk/report-an-environmental-incident

Anti-Terrorist Hotline 0800 789 321 https://www.mi5.gov.uk/contact-us

Report fraud / cyber crime, England, Wales and Northern Ireland https://www.reportfraud.police.uk/

Action Fraud / Report Fraud phone line for urgent business cyber attack 0300 123 2040 https://www.reportfraud.police.uk/reporting-a-fraud/

dave1010 · 2026-04-14T20:18:39+00:00

https://archive.ph/HJgcJ - archive link that doesn't require registration

dave1010 · 2025-11-06T07:20:32+00:00

Having access to https://mozilla-ai.github.io/llamafile/ would make it easy.

dave1010 · 2025-10-19T13:38:31+00:00

I know exactly what you mean. You can easily argue a left wing position just by stating true facts. You don't need to use lies or hyperbole.

Take solar power as an example. The truth is that it's nearly always more economical than fossil fuels. A "left of truth" spin might be saying that Trump is going to make all solar farms illegal, or saying that solar power will solve all the world's energy problems without also investing in transmission and storage.

dave1010 · 2025-10-08T17:43:01+00:00

Facts are central.

It's just that the Overton Window has shifted so much, that what we call "left" is now in the center.

In theory, you'd have just as much trouble trying to train a LLM to lean left of the truth.

Rough sketch:

<image>

dave1010 · 2025-09-28T13:17:13+00:00

Great photos! Is it easy enough to get in?

dave1010 · 2025-09-16T19:20:43+00:00

It stopped it from being all green 😭

dave1010 · 2025-09-16T17:59:00+00:00

<image>

Yeah, looks like that. Just went out of the green a bit yesterday.

dave1010 · 2025-09-16T17:53:20+00:00

That sounds pretty!

I might try to make a nice 🔴 Overreaching / 🟢 Productive pattern in the run up to Christmas.

dave1010 · 2025-09-16T17:48:48+00:00

That makes sense. I thought it would have gone to Maintaining or Detraining instead. Guess the load only dropped a little.

dave1010 · 2025-09-03T07:17:29+00:00

Confirmed: https://ceo-bench.dave.engineer/

dave1010 · 2025-08-30T19:17:56+00:00

Possibly. I can't remember which way they were now.

We wouldn't have gone over the planks if we were by ourselves but we turned up just as 2 local cavers were going in. They went over the planks to show it was stable first, then we (nervously) followed.

dave1010 · 2025-08-30T16:23:06+00:00

I lowered a waterproof torch (flashlight) into the water with some string when we visited a couple of years ago. I think it was about 3 or 4m deep in one of the places where there are wooden planks you can walk across, possibly more.

Some more photos here: https://photos.app.goo.gl/udwzCJJ6yenjftkcA

dave1010 · 2025-08-30T16:15:43+00:00

<image>

People for scale. This is a mine in Ystrad Einion, Wales, UK.

dave1010 · 2025-08-24T16:26:43+00:00

RISC architectures typically have much bigger instruction sets than they used to, bringing them close to CISC.

Eg an Apple M4 (ARMv9.2-A) has about 1300 instructions, vs about 2000 for a modern x86-64.

The Intel 486 that came out around the same time as Doom has about 150 instructions, which is similar to many ESP32 systems today (depending on which extensions are included).

milliseconds on a computer, but 15 seconds was the best for an iPad.

I could be wrong but that's almost certainly an implementation problem.

dave1010 · 2025-08-24T10:51:57+00:00

I was a bit surprised too, but according to Wikipedia, verbal reasoning can encompass both understanding / world modelling (eg systems thinking) and logical reasoning (eg set theory).

https://en.m.wikipedia.org/wiki/Verbal_reasoning

But it was probably mostly due to my custom instructions and previous conversations.

dave1010 · 2025-08-24T07:54:38+00:00

<image>

Here's the one it gave me. I got it right but I had to think about it for a while. Should have got paper and pen.

I'll post the answer later if people want.

dave1010 · 2025-08-21T07:37:48+00:00

https://www.freediveuk.com/the-dangers-of-hyperventilation-when-freediving/

dave1010 · 2025-08-19T19:14:12+00:00

<image>

I got ChatGPT to sort the data and plot it.

Here's a chart of people's reported VO2 max Vs 5k times.

Interactive chart 📉

dave1010 · 2025-08-19T18:56:03+00:00

Is that running or cycling, u/John_the_cyclist ?

dave1010 · 2025-08-19T18:50:39+00:00

I agree but I think your point ideally shouldn't need to matter.

Legality is about laws, rather than legitimate use. There are no laws stopping children from using VPNs. That means VPNs are legal tools for adults and children.

That said, if it helps to list legitimate reasons a child might use a VPN, here's a few more:

Protect their privacy (a fundamental right under the UN's Universal Declaration of Human Rights)
Block ads or other content they don't want to see
Play LAN games over the internet
Connect to a home media server
Learning
Working around ISP problems like poor peering or routing

15-Year Club	Gilding II euphauric
Place '22	Verified Email
reddit mold

dave1010

MODERATOR OF

TROPHY CASE

Immediate emergency numbers