It's not clear that making it worse against an artificial benchmark has anything to do with real world software. Telling the LLM how to run test suites, what underlying APIs to use, etc., all seem like valid needs for some kind of instruction, and short of writing it into every single prompt, those seem like the only approaches.

I've been meaning to migrate Plex to Jellyfin. I don't even host at Hetzner, but this coming at the end of the week is perfect -- I'm going to do the migration this weekend!

Yep, challenge author here, and it was definitely to teach that `argv[0]` is not trustworthy. I've seen privileged processes try to re-invoke themselves (as, say, a child process) by looking at `argv[0]` rather than something like `/proc/self/exe` (which is also subject to race conditions if the directory is writable).

The binary was not setuid, but was only executable (not readable) by the user used.

>The binary was not setuid, but was only executable (not readable) by the user used.

Ah, then ptrace/gdb could have been used to dump it out as well :). Looks like a fun CTF, too bad I was too busy for bsides this year..

Katy's talk at DC20 has single-handedly rekindled my interest in robotics, Hacker Dojo, and vodka. Not necessarily in that order. She seems like a wicked awesome person, and given where she's worked before, she's obviously smart as hell...

Some links:

DEFCON 20: Robots: You're Doing It Wrong (waiting for better quality)

http://www.youtube.com/watch?v=QUlcTbfoz3U

Defcon 19: Katy Levinson - Don't Fix It In Software

http://www.youtube.com/watch?v=Drk3Dz3_yLE