Hacker News: andrei

New comment by andrei in "Infinite Craft"

andrei — Wed, 31 Jan 2024 16:45:21 +0000

just link to the real thing :) [0]

[0]: https://twitter.com/nealagarwal/status/1747284257582506102

New comment by andrei in "Blank turns your TV screen black until you press any button on a remote"

andrei — Wed, 12 Apr 2023 18:13:44 +0000

facepalm I read that paragraph, but my brain skipped that sentence for some reason. Thanks for clarifying

New comment by andrei in "Blank turns your TV screen black until you press any button on a remote"

andrei — Wed, 12 Apr 2023 18:09:31 +0000

How is this different than just turning your TV off? I feel like I'm missing something

New comment by andrei in "Why modern software is slow"

andrei — Fri, 30 Sep 2022 01:35:38 +0000

Somewhat relevant: https://tonsky.me/blog/disenchantment/

New comment by andrei in "Fuzzing Go APIs for SQL Injection"

andrei — Wed, 31 Aug 2022 17:29:54 +0000

As of go 1.18, fuzzing is built into the toolchain itself, and is what we're using in this post.

We go over the basics here [0], if you'd like to start at the beginning

[0]: https://blog.fuzzbuzz.io/go-fuzzing-basics/

New comment by andrei in "Fuzzing Go APIs for SQL Injection"

andrei — Wed, 31 Aug 2022 17:14:49 +0000

It's much more common than you may think - especially at larger organizations where engineers go "off-script" frequently.

That being said, we wanted to highlight an example of how fuzzing can be applied to a typical (albeit, toy) API to find logic bugs, and figured SQL Injection would be something that resonated with most (all?) developers.

New comment by andrei in "Fuzzing Go APIs for SQL Injection"

andrei — Wed, 31 Aug 2022 16:36:19 +0000

A lot of folks we talk to think fuzzing is only useful for finding memory leaks in C++ programs, so we wanted to show how adding a single fuzz test to your API can find SQL injection and other logic bugs.

Would love to hear others' experience with Go fuzzing now that it's been out for a few months.

Fuzzing Go APIs for SQL Injection

andrei — Wed, 31 Aug 2022 16:11:19 +0000

Article URL: https://blog.fuzzbuzz.io/fuzzing-go-apis-for-sql-injection/

Comments URL: https://news.ycombinator.com/item?id=32664270

Points: 64

# Comments: 22

New comment by andrei in "Oven: The Company Behind Bun"

andrei — Wed, 24 Aug 2022 04:18:55 +0000

> 2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)

We're huge fans of bun at Fuzzbuzz (waiting for it to get a bit more production-ready). If Jarred's interested, we'd be happy to donate some compute to support fuzzing Bun.

@ fuzzbuzz.io

House passes bill that DoD software can’t have any CVEs

andrei — Thu, 18 Aug 2022 01:47:11 +0000

Article URL: https://twitter.com/JGamblin/status/1560016175265972224

Comments URL: https://news.ycombinator.com/item?id=32504225

Points: 19

# Comments: 9

Advanced Go Fuzzing Techniques

andrei — Thu, 16 Jun 2022 18:00:43 +0000

Article URL: https://blog.fuzzbuzz.io/writing-effective-go-fuzz-tests/

Comments URL: https://news.ycombinator.com/item?id=31769065

Points: 2

# Comments: 0

New comment by andrei in "Gitlab New Logo: DevOps Is at the Center of Gitlab"

andrei — Wed, 27 Apr 2022 18:16:58 +0000

I've heard this talked about before, and I believe there's a phrase for it, but I don't remember. Do you happen to know?

New comment by andrei in "Go Fuzz Testing"

andrei — Tue, 29 Mar 2022 22:22:43 +0000

Good catch :) fixed!

New comment by andrei in "Go Fuzz Testing"

andrei — Tue, 29 Mar 2022 19:24:28 +0000

It does! Fuzzing actually started off as a tool built by security researchers to find vulnerabilities in parsers, and other complex codebases, usually written in C/C++ (looking for memory bugs). So anything that deals with untrusted binary data is a prime candidate for fuzz testing.

Go’s fuzzing framework supports `[]byte` arguments as well as all of the standard Go primitives, so you should be able to test netcode this way.

If you're looking for a C/C++ solution, my recommendation is libfuzzer [0]. We've also built our own C/C++ fuzzing engine at Fuzzbuzz [1].

[0] https://llvm.org/docs/LibFuzzer.html

[1] https://docs.fuzzbuzz.io/docs/getting-started-in-c-or-c++

Go Fuzz Testing

andrei — Tue, 29 Mar 2022 15:23:47 +0000

Article URL: https://blog.fuzzbuzz.io/go-fuzzing-basics/

Comments URL: https://news.ycombinator.com/item?id=30843814

Points: 114

# Comments: 22

New comment by andrei in "Apple removes Python 2.7 in macOS 12.3 beta"

andrei — Fri, 28 Jan 2022 17:36:18 +0000

This was a big reason for why our entire eng team moved to linux

New comment by andrei in "Use Pixar's story formula to win over investors"

andrei — Sat, 14 Aug 2021 22:57:33 +0000

I think this downplays things quite a bit. I grew up as a middle class immigrant in Canada. My parents have office jobs, but basically 0 connections (certainly not the ones you're implying you need to raise).

In university (which I paid for myself through internships + loans), my cofounder and I just started coding on an idea, which got us into YC, which helped us get in front of a bunch of VCs, which allowed us to raise $3m in seed funding. No connections, just lots of googling and talking/pitching to anyone that would pay attention to us.

It could've been the 5% luck you're talking about, but certainly don't think that coming from a well-connected family is the only way to fundraise in 2021.

New comment by andrei in "Fuzzing Grub, part 2: Going Faster"

andrei — Thu, 15 Jul 2021 03:43:58 +0000

Part 1 here: https://sthbrx.github.io/blog/2021/03/04/fuzzing-grub-part-1...

Fuzzing Grub, part 2: Going Faster

andrei — Thu, 15 Jul 2021 03:43:33 +0000

Article URL: https://sthbrx.github.io/blog/2021/06/14/fuzzing-grub-part-2-going-faster/

Comments URL: https://news.ycombinator.com/item?id=27841177

Points: 1

# Comments: 1

New comment by andrei in "Let's stop building APIs around a network hack (2017)"

andrei — Sun, 25 Apr 2021 05:52:05 +0000

Should add the date to the title: (2017)