This seems like a lot when you're one brew install bash/zsh coreutils away. I have a script that installs all the GNU utils, and does the thing so that the you can use the g versions by their normal name. I haven't even noticed any of the outdated userspace.
I think this downplays things quite a bit. I grew up as a middle class immigrant in Canada. My parents have office jobs, but basically 0 connections (certainly not the ones you're implying you need to raise).
In university (which I paid for myself through internships + loans), my cofounder and I just started coding on an idea, which got us into YC, which helped us get in front of a bunch of VCs, which allowed us to raise $3m in seed funding. No connections, just lots of googling and talking/pitching to anyone that would pay attention to us.
It could've been the 5% luck you're talking about, but certainly don't think that coming from a well-connected family is the only way to fundraise in 2021.
You used YC's connections. You applied were accepted and now are part of that network.
Leveraging YC's rep for selection is one way to break in. You were part of the lucky 1% who make it through the program from application to funding,congrats!
It's not the lucky 1%, it's the carefully selected 1%.
The other 99% is where the random rejection component amounts to more like "bad luck".
IOW good luck on its own isn't even enough, but bad luck can set you back years.
And since there's realistically at least another 2% out of the 99 who would have been equally performant if there was actually room for them to be accepted, the greatest pool of most promising candidates are among those whom have been the most unlucky.
> In university (which I paid for myself through internships + loans)
So you got a loan that your family backed and you were able to work as an intern in various places. You also went to a prestigious university. You were a privileged 1% and after entering YC you are part of the 0.1%. This would not have happened if you had been born in Namibia.
My complaint is that by using the leverage of the 0.1% you try to convince the 99,9% that: if you work, think and play hard you can achive your dreams. This is no longer the case. Maybe it was like that 10 or 15 or 35 years ago. Today the wealth difference and inequality is abysmal because of the network effects. So basically you don't need to be good or bad business, you just leverage your network and keep going.
>Sure, but one thing I don’t understand is why fuzzing is not used more often for testing basically any pure function [...]
Agreed 100%, and is actually what we encourage people to do. Since this is an intro article though, we wanted to keep things simple, and everyone understands the danger in accepting inputs over a trust boundary.
Your suggested method is what the fuzzing community calls differential fuzzing [0]. It’s been incredibly effective at finding bugs in crypto libraries [1], and is currently being used to fuzz different Ethereum node implementations [2]. There are other ways you can fuzz functions, and we sort of hint at this in the post when we say:
“If you can define a property that must hold true for any given input (also called an invariant), then the fuzzer will look for inputs that break your invariant”.
Usually this translates into writing assertions the same way you might when you’re writing property-based tests [3]. In fact, I think the fuzzing community has a lot to learn from property based testing. These are more advanced topics though, that we hope to cover in a later post, and why we omitted these details from this one.
>This list of issues seems sort of manufactured [...]
Developer friendliness means different things to different people depending on their area of expertise, years of experience, or interest levels. While the list may seem manufactured, we’ve found that unfriendly tooling and uncertainty about what to tackle first can turn developers off even trying to write a fuzz test at all. Understanding what makes a good fuzz test, instrumenting your code properly, running many fuzz tests at scale, and triaging and interpreting the results of a fuzzing run can make fuzzing prohibitively difficult for a new engineer to set up. This is what we’re focused on solving.
>Advertising a product without saying anything about it is off-putting to me [...]
Fair enough. Fuzzbuzz isn’t quite ready for public access yet, so that’s why we’re a bit vague here, but the intention was not to advertise our product (and is why we only wrote a couple paragraphs at the bottom). We were just excited to write a post about fuzz testing, and figured anyone who’s interest was really piqued could get in touch. We hope to expand this post and use this as an educational resource long-term.
No reason to be ashamed, it's still a fairly niche concept. We're huge fans of it though. We'll definitely be writing an in-depth post about it in the coming weeks/months.
Basic fuzzers can surprisingly go a long way. Barton Miller (the professor who first coined the term fuzzing), actually wrote a paper last year [0] where he just ran a very basic fuzzer against a bunch of common UNIX tools. Even after all these years of testing/usage, they still managed to find a ton of issues.
Isn't that the 1995 paper? The original study was 1990.
He was my teacher, and he taught this in class :)
I'm pretty sure his fuzzer was "for each file in system send as input to program X"
That was the original tool, revisited was repeating the original test (might have tested against more programs which had become common since then)
I've worked with Romanian devs a bunch around Cluj and had really good experiences. I'm assuming the talent pool isn't huge but seems very high quality.
Well, as everywhere in the world, it varies. Plus a lot of people have left/are leaving Romania, but even so, for a rather poor country of now around 18 million people (used to be ~23 million in 1990), I think there are around 100k software developers). Which is not too shabby considering where we started (I guess in 1990 we had maybe 5k).
Cluj is growing but it's still a bit of secondary center. Bucharest on the other hand has offices from almost every major player, I think only Facebook, Apple and Netflix are the only ones missing for now (that might change, as things are moving super fast these days). Otherwise, Microsoft, Amazon, Oracle, Google, Intel, Huawei, Adobe, SAP, etc. are there.
It's my goal to save up more cash and then at some point in the near future move to Romania to try my hand at a startup there. Any recommendations on who to talk with or what kinds of resources I should read? Should a startup be incorporated in America still, or do the Romania tech tax-benefits only apply to companies incorporated in Romania? Questions like these are accumulating on my list now that I'm starting to see this goal becoming a reality! Any recommendations or advice would be appreciated.
I can't say that I have much advice for this, but if you're serious about this, it's probably a good idea to contact a lawyer, maybe try this: https://www.stratulat-albulescu.ro/en/contact/ I imagine a few hours of discussions won't cost you an arm and a leg and you should be able to get far more qualified advice than what you'd get from a rando on the internet.
If you do want to move, personally I would avoid Bucharest... a bit. Competition is super fierce. Timișoara, Cluj or Iași, especially Iași, should have a decent talent pool and slightly lower salary expenses/lower cost of living, and they all have international airports so you can easily move around when needed.
I'd learn a bit of Romanian. If you only speak English it will be relatively hard, but reasonably doable: https://www.openculture.com/2017/11/a-map-showing-how-much-t... (note: those numbers are for career diplomats undergoing intensive training, however, as you can see, it's still one of the easiest languages to crack for an English speaker :-) ).
Thanks for the advice! I really appreciate it. I'm pretty fluent in Romanian, at least by American standards. Grew up bilingual because we were always more embedded in the Romanian community around town. :) But I will definitely seek to improve massively so I sound exactly like a native speaker!
Good luck! You'll need it (both because a startup is a risky business, and also because Romania still has a long way to become fully business friendly and well... developed). On the other hand: no risk, no reward.
More successful Romanian owned businesses, especially international ones plus, I think, better EU funds use. EU funds are not exactly Romanian funding but are earmarked for Romanian development so they're not far off, and we're super bad at utilizing them fully.
I believe they use libfuzzer to test isolated components [0], but seems like they wanted to specifically focus on browser fuzzing for this post (it's probably more interesting, too).
Fuzzbuzz | Full Stack Engineer (Typescript/Go) | $125k-145k + 0.25%-0.5% | SF Bay (Redwood City) | https://fuzzbuzz.io
Fuzzbuzz is hiring a full stack engineer (true full stack, not just frontend) to help build our fuzzing as a service platform. Backend is 100% Go and frontend is your choice (currently Angular, but open to letting you rewrite it), since you'd completely own it. 60/40 backend/frontend work split. Production experience writing frontend code is a must, but no Go experience required.
We're a team of 5 - 4 engineers, 1 designer. The team is very technical (founding engineers have 20+ years of experience each), which allows us to iterate quickly using technologies that solve problems, rather than flavor of the month tech (stack is Go, Typescript, Postgres, Nginx, Linux).
