Fuzz testing is a technique for automatically uncovering bugs in software. The problem is that it’s a pain to set up. Read any fuzz testing tutorial, and the first task is an hour of building tools from source and chasing down dependencies upon dependencies.

I recently found that Nix eliminates a lot of the gruntwork from fuzz testing. I created a Nix configuration that kicks off a fuzz testing workflow with a single command. The only dependencies are Nix and git.

This is the second half of a post about using Nix to automate a fuzz testing workflow.

At this point, I can run honggfuzz against pdftotext, but it takes a bit of manual effort to get things started. I promised in part one that I’d get all of the installation and fuzzing down to a single command.

Downloading tricky PDFs

In my ad-hoc fuzzing, I manually downloaded a PDF from the IRS website. I’ll start by automating that step.

Last week, I saw an interesting article on the /r/legaladvice subreddit. An e-commerce business owner was complaining that a customer was suing because the merchant had been sending the customer promotional emails for years that the customer never agreed to. The author deleted the post a few days later, but I found a copy of the text.

The merchant was indignant and felt like it was a shakedown, but I was 100% on the customer’s side. The merchant is in the wrong for spamming their customers with promotional emails they never requested, and so the merchant should suffer financial repercussions.

Highlights

• I’m finding it surprisingly difficult not to work.
• Sleep is getting a little better.
• I used Nix to create a slick and reusable fuzz testing workflow.

Goal grades

At the start of each month, I declare what I’d like to accomplish. Here’s how I did against those goals:

Enjoy family time

• Result: Spent lots of time with my wife and our newborn son and had frequent visits with friends and family.
• Grade: A

I’ll be okay if I don’t work for a bit

I never thought of myself as someone who needs to work all the time, but I’m finding it difficult to take time off.

Highlights

• My wife and I became parents.
• I realized that caring for a newborn takes more time than I expected.
• I’m unsure what to do with my partially-finished Hacker News course.

Goal grades

At the start of each month, I declare what I’d like to accomplish. Here’s how I did against those goals:

Finish recording my course

• Result: Baby arrived early, and I only recorded 20% of the material.
• Grade: N/A

Recording the course took longer than I thought, and the baby arrived a few weeks earlier than we expected, so I didn’t get to all the material.