At work I help others to automate testing, build processes etc. Mainly I write Python, help others with Docker and Jenkins pipelines. How could I dive into fuzzing?

What's the best tutorial for fuzzing? Or should I pick some tool and focus on that and then extend from there? Something else? (We are mostly building embedded devices, mostly C and C++)

If you're using clang, I can recommend starting with libFuzzer. It's pretty straightforward to use - basically add one C file with a function definition, which gets called by the fuzzer engine with the test data. Add a bunch of compiler switches to the build, and you're done.

Note that for coverage-guided fuzzing you need a custom C/C++ build with some kind of coverage-tracking active.

See https://llvm.org/docs/LibFuzzer.html.

Either libFuzzer or AFL are your best bet for getting started - they both use very similar algorithms and just differ on execution.

libFuzzer is more suited to fuzzing a single method, while AFL gives you a little more freedom when deciding how to fuzz your code.

This is a nice initial look at libFuzzer: https://github.com/google/fuzzer-test-suite/blob/master/tuto...

And here are a couple of my favourite AFL tutorials:

- https://fuzzing-project.org/tutorial3.html

- https://github.com/ThalesIgnite/afl-training

Happy to answer any questions!

Just curious, are there any users of irssi that chose it over weechat-curses? If so, why?

I'm using irssi, and I guess the only answer I have is "inertia". I have an irssi setup/config which works. I could probably get weechat up and running fairly quickly, have looked at it already, but... irssi has, and continues to, serve me well, so I see no real reason to change.

Ninja-edit: didn't comprehend your question fully upon first reading. I didn't chose between them. Back in... 2007-ish? I got handed an irssi config by a buddy, and have tweaked it from there since. No active choice being made between the two. Sorry for the misinterpretation.

It’s simple and it works. Does one thing well.

Why choose? I use both :-) I'm using irssi in a screen session on a server, with the proxy plugin, and weechat in my desktop as a frontend.

I like it more

I chose it back in the day, like 10 years ago. It worked fine so I kept using it.

I've configured it to my liking. I know its ins and outs. It's unlikely to surprise me. I've also written scripts for it, so it does what I want it to do.

Also: I remember trying Weechat once. I typed "/connect blabla" and it errored out, telling me that I can't connect to arbitrary servers without editing some configuration variable or something like that. That gave me bad vibes. Very bad decision. UX matters.

For what it's worth, it's not the case anymore. You can /connect directly to a network domain and it'll just create it as a temporary session that doesn't need to be saved to the config.