"We didn't call it fuzzing back in the 1950s, but it was our standard practice to test programs by inputting decks of punch cards taken from the trash.

We also used decks of random number punch cards. We weren't networked in those days, so we weren't much worried about security, but our random/trash decks often turned up undesirable behavior.

Every programmer I knew used the trash-deck technique."

-- Gerald M. Weinberg

@fribbledom Having recently gotten into retrocomputing, I'm starting to really understand how security is a luxury of the modern age. Using trashed/laced cards for QA input is, incidentally, genius.

@fribbledom Jerry told me that von Neumann's group at IBM practiced something that would be now be barely distinguishable from Extreme Programming, driven then by the high opportunity cost of failing that scarce batch job.

I think the difference with modern fuzzing is that you instrument the code, observe if your input causes new branches to be taken, and evolve your input to reach unusual states much quicker

@fribbledom if "trash-deck" isn't a fuzztesting package name already, it needs to be 🎉

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!