WTF

A French engineer who lives quietly in Paris has spent 30 years writing software that the entire internet now runs on without knowing his name. He wrote the code that streams every YouTube video, every Netflix show, every TikTok clip. He wrote the code that runs the virtual servers underneath AWS, Google Cloud, and Microsoft Azure. He calculated more digits of pi than anyone in history. He has no Twitter. He has no marketing. He just keeps shipping. His name is Fabrice Bellard. Here is the story, because almost nobody outside the systems programming world knows what one man has built. Fabrice was born in 1972 in Grenoble, France. He studied at École Polytechnique, the top French engineering school. He never went to Silicon Valley. He never built a startup empire. He just wrote code. In 2000 he started a project called FFmpeg, an open-source multimedia framework for encoding, decoding, and streaming video. He was 28. The project did one thing nobody else had done well. It handled every video and audio format that existed, in one library, on every operating system. He led it himself for years. Today FFmpeg is the invisible engine of the internet. YouTube uses it. Netflix uses it. VLC uses it. Chrome and Firefox use parts of it. Every Android phone, every iPhone, every smart TV, every video editing tool you have ever touched runs FFmpeg somewhere underneath. If you have watched a video on a screen in the last 20 years, Fabrice's code processed it. He was not done. In 2003 he started QEMU, a machine emulator and virtualizer. He wrote it solo until version 0.7.1 in 2005. QEMU lets you run any operating system on any other operating system. It became the foundation of modern virtualization. KVM, the Linux kernel hypervisor, runs on top of QEMU. Every major cloud provider, AWS, Google Cloud, Microsoft Azure, IBM Cloud, runs virtual machines on infrastructure built around it. The Quick Emulator is the most cited piece of cloud infrastructure code on Earth. He kept going. In 2001 he won the International Obfuscated C Code Contest with a small C compiler that grew into TCC, the Tiny C Compiler. TCC can compile and boot a Linux kernel from source in under 15 seconds. In 2004 he calculated the most digits of pi ever computed at the time, using a personal desktop computer and an algorithm he derived himself called Bellard's formula. In 2011 he wrote a complete PC emulator in pure JavaScript that runs Linux in your browser, a project called JSLinux that engineers still cannot believe is real. In 2019 he released QuickJS, a small but complete JavaScript engine that fits where V8 cannot. In 2021 he released NNCP, a neural network based lossless data compressor that immediately took the lead on the Large Text Compression Benchmark. Then he turned his attention to large language models. He built TextSynth Server, a web server with a REST API for running LLMs locally. He released ts_zip and ts_sms, compression utilities that use language models to compress text and short messages at ratios traditional algorithms cannot reach. He released TSAC, a very low bitrate audio compression system. In December 2025 he released Micro QuickJS, a new JavaScript engine for microcontrollers, separate from QuickJS, designed for environments with almost no memory. Fabrice co-founded a telecom company called Amarisoft in 2012, where he serves as CTO. Amarisoft builds 4G and 5G base station software used by carriers and labs around the world. He has been running it for over a decade while continuing to ship personal projects from his own home page at bellard dot org He has no Twitter. He has no Instagram. He gives almost no interviews. His personal website is a flat list of projects with no styling, no fonts, no marketing copy. Just titles and links. A quiet French engineer who never moved to Silicon Valley wrote the code that quietly runs the internet. He is still shipping.

Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies. If you're a stinky GitHub and VSCode nerd maybe you'll understand. tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github https://t.co/uh17usZeEH

This Mikhail Matveev a/k/a Boris a/k/a "RansomBoris". He spends his days relaxing with his friends, posting pictures on social media, and within the past few years celebrated his marriage. Matveev is currently FBI Most Wanted. He has conducted cyber attacks against businesses all across the planet, as well as United States critical infrastructure. He is most notably involved in Lockbit ransomware group, Babuk ransomware group, HIVE ransomware group, CONTI ransomware group, and suspected to be involved in Darkside ransomware group. His most notable offense, which put a giant target on his back, was he compromised the Washington DC Metropolitan Police Department. He successfully got information on undercover police officers and informants. He extorted them for several million dollars. He currently resides in Russia. The Russian government did an investigation into him and found him guilty on several charges related to cybercrime. However, Matveev never compromised any Russian government or Russian business. He was ultimately given a fine and placed on probation. He cannot go outside after curfew. Boris also has a T-shirt he made with his FBI Most Wanted poster on it. Boris isn't afraid of anything.

⚠️ Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks Source: https://t.co/7ghzzZJBKg A critical flaw in Anthropic’s Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers. Unlike a traditional coding bug, this vulnerability is architectural, meaning any developer building on Anthropic's MCP foundation unknowingly inherits the exposure from the ground up. The flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation. Successful exploitation grants attackers direct access to sensitive user data, internal databases, API keys, and chat histories, effectively handing over complete control of the affected environment. #cybersecuritynews

VERCEL GOT HACKED ShinyHunters - the group behind the Ticketmaster breach - is selling Vercel's internal database for $2M on BreachForums here's why every developer should care: - they have NPM tokens and GitHub tokens - Vercel owns Next.js - 6 million weekly downloads - one malicious push = global supply chain attack - Vercel confirmed the breach today, April 19 - they literally DMed the hackers on Telegram asking them to stop rotate your env variables RIGHT NOW

Her dad brought home a $300 box that gave him thousands of channels, every movie, every show, even pay-per-view. Her sister said the home network had been slow ever since. So she took one home, put it on its own network behind a firewall, and watched who it was talking to. Here's what she found.