Author name: Mike M.

github-abused-to-distribute-payloads-on-behalf-of-malware-as-a-service

GitHub abused to distribute payloads on behalf of malware-as-a-service

Biz & IT, GitHub, malware, Security / /

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets.

The use of GitHub gave the malware-as-a-service (MaaS) a reliable and easy-to-use platform that’s greenlit in many enterprise networks that rely on the code repository for the software they develop. GitHub removed the three accounts that hosted the malicious payloads shortly after being notified by Talos.

“In addition to being an easy means of file hosting, downloading files from a GitHub repository may bypass Web filtering that is not configured to block the GitHub domain,” Talos researchers Chris Neal and Craig Jackson wrote Thursday. “While some organizations can block GitHub in their environment to curb the use of open-source offensive tooling and other malware, many organizations with software development teams require GitHub access in some capacity. In these environments, a malicious GitHub download may be difficult to differentiate from regular web traffic.”

Emmenhtal, meet Amadey

The campaign, which Talos said had been ongoing since February, used a previously known malware loader tracked under names including Emmenhtal and PeakLight. Researchers from security firm Palo Alto Networks and Ukraine’s major state cyber agency SSSCIP had already documented the use of Emmenhtal in a separate campaign that embedded the loader into malicious emails to distribute malware to Ukrainian entities. Talos found the same Emmenhtal variant in the MaaS operation, only this time the loader was distributed through GitHub.

The campaign using GitHub was different from one targeting Ukrainian entities in another key way. Whereas the final payload in the one targeting the Ukrainian entities was a malicious backdoor known as SmokeLoader, the GitHub one installed Amadey, a separate malware platform known. Amadey was first seen in 2018 and was initially used to assemble botnets. Talos said the primary function of Amadey is to collect system information from infected devices and download a set of secondary payloads that are customized to their individual characteristics, based on the specific purpose in different campaigns.

GitHub abused to distribute payloads on behalf of malware-as-a-service Read More »

2026-mercedes-benz-cla-feels-like-a-real-car,-not-a-science-experiment

2026 Mercedes-Benz CLA feels like a real car, not a science experiment

car review, Cars, First drive, Mercedes-Benz CLA / /

Mercedes’ new 800 V electric powertrain is ready for the public, and we’ve driven it.

A closeup of the front of a blue Mercedes-Benz CLA with EQ technology.

Mercedes-Benz has high hopes for its new EV technology, which debuts in the 2026 CLA. Credit: Mercedes-Benz

Mercedes-Benz has high hopes for its new EV technology, which debuts in the 2026 CLA. Credit: Mercedes-Benz

The Mercedes-Benz CLA is a marked departure from Mercedes’ EV efforts. Instead of a dedicated line of EQ vehicles—like the EQB, EQC, and EQS—we’re getting vehicles “with EQ Technology.” It started with the electric G Wagon, but the CLA is the first mainstream product to make the change. The thing is that the change is significant and for the better. Several months ago, we got some time in a prototype CLA; now we’ve driven the final product.

The CLA returns for the 2026 model year as an EV first (with a hybrid coming) on an all-new 800-volt architecture. This architecture will find its way to other Mercedes vehicles, like the upcoming GLB and GLC. This thoroughly modern setup features some of the company’s biggest innovations.

The CLA will be available with either one or two electric motors, with a two-speed setup for efficiency and performance. The 250+ base model makes 268 hp (200 kW) and 247 lb-ft (335 Nm) of torque. Mercedes is claiming up to 792 km of range with this model on the WLTP cycle. Accounting for WLTP’s optimism, it’s still possible we might see an EPA-rated range over 400 miles, but Mercedes isn’t quoting any real numbers yet.

Not quite a sedan, more like a four-door coupe. Mercedes-Benz

The dual motor, all-wheel drive 4Matic variant, makes 349 hp ( 260 kW) and 380 lb-ft (515 Nm) of torque. It also has a two-speed setup. The WLTP estimate from Mercedes here is up to 771 km, which would still be potentially 400 miles under EPA testing in the real world.

Peak DC fast charging is 320 kW, with a 10–80 percent charging time of 22 minutes for the 85 kWh usable lithium-ion battery pack. For comparison, the current EQB peaks at just 110 kW.

Two charge ports

Like the upcoming Nissan Leaf, the charge connector situation will be a little weird on the CLA. It’ll have a standard SAE J-1772 plug for level 2 charging, but sitting next to it, behind the charging door, is also a NACS connector for DC fast charging. It’s not my favorite solution to the problem. If you were to switch from a Model 3 to a CLA, you might already have a Tesla charger in your garage, and you’ll need an adapter for the J-plug, but we are in a strange transitional time for all of this. At least they’re on the same side of the car.

Some early cars making their way to the United States will only support 800 V DC fast charging stations. Those would include Mercedes’ own stations, along with Ionna. But those early cars won’t work on the nation’s biggest 400 V network, Tesla Superchargers.

Mercedes tells us that these early cars will be limited to demonstration vehicles, with customer vehicles early next year supporting both 400 V and 800 V chargers.

“After the initial limited delivery of cars late this year for demonstration of the CLA’s fast-charging abilities, 2026 US customer orders from early next year will feature a converter and be capable of charging at 400 V and faster 800 V, meaning the largest number of US charging points, currently over 140,000.”

Customers shouldn’t have to think about it when they receive their own cars, which is ultimately what matters the most. It does, however, highlight some of the challenges of developing EVs in a fast-changing environment.

Finally, a hood that opens

The CLA with EQ Technology has some new changes for Mercedes in the cargo capacity department, too. It’s the first Mercedes with a frunk since the W23 of the 1930s. It was silly to offer a hood on a car that is bolted shut, so it’s nice to not only see Mercedes change course on that but also provide 2.5 cubic feet (71 L) of storage up there.

The cockpit layout is similar to the EQ Mercedes EVs. Mercedes-Benz

That gives the CLA overall cargo capacity of 18.7 cubic feet (530 L) between the frunk and the trunk. The trunk swallows two people’s luggage without much issue, but the load lift into the trunk is pretty high. This is not uncommon for a proper sedan, but it is noticeable.

Speaking of being a proper sedan, the new CLA is 1.3 inches (33 mm) longer than the old car, with a 2.4-inch (61 mm) longer wheelbase. It also has more headroom for both front and rear passengers and is a comfortable place to spend time once you get settled.

Our test models all had the AMG Line package, which included sportier seats that are actually quite comfortable. The cabin gives you a feeling of being cocooned in the car, but it doesn’t feel cramped or claustrophobic.

When you look ahead, you have an optional heads-up display and Mercedes’ new MBUX Superscreen. This is a 10.25-inch driver display, a 14-inch center display, and a 14-inch passenger display. They are all powered by MB.OS and Unity Game Engine. The new infotainment includes support for apps, like Disney+ and Angry Birds. The driver can access these while parked, but the passenger can use their display while the vehicle is in motion.

the back half of a Mercedes CLA seen with pedestrians and cyclists in the foreground.

Less eye-catching colors are available. Credit: Mercedes-Benz

While playing Angry Birds, I couldn’t help but notice how good-looking the passenger screen was. In fact, all the screens have excellent contrast and color reproduction, which is partly due to their lack of a screen filter that normally prevents the driver from seeing the screen.

Keep your eyes on the road

However, in the CLA, the passenger display is initially visible to the driver. The camera mounted above the center display, which is also used for features like video conferencing or in-car selfies, watches the driver. If the driver looks toward the passenger display, the screen will be disabled until the driver pays attention to the road again. It’s an interesting way to solve the driver distraction problem while not ruining how the screen looks.

Star Wars’ Andor looks and sounds pretty good with the Burmeister sound system, even if it’s in Danish by default—because we’re in Copenhagen—and I don’t know Danish.

My biggest complaint about the new infotainment system in these versions is huge bezel on the center screen. Some of the bezel is needed for the camera, but in 2025, it comes across as being a bit cheap. They look great, just the bezel doesn’t. I wouldn’t be surprised if upgraded displays in higher-end future models expand to fill those gaps.

We’ll need to spend some time with the CLA on familiar roads before we can truly judge its efficiency. Credit: Mercedes-Benz

Driving the new CLA is a pleasant experience. The 250+ has plenty of grunt for most of the driving normal people do. The two-speed setup operates seamlessly, and at no point did I feel the need for more power.

If you want more power, or more importantly, all-wheel drive, the 350 4Matic delivers. In the normal driving mode, acceleration is even more brisk, but it doesn’t snap your head back. Put the car into the Sport setting, and you get all the acceleration you could really want. Yes, there’ll be more powerful versions in the future. But a 4.8-second run to 60 mph in a non-performance car is plenty.

That’s smooth

The country roads outside Copenhagen don’t offer many opportunities to really push the car to its limits, but ride comfort is excellent. Only when we hit a manhole cover on a torn-up street did I feel like I was driving an entry-level vehicle.

On the other hand, I didn’t feel the need or desire to switch over to the car’s sport mode. With a standard fixed suspension, little changes when you engage the setting (except unlocking the full acceleration power), and frankly, it never felt necessary.

That’s not to say the car isn’t fun or isn’t any good. On the contrary, I could spend a lot of time in one of these and be quite happy with it. However, there’s room to add an AMG variant that really cranks up the performance.

As for looks, I find the car attractive without being too much. I think the darker colors, look better on this car than the lighter ones, as the front grille looks a little busy with lighter colors. I find the car more attractive in person than in photos, and while I wasn’t a fan of the TriStar motif in the rear taillights, it has grown on me.

I haven’t driven the G580, but the GLC prototype I drove last month and the CLA feel different. Unlike previous Mercedes EVs, these feel like cars and not just science experiments. Yes, the technology is all there, but the one thing that BMW was able to do on its EVs that previous EQs lacked was delivering a driving experience that felt like it wasn’t exclusively dictated by math. There’s also no word on pricing yet.

The CLA with EQ Technology might be a mouthful, but it represents a significant leap forward.

2026 Mercedes-Benz CLA feels like a real car, not a science experiment Read More »

google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices

Google finds custom backdoor being installed on SonicWall network devices

Biz & IT, hackers, Security, sonicwall, vulnerabilities / /

Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and secure access by mobile devices.

The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them. That has left them prime targets by UNC6148, the name Google has given to the unknown hacking group.

“GTIG recommends that all organizations with SMA appliances perform analysis to determine if they have been compromised,” a report published Wednesday said, using the abbreviation for Google Threat Intelligence Group. “Organizations should acquire disk images for forensic analysis to avoid interference from the rootkit anti-forensic capabilities. Organizations may need to engage with SonicWall to capture disk images from physical appliances.”

Lacking specifics

Many key details remain unknown. For one thing, the attacks are exploiting leaked local administrator credentials on the targeted devices, and so far, no one knows how the credentials were obtained. It’s also not known what vulnerabilities UNC6148 is exploiting. It’s also unclear precisely what the attackers are doing after they take control of a device.

The lack of details is largely the result of the functioning on Overstep, the name of custom backdoor malware UNC6148 is installing after initial compromise of the devices. Overstep allows the attackers to selectively remove log entries, a technique that is hindering forensic investigation. Wednesday’s report also posits that the attackers may be armed with a zero-day exploit, meaning it targets a vulnerability that’s currently publicly unknown. Possible vulnerabilities UNC6148 may be exploiting include:

  • CVE-2021-20038: An unauthenticated remote code execution made possible by a memory corruption vulnerability.
  • CVE-2024-38475: An unauthenticated path traversal vulnerability in Apache HTTP Server, which is present in the SMA 100. It can be exploited to extract two separate SQLite databases that store user account credentials, session tokens, and seed values for generating one-time passwords.
  • CVE-2021-20035: An authenticated remote code execution vulnerability. Security firm Arctic Wolf and SonicWall reported in April that this vulnerability was under active exploitation.
  • CVE-2021-20039: An authenticated remote code execution vulnerability. There have been reports that this vulnerability was under active exploitation to install ransomware in 2024.
  • CVE-2025-32819: An authenticated file deletion vulnerability that can be exploited to cause a targeted device to revert the built-in administrator credentials to a password so that attackers can gain administrator access.

Google finds custom backdoor being installed on SonicWall network devices Read More »

stellantis-abandons-hydrogen-fuel-cell-development

Stellantis abandons hydrogen fuel cell development

Cars, FCEV, hydrogen, Stellantis / /

Hydrogen is also much less energy-dense by volume, and making the stuff is far from efficient, even when you use entirely renewable electricity. And of course, the vast majority of commercial hydrogen is not so-called blue hydrogen, which was made with renewables but is instead mostly produced via steam reformation from hydrocarbon stocks. That’s an energy-intensive process and one that is very far from carbon-neutral.

Finally, there’s virtually no infrastructure for hydrogen road vehicles to refuel.

The vehicles are inefficient, and the fuel is expensive, difficult to store, and hard to find. So it’s perhaps no wonder that someone at Stellantis finally saw sense. Between the high development costs and the fact that FCEVs only sell with strong incentives, the decision was made to cancel the production of hydrogen vans in France and Poland.

Stellantis says there will be no job losses at its factories and that R&D staff will be put to work on other projects.

“In a context where the Company is mobilizing to respond to demanding CO2 regulations in Europe, Stellantis has decided to discontinue its hydrogen fuel cell technology development program,” said Jean-Philippe Imparato, Chief Operating Officer for Enlarged Europe. “The hydrogen market remains a niche segment, with no prospects of mid-term economic sustainability. We must make clear and responsible choices to ensure our competitiveness and meet the expectations of our customers with our electric and hybrid passenger and light commercial vehicles offensive.”

Stellantis abandons hydrogen fuel cell development Read More »

medieval-preacher-invoked-chivalric-hero-as-a-meme-in-sermon

Medieval preacher invoked chivalric hero as a meme in sermon

Chaucer, cultural studies, culture, historical archaelogy, history, language history, Literature, medieval literature, Science, textual analysis / /

It’s the translation of the word “elves” that is central to their new analysis. Based on their consideration of the lines in the context of the sermon (dubbed the Humiliamini sermon) as a whole, Falk and Wade believe the correct translation is “wolves.” The confusion arose, they suggest, because of a scribe’s error while transcribing the sermon: specifically, the letters “y” (“ylves”) and “w” became muddled. The sermon focuses on humility, playing up how humans have been debased since Adam and comparing human behaviors to animals: the cunning deceit of the adder, for example, the pride of lions, the gluttony of pigs, or the plundering of wolves.

the text of the sermon

The text of the sermon. Credit: University of Cambridge

Falk and Wade think translating the word as “wolves” resolves some of the perplexity surrounding Chaucer’s references to Wade. The relevant passage in Troilus and Criseyde concerns Pandarus, uncle to Criseyde, who invites his niece to dinner and regales her with songs and the “tale of Wade,” in hopes of bringing the lovers together. A chivalric romance would serve this purpose better than a Germanic heroic epic evoking “the mythological sphere of giants and monsters,” the authors argue.

The new translation makes more sense of the reference in The Merchant’s Tale, too, in which an old knight argues for marrying a young woman rather than an older one because the latter are crafty and spin fables. The knight thus marries a much younger woman and ends up cuckolded. “The tale becomes, effectively, an origin myth for all women knowing ‘so muchel craft on Wades boot,'” the authors wrote.

And while they acknowledge that the evidence is circumstantial, Falk and Wade think they’ve identified the author of the Humiliamini sermon: late medieval writer Alexander Neckam, or perhaps an acolyte imitating his arguments and writing style.

Review of English Studies, 2025. DOI: 10.1093/res/hgaf038  (About DOIs).

Medieval preacher invoked chivalric hero as a meme in sermon Read More »

large-study-squashes-anti-vaccine-talking-points-about-aluminum

Large study squashes anti-vaccine talking points about aluminum

ACIP, aluminum, anti-vaccine, health, robert f kennedy jr, vaccine / /

A sweeping analysis of health data from more than 1.2 million children in Denmark born over a 24-year period found no link between the small amounts of aluminum in vaccines and a wide range of health conditions—including asthma, allergies, eczema, autism, and attention deficit-hyperactivity disorder (ADHD).

The finding, published in the Annals of Internal Medicine, firmly squashes a persistent anti-vaccine talking point that can give vaccine-hesitant parents pause.

Small amounts of aluminum salts have been added to vaccines for decades as adjuvants, that is, components of the vaccine that help drum up protective immune responses against a target germ. Aluminum adjuvants can be found in a variety of vaccines, including those against diphtheria, tetanus, and pertussis, Haemophilus influenzae type b (Hib), and hepatitis A and B.

Despite decades of use worldwide and no clear link to harms, concern about aluminum and cumulative exposures continually resurfaces—largely thanks to anti-vaccine advocates who fearmonger about the element. A leader of such voices is Robert F. Kennedy Jr, the current US health secretary and an ardent anti-vaccine advocate.

In a June 2024 interview with podcaster Joe Rogan, Kennedy falsely claimed that aluminum is “extremely neurotoxic” and “give[s] you allergies.” The podcast has racked up nearly 2 million views on YouTube. Likewise, Children’s Health Defense, the rabid anti-vaccine organization Kennedy created in 2018, has also made wild claims about the safety of aluminum adjuvants. That includes linking it to autism, despite that many high-quality scientific studies have found no link between any vaccines and autism.

While anti-vaccine advocates like Kennedy routinely dismiss and attack the plethora of studies that do not support their dangerous claims, the new study should reassure any hesitant parents.

Clear data, unclear future

For the study, lead author Niklas Worm Andersson, of the Statens Serum Institut in Copenhagen, and colleagues tapped into Denmark’s national registry to analyze medical records of over 1.2 million children born in the country between 1997 and 2018. During that time, new vaccines were introduced and recommendations shifted, creating variation in how many aluminum-containing vaccines children received.

Large study squashes anti-vaccine talking points about aluminum Read More »

why-gov.-greg-abbott-won’t-release-his-emails-with-elon-musk

Why Gov. Greg Abbott won’t release his emails with Elon Musk

elon musk, emails, Greg Abbott, Policy, syndication, texas / /

The language Abbott’s office used appears to be fairly boilerplate. Paxton’s office, in an explanation of the common-law privacy exception on its website, mentions that “personal financial information” that doesn’t deal with government transactions “is generally highly intimate or embarrassing and must be withheld.”

But Bill Aleshire, a Texas-based attorney specializing in public records law, was appalled that the governor is claiming that months of emails between his office and one of the world’s richest people are all private.

“Right now, it appears they’ve charged you $244 for records they have no intention of giving you,” Aleshire said. “That is shocking.”

Aleshire said it’s not unusual for government agencies to tap the common-law privacy exception in an attempt to withhold records from the public. But he’s used to it being cited in cases that involve children, medical data, or other highly personal information—not for emails between an elected official and a businessman.

“You’re boxing in the dark,” Aleshire said. “You can’t even see what the target is or what’s behind their claim.”

Aleshire added that due to a recent Texas Supreme Court ruling, there is effectively no way to enforce public records laws against Abbott and other top state officials. He called the decision an “ace card” for these politicians.

The case dealt with requests to release Abbott and Paxton’s communications in the wake of the January 6 attack on the US Capitol and the 2022 school shooting in Uvalde. The high court ruled that it is the only body that can review whether these officials are in compliance with public records laws.

Kevin Bagnall, a lawyer representing Musk’s rocket company SpaceX, also wrote a letter to Paxton’s office arguing the emails should be kept secret. He cited one main reason: They contain “commercial information whose disclosure would cause SpaceX substantial competitive harm.”

Most of the rest of Bagnall’s letter, which further explained SpaceX’s argument, was redacted.

Musk and representatives for his companies did not respond to requests for comment for this story.

Abbott’s spokesperson did not respond to specific questions about the records, including whether The Texas Newsroom would be refunded if Paxton withholds them.

In a statement, he said, “The Office of the Governor rigorously complies with the Texas Public Information Act and will release any responsive information that is determined to not be confidential or excepted from disclosure.”

The office of the attorney general has 45 business days to determine whether to release Abbott’s records.

Lauren McGaughy is a journalist with The Texas Newsroom, a collaboration among NPR and the public radio stations in Texas. She is based at KUT in Austin. Reach her at [email protected]. Sign up for KUT newsletters. ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

Why Gov. Greg Abbott won’t release his emails with Elon Musk Read More »

hyundai’s-ioniq-6-n-offers-more-sound,-more-shifts,-more-smiles

Hyundai’s Ioniq 6 N offers more sound, more shifts, more smiles

Cars, Goodwood Festival of Speed, Hyundai Ioniq 6, Hyundai Ioniq 6 N / /

In addition to the new sound, the shape of the 6 N is obviously quite a bit different than that of the SUV-silhouette of the Ioniq 5. Being a sedan means having a trunk, and on that trunk is a mighty large wing with a dramatic curving profile to match the sculpted edges at the rear of the 6 N.

Hyundai Ioniq 6 N charge port

The Ioniq 6 can fast charge very quickly, but how many tracks have convenient 350 kW DC fast chargers? Credit: Tim Stevens

Not big enough? Don’t worry, Hyundai is launching a new line of N Performance parts, enabling buyers to swap on a positively massive rear wing that follows the trend of gooseneck mounting, a design popularized by modern GT racing.

Big wings and EVs don’t usually mix, since the priority is usually aerodynamics and not downforce. However, Eduardo Ramirez, Chief Designer of Hyundai Design Europe, told me that despite the extra aerodynamic volume, the bigger optional wing doesn’t create extra drag. So if you crave that low-key GT3 look but worry about a big-time range hit, follow your heart.

The final change from the 5 N is so subtle that I didn’t even notice it at first, but the division’s distinctive Performance Blue paint now shines through a white pearl coating. I’m a big fan of the N series’ blue/red/black liveries, and the extra sheen here just makes things look that much more premium.

Speaking of premiums, the big question on my mind is how much the Hyundai Ioniq 6 N will cost. Prices of everything are a bit turbulent, with shifting tariffs and credit situations, but right now, you’ll have to spend an extra $23,600 over the $42,600 MSRP of an Ioniq 5 if you want to step up to an Ioniq 5 N.

If that same delta is maintained for this new model, given the Ioniq 6 starts at $37,850, you’ll be looking at somewhere around $60,000 for an Ioniq 6 N. But the market has changed significantly since the 5 N was introduced in 2023, so it’s anyone’s guess which numbers will be stuck on the glass of the 6 N when it hits American dealerships, assuming import tariffs don’t turn this blueberry into forbidden fruit.

When might you be able to get one? Nobody’s talking about that yet, either, but hopefully, Hyundai won’t keep us waiting long.

Hyundai’s Ioniq 6 N offers more sound, more shifts, more smiles Read More »

two-guys-hated-using-comcast,-so-they-built-their-own-fiber-isp

Two guys hated using Comcast, so they built their own fiber ISP

broadband, Comcast, Features, Policy, primeone / /

Brothers-in-law use construction knowledge to compete against Comcast in Michigan.

Two young men stand outside next to service vans with a logo for Prime-One, the Internet provider they founded.

Samuel Herman (left) and Alexander Baciu (right), founders of Prime-One. Credit: Prime-One

Samuel Herman (left) and Alexander Baciu (right), founders of Prime-One. Credit: Prime-One

Samuel Herman and Alexander Baciu never liked using Comcast’s cable broadband. Now, the residents of Saline, Michigan, operate a fiber Internet service provider that competes against Comcast in their neighborhoods and has ambitions to expand.

“All throughout my life pretty much, I’ve had to deal with Xfinity’s bullcrap, them not being able to handle the speeds that we need,” Herman told Ars. “I lived in a house of 10. I have seven other brothers and sisters, and there’s 10 of us in total with my parents.”

With all those kids using the Internet for school and other needs, “it just doesn’t work out,” he said. Herman was particularly frustrated with Comcast upload speeds, which are much slower than the cable service’s download speeds.

“Many times we would have to call Comcast and let them know our bandwidth was slowing down… then they would say, ‘OK, we’ll refresh the system.’ So then it would work again for a week to two weeks, and then again we’d have the same issues,” he said.

Herman, now 25, got married in 2021 and started building his own house, and he tried to find another ISP to serve the property. He was familiar with local Internet service providers because he worked in construction for his father’s company, which contracts with ISPs to build their networks.

But no fiber ISP was looking to compete directly against Comcast where he lived, though Metronet and 123NET offer fiber elsewhere in the city, Herman said. He ended up paying Comcast $120 a month for gigabit download service with slower upload speeds. Baciu, who lives about a mile away from Herman, was also stuck with Comcast and was paying about the same amount for gigabit download speeds.

$80 for gigabit fiber, unlimited data

Herman said he was the chief operating officer of his father’s construction company and that he shifted the business “from doing just directional drilling to be a turnkey contractor for ISPs.” Baciu, Herman’s brother-in-law (having married Herman’s oldest sister), was the chief construction officer. Fueled by their knowledge of the business and their dislike of Comcast, they founded a fiber ISP called Prime-One.

Now, Herman is paying $80 a month to his own company for symmetrical gigabit service. Prime-One also offers 500Mbps for $75, 2Gbps for $95, and 5Gbps for $110. The first 30 days are free, and all plans have unlimited data and no contracts.

“We are 100 percent fiber optic,” Baciu told Ars. “Everything that we’re doing is all underground. We’re not doing aerial because we really want to protect the infrastructure and make sure we’re having a reliable connection.”

Each customer’s Optical Network Terminal (ONT) and other equipment is included in the service plan. Prime-One provides a modem and the ONT, plus a Wi-Fi router if the customer prefers not to use their own router. They don’t charge equipment or installation fees, Herman and Baciu said.

Prime-One began serving customers in January 2025, and Baciu said the network has been built to about 1,500 homes in Saline with about 75 miles of fiber installed. Prime-One intends to serve nearby towns as well, with the founders saying the plan is to serve 4,000 homes with the initial build and then expand further.

“This is our backyard”

Herman and Baciu’s main competition in their initial build area is Comcast and Frontier’s DSL service, they said. So far, they have built only to single-family homes, but they plan to serve multi-unit residential buildings, too.

“We started building in an area that’s a lot more rural,” where people have fewer options than in more densely populated areas, Herman said. “This is our home, this is our backyard, so we take this build very, very seriously.”

Baciu, who is 29, said that residents seem excited to have a new Internet option. “It’s so nice to see the excitement that they have. [People say], ‘Oh my gosh, I told everybody about Prime-One. My neighbor cannot wait for you guys to have them up, too. My boss is asking, my grandma’s asking.’ It’s a beautiful thing,” he said.

A bit more than 100 residents have bought service so far, they said. Herman said the company is looking to sign up about 30 percent of the homes in its network area to make a profit. “I feel fairly confident,” Herman said, noting the number of customers who signed up with the initial construction not even halfway finished.

Prime-One’s founders originally told us the 4,000-home build would be completed at the end of August, but Baciu indicated more recently that it will take longer than that. “We are working on sales for the next couple of months before continuing the rest of the build,” Baciu said.

Herman and Baciu started thinking about building an ISP about two years ago. With no fiber companies looking to compete against Comcast where they lived, “that was a trigger,” Baciu said. “We kept on talking. We’re like, hey, we’re doing this work for other people, why not?” In August 2024, they signed a contract with a firm that provides backhaul service, IP address assignments, and other key connectivity needs.

“We said, ‘let’s try to do it ourselves’”

ISPs generally want to build in areas where homes are built close together, requiring less fiber construction to serve more customers and make a bigger profit. Existing ISPs didn’t seem interested in expanding to where Herman and Baciu live, Herman said.

“We have spoken to all of these Internet service providers and asked them to come and service these areas. I knew that there was a dire need in this area and that everybody was sick of the Xfinity BS,” Herman said.

Having worked in construction for ISPs, they already had experience installing fiber lines and conduits.

A Prime-One installer working on a fiber build.

Credit: Prime-One

A Prime-One installer working on a fiber build. Credit: Prime-One

“We said, ‘you know, what the hell, why not? Let’s try to do it ourselves,'” Herman said. “We know we can handle the construction, we know we can handle all that area. We need some assistance on the technical side. So we hired the right people to handle the technical side and to handle the OSS/BSS software and to manage our dark fiber. And from there, we’re here where we’re at, within six months. We have over a hundred customers on our network, and we’re still building.”

Before construction, the brothers-in-law met with Jared Mauch, a Michigan man who built a fiber-to-the-home Internet provider because he couldn’t get good broadband service from AT&T or Comcast. We wrote about Mauch in 2021, when he was providing service to about 30 rural homes, and again in 2022, when he was expanding to hundreds of more homes.

Though Herman and Baciu already knew how to install fiber, Mauch “gave us quite a lot of insight on what to do, how to build, and on the actual ISP side… he showed us the way he did things on the technical side for the ISP, what strategies he used and what products he used,” Herman said.

The brothers-in-law didn’t end up using all the networking products Mauch suggested “because we are building a much larger network than he was,” Herman said. They went mostly with Nokia products for equipment like the optical network terminal installed at customer homes, he said.

Local employees

Baciu said he was frustrated by Comcast customer support being mostly limited to online chats instead of phone support. Prime-One has 15 local employees, mostly installers and technicians, with other employees working in customer service and operations, Herman said.

Prime-One offers phone and chat support, and “many people want to be able to see someone face to face, which is very easy for us to do since we have people here locally,” Herman said.

Network uptime has been good so far, Herman and Baciu said. “The only outage we’ve had was due to severe weather that caused a massive outage” for multiple networks, Herman said. “Any time any customers are experiencing an outage, maybe because of a lawnmower that cut their service line or anything, we guarantee a two- to four-hour time to repair it. And on top of that, to promote the fact that we discourage outages and we are working our best to fix them, we offer $5 back for every hour that they’re out of service.”

Comcast seems to have noticed, Herman said. “They’ve been calling our clients nonstop to try to come back to their service, offer them discounted rates for a five-year contract and so on,” he said.

Comcast touts upgrades, new unlimited data option

A Comcast spokesperson told Ars that “we have upgraded our network in this area and offer multi-gig speeds there, and across Michigan, as part of our national upgrade that has been rolling out.”

Meanwhile, Comcast’s controversial data caps are being phased out. With Comcast increasingly concerned about customer losses, it recently overhauled its offerings with four plans that come with unlimited data. The Comcast data caps aren’t quite dead yet because customers with caps have to switch to a new plan to get unlimited data.

Comcast told us that customers in Saline “have access to our latest plans with simple and predictable all-in pricing that includes unlimited data, Wi-Fi equipment, a line of Xfinity Mobile, and the option for a one or five-year price guarantee.”

Prime-One’s arrival on the scene caught some local people’s attention in a Reddit thread. One person who said they signed up for Prime-One wrote, “I’m honestly very impressed with the service overall. Comcast was charging me for every little thing on my account and the bill always found a way to get higher than expected, especially going over my data cap. Prime-One has no data caps and the bill has been the same since I first joined, not to mention they offer the first month free… I’m happy to see a company come out here and give us a better option.”

Comcast is facing competition from more than just Prime-One. The City of Saline government recently said there’s been an uptick in fiber construction in the city by Metronet and Frontier. Baciu said those builds don’t appear to be in the areas that Prime-One is serving. “To our knowledge, both Frontier and MetroNet have recently begun building in adjacent areas near our current footprint, but not within the zones we’re serving directly,” he said.

While Prime-One is a small ISP, Herman said the company’s expansion ambitions are bigger than he can reveal just now. “We have plans that we cannot disclose at this moment, but we do have a plan to expand,” he said.

Photo of Jon Brodkin

Jon is a Senior IT Reporter for Ars Technica. He covers the telecom industry, Federal Communications Commission rulemakings, broadband consumer affairs, court cases, and government regulation of the tech industry.

Two guys hated using Comcast, so they built their own fiber ISP Read More »

ars-technica-and-gog-team-up-to-bring-you-a-pile-of-our-favorite-games

Ars Technica and GOG team up to bring you a pile of our favorite games

eCommerce, gaming, gog, Good Old Games, partnership, shopping, Star Trek, star trek 25th anniversary, Star Trek The Original Series, Star Trek TOS, The Original Series, TOS / /

That changed with the 1992 release of Star Trek: 25th Anniversary, or ST25 to its friends, which brought the original series Enterprise and its crew to life in glorious 256-color VGA. And to players’ vast relief, it was not a half-baked effort—locations like the Enterprise bridge were lovingly recreated, with beautiful atmospheric sound effects lifted straight from the TV show permeating every scene. The character art is sharp, and it’s easy to tell Bones from Spock. The entire game is like a love letter to OG Trek.

Screenshot of ST25 showing bridge crew

Ah, that old Enterprise bridge feeling.

Credit: GOG / Interplay

Ah, that old Enterprise bridge feeling. Credit: GOG / Interplay

Perhaps unsurprisingly given the time, ST25 is a mouse-driven point-and-click adventure game. It’s broken up into seven discrete chapters, with each chapter being a self-contained mission with problems to solve and objectives to accomplish. Starfleet Command is always watching—complete the minimum number of objectives and an admiral will give you a middling performance review. Go above and beyond and do everything, even your bonus objectives, and you’ll have lavish praise heaped upon you by a grateful admiralty.

The missions themselves tend to follow a pattern. Each starts with the crew of the Enterprise on the bridge as Kirk makes a log entry. Starting with the CD-ROM issue of the game, all the lines are fully voiced by the original cast, so every mission kicks off with Bill Shatner’s familiar “Captain’s log…” lead-in telling us what we need to examine, investigate, locate, or shoot at. (Sadly, the only major voice cast omission in this one is Majel Barrett as the computer.)

Then there’s what I always felt was the weakest part of the game: Most missions kick off with some sort of space battle, where the player has to awkwardly maneuver the Enterprise with the mouse, dodging phaser blasts and photon torpedoes (or just eating them because the controls are just that awful) and trying to blow the other ship up before it does the same to you.

Ars Technica and GOG team up to bring you a pile of our favorite games Read More »

weird-chemical-used-in-plastics-has-erupted-as-latest-fentanyl-adulterant

Weird chemical used in plastics has erupted as latest fentanyl adulterant

BTMPS, fentanyl, health, illicit drugs, toxicity / /

Urgent questions

And it wasn’t just found in a few samples at each location—in Los Angeles, for instance, it was present in 56 percent of drug samples in September, and 32 percent in Philadelphia. It also wasn’t just found in trace amounts. In a study of 98 samples of BTMPS-tainted fentanyl, 63 percent of samples contained more BTMPS than fentanyl. Fourteen samples had BTMPS levels that were 10-times higher than the fentanyl content.

While it’s unclear why BTMPS, of all chemicals, has shown up in illicit drugs, researchers have some ideas. For one, BTMPS could simply be a cheap bulking agent that allows makers to dilute fentanyl and maximize profits. The substantial amounts of BTMPS in some samples lend weight to this hypothesis. But, another possibility is that makers are using the UV-protection feature that the light stabilizer provides to extend the shelf life of drugs.

It’s also possible it’s simply an accidental contaminant, but researchers suspect that given the rapid, widespread emergence, its addition is deliberate and likely early in the production process.

How BTMPS affects users is another big question. Animal studies suggest that BTMPS can interact with cell receptors in the heart and nervous system. This raises the possibility of cardiotoxic effects, like low blood pressure and cardiovascular collapse, as well as neurological toxicity, such as muscle weakness or dysfunction of the autonomic nervous system, which controls things like heart rate and breathing.

Anecdotal clinical reports link use of BTMPS to blurred vision, pink eye, ringing in the ears, and nausea. There are also reports of skin irritation and burning after injection, and, after smoking, throat irritation, coughing, and coughing up blood.

Researchers say clinical research on the component is now urgently needed, as well as more surveillance.

Weird chemical used in plastics has erupted as latest fentanyl adulterant Read More »

cloudflare-wants-google-to-change-its-ai-search-crawling-google-likely-won’t.

Cloudflare wants Google to change its AI search crawling. Google likely won’t.

AI, ai crawler, ai scraping, AI training, Artificial Intelligence, cloudflare, Google, google ai overviews, google search, googlebot, Policy / /

Ars could not immediately find any legislation that seemed to match Prince’s description, and Cloudflare did not respond to Ars’ request to comment. Passing tech laws is notoriously hard, though, partly because technology keeps advancing as policy debates drag on, and challenges with regulating artificial intelligence are an obvious example of that pattern today.

Google declined Ars’ request to confirm whether talks were underway or if the company was open to separating its crawlers.

Although Cloudflare singled out Google, other search engines that view AI search features as part of their search products also use the same bots for training as they do for search indexing. It seems likely that Cloudflare’s proposed legislation would face resistance from tech companies in a similar position to Google, as The Wall Street Journal reported that the tech companies “have few incentives to work with intermediaries.”

Additionally, Cloudflare’s initiative faces criticism from those who “worry that academic research, security scans, and other types of benign web crawling will get elbowed out of websites as barriers are built around more sites” through Cloudflare’s blocks and paywalls, the WSJ reported. Cloudflare’s system could also threaten web projects like The Internet Archive, which notably played a crucial role in helping track data deleted from government websites after Donald Trump took office.

Among commenters discussing Cloudflare’s claims about Google on Search Engine Round Table, one user suggested Cloudflare may risk a lawsuit or other penalties from Google for poking the bear.

Ars will continue monitoring for updates on Cloudflare’s attempts to get Google on board with its plan.

Cloudflare wants Google to change its AI search crawling. Google likely won’t. Read More »