Fully Responsive Theme
Resize your Browser to see the Effect
Retina Ready
Looks Beautiful on Retina Displays

Roboter reden ein Wörtchen mit

Was sagt denn der Grammatik-Papst und Duden-Revisor Peter Eisenberg dazu:

Sprachwandel durch intelligente Maschinen?

In dieser Woche ist der neue Rechtschreibduden erschienen. Einen Tag zuvor war der Verkaufsstart von Google Home, dem “intelligenten Lautsprecher” mit Sprachfunktion. Zwei Ereignisse ohne Zusammenhang? Nein. Beide haben etwas mit Sprachwandel zu tun – dem realen, heutigen, und dem virtuellen, zukünftigen.

Sprachwandel kann viele Ursachen haben: kulturelle Einflüsse, Migration, Sprachkontakt, Medien, Bildungsprozesse oder sprachsystembedingte Faktoren etwa. Der Duden dokumentiert diesen Wandel für den Wortbestand des Deutschen. Die gerade erschienene 27. Auflage dieses Wörterbuchs, dessen Verlag “Bibliografisches Institut” inzwischen zur Cornelsen-Gruppe gehört, hat eine große Welle in den Medien nach sich gezogen mit den 5.000 Wörtern, die neu aufgenommen wurden. Gleichzeitig sind auch viele Wörter gegenüber der 26. Auflage verschwunden, “Jahr-2000-fähig” etwa. Bei manchen Wörtern ändern sich auch die Angaben zur Deklination oder Konjugation, zum Kasus, den ein Wort von einem anderen fordert, oder zur Bedeutung. All das lässt den kontinuierlichen Wandel, dem jede Sprache unterliegt, erkennbar werden, zumindest den Teil des Sprachwandels, der sich im Wortgebrauch manifestiert. Wandel im Bereich der Grammatik und der Sprachverwendung ist schwerer und vor allem nur langfristiger beizukommen. Aber auch diesen gibt es heute – die Diskussion um das “Kiezdeutsch”, das die Potsdamer Germanistin Heike Wiese in ihrem gleichnamigen Buch beschrieben hat (“Machst du rote Ampel!”), hat sich um diese Ebenen des Sprachsystems gedreht.

Sprachwandel nach der 4. Revolution

Bislang war der Sprachwandel immer von Menschen herbeigeführt worden, manchmal bewusst durch Sprachkritiker oder Grammatiker, zumeist jedoch unbewusst infolge unzähliger Kommunikationsereignisse in einer Sprachgemeinschaft und im Kontakt mit anderen Sprachgemeinschaften. Erstmals jedoch wird seit einigen Jahren die menschliche Sprache auch von Maschinen genutzt, Google Home ist dafür ebenso ein Beispiel wie das Gerät Echo von Amazon, Microsofts Cortana oder die vielen anderen mündlichen und schriftlichen Sprachautomaten, die es inzwischen gibt. Der Informationsphilosoph Luciano Floridi ist der Meinung, dass mit der Digitalisierung eine vierte kulturelle Revolution einhergeht, die das Selbstverständnis des Menschen so grundlegend wandeln wird wie schon die drei Revolutionen zuvor: die Kopernikanische Revolution, nach der sich der Mensch auf seiner Erde nicht mehr im Zentrum des Universums sehen kann; die Darwin-Revolution, die dem Menschen auch seine Sonderstellung in der Natur genommen hat; und die Revolution, die sich mit Freud, der Verhaltenspsychologie und den Neurowissenschaften verbindet. Mit dieser Revolution ist dem Mensch auch die Hoffnung genommen worden, zumindest der Herrschaft im eigenen Oberstübchen innezuhaben, seine Psyche und seine Handlungen also vollständig durch Introspektion verstehen zu können. Nach der vierten Revolution schließlich, der der intelligenten Maschinen, wird dem Menschen nun auch noch das letzte Bisschen seines humanen Selbstverständnisses genommen, seine Intelligenz, und mit ihr die verschiedenen Ausprägungen intelligenten Verhaltens, etwas das Kommunizieren in natürlicher Sprache.

Vier Konstellationen der Einflussnahme

Wenn nun also nicht mehr nur Menschen in natürlicher Sprache kommunizieren, sondern auch Maschinen mit dem Menschen und womöglich sogar Maschinen untereinander, stellt sich die Frage, wie sich dies langfristig auf den Sprachwandel auswirken mag. Ich meine, dass es vier verschiedene Konstellationen zu beachten gilt:

  1. Unterstützte menschliche Kommunikation:
    Dies ist schon heute beim Schreiben auf Smartphones weit verbreitet. Der Rechner macht Wortvorschläge, entweder zur Vervollständigung einer Zeichensequenz oder für das nächste Wort im Text. Damit wird ein Bias zur Verwendung bestimmter Wörter erzeugt und zur Nicht-Verwendung anderer. Wörter, die nicht im Smartphone-Wörterbuch enthalten sind, werden möglicherweise tendenziell vermieden, genauso wie grammatische Konstruktionen, die von einem System nicht durch Wortvorschläge unterstützt werden.
    Was wir bislang beim Tippen auf Smartphones erleben, dürfte beim unterstützten Schreiben erst der Anfang sein. Microsoft etwa arbeitet an Systemen, die das Schreiben in einer Fremdsprache unterstützen oder Umformulierungen vorschlagen. Ist so etwas erst einmal in Word & Co. integriert, dürfte eine Auswirkung auf die Schriftsprache offensichtlich werden. Schon heute sind gewisse Folgen der Computer-vermittelten Kommunikation festzustellen, wie etwa Christa Dürscheid und Karina Frick in ihrem Buch “Schreiben digital” zeigen.
  2. Kommunikation mit virtuellen Systemen:
    Damit sind Systeme wie das neue Google Home, Amazon Echo oder Microsoft Cortana gemeint. Derartige Systeme verfügen bislang über eine Sprachkompetenz, die nicht situationsbezogen ist. Dies betrifft sowohl die wahrnehmbare Situation, in der kommuniziert wird (was einen gerade umgibt), als auch die diskursive Situation (was bereits vorher gesagt worden ist). Trotzdem prägen auch diese Systeme die Kommunikation mit dem Menschen, und zwar im umgekehrten Sinne: Bauen wir nämlich Erfahrung darin auf, was solche Systeme verstehen (im lexikalischen und grammatischen Sinne), dann stellen wir uns nach und nach darauf ein – so sind wir Menschen nun einmal gestrickt. Bestimmte Wörter und Konstruktionen meiden wir, andere benutzen wir bevorzugt. Dadurch wird beim Menschen eine kognitive Verstärkung bewirkt, die man Entrenchment nennt. Und diese wiederum bewirkt längerfristig einen sprachlichen Wandel.
    Zwar dürfte all das noch keine Rolle spielen mit den paar sprachfähigen Geräten, die uns demnächst umgeben werden. Wenn man aber bedenkt, dass vor gerade einmal zehn Jahren das iPhone als erstes Smartphone im heutigen Sinne auf den Markt gekommen ist, vermag ich mir nicht vorzustellen, was mit virtuellen sprachlichen Systemen in zehn Jahren alles möglich sein wird.
  3. Kommunikation mit intelligenten Robotern:
    Auch wenn dies immer noch besonders futuristisch erscheint, so handelt es sich dabei doch um eine Computerlinguistik-Anwendung, an der seit mehr als 40 Jahren gearbeitet wird. Schon bei den ersten halbwegs intelligenten Robotern, ob real oder simuliert (etwa Shakey oder SHRDLU), war eine natürlichsprachliche Schnittstelle integraler Bestandteil. Ganz anders als bei virtuellen Systemen sind Roboter in eine reale Situation eingebettet, müssen sehen und agieren können, was sich auch in der Sprachnutzung niederschlägt. Idealerweise sollten intelligente Roboter auf kurze Hinweise und Anweisungen reagieren können, was die Sprachnutzung im Handlungszusammenhang beeinflusst. Sind wir erst einmal von Servicerobotern im Alltag umgeben, dürfte daraus ein spezifischer sprachlicher Anweisungsstil, womöglich ein moderner “Sklavenhalterstil” hervorgehen, wie ihn Menschen untereinander (hoffentlich) nicht verwenden würden. Auch dies dürfte ein Impuls für einen zumindest partiellen Sprachwandel darstellen.
  4. Kommunikation intelligenter Systeme untereinander:
    Auch für diesen Fall gibt es bereits Erkenntnisse: Vor kurzem ging ein Forschungsbericht durch die Wissenschaftsmedien, in dem es um zwei Software-Agenten der Facebook-Forschung ging, die in natürlicher Sprache miteinander verhandeln können. Eigentlich sollten diese Agenten mit Menschen in Chats interagieren, sie wurden aber testweise auch auf ihresgleichen losgelassen. Da es von den Programmierern versäumt worden war, die Verwendung von wohlgeformtem Englisch bei den sprachlichen Äußerungen zu fixieren, bildeten diese Verhandlungschatbots nach und nach ihre eigene Sprache aus, ohne sich weiter um Grammatik und Lexik der englischen Sprache zu scheren. Aussagen wie “i i can i i i everything else” erhielten dabei eine klare Funktion und Bedeutung, die sich aufgrund des inzwischen erfolgten Abstimmungs- und Lernprozesses der Systeme selbst kaum von ihren Programmierern entschlüsseln ließ.
    Ähnliches hatte bereits vor einigen Jahren der Belgische KI-Forscher Luc Steels erreicht. In seinem “Talking Heads”-Experiment entwickelten Roboter durch verschiedene Sprachspiele ihr eigenes Vokabular und ihre eigene Grammatik. Steels wollte damit auch einen Betrag leisten zum Verständnis der Sprachentwicklung überhaupt, insbesondere zu der klassische Frage, wie sprachliche Symbole ihre intersubjektive Bedeutung erhalten haben.
    Dass die Kommunikation intelligenter System untereinander einmal einen Einfluss auf den Sprachwandel menschlicher Sprachen haben wird, bezweifle ich. Die Betrachtung dieser Art des Sprachwandels aber bildet eine wichtige Quelle zum Verständnis des Sprachwandels in menschlichen Gemeinschaften.

Sprachwandel ist nach einem halben Jahrhundert Abstinenz wieder zu einem großen Thema der Sprachwissenschaft geworden. Anders als früher wird dieser heute anhand großer digitaler Korpora untersucht. Für viele Bereiche der Computer-vermittelten oder Computer-beeinflussten Sprachverwendung existieren allerdings noch keine Referenzkorpora. Es steht zu erwarten, dass wir das Signal der Digitalisierung in der Daten bald deutlicher werden erkennen können.

Beitragsbild: Replikat von Walter Schulze-Mittendorffs Maschinenmensch Maria aus Fritz Langs Film “Metropolis” von 1927 (Ausschnitt). Quelle: WikipediaCC BY-SA 2.0

Veröffentlicht von

www.lobin.de

Henning Lobin ist seit 1999 Professor für Angewandte Sprachwissenschaft und Computerlinguistik an der Justus-Liebig-Universität Gießen. Von 2007 bis 2016 leitete er dort das interdisziplinäre Zentrum für Medien und Interaktivität, in dem die Auswirkungen von neuen Kommunikationsformen auf Wissenschaft, Kultur und Bildung untersucht werden. Seine Forschungsschwerpunkte bilden die Texttechnologie, die multimediale Wissenschaftskommunikation und der medienkulturelle Wandel durch die Digitalisierung. Gegenwärtig ist er u.a. Mitglied im wissenschaftlichen Beirat des Instituts für deutsche Sprache in Mannheim und des Fachkollegiums "Sprachwissenschaft" bei der Deutschen Forschungsgemeinschaft. Bei den SciLogs ist Henning Lobin Autor des Blogs "Die Engelbart-Galaxis" und Gast-Autor im Blog "Wissenschaftskommunikation hoch 3" der ACATECH, für die er auch als externer Experte für Fragen der Wissenschaftskommunikation in sozialen Medien fungiert. Lobin ist Autor von sieben Monografien und hat zahlreiche Sammelbände herausgegeben (Bücher bei Amazon, bei Buch.de und im Buchhandel). Zuletzt erschienen: Engelbarts Traum (Campus, 2014).

Der Sprachwandel zeigt sich in verkürzten Sätzen, weggelassenen Präpositionen, in Internetkürzeln.
Das kommt daher, dass die meisten nicht mit 10 Fingern eintippen können und mit nur 2 Fingern zu schreiben, dauert es zu lange. Also opfert man einen korrekten Satz einer verkrüppelten Verkürzung.
Dazu kommen natürlich noch die vielen Fachsubstantive, die man auch noch verbalisiert oder adjektivisiert.

In meinem Umfeld kenne ich kaum jemanden, der mit Siri, Cortana oder Alexa (Amazon) kommuniziert oder auch nur regelmässig Fragen stellt. Und das obwohl ich in einem Informatikumfeld tätig bin. Doch in diesem Umfeld wird heute vor allem getippt und nur wenig gesprochen.
Es hat sicher auch mit Gewohnheiten zu tun. Ich weiss zwar, dass ich Siri einfach diktieren könnte: “Stelle den Wecker auf 7:30”, doch das mache ich bis jetzt manuell und sehe auch keinen Grund, das zu ändern.
In den USA scheint aber beispielsweise Alexa schon eine ansehnliche Benutzergemeinde zu haben. In einer Dokumentation dazu erfuhr ich von einem Altersheim/Pflegeheim in dem Alexa von beispielsweise Sehschwachen/Teilblinden benutzt wird um Informationen über das Wetter und vieles mehr abzufragen oder um sich vorlesen oder alte Hits abspielen zu lassen. Das heisst, solche automatischen Zuhörer und “Versteher” können (Teil-)Behinderungen überwinden helfen.
Menschen ohne Behinderungen benutzen Alexa beispielsweise um sich während des Kochens ein Rezept vorlesen zu lassen oder überhaupt um während des häuslichen Arbeitens Rückfrage- und Unterhaltungsmöglichkeiten zu haben. Es braucht dann keine Tastatur, keine PC zu dem man laufen muss, sondern man frägt während des Kochens, Putzens, etc. Alexa, damit sie einem Hilfestellung gibt oder einen mit Musik, dem Wetterbericht unterhält oder damit es einen mit einem Bekannten telephonisch verbindet.

Doch von zwischenmenschlicher Kommunikation ist auch Alexa noch meilenweit entfernt. Das Sprachverständnis all dieser zuhörenden Assistenten ist sehr beschränkt.

@ Herr Holzherr :

Die “Pflegerobbe” Paro nicht zu vergessen, oder Eliza; helfen tut hier wohl entscheidend nur die Demenz, Abnehmerzufriedenheit meinend.

Insgesamt nerven den Schreiber dieser Zeilen, den Webbaer, auch Erfolgsmeldungen zunehmend ab, er ist vor vielen Jahren selbst ein wenig, auch im SciFi-Kontext, womöglich hat niemand mehr technische SciFi der Sechziger gelesen, als jemand, der jetzt noch lebt, irritiert worden.

Auch hier – ‘Nach der vierten Revolution schließlich, der der intelligenten Maschinen, wird dem Menschen nun auch noch das letzte Bisschen seines humanen Selbstverständnisses genommen, seine Intelligenz, und mit ihr die verschiedenen Ausprägungen intelligenten Verhaltens, etwas das Kommunizieren in natürlicher Sprache.’ – weiß Dr. Webbaer nicht so recht, ‘das letzte Bisschen seines humanen Selbstverständnisses’, tsk, tsk…

Marketing, es müsste Marketing vorliegen, die AI hat keineswegs derart, auch bei stark zunehmender CPU-Leistung, in den letzten Jahrzehnten derart geleistet, wie einstmals versprochen, und sie scheint nicht dabei zu sein, dies zukünftig zu tun, wie später versprochen.

Die Grenzen der Welten sind halt unüberwindbar, “Paro 3.0” wird ein schlaues Kerlchen sein, auch womöglich sehr putzig, aber doch ganz primär in seiner Welt unterwegs.
In puncto Linguistik wird hier Honig zu saugen sein, den teils auch sprachlich minderbemittelten hier gemeinten Primaten sozusagen bestmöglich zu unterstützen; Gegner dieser Entwicklung ist Dr. Webbaer selbstverständlich nicht.
Jede “Pflegerobbe” könnte die letzte sein.

MFG
Dr. Webbaer

Die “Drei Revolutionen” des hier gemeinten Primaten, sind dem Schreiber dieser Zeilen als die der Schrift, die des Buchdrucks und die der netzwerkbasierten (auch : globalen) Kommunikation, als die des “Webs” bekannt.

Inwieweit subordinierter Sprachmissbrauch, sog. Kiezdeutsch beispielsweise, hier hinein spielt, “Isch gehen Döner” hier als Exempel, sollen andere beurteilen, gerne auch “hypen”, wenn ihnen danach ist.

Ansonsten, vgl. mit ‘i i can i i i everything else’, der Webbaer hat sich einige Texte zu dieser Sache durchgelesen, darf womöglich auch hier gehofft werden, von anderen, dass sich auch die Sprache der AI günstig und vor allem auch : divers entwickelt.
(Der Webbaer ist sich sicher, dass Sätze, wie die zitierten, die auf ein ‘I i i i i i i i i i i i i i i i i i i I i i i i i i i i i i i i i i i i i i’, also bildlich gesprochen vierzigfach auf ein ‘I’ hinaus laufen, nicht allzu viel Semantik transportieren werden. – Womöglich hapert es hier i.p. AI ein wenig und besonderes Erkennen muss nicht vermutet werden; medienwirksam war’s natürlich schon, aber derartige Gags der AI bereichern die Nachrichtengebung bereits seit geraumer Zeit. Vielleicht wissen Sie genau hierzu mehr, lieber Herr Dr. Lobin; dies dann auch gerne substanziiert beibringen, hier, womöglich.)


Ansonsten, die Sprache entwickelt sich sozusagen in atemberaubenden Tempo, jeden Tag werden neue Wörter erfunden, sinnhafterweise, die “Eingabehilfen” schaden keineswegs, und der Schreiber dieser Zeilen kann sich auch vorstellen, dass zwischen Maschinen Geteiltes auch bspw. der menschlichen Sprache ähnlich, in Form sogenannter XML-Dokumente, mehr und mehr stattfinden wird, also durchaus der menschlichen Sprache ähnlich.

Wobei die Maschinen die Welt verstehen müssten, was für sie nicht geht, jedenfalls nicht so wie im von dem hier gemeinten Primaten gemeinten Sinne; allerdings ist die Humansprache womöglich auch, wegen ihren Dichte i.p. Inhalt, für die Automaten geeignet, selbst wenn sie sie nicht verstehen.

MFG + schönes Wochenende schon einmal,
Dr. Webbaer

Zur (Zitat) Kommunikation mit intelligenten Robotern und zur (Zitat) Kommunikation intelligenter Systeme untereinander
Für die heutige Generation von Haushaltsrobotern wie Roomba, dem Staubsaugerroboter oder Mäh- und Gartenrobotern ist die Kommunikation heute auf das Abstecken der Arbeitsfläche durch den Besitzer beschränkt. Diese Roboter für den Hausgebrauch sind heute nicht humanoid. In der nahen Zukunft könnten sich solche Haushaltshilfen ähnlich wie Haustiere einweisen lassen – also durch Gesten, Fingerzeig etc.
Staubsauger, Garten- und Mähroboter sind heute meist auf Karten ihrer Arbeitsumgebung angewiesen. Allerdings erstellen sie diese Karten selber. Und iRobot, der Hersteller von Roomba denkt daran, die dabei erhobenen Daten an andere Firmen weiterzugeben, die im Umfeld des Smart Home anzusiedeln sind So sieht also die Kommunikation intelligenter Systeme untereinandern heute aus: es werden Kundendaten untereinander ausgetauscht um weitere Produkte zu unterstützen.

Das EU-Projekt Companions for Seniors Citizens geht in der Mensch-Maschinenkommunikation wesentlich weiter will es doch älteren Menschen den
1) Zugang zu den Internetdienstleistungen über eine Art Internet-Assistent erleichtern – einen Internet-Assistenten, der weiss wie man Internetdienste anspricht und der vom Benutzer sprachliche Befehle akzeptiert.
2) älteren Menschen durch den Alltag helfen (Getränke einschenken und servieren, etc)

Vor allem 2) scheint mir sehr ambitioniert und heute wohl noch nicht alltagstauglich.

Vortrag am Donnerstag in der Digital Eatery: der Gutenberg-Editor

Digital Eatery, Unter den Linden 17, Donnerstag 19 Uhr im Rahmen des WordPress Meetup Berlin gibts nen Vortrag von Maja Benke über den neuen Editor für WordPress: Gutenberg.

Gutenberg

Description

The goal of the block editor is to make adding rich content to WordPress simple and enjoyable.

Warning: This is beta software, do not run on production sites!

The new post and page building experience will make writing rich posts effortless, making it easy to do what today might take shortcodes, custom HTML, or “mystery meat” embed discovery.

WordPress already supports a large amount of “blocks”, but doesn’t surface them very well, nor does it give them much in the way of layout options. By embracing the blocky nature of rich post content, we will surface the blocks that already exist, as well as provide more advanced layout options for each of them. This will allow you to easily compose beautiful posts like this example.

Gutenberg is built by many contributors and volunteers. You can see the full list of contributors in the GitHub CONTRIBUTORS.md file which we are continuously updating. You can follow along on github.com/WordPress/gutenberg and on the #editor tag on the make.wordpress.org blog.

FAQ

How can I send feedback or get help with a bug?

We’d love to hear your bug reports, feature suggestions and any other feedback! Please head over to the GitHub issues page to search for existing issues or open a new one. While we’ll try to triage issues reported here on the plugin forum, you’ll get a faster response (and reduce duplication of effort) by keeping everything centralized in the GitHub repository.

How can I contribute?

The more the merrier! To get started, check out our guide for contributors.

Reviews

Good concept for power users

I like the concept of Gutenberg, its like dawn of next era but this is going to make average users (most of my clients) go nuts. My clients are still unable to adapt to the TinyMCE editor which is very easy to work with. Gutenberg I’m afraid may make them shun using wordpress, my request is if you include Gutenberg in core then please make it optional don’t make it the default editor. Remember simplicity is what people love about WordPress.

I would also like to add one more thing, the concept of Gutenberg is good but UI is confusing (for average users), you need to do lot of improvements like instead of text columns just make them into ‘columns’ that can accommodate anything (image block, video embed or a button) like bootstrap rows and columns’col-md-4′.

For the button text i think it would be better if we can be able to enter / change button text from ‘block’ area you know there is hex color field there you can add a field called ‘button text’ below hex field.

If there is a place to give suggestions for improvements let me know i will post it there. Thnx

2 stars for design, but please don’t put this in core

Have installed Gutenberg and tried adding a post..

  • It’s unclear to me why in certain cases I can change the block-type afterwards, but in other cases I cannot change it (or have fewer options to choose from).
  • I don’t understand button “Show inspector”… it doesn’t seem to do anything. And no additional info is provided when I hover the button. Or am I missing something here?
  • Glad to find out there’s still a “Classic Text” feature (current native tinyMCE editor). Without that many useful editor features will not be available.

I call this a basic page builder. I don’t like it, the tinyMCE driven editor should stay the native editor. Why? Because it’s much easier to add content to a post. Sorry.

Great but don’t eliminate MCE text editor

Reason I like:

As fan of page builder, Gutenberg definitely what a page builder should.
The block & components are more robust and better integrated to core.

I have forked a page builder. After seeing Gutenberg, I will port my work to make it as Gutenberg extension.

Gutenberg is great for news publishing & some blog.

Reason I dislike:

If Gutenberg completely replace MCE text editor, many people having hard time. In fact, many people really comfortable with MCE text editor. For some website, we only need MCE text editor.

Even some e-commerce website only need plain textarea. Gutenberg will ruin it.

If custom post type & field get disabled, it is so bad. Custom post type & field is not optional things.

I hope Gutenberg will not disturb the current functionality.

I voted many stars, but worry if any functionality get disabled.

We still have time btw.

Over simplimied UI, bad UX

The UI is over simplified and somewhat tries to copy medium. Though this can be a good thing for bloggers who only blog it is useless for most. The editor tries to achieve complex task through confusing UI and bad UX.

The main problem is, it deviate too much from original TinyMCE. And possibly makes advance use a bit impossible to use. It will also probably break lots of Plugins and Themes.

Probably need to move few things here and there. or add kitchen shink and other toolbard option at top.

Pro:
The formatting of post created from it is beautiful.

Image quick mockup
http://imgur.com/a/QDC47

Read all 95 reviews

Contributors & Developers

“Gutenberg” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Gutenberg” into your language.

Interested in development?

Browse the code or subscribe to the development log by RSS.

Changelog

0.9.0

  • Added ability to change font-size in cover text using slider and number input.
  • Added support for custom anchors (ids) on blocks, allowing to link directly to a section of the post.
  • Updated pull-quote design.
  • Created custom color palette component with “clear” option and “custom color” option. (And better markup and accessibility.)
  • Improve pasting: recognizing more elements, adding tests, stripping non-semantic markup, etc.
  • Improve gallery visual design and fix cropping in Safari.
  • Allow selecting a heading block from the table-of-contents panel directly.
  • Make toolbar slide horizontally for mobile.
  • Improve range-input control with a number input.
  • Fix pasting problems (handling of block attributes).
  • More stripping of unhandled elements during paste.
  • Show post format selector only for posts.
  • Display nicer URLs when editing links.
  • More compact save indicator.
  • Disabled arrow key navigation between blocks as we refine implementation.
  • Removed blank target from “view post” in notices.
  • Fix empty links still rendering ont he front-end.
  • Fix shadow on inline toolbars.
  • Fix problem with inserting pull-quotes.
  • Fix drag and drop on image block.
  • Removed warning when publishing.
  • Don’t provide version for vendor scripts.
  • Clean category code in block registration.
  • Added history and resources docs.

0.8.0

  • New Categories Block (based on existing widget).
  • New Text Columns Block (initial exploration of text-only multiple columns).
  • New Video Block.
  • New Shortcode Block.
  • New Audio Block.
  • Added resizing handlers to Image Block.
  • Added direct image upload button to Image Block and Gallery Block.
  • Give option to transform a block to Classic when it encounters problems.
  • Give option to Overwrite changes on a block detected as invalid.
  • Added “link to” option in galleries.
  • Added support for custom taxonomies.
  • Added post formats selector to post settings.
  • Added keywords support (aliases) to various blocks to improve search discovery.
  • Significant improvements to the way attributes are specified in the Block API and its clarity (handles defaults and types).
  • Added Tooltip component displaying aria-labels from buttons.
  • Removed stats tracking code.
  • Updated design document.
  • Capture and recover from block rendering runtime errors.
  • Handle enter when focusing on outer boundary of a block.
  • Reduce galleries json attributes data to a minimum.
  • Added caption styles to the front-end for images and embeds.
  • Added missing front-end alignment classes for table and cover-text blocks.
  • Only reset blocks on initial load to prevent state fluctuations.
  • Improve calculation of dirty state by making a diff against saved post.
  • Improve visual weight of toolbar by reducing its silhouette.
  • Improve rendering of galleries on the front-end.
  • Improve Cover Image placeholder visual presentation.
  • Improve front-end display of quotes.
  • Improve responsive design of galleries on the front-end.
  • Allow previewing new posts that are yet to be saved.
  • Reset scrolling position within inserter when switching tabs.
  • Refactor popover to render at root of document.
  • Refactor withFocusReturn to handle accessibility better in more contexts.
  • Prevent overlap between multi-selection and within-block selection.
  • Clear save notices when triggering a new save.
  • Disable “preview” button if post is not saveable.
  • Renamed blocks.query to blocks.source for clarity and updated documentation.
  • Rearrange block stylesheets to reflect display and editor styles.
  • Use @wordpress dependencies consistently.
  • Added validation checks for specifying a block’s category.
  • Fix problems with quote initialization and list transformation.
  • Fix issue where Cover Image was being considered invalid after edits.
  • Fix errors in editable coming from Table block commands.
  • Fix error in latest posts block when date is not set for a post.
  • Fix issue with active color in ColorPalette component.
  • Prevent class=false serialization issue in covert-text.
  • Treat range control value as numeric.
  • Added warning when using Editable and passing non-array values.
  • Show block switcher above link input.
  • Updated rememo dependency.
  • Start consuming from separate @wordpress dependencies.
  • Fix problem with inserting new galleries.
  • Fix issue with embeds and missing captions.
  • Added outreach section to docs.

0.7.1

  • Address problem with the freeform block and Jetpack’s contact form.

0.7.0

  • Hide placeholders on focus—reduces visual distractions while writing.
  • Add PostAuthor dropdown to the UI.
  • Add theme support for customized color palettes and a shared component (applies to cover text and button blocks).
  • Add theme support for wide images.
  • Report on missing headings in the document outline feature.
  • Update block validation to make it less prone to over-eagerness with trivial changes (like whitespace and new lines).
  • Attempt to create an embed block automatically when pasting URL on a single line.
  • Save post before previewing.
  • Improve operations with “lists”, enter on empty item creates new paragraph block, handling backspace, etc.
  • Don’t serialize attributes that match default attributes.
  • Order link suggestions by relevance.
  • Order embeds for easier discoverability.
  • Added “keywords” property for searching blocks with aliases.
  • Added responsive styles for Table block in the front end.
  • Set default list type to be unordered list.
  • Improve accessibility of UrlInput component.
  • Improve accessibility and keyboard interaction of DropdownMenu.
  • Improve Popover component and use for PostVisibility.
  • Added higher order component for managing spoken messages.
  • Localize schema for WP API, avoiding initialization delay if schema is present.
  • Do not expose editor.settings to block authors.
  • Do not remove tables on pasting.
  • Consolidate block server-side files with client ones in the same directory.
  • Removed array of paragraphs structure from text block.
  • Trim whitespace when searching for blocks.
  • Document, test, and refactor DropdownMenu component.
  • Use separate mousetrap instance per component instance.
  • Add npm organization scope to WordPress dependencies.
  • Expand utilities around fixture regeneration.
  • Renamed “Text” to “Paragraph”.
  • Fix multi-selection “delete” functionality.
  • Fix text color inline style.
  • Fix issue caused by changes with React build process.
  • Fix splitting editable without child nodes.
  • Use addQueryArgs in oEmbed proxy url.
  • Update dashicons with new icons.
  • Clarify enqueuing block assets functions.
  • Added code coverage information to docs.
  • Document how to create new docs.
  • Add example of add_theme_support in docs.
  • Added opt-in mechanism for learning what blocks are being added to the content.

0.6.0

  • Split paragraphs on enter—we have been exploring different behaviours here.
  • Added grid layout option for latest posts with columns slider control.
  • Show internal posts / pages results when creating links.
  • Added “Cover Text” block with background, text color, and full-width options.
  • Autosaving drafts.
  • Added “Read More” block.
  • Added color options to the button block.
  • Added mechanism for validating and protecting blocks that may have suffered unrecognized edits.
  • Add patterns plugin for text formatting shortcuts: create lists by adding * at the beginning of a text line, use # to create headings, and backticks for code.
  • Implement initial support for Cmd/Ctrl+Z (undo) and Cmd/Ctrl+Shift+Z (redo).
  • Improve pasting experience from outside editors by transforming content before converting to blocks.
  • Improve gallery creation flow by opening into “gallery” mode from placeholder.
  • Added page attributes with menu order setting.
  • Use two distinct icons for quote style variations.
  • Created KeyboardShortcuts component to handle keyboard events.
  • Add support for custom icons (non dashicons) on blocks.
  • Initialize new posts with auto-draft to match behaviour of existing editor.
  • Don’t display “save” button for published posts.
  • Added ability to set a block as “use once” only (example: “read more” block).
  • Hide gallery display settings in media modal.
  • Simplify “cover image” markup and resolve conflict state in demo.
  • Introduce PHP classes for interacting with block types.
  • Announce block search results to assistive technologies.
  • Reveal “continue writing” shortcuts on focus.
  • Update document.title when the post title changes.
  • Added focus styles to several elements in the UI.
  • Added external-link component to handle links opening in new tabs or windows.
  • Improve responsive video on embed previews.
  • Improve “speak” messages for tag suggestions.
  • Make sure newly created blocks are marked as valid.
  • Preserve valid state during transformations.
  • Allow tabbing away from table.
  • Improve display of focused panel titles.
  • Adjust padding and margins across various design elements for consistency and normalization.
  • Fix pasting freeform content.
  • Fix proper propagation of updated block attributes.
  • Fix parsing and serialization of multi-paragraph pullquotes.
  • Fix a case where toggling pending preview would consider post as saved.
  • Fix positioning of block mover on full-width blocks.
  • Fix line height regression in quote styles.
  • Fix IE11 with polyfill for fetch method.
  • Fix case where blocks are created with isTyping and it never clears.
  • Fix block warning display in IE11.
  • Polish inspector visual design.
  • Prevent unhandled actions from returning new state reference.
  • Prevent unintentionally clearing link input value.
  • Added focus styles to switch toggle components.
  • Avoid navigating outside the editor with arrow keys.
  • Add short description to Verse block.
  • Initialize demo content only for new demo posts.
  • Improve insert link accessibility.
  • Improve version compare checks for plugin compatibility.
  • Clean up obsolete poststoshowattribute in LatestPosts block.
  • Consolidate addQueryArgs usage.
  • Add unit tests to inserter.
  • Update fixtures with latest modifications and ensure all end in newlines.
  • Added codecov for code coverage.
  • Clean up JSDoc comments.
  • Link to new docs within main readme.

0.5.0

  • New tabs mode for the sidebar to switch between post settings and block inspector.
  • Implement recent blocks display.
  • Mobile implementation of block mover, settings, and delete actions.
  • Search through all tabs on the inserter and hide tabs.
  • New documentation app to serve all tutorials, faqs, docs, etc.
  • Enable ability to add custom classes to blocks (via inspector).
  • Add ability to drag-and-drop on image block placeholders to upload images.
  • Add “table of contents” document outline for headings (with empty heading validation).
  • Refactor tests to use Jest API.
  • New block: Verse (intended for poetry, respecting whitespace).
  • Avoid showing UI when typing and starting a new paragraph (text block).
  • Display warning message when navigating away from the editor with unsaved changes.
  • Use old editor as “freeform”.
  • Improve PHP parser compatibility with different server configurations (“mbstring” extension and PCRE settings).
  • Improve PostVisibility markup and accessibility.
  • Add shortcuts to manage indents and levels in List block.
  • Add alignment options to latest posts block.
  • Add focus styles for quick tags buttons in text mode.
  • Add way to report PHP parsing performance.
  • Add labels and roles to UrlInput.
  • Add ability to set custom placeholders for text and headings as attributes.
  • Show error message when trashing action fails.
  • Pass content to dynamic block render functions in PHP.
  • Fix various z-index issues and clarify reasonings.
  • Fix DropdownMenu arrows navigation and add missing aria-label.
  • Update sandboxed iframe size calculations.
  • Export inspector controls component under wp.blocks.
  • Adjust Travis JS builds to improve task allocation.
  • Fix warnings during tests.
  • Fix caret jumping when switching formatting in Editable.
  • Explicitly define prop-types as dependency.
  • Update list of supported browsers for consistency with core.

0.4.0

  • Initial FAQ (in progress).
  • API for handling pasted content. (Aim is to have specific handling for converting Word, Markdown, Google Docs to native WordPress blocks.)
  • Added support for linking to a url on image blocks.
  • Navigation between blocks using arrow keys.
  • Added alternate Table block with TinyMCE functionality for adding/removing rows/cells, etc. Retired previous one.
  • Parse more/noteaser comment tokens from core.
  • Re-engineer the approach for rendering embed frames.
  • First pass at adding aria-labels to blocks list.
  • Setting up Jest for better testing environment.
  • Improve performance of server-side parsing.
  • Update blocks documentation with latest API functions and clearer examples.
  • Use fixed position for notices.
  • Make inline mode the default for Editable.
  • Add actions for plugins to register frontend and editor assets.
  • Supress gallery settings sidebar on media library when editing gallery.
  • Validate save and edit render when registering a block.
  • Prevent media library modal from opening when loading placeholders.
  • Update to sidebar design and behaviour on mobile.
  • Improve font-size in inserter and latest posts block.
  • Improve rendering of button block in the front end.
  • Add aria-label to edit image button.
  • Add aria-label to embed input url input.
  • Use pointer cursor for tabs in inserter.
  • Update design docs with regard to selected/unselected states.
  • Improve generation of wp-block-* classes for consistency.
  • Select first cell of table block when initializing.
  • Fix wide and full alignment on the front-end when images have no caption.
  • Fix initial state of freeform block.
  • Fix ability to navigate to resource on link viewer.
  • Fix clearing floats on inserter.
  • Fix loading of images in library.
  • Fix auto-focusing on table block being too agressive.
  • Clean double reference to pegjs in dependencies.
  • Include messages to ease debugging parser.
  • Check for exact match for serialized content in parser tests.
  • Add allow-presentation to fix issue with sandboxed iframe in Chrome.
  • Declare use of classnames module consistently.
  • Add translation to embed title.
  • Add missing text domains and adjust PHPCS to warn about them.
  • Added template for creating new issues including mentions of version number.

0.3.0

  • Added framework for notices and implemented publishing and saving ones.
  • Implemented tabs on the inserter.
  • Added text and image quick inserts next to inserter icon at the end of the post.
  • Generate front-end styles for core blocks and enqueue them.
  • Include generated block classname in edit environment.
  • Added “edit image” button to image and cover image blocks.
  • Added option to visually crop images in galleries for nicer alignment.
  • Added option to disable dimming the background in cover images.
  • Added buffer for multi-select flows.
  • Added option to display date and to configure number of posts in LatestPosts block.
  • Added PHP parser based on PEG.js to unify grammars.
  • Split block styles for display so they can be loaded on the theme.
  • Auto-focusing for inserter search field.
  • Added text formatting to CoverImage block.
  • Added toggle option for fixed background in CoverImage.
  • Switched to store attributes in unescaped JSON format within the comments.
  • Added placeholder for all text blocks.
  • Added placeholder text for headings, quotes, etc.
  • Added BlockDescription component and applied it to several blocks.
  • Implemented sandboxing iframe for embeds.
  • Include alignment classes on embeds with wrappers.
  • Changed the block name declaration for embeds to be “core-embed/name-of-embed”.
  • Simplified and made more robust the rendering of embeds.
  • Different fixes for quote blocks (parsing and transformations).
  • Improve display of text within cover image.
  • Fixed placeholder positioning in several blocks.
  • Fixed parsing of HTML block.
  • Fixed toolbar calculations on blocks without toolbars.
  • Added heading alignments and levels to inspector.
  • Added sticky post setting and toggle.
  • Added focus styles to inserter search.
  • Add design blueprints and principles to the storybook.
  • Enhance FormTokenField with accessibility improvements.
  • Load word-count module.
  • Updated icons for trash button, and Custom HTML.
  • Design tweaks for inserter, placeholders, and responsiveness.
  • Improvements to sidebar headings and gallery margins.
  • Allow deleting selected blocks with “delete” key.
  • Return more than 10 categories/tags in post settings.
  • Accessibility improvements with FormToggle.
  • Fix media button in gallery placeholder.
  • Fix sidebar breadcrumb.
  • Fix for block-mover when blocks are floated.
  • Fixed inserting Freeform block (now classic text).
  • Fixed missing keys on inserter.
  • Updated drop-cap class implementation.
  • Showcasing full-width cover image in demo content.
  • Copy fixes on demo content.
  • Hide meta-boxes icons for screen readers.
  • Handle null values in link attributes.

0.2.0

  • Include “paste” as default plugin in Editable.
  • Extract block alignment controls as a reusable component.
  • Added button to delete a block.
  • Added button to open block settings in the inspector.
  • New block: Custom HTML (to write your own HTML and preview it).
  • New block: Cover Image (with text over image support).
  • Rename “Freeform” block to “Classic Text”.
  • Added support for pages and custom post types.
  • Improve display of “saving” label while saving.
  • Drop usage of controls property in favor of components in render.
  • Add ability to select all blocks with ctrl/command+A.
  • Automatically generate wrapper class for styling blocks.
  • Avoid triggering multi-select on right click.
  • Improve target of post previewing.
  • Use imports instead of accessing the wp global.
  • Add block alignment and proper placeholders to pullquote block.
  • Wait for wp.api before loading the editor. (Interim solution.)
  • Adding several reusable inspector controls.
  • Design improvements to floats, switcher, and headings.
  • Add width classes on figure wrapper when using captions in images.
  • Add image alt attributes.
  • Added html generation for photo type embeds.
  • Make sure plugin is run on WP 4.8.
  • Update revisions button to only show when there are revisions.
  • Parsing fixes on do_blocks.
  • Avoid being keyboard trapped on editor content.
  • Don’t show block toolbars when pressing modifier keys.
  • Fix overlapping controls in Button block.
  • Fix post-title line height.
  • Fix parsing void blocks.
  • Fix splitting inline Editable instances with shift+enter.
  • Fix transformation between text and list, and quote and list.
  • Fix saving new posts by making post-type mandatory.
  • Render popovers above all elements.
  • Improvements to block deletion using backspace.
  • Changing the way block outlines are rendered on hover.
  • Updated PHP parser to handle shorthand block syntax, and fix newlines.
  • Ability to cancel adding a link from link menu.

0.1.0

  • First release of the plugin.

Die lockere Schraube im Kapitalismus hat einen Namen: Koch

Trump Rules

How G.O.P. Leaders Came to View Climate Change as Fake Science

WASHINGTON — The campaign ad appeared during the presidential contest of 2008. Rapid-fire images of belching smokestacks and melting ice sheets were followed by a soothing narrator who praised a candidate who had stood up to President George W. Bush and “sounded the alarm on global warming.”

It was not made for a Democrat, but for Senator John McCain, who had just secured the Republican nomination.

It is difficult to reconcile the Republican Party of 2008 with the party of 2017, whose leader, President Trump, has called global warming a hoax, reversed environmental policies that Mr. McCain advocated on his run for the White House, and this past week announced that he would take the nation out of the Paris climate accord, which was to bind the globe in an effort to halt the planet’s warming.

The Run-Up

The podcast that makes sense of the most delirious stretch of the 2016 campaign.

[Video: Global Watch on YouTube.]

Global
Video by John McCain

The Republican Party’s fast journey from debating how to combat human-caused climate change to arguing that it does not exist is a story of big political money, Democratic hubris in the Obama years and a partisan chasm that grew over nine years like a crack in the Antarctic shelf, favoring extreme positions and uncompromising rhetoric over cooperation and conciliation.

“Most Republicans still do not regard climate change as a hoax,” said Whit Ayres, a Republican strategist who worked for Senator Marco Rubio’s presidential campaign. “But the entire climate change debate has now been caught up in the broader polarization of American politics.”

“In some ways,” he added, “it’s become yet another of the long list of litmus test issues that determine whether or not you’re a good Republican.”

Interactive Feature | Interested in Climate Change? Sign up to receive our in-depth journalism about climate change around the world.

Since Mr. McCain ran for president on climate credentials that were stronger than his opponent Barack Obama’s, the scientific evidence linking greenhouse gases from fossil fuels to the dangerous warming of the planet has grown stronger. Scientists have for the first time drawn concrete links between the planet’s warming atmosphere and changes that affect Americans’ daily lives and pocketbooks, from tidal flooding in Miami to prolonged water shortages in the Southwest to decreasing snow cover at ski resorts.

That scientific consensus was enough to pull virtually all of the major nations along. Conservative-leaning governments in Britain, France, Germany and Japan all signed on to successive climate change agreements.

Graphic | How Cities and States Reacted to Trump’s Decision to Exit the Paris Climate Deal President Trump’s decision to withdraw from the Paris climate agreement drew immediate reaction from big-city mayors, governors and Congress members.

Yet when Mr. Trump pulled the United States from the Paris accord, the Senate majority leader, the speaker of the House and every member of the elected Republican leadership were united in their praise.

Those divisions did not happen by themselves. Republican lawmakers were moved along by a campaign carefully crafted by fossil fuel industry players, most notably Charles D. and David H. Koch, the Kansas-based billionaires who run a chain of refineries (which can process 600,000 barrels of crude oil per day) as well as a subsidiary that owns or operates 4,000 miles of pipelines that move crude oil.

Government rules intended to slow climate change are “making people’s lives worse rather than better,” Charles Koch explained in a rare interview last year with Fortune, arguing that despite the costs, these efforts would make “very little difference in the future on what the temperature or the weather will be.”

Republican leadership has also been dominated by lawmakers whose constituents were genuinely threatened by policies that would raise the cost of burning fossil fuels, especially coal. Senator Mitch McConnell of Kentucky, always sensitive to the coal fields in his state, rose through the ranks to become majority leader. Senator John Barrasso of Wyoming also climbed into leadership, then the chairmanship of the Committee on Environment and Public Works, as a champion of his coal state.

Mr. Trump has staffed his White House and cabinet with officials who have denied, or at least questioned, the existence of global warming. And he has adopted the Koch language, almost to the word. On Thursday, as Mr. Trump announced the United States’ withdrawal, he at once claimed that the Paris accord would cost the nation millions of jobs and that it would do next to nothing for the climate.

Beyond the White House, Representative Lamar Smith of Texas, chairman of the House Science Committee, held a hearing this spring aimed at debunking climate science, calling the global scientific consensus “exaggerations, personal agendas and questionable predictions.”

A small core of Republican lawmakers — most of whom are from swing districts and are at risk of losing their seats next year — are taking modest steps like introducing a nonbinding resolution in the House in March urging Congress to accept the risks presented by climate change.

But in Republican political circles, speaking out on the issue, let alone pushing climate policy, is politically dangerous. So for the most part, these moderate Republicans are biding their time, until it once again becomes safe for Republicans to talk more forcefully about climate change. The question is how long that will take.

“With 40 percent of Florida’s population at risk from sea-level rise, my state is on the front lines of climate change,” said Representative Carlos Curbelo, Republican of Florida. “South Florida residents are already beginning to feel the effects of climate change in their daily lives.”

‘The Turning Point’

It was called the “No Climate Tax” pledge, drafted by a new group called Americans for Prosperity that was funded by the Koch brothers. Its single sentence read: “I will oppose any legislation relating to climate change that includes a net increase in government revenue.” Representative Jim Jordan, Republican of Ohio, was the first member of Congress to sign it in July 2008.

The effort picked up steam the next year after the House of Representatives passed what is known as cap-and-trade legislation, a concept invented by conservative Reagan-era economists.

The idea was to create a statutory limit, or cap, on the overall amount of a certain type of pollution that could be emitted. Businesses could then buy and sell permits to pollute, choosing whether to invest more in pollution permits, or in cleaner technology that would then save them money and allow them to sell their allotted permits. The administration of the first President George Bush successfully deployed the first national cap-and-trade system in 1990 to lower emissions of the pollutants that cause acid rain. Mr. McCain pushed a cap-and-trade proposal to fight climate change.

“I thought we could get it done,” recalled Henry A. Waxman, a retired House Democrat who led the cap-and-trade push in 2009. “We just had two candidates from the Republican and Democratic parties who had run for president and agreed that climate change was a real threat.”

Conservative activists saw the legislative effort as an opportunity to transform the climate debate.

With the help of a small army of oil-industry-funded academics like Wei-Hock Soon of Harvard Smithsonian and think tanks like the Competitive Enterprise Institute, they had been working to discredit academics and government climate change scientists. The lawyer and conservative activist Chris Horner, whose legal clients have included the coal industry, gathered documents through the Freedom of Information Act to try to embarrass and further undermine the climate change research.

Myron Ebell, a senior fellow with the Competitive Enterprise Institute, worked behind the scenes to make sure Republican offices in Congress knew about Mr. Horner’s work — although at the time, many viewed Mr. Ebell skeptically, as an extremist pushing out-of-touch views.

In 2009, hackers broke into a climate research program at the University of East Anglia in England, then released the emails that conservatives said raised doubts about the validity of the research. In one email, a scientist talked of using a statistical “trick” in a chart illustrating a recent sharp warming trend. The research was ultimately validated, but damage was done.

As Congress moved toward actually passing climate change legislation, a fringe issue had become a part of the political mainstream.

“That was the turning point,” Mr. Horner said.

The House passed the cap-and-trade bill by seven votes, but it went nowhere in the Senate — Mr. Obama’s first major legislative defeat.

Unshackled by the Supreme Court’s Citizens United decision and other related rulings, which ended corporate campaign finance restrictions, Koch Industries and Americans for Prosperity started an all-fronts campaign with television advertising, social media and cross-country events aimed at electing lawmakers who would ensure that the fossil fuel industry would not have to worry about new pollution regulations.

Their first target: unseating Democratic lawmakers such as Representatives Rick Boucher and Tom Perriello of Virginia, who had voted for the House cap-and-trade bill, and replacing them with Republicans who were seen as more in step with struggling Appalachia, and who pledged never to push climate change measures.

But Americans for Prosperity also wanted to send a message to Republicans.

Until 2010, some Republicans ran ads in House and Senate races showing their support for green energy.

“After that, it disappeared from Republican ads,” said Tim Phillips, the president of Americans for Prosperity. “Part of that was the polling, and part of it was the visceral example of what happened to their colleagues who had done that.”

What happened was clear. Republicans who asserted support for climate change legislation or the seriousness of the climate threat saw their money dry up or, worse, a primary challenger arise.

“It told Republicans that we were serious,” Mr. Phillips said, “that we would spend some serious money against them.”

By the time Election Day 2010 arrived, 165 congressional members and candidates had signed Americans for Prosperity’s “No Climate Tax” pledge.

Most were victorious.

“The midterm election was a clear rejection of policies like the cap-and-trade energy taxes that threaten our still-fragile economy,” said James Valvo, then Americans for Prosperity’s government affairs director, in a statement issued the day after the November 2010 election. Eighty-three of the 92 new members of Congress had signed the pledge.

Even for congressional veterans, that message was not missed. Representative Fred Upton, a Michigan Republican who once called climate change “a serious problem” and co-sponsored a bill to promote energy-efficient light bulbs, tacked right after the 2010 elections as he battled to be chairman of the powerful House Energy and Commerce Committee against Joe Barton, a Texan who mocked human-caused climate change.

Mr. Upton deleted references to climate change from his website. “If you look, the last year was the warmest year on record, the warmest decade on record. I accept that,” he offered that fall. “I do not say that it’s man-made.”

Mr. Upton, who has received more than $2 million in campaign donations from oil and gas companies and electric utilities over the course of his career, won the chairmanship and has coasted comfortably to re-election since.

Two years later, conservative “super PACs” took aim at Senator Richard G. Lugar of Indiana, a senior Republican who publicly voiced climate concerns, backed the creation of a Midwestern cap-and-trade program and drove a Prius. After six Senate terms, Mr. Lugar lost his primary to a Tea Party challenger, Richard E. Mourdock. Although Mr. Lugar says other reasons contributed, he and his opponents say his public views on climate change played a crucial role.

“In my own campaign, there were people who felt strongly enough about my views on climate change to use it to help defeat me, and other Republicans are very sensitive to that possibility,” Mr. Lugar said in an interview. “So even if they privately believe we ought to do something about it, they’re reticent, especially with the Republican president taking the views he is now taking.”

Obama Feeds the Movement

After winning re-election in 2012, Mr. Obama understood his second-term agenda would have to rely on executive authority, not legislation that would go nowhere in the Republican-majority Congress. And climate change was the great unfinished business of his first term.

To finish it, he would deploy a rarely used provision in the Clean Air Act of 1970, which gave the Environmental Protection Agency the authority to issue regulations on carbon dioxide.

“If Congress won’t act soon to protect future generations, I will,” he declared in his 2013 State of the Union address.

The result was the Clean Power Plan, which would significantly cut planet-warming emissions by forcing the closing of hundreds of heavy-polluting coal-fired power plants.

The end run around Congress had consequences of its own. To Republican (and some Democratic) critics, the Clean Power Plan exemplified everything they opposed about Mr. Obama: He seemed to them imperious, heavy-handed, pleasing to the elites on the East and West Coasts and in the capitals of Europe, but callous to the blue-collar workers of coal and oil country.

“It fed into this notion of executive overreach,” said Heather Zichal, who advised Mr. Obama on climate policy. “I don’t think there was a good enough job on managing the narrative.”

Republicans who had supported the climate change agenda began to defect and have since stayed away.

“On the issue of climate change, I think it’s happening,” Mr. McCain said in a CNN podcast interview last April. But, he said, “The president decided, at least in the last couple years if not more, to rule by edict.”

Mr. Obama’s political opponents saw the climate rules as a ripe opportunity. “When the president went the regulatory route, it gave our side more confidence,” Mr. Phillips said. “It hardened and broadened Republican opposition to this agenda.”

Starting in early 2014, the opponents of the rule — including powerful lawyers and lobbyists representing many of America’s largest manufacturing and industrial interests — regularly gathered in a large conference room at the national headquarters of the U.S. Chamber of Commerce, overlooking the White House. They drafted a long-game legal strategy to undermine Mr. Obama’s climate regulations in a coordinated campaign that brought together 28 state attorneys general and major corporations to form an argument that they expected to eventually take to the Supreme Court.

They presented it not as an environmental fight but an economic one, against a government that was trying to vastly and illegally expand its authority.

“This is the most significant wholesale regulation of energy that the United States has ever seen, by any agency,” Roger R. Martella Jr., a former E.P.A. lawyer who then represented energy companies, said at a gathering of industry advocates, making an assertion that has not been tested.

Attorneys General Step In

Republican attorneys general gathered at the Greenbrier resort in West Virginia in August 2015 for their annual summer retreat, with some special guests: four executives from Murray Energy, one of the nation’s largest coal mining companies.

Murray was struggling to avoid bankruptcy — a fate that had befallen several other coal mining companies already, given the slump in demand for their product and the rise of natural gas, solar and wind energy.

The coal industry came to discuss a new part of the campaign to reverse the country’s course on climate change. Litigation was going to be needed, the industry executives and the Republican attorneys general agreed, to block the Obama administration’s climate agenda — at least until a new president could be elected.

West Virginia’s attorney general, Patrick Morrisey, led the session, “The Dangerous Consequences of the Clean Power Plan & Other E.P.A. Rules,” which included, according to the agenda, Scott Pruitt, then the attorney general of Oklahoma; Ken Paxton, Texas’ attorney general; and Geoffrey Barnes, a corporate lawyer for Murray, which had donated $250,000 to the Republican attorneys general political group.

That same day, Mr. Morrissey would step outside the hotel to announce that he and other attorneys general would sue in federal court to try to stop the Clean Power Plan, which he called “the most far-reaching energy regulation in this nation’s history, drawn up by radical bureaucrats.”

Mr. Pruitt quickly became a national point person for industry-backed groups and a magnet for millions of dollars of campaign contributions, as the fossil fuel lobby looked for a fresh face with conservative credentials and ties to the evangelical community.

Interactive Feature | Trump Rules

“Pruitt was instrumental — he and A.G. Morrisey,” said Thomas Pyle, a former lobbyist for Koch Industries, an adviser to Mr. Trump’s transition team and the president of a pro-fossil fuel Washington research organization, the Institute for Energy Research. “They led the charge and made it easier for other states to get involved. Some states were keeping their powder dry, but Pruitt was very out front and aggressive.”

After the litigation was filed — by Mr. Morrissey and Mr. Pruitt, along with other attorneys general who attended the Greenbrier meeting — Murray Energy sued in the federal court case as well, just as had been planned.

In February 2016, the Supreme Court indicated that it would side with opponents of the rule, moving by a 5-4 vote to grant a request by the attorneys general and corporate players to block the implementation of the Clean Power Plan while the case worked its way through the federal courts.

Trump Stokes the Fires

When Donald J. Trump decided to run for president, he did not appear to have a clear understanding of the nation’s climate change policies. Nor, at the start of his campaign, did he appear to have any specific plan to prioritize a huge legal push to roll those policies back.

Document | An Ad Trump Signed Supporting Action on Climate Change This ad appeared in The New York Times in December 2009, urging President Barack Obama to push a global climate change pact being negotiated in Copenhagen. Donald J. Trump and members of his family supported the ad, along with other business leaders.

Mr. Trump had, in 2012, said on Twitter, “The concept of global warming was created by and for the Chinese in order to make U.S. manufacturing non-competitive.” But he had also, in 2009, joined dozens of other business leaders to sign a full-page ad in the The New York Times urging Mr. Obama to push a global climate change pact being negotiated in Copenhagen, and to “strengthen and pass United States legislation” to tackle climate change.

However, it did not go unnoticed that coal country was giving his presidential campaign a wildly enthusiastic embrace, as miners came out in full force for Mr. Trump, stoking his populist message.

And the surest way for Mr. Trump to win cheers from coal crowds was to aim at an easy target: Mr. Obama’s climate rules. Hillary Clinton did not help her cause when she said last spring that her climate policies would “put a lot of coal miners and coal companies out of business.”

In May 2016, Mr. Trump addressed one of the largest rallies of his campaign: an estimated crowd of over 10,000 in Charleston, W.Va., where the front rows were crammed with mine workers.

“I’m thinking about miners all over the country,” he said, eliciting cheers. “We’re going to put miners back to work.”

“They didn’t used to have all these rules and regulations that make it impossible to compete,” he added. “We’re going to take it all off the table.”

Then an official from the West Virginia Coal Association handed the candidate a miner’s hat.

As he put it on, giving the miners a double thumbs-up, “The place just went nuts, and he loved it,” recalled Barry Bennett, a former adviser to Mr. Trump’s presidential campaign. “And the miners started showing up at everything. They were a beaten lot, and they saw him as a savior. So he started using the ‘save coal’ portions of the speech again and again.”

[Video: Donald Trump Coal Miners Endorsed Trump in West Virginia - Coal Association Charleston Hard Hat ✔ Watch on YouTube.]

Donald Trump Coal Miners Endorsed Trump in West Virginia - Coal Association Charleston Hard Hat ✔
Video by PRESIDENT DONALD TRUMP NEWS & LIVE SPEECH 2017

Mr. Trump’s advisers embraced the miners as emblematic of the candidate’s broader populist appeal.

“The coal miners were the perfect case for what he was talking about,” Mr. Bennett said, “the idea that for the government in Washington, it’s all right for these people to suffer for the greater good — that federal power is more important than your little lives.”

Mr. Trump took on as an informal campaign adviser Robert E. Murray — chief executive of the same coal company that had been working closely for years with the Republican attorneys general to unwind the Obama environmental legacy.

Mr. Murray, a brash and folksy populist who started working in coal mines as a teenager, is an unabashed skeptic of climate science. The coal magnate and Mr. Trump had a natural chemistry, and where Mr. Trump lacked the legal and policy background to unwind climate policy, Mr. Murray was happy to step in.

“I thank my lord, Jesus Christ, for the election of Donald Trump,” Mr. Murray said soon after his new friend won the White House.

Mr. Trump appointed Mr. Ebell, the Competitive Enterprise Institute fellow who had worked for years to undermine the legitimacy of established climate science, to head the transition team at E.P.A. Mr. Ebell immediately began pushing for an agenda of gutting the Obama climate regulations and withdrawing from the Paris Agreement.

When it came time to translate Mr. Trump’s campaign promises to coal country into policy, Mr. Murray and others helped choose the perfect candidate: Mr. Pruitt, the Oklahoma attorney general.

Mr. Trump, who had never met Mr. Pruitt before his election, offered him the job of E.P.A. administrator — putting him in a position to dismantle the environmental rules that he had long sought to fight in court.

Meanwhile, Mr. Trump wanted to be seen delivering on the promises he had made to the miners. As controversies piled up in his young administration, he sought comfort in the approval of his base.

In March, Mr. Trump signed an executive order directing Mr. Pruitt to begin unwinding the Clean Power Plan — and he did so at a large public ceremony at the E.P.A., flanked by coal miners and coal executives. Mr. Murray beamed in the audience.

Meanwhile, a battle raged at the White House over whether to withdraw the United States from the Paris agreement. Mr. Trump’s daughter Ivanka and his secretary of state, Rex W. Tillerson, urged him to remain in, cautioning that withdrawing could be devastating to the United States’ foreign policy credentials.

Murray Energy — despite its enormous clout with Mr. Trump and his top environmental official — boasts a payroll with only 6,000 employees. The coal industry nationwide is responsible for about 160,000 jobs, with just 65,000 directly in mining, according to the federal Energy Information Administration.

By comparison, General Electric alone has 104,000 employees in the United States, and Apple has 80,000. Their chief executives openly pressed Mr. Trump to stick with Paris, as did dozens of other major corporations that have continued to support regulatory efforts to combat climate change.

But these voices did not have clout in Washington, either in Congress or at the White House, when it comes to energy policy.

Mr. Trump’s senior adviser, Stephen K. Bannon, backed by Mr. Pruitt, told the president that pulling out of the deal would mean a promise kept to his base.

“It is time to put Youngstown, Ohio; Detroit, Michigan; and Pittsburgh, Pennsylvania — along with many, many other locations within our great country — before Paris, France,” Mr. Trump said in his Rose Garden speech on Thursday. “It is time to make America great again.”

The Science Gets Stronger

The recognition that human activity is influencing the climate developed slowly, but a scientific consensus can be traced to a conference in southern Austria in October 1985. Among the 100 or so attendees who gathered in the city of Villach, nestled in the mountains along the Drava River, was Bert Bolin, a Swedish meteorologist and a pioneer in using computers to model the climate.

Dr. Bolin helped steer the conference to its conclusion: “It is now believed that in the first half of the next century a rise of global mean temperature could occur which is greater than any in man’s history,” he wrote in the conference’s 500-page report.

While the politics of climate change in the United States has grown more divided since then, the scientific community has united: Global warming is having an impact, scientists say, with sea levels rising along with the extremity of weather events. Most of the debate is about the extent of those impacts — how high the seas may rise, or how intense and frequent heavy storms or heat waves may be.

In recent years, many climate scientists have also dropped their reluctance to pin significant weather events on climate change. Studies have shown that certain events — a 2015 Australian heat wave, floods in France last year and recent high temperatures in the Arctic — were made more likely because of global warming.

But in Congress, reluctance to embrace that science has had no political downsides, at least among Republicans.

“We don’t yet have an example of where someone has paid a political price being on that side of it,” said Michael Steel, who served as press secretary for the former House speaker John A. Boehner, the Republican presidential candidate Jeb Bush and the current House speaker, Paul D. Ryan, during his 2012 run as Mitt Romney’s vice-presidential choice.

Instead, the messages of Mr. Pruitt still dominate.

“This is an historic restoration of American economic independence — one that will benefit the working class, the working poor and working people of all stripes,” Mr. Pruitt said on Thursday, stepping to the Rose Garden lectern after Mr. Trump. “We owe no apologies to other nations for our environmental stewardship.”

American voters — even many Republicans — recognize that climate change is starting to affect their lives. About 70 percent think global warming is happening, and about 53 percent think it is caused by human activities, according to a recent study by the Yale Program on Climate Change Communication. About 69 percent support limiting carbon dioxide emissions from coal-fired power plants.

But most public opinion polls find that voters rank the environment last or nearly last among the issues that they vote on. And views are divided based on party affiliation. In 2001, 46 percent of Democrats said they worried “a great deal” about climate change, compared with 29 percent of Republicans, according to a Gallup tracking poll on the issue. This year, concern among Democrats has reached 66 percent. Among Republicans, it has fallen, to 18 percent.

Until people vote on the issue, Republicans will find it politically safer to question climate science and policy than to alienate moneyed groups like Americans for Prosperity.

There will be exceptions. The 2014 National Climate Assessment, a report produced by 14 federal agencies, concluded that climate change is responsible for much of the flooding now plaguing many of the Miami area’s coastal residents, soaking homes and disrupting businesses, and Representative Curbelo is talking about it.

“This is a local issue for me,” Mr. Curbelo said. “Even conservatives in my district see the impact. It’s flooding, and it’s happening now.”

Mr. Curbelo helped create the House Climate Solutions Caucus, 20 Republicans and 20 Democrats who say they are committed to tackling climate change.

Mr. Curbelo is confident that as the impact of climate change spreads, so will the willingness of his Republican colleagues to join him.

Outside of Congress, a small number of establishment conservatives, including a handful of leaders from the Reagan administration, have begun pushing Washington to act on climate change. Earlier this year, James A. Baker III, one of the Republican Party’s more eminent senior figures, met with senior White House officials to urge them to consider incorporating a carbon tax as part of a broader tax overhaul package — a way to both pay for proposed cuts to corporate tax rates and help save the planet. A Reagan White House senior economist, Art Laffer; a former secretary of state, George P. Shultz; and Henry M. Paulson Jr., George W. Bush’s final Treasury secretary, have also pushed the idea.

“There are members from deep-red districts who have approached me about figuring out how to become part of this effort,” Mr. Curbelo said. “I know we have the truth on our side. So I’m confident that we’ll win — eventually.”

Correction: June 3, 2017

An earlier version of this article misstated when the Supreme Court stayed the Obama administration’s Clean Power Plan, which regulated emissions from coal-fired power plants. It was in February 2016, not April.

Related Coverage

  1. Trump Rules: How Rollbacks at Scott Pruitt’s E.P.A. Are a Boon to Oil and Gas May 20, 2017
  2. Bucking Trump, These Cities, States and Companies Commit to Paris Accord Jun 1, 2017
  3. News Analysis: Trump, Prioritizing Economy Over Climate, Cites Disputed Premises Jun 1, 2017
  4. Does Donald Trump Still Think Climate Change Is a Hoax? No One Can Say Jun 2, 2017

Warum sind Planeten Kugeln und keine -sagen wir- Ro­ta­ti­ons­el­lip­so­ide mit Nasen und Dellen wie Kleopatra, der Asteroid?

Interessante Frage: warum sind Planeten Kugeln und keine Scheiben oder Rotationsellipsoide oder Kartoffelförmige? Ein Professor aus dem Münsterland gibt Antwort:

Warum sind Planeten Kugeln?

Kosmisches Ballspiel: Die Sonne und ihre "Kinder" (Bild: adventtr/iStock)

Schon in der Antike kamen die Gelehrten zu dem Schluss: Die Erde kann keine Scheibe sein – sie ist eine Kugel. Heute erscheint es uns völlig selbstverständlich, dass Planeten diese Form besitzen – aber warum sind sie denn eigentlich keine Scheiben oder riesige Kartoffeln, die durchs All schweben? Auf dieses Thema hat uns Kathrin W. aufmerksam gemacht – vielen Dank dafür!

Die Antwort weiß Ulrich Hansen, Direktor des Instituts für Geophysik der Universität Münster: "Der Grund für diese runde Form ist die Gravitation: Ab einer bestimmten Größe werden alle Massen intensiv zum Mittelpunkt eines Körpers gezogen – dadurch bildet sich dann eine Kugel". Wie bei einem kosmischen Billard sind die Planeten unseres Sonnensystems durch die Kollision vieler kleiner Einzelstücke entstanden. Mit jeder Vereinigung wuchs die Schwerkraft dieser jungen Himmelskörper. Die wachsende Gravitationskraft zog dann nicht nur weitere Stücke an, sondern verstärkte auch die auf das eigene Zentrum gerichtete Anziehung. Irgendwann konnten sich Ausbuchtungen dann nicht mehr halten – die Planeten nahmen eine immer rundere Gestalt an.

Deshalb gilt auch die Regel: "Je größer Himmelskörper sind, desto ausgeprägter ist ihre Kugelform. Kleine Himmelskörper können dagegen durchaus recht buckelig sein", sagt Hansen. Ein schönes Beispiel ist der Asteroid Kleopatra. Dieser Himmelskörper umkreist unsere Sonne wie ein Planet, hat aber nur einen Durchmesser von etwa 124 Kilometer. Deshalb reicht die Schwerkraft nicht aus, um Kleopatra zu einer Kugel zu formen – der Asteroid hat stattdessen die kuriose Form eines Hundeknochens.

Der Asteroid Kleopatra. (Credit: Stephen Ostro et al. (JPL), Arecibo Radio Telescope, NSF, NASA)Der Asteroid Kleopatra. (Credit: NASA)

Auch einige Monde der Planeten unseres Sonnensystems haben sich wegen ihrer geringen Schwerkraft nur schwach kugelförmig entwickelt. Beispielsweise sieht der Marsmond Phobos tatsächlich eher aus wie eine Kartoffel.

Die Erde ist ein Rotationsellipsoid mit Nasen und Dellen

"Aber auch die Erde und die anderen Planeten sind aus einem speziellen Grund keine perfekten Kugeln", betont Hansen. Es sind sogenannte Rotationsellipsoide: Durch die Zentrifugalkraft, die bei der Drehbewegung der Planeten entsteht, dehnen sie sich am Äquator aus. Die Planeten sind also nicht wie Billardkugeln geformt, sondern leicht abgeplattet. Der Erdradius ist aus diesem Grund am Äquator um etwa 21 Kilometer größer als an den Polen.

Aber im Fall der Erde gibt es noch eine weitere Besonderheit, die sie vergleichsweise "bucklig" macht: die Plattentektonik. Die Bewegungen der Kontinentalplatten drücken Gebirge empor, wie beispielsweise den Himalaya. Die Erde würde also beim Billard spielen nicht weit rollen, denn sie ist tatsächlich keine perfekte Kugel, sondern ein abgeflachter Himmelskörper mit vielen Nasen und Dellen.

Wenn Sie auch eine geeignete Frage für unsere Rubrik "Nachgefragt" haben, schicken Sie uns einfach eine E-Mail an:

fragen@wissenschaft.de

Rubriken


Sie haben die Wahl!

bild der wissenschaft sucht die besten aktuellen Wissensbücher – machen Sie mit!

 


Harte Nuss
Rätsel: Berühmte Entdecker gesucht

 

Der Buchtipp

Die Lebensumstände und der Lebensstil während der Zeugung und Schwangerschaft beeinflussen die Gesundheit des Kindes – und möglicherweise sogar die der Enkel. Peter Spork hat Erstaunliches über die Erkenntnisse der "Epigenetik" zu berichten.

Zu allen Buchtipps

Französische Bischöfe leben in Sünde

„Den Teufel spürt das Völkchen nie, und wenn er sie beim Kragen hätte.“ Es scheint, als ob Goethe die heutigen französischen Bischöfe gekannt hätte. Spätestens nach dem hässlich-agressiven Fernsehduell mit Macron am 3. Mai 2017, bei dem die faschistische Krawallschachtel Le Pen ihr Heil im Lehmwerfen sah und die gefressene Kreide wieder auskotzte, hätten die Bischöfe scharf Stellung nehmen müssen. Christian Modehn schreibt in seinem Beitrag »„Es ist eine Schande, katholisch zu sein“: Frankreichs Katholiken sind jetzt über die Bischofskonferenz entsetzt.« (Belegstelle) auf seinem Blog Religionsphilosophischer Salon: Error parsing: Query returned empty response

WordPress wird von Bots angegriffen

Mark Maunder, der WordPress-Kasperky, schlägt Alarm: infizierte Router attackieren weltweit WordPress-Installationen, hier die ganze Geschichte:

Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Thousands of Hacked Home Routers are Attacking WordPress Sites

This entry was posted in Research, Wordfence, WordPress Security on April 11, 2017 by Mark Maunder   64 Replies

Update: By popular request, we have created a tool that lets you check if your own home router is vulnerable to the problems discussed in this post. Visit this page to check if your home router has port 7547 open or if it’s running a vulnerable version of RomPager.

Last week, while creating the Wordfence monthly attack report, we noticed that Algeria had moved from position 60 in our “Top Attacking Countries” list to position 24. That was a big jump and we were curious why Algeria had climbed the attack rankings so rapidly.

What we discovered on closer examination is that over 10,000 IP addresses in Algeria were attacking WordPress websites in March. Most IPs were only launching between 50 and 1000 attacks during the entire month.

The following chart is a histogram. It groups IP addresses by the number of times they attacked. As you can see by the spike on the left, the most common number of attacks was around 100 to 200 for an IP address. Few of the attacking IPs generated more than 2,000 attacks during the entire month of March, 2017.

We wanted to learn more about these attacking IPs, so we dug a little deeper.

A Botnet Using Burst Attacks

We extracted the list of Algerian attack IPs and we included the time of first attack logged and the time of last attack logged. The majority of the IPs spent just a few hours attacking and then stopped for the rest of the month. The histogram below shows how many IPs spent less than a day (shown as 0) attacking compared to those that spent 1 or more days. As you can see over 7,000 IPs spent just a few hours attacking during March before they stopped.

These IPs switch on, perform a few attacks and then switch off and aren’t heard from again for a month. What we have found is a botnet that is distributed across thousands of IPs. Each IP is only performing a few attacks, those attacks are spread across many websites and the attacks only last a few minutes or hours.

The attacker controlling this botnet is using several evasive techniques. They are spreading their attacks across a very large number of IP addresses. They are using low frequency attacks to avoid being blocked. They are also spreading their attacks across a large number of WordPress sites.

These evasive techniques indicate a higher level of sophistication than we see from, for example, “PP Sks-Lugan” which we’ve written about in the past where we see a single IP generating millions of attacks.

Hacked Home Routers Hacking WordPress

When we looked at who owns each of the attacking IPs in Algeria, we found, over 97% of them are owned by Telecom Algeria. There are approximately 30 different ISPs in Algeria. We do see some attacks from other networks, but nothing compared to the volume that originates from Telecom Algeria.

The attacks we saw in March originated from the following networks:

  • 41.96.0.0/12 which ranges from 41.96.0.0 to 41.111.255.255 had 4671 attacking IPs in March.
  • 105.96.0.0/12 which ranges from 105.96.0.0 to 105.111.255.255 had 4591 attacking IPs in March.
  • 154.240.0.0/12 which ranges from 154.240.0.0 to 154.255.255.255 had 715 attacking IPs in March.
  • 197.112.0.0/13 which ranges from 192.112.0.0 to 197.119.255.255 had 401 attacking IPs in March.

Telecom Algeria is the state owned telecommunications provider in Algeria. It is therefore the largest telecommunications provider in the country.

We performed a network survey on a sample of 8,962 IPs on Telecom Algeria’s network. We received responses from 3,855 IP addresses.

Out of those IPs we discovered that  1501 are Zyxel routers that are listening on port 7547 and are running “Allegro RomPager 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)”.

Allegro RomPager 4.07 is an embedded web server that has a severe vulnerability, dubbed the Misfortune Cookie by Checkpoint, who discovered it in 2014. The identifier is CVE-2014-9222.

It appears that attackers have exploited home routers on Algeria’s state owned telecommunications network and are using the exploited routers to attack WordPress websites globally.

Other ISPs With Vulnerable Routers

Algeria drew our attention because its country ranking jumped from 60 to 24 in our top attacking countries for March. Once we took a closer look at the attacking IPs, we were able to identify a specific pattern of behavior for these attack IPs:

  • They generally attack for less than 48 hours and then stop.
  • Most of them generate less than 1000 attacks.
  • There is usually a large number of attacking IPs on a single ISP.

By searching for similar patterns, we found that there are several other ISPs that seem to have the same problem that Telecom Algeria has.

BSNL – India

BSNL is a state owned telecommunications provider in India. During March we saw attacks from 11,495 IPs on their network.

In a survey of BSNLs network, we found that:

  • 11,495 IPs on BSNLs network attacked WordPress sites in March.
  • Out of those attacking IPs, 4857 IPs also have port 7547 open.
  • We found that 1635 of the IPs that attacked WordPress sites are also running “Allegro RomPager 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)” which is vulnerable.

PLDT aka. Philippine Long Distance Telephone

PLDT is the largest telecommunications provider and digital services company in the Philippines.

In a survey of PLDT’s network we found that:

  • 3697 IPs on their network attacked WordPress sites in March.
  • 1612 of those attacking IPs on PLDTs network have port 7547 open.
  • 137 of those IPs are running “Allegro RomPager 4.07 UPnP|1.0 (ZyXEL ZyWALL 2)” which is vulnerable to remote exploitation.

28 ISPs with Suspicious Attack Patterns Indicating Compromised Routers

Once we could identify the attack pattern of compromised routers, we searched for other ISPs where the attack patterns fit the same criteria. That is, low frequency of attacks, each IP attacks for less than 48 hours and a large number of IPs are attacking WordPress sites from a specific ISP.

This is the full list of ISPs we found globally where attacks that match this criteria are originating from. Notice the low “average attacks per IP column” on the right of the table (scroll right) and the large number of attacking IPs per ISP.

What is port 7547 and TR-069 and why is it a problem?

Port 7547 is a management port on home routers. It allows ISPs to manage the routers that their customers use on their home networks. It uses a protocol called TR-069 to provide a management interface. The TR-069 protocol can be used to provision devices, provide tech support and remote management, monitor routers for faults, for diagnostics, to replace a faulty configuration and to deploy upgraded firmware.

This protocol and port has had at least two serious security vulnerabilities associated with it in the past 4 years.

We have already mentioned the misfortune cookie vulnerability which targets management port 7547 and which some of the ISPs above are suffering from. RomPager version 4.07 suffers from the misfortune cookie vulnerability. In the ISPs that we are seeing attacks originating from, 14 out of 28 ISPs have remotely accessible routers that have a vulnerable version of RomPager version 4.07 on port 7547

Another vulnerability emerged in November last year which allows an attacker to use port 7547 and the management interface to gain administrative access to a router.

6.7% of Attacks on WordPress Sites are from Home Routers with Port 7547 Open

In addition to the network surveys we did on ISPs from which attacks are originating, we also surveyed 865,467 additional IP addresses which have engaged in brute force or complex attacks during the past 3 days. Out of those, 57,971 have port 7547 open indicating that they are home routers from which attacks are originating.

That means that 6.7% of all attacks on WordPress sites that we protect, during the past 3 days, came from home routers that have port 7547 open.

Shodan, an internet survey search engine, currently shows that over 41 million devices on the Internet are listening on port 7547. The TR-069 protocol is widely used among ISPs world-wide.

 

The Security Risk to Home Users

If a home router is successfully exploited, an attacker can access your internal home network. They have penetrated any firewall function that the router provides and can also bypass router network address translation. This enables them to exploit internal targets like workstations, mobile devices using WiFi and IoT devices like home climate control systems and home cameras.

We are already seeing bulk exploitation of TR-069 which has turned home routers into a botnet attacking WordPress sites. It is quite feasible that home network exploitation is already underway as well.

Security Risk to the Internet at Large

OVH was hit by a 1 Terabyte DDoS attack in September last year, one of the largest in history. Approximately 152,000 IOT (Internet of Things) devices that had been compromised generated the traffic in that attack.

In just the past month we have seen over 90,000 unique IP addresses at 28 ISPs that fit our compromised-router attack pattern. We monitor these attacks across our customer websites which is an attack surface of over 2 million websites. We only see a sample of the attacks that all websites globally experience. If you extrapolate the numbers, it indicates that there is a very large number of compromised ISP routers out there performing attacks and acting in concert.

At this point it would not be a stretch to say that vulnerabilities in TR-069 may have created a very large botnet which could soon generate the largest DDoS attack the Internet has ever seen.

How ISPs can help

Exposing port 7547 to the public Internet gives attackers the opportunity to exploit vulnerabilities in the TR-069 protocol. ISPs should filter out traffic on their network coming from the public internet that is targeting port 7547. The only traffic that should be allowed is traffic from their own Auto Configuration Servers or ACS servers to and from customer equipment.

There are already a large number of compromised routers out there. ISPs should immediately start monitoring traffic patterns on their own networks for malicious activity to identify compromised routers. They should also force-update their customers to firmware that fixes any vulnerabilities and removes malware.

What we are doing

At Wordfence we run a real-time IP blacklist for our premium customers. We are adjusting our blacklist algorithms to identify and include IP addresses that engage in these kinds of attacks. We are also working to create awareness among ISPs and security professionals about the risk that TR-069 presents and how they can help to mitigate that risk.

Did you enjoy this post? Share it!


4.22 (55 votes) Your rating:

64 Comments on "Thousands of Hacked Home Routers are Attacking WordPress Sites"

John Divramis April 11, 2017 at 9:24 am • Reply

I think that most ISPs today are not leaving any ports open, while every router or almost every one is equiped with a firewall.

Mark Maunder April 11, 2017 at 9:30 am • Reply

I would very much like to believe that. Unfortunately the reality is very different. Here are just a few of the ports we found open on the ISPs from which attacks are originating, including what service they're running based on their banner. You'll also notice in our post that Zyxel Zywall is actually firewall software and that's what has the Misfortune Cookie vulnerability. So in this case the firewall is what the attackers use to gain entry.

Ports open on ISPs with compromised home routers

bill April 18, 2017 at 9:22 am • Reply

Do you have data or is it just wishful thinking or a wild ass guess?

Ernesto Pena April 11, 2017 at 9:33 am • Reply

Very good post. Thanks

Anthony Rogers April 11, 2017 at 9:41 am • Reply

Is this something that we can do something about at our homes and work? How can I find out if the router we use is a risk? Thank you

Mark Maunder April 11, 2017 at 10:40 am • Reply

Hi Anthony,

See my reply to Marlys Arnold. If there is more interest in this, we can create something to check port 7547.

Mark.

Nils Östergren April 11, 2017 at 2:20 pm • Reply

I check for open ports with "Shields Up" on Steve Gibson's GRC website https://www.grc.com/x/ne.dll?bh0bkyd2

Marlys Arnold April 11, 2017 at 9:51 am • Reply

What about those of us in the US ... should we be worried about the vulnerability of our routers based on what companies here here are doing? And what (if anything) can we do to protect our home network?

Mark Maunder April 11, 2017 at 10:39 am • Reply

One thing to check is if your routers port 7547 is open from the outside. I didn't have time to create a utility to check this, but let me know if there is interest and we can put that together. If port 7547 is open to outsiders, it does not indicate that you are vulnerable, but it does indicate that outsiders can access a service that should only be available to your ISP for management purposes.

Come to think of it we could also banner-grab the port and show you what your router is running.

Captain Jack April 11, 2017 at 11:01 am • Reply

Could a simple web based app work like http://www.canyouseeme.org/ ???

Michael W April 11, 2017 at 11:57 am • Reply

I would appreciate such a utility to check if 7547 is open from outside, and the banner - grab idea as well

Mark Maunder April 11, 2017 at 5:49 pm • Reply

It's now available Michael. Link is at the top of this page.

Karen April 11, 2017 at 1:48 pm • Reply

I would appreciate a utility to check the port as well.

Mark Maunder April 11, 2017 at 5:48 pm • Reply

It's now available. Link at the top of this page.

Marlys Arnold April 11, 2017 at 3:27 pm • Reply

Sounds great - I'll watch for that tool!

Mark Maunder April 11, 2017 at 5:48 pm • Reply

It's live. Link at the top of this page.

Nick Marshall April 11, 2017 at 1:52 pm • Reply

You can test your router and firewall with this page:

https://www.grc.com/x/portprobe=7547

Shelly-Ann April 11, 2017 at 10:03 am • Reply

Great info guys. Thanks for all the hard work.

Mark Maunder April 11, 2017 at 10:38 am • Reply

Thanks Shelly-Ann.

Daryl Austman April 11, 2017 at 10:04 am • Reply

I create/maintain local business WP websites for a living and pride myself on delivering secured, safe WordPress sites that are constantly monitored and updated. I depend on Wordfence (along with a few other plugins) to help keep my client's sites protected.
It is important to be aware of all the plausible dangers out there and your blog/news updates are invaluable to my staying on top of things. I'm not a full out coder so having things explained in "layman's terms" is important to me... you do that well!
THANKS for continually keeping users and providers like myself up to date on what is going on in that big bad world of WP hacking!

Mark Maunder April 11, 2017 at 10:38 am • Reply

Thanks Daryl.

John April 11, 2017 at 10:04 am • Reply

...and this... is why I drink.

Ruan April 11, 2017 at 10:04 am • Reply

You go to great lengths to explain where the vulnerability is on the router side, however (and perhaps I missed it) I did not get a good understanding of what the attacks were attempting to do on the wordpress sites and whether I should be worried about it. Can you please elaborate.

Thank you.

Mark Maunder April 11, 2017 at 10:37 am • Reply

Thanks Ruan. Yes that was an omission. We are seeing mostly brute force attacks and a small percentage of complex attacks. The brute force attacks target both wp-login.php (the traditional login endpoint for WordPress) and also XMLRPC login. Let me know if that helps.

Mark.

iAdminWP April 11, 2017 at 10:24 am • Reply

Wow interesting. Thank you for staying on top of these attacks.

AFitz April 11, 2017 at 10:26 am • Reply

How can you determine if your router is at risk?

Mark Maunder April 11, 2017 at 10:44 am • Reply

Please see my replies to other posters in this thread.

David Swanson April 11, 2017 at 10:29 am • Reply

You guys are awesome. I love how detailed your blog posts are. Every website I build for my clients I install and insist on Wordfence Premium.

Mark Maunder April 11, 2017 at 10:43 am • Reply

Thanks David.

David April 11, 2017 at 10:31 am • Reply

Do you think that ISPs are able to force-update their customers to firmware that fixes any vulnerabilities and removes malware and yet allows then to keep their hardware? If consumers have to swap out hardware, I can see this being an uphill struggle, would you agree?

Is it all or only some hardware that can accept a firmware upgrade or is it a given that all routers can accept a firmware update that would close off the port?

Mark Maunder April 11, 2017 at 10:43 am • Reply

I don't have a complete answer for you but here are a few observations based on my recent research:

1. Port 7547 is actually the management port that ISPs would use to remotely update your firmware.
2. Some attackers infect routers and actually close off this port behind them, which would prevent firmware updates.
3. The good news is that in many cases (perhaps all?) if you reboot the router, the malware is cleared and it's reset to it's previous state which would open up that port again.

So what could work for ISPs, and I haven't confirmed this, is to ask customers to perform a reboot on a particular day, and then immediately roll out firmware updates via port 7547/TR-069 to the clean routers.

Mark.

Joe Gonzalez April 11, 2017 at 10:37 am • Reply

Can they still attack even if you have "device access control" turned on? Like only certain devices and their MAC address are allowed to access wi-fi after passphrase verification?

Mark Maunder April 11, 2017 at 10:41 am • Reply

I'd have to know more about your router model number to answer that, but my guess is that WiFi access control based on MAC address is unrelated to whether or not your router exposes a management port to the outside world.

Russ Michaels April 11, 2017 at 10:53 am • Reply

So as we can see the big issue here is state owned ISP's have a total lack of security and cleary are not updating their routers or telling customers about the issue, or even monitoring their own network activity.

Kevin C Brown April 12, 2017 at 7:02 am • Reply

Comcast and Time aren't state owned ISPs, though you wouldn't know it from their "customer service." See the top offenders in Mark's chart above.

Chris April 11, 2017 at 10:54 am • Reply

Thanks for this very informative post.

What I really don't get, is: what is the relation between the Zyxel firmware and the vulnerable port? Or to be more specific: is the Zyxel firewall vulnerable or is there running a customized ISP firmware based on the Zyxel firmware? Do the attackers exploit the Zyxel firewall or do they exploit a firmware, which is built by the ISPs?

Best regards

Mark Maunder April 11, 2017 at 11:12 am • Reply

Hi Chris,

Read this recent post to get an idea of the issue: http://seclists.org/fulldisclosure/2017/Jan/40

Dena McKitrick April 11, 2017 at 11:14 am • Reply

I am very interested in you creating a utility to check if our routers port 7547 is open from the outside. Thank you for your informative articles always!! I appreciate your efforts and clarity.

Mark Maunder April 11, 2017 at 11:48 am • Reply

Thanks Dena. We're working on it now. Should have something shortly. We will email the list.

Mark Maunder April 11, 2017 at 5:49 pm • Reply

It's live. Link at the top of this page.

John Everette April 11, 2017 at 11:18 am • Reply

Wonderful post! Information is power. Do you have any stats on this vulnerability within the US? Just wondering, as we have blacklisted everyone outside the US. Our website does not need global visibility, so we just nuked them all, other than the United States. However, I notice we consistently get hit attempts from a couple of subnets in Chicago and LA, and I was wondering if this could be these routers being compromised. Thanks for your hard work!

Mark Maunder April 11, 2017 at 11:49 am • Reply

Hi John,

We definitely have plenty of attackers in the US on our own Premium Wordfence blacklist. I haven't analyzed how many of them are ISP routers.

Michael S McGinn April 11, 2017 at 11:31 am • Reply

I would like a tool to check this on my customer base to proactively check this and alert them to contact their isp to plug it if it is a problem.

Mark Maunder April 11, 2017 at 11:50 am • Reply

Thanks Michael. We're working on something which we should have available soon. We will email the list. Expect something by tomorrow morning at the latest.

Nathan Wright April 11, 2017 at 11:34 am • Reply

Hi everyone, great post. Some people have asked how they can check their home / work routers for this and other open ports. Not sure if I am allowed to post this but a great, free tool that I have used for years is by the owner of Gibson Research. He is trusted the world over as a real guru and does things with machine code that I cant even begin to understand. He has a web service (free) called ShieldsUP! which everyone should use to test any network that has access to the internet. I am not in any way associated with the owner, site or otherwise, I am simply an IT consultant who likes to keep his clients as safe as possible. Hope this helps.

https://www.grc.com/default.htm

Susan April 11, 2017 at 11:35 am • Reply

I have an iMac desktop with Airport Express router, version 6.3.6 (its a few yrs old)
and did a port scan for the apple IP address, with the results being:

Open TCP Port: 52 domain
Open TCP Port 5009 winfs
Open TCP Port 10000 ndmp

is this secure Mark?
If not how do I close them?
Thanks for the great info on router attacks, just another important fact to look at.

Mark Maunder April 11, 2017 at 11:54 am • Reply

I'm not sure if it's secure, but it doesn't include port 7547 which means you're not vulnerable to the specific issue we discuss in this post.

Jelena April 11, 2017 at 11:46 am • Reply

Going through access logs for my Wordpress site recently, I noticed lots of requests to wp-login.php and xmlrpc.php, maybe every 10-20 minutes or with longer pauses (few hours or so). In most cases User-Agent header of those requests is "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1". I started blocking those IPs in my webserver's CPanel, but when I realized there are so many unique IPs with no recurring occurrences, I gave up. Most of them belong to ISPs from the table of compromised routers that you've published. I've also noticed IPs from Belarus (BELTELECOM), Saudi Arabia (Etihad Etisalat - Mobily, Saudi Telecom), UK (Virgin Media), Ireland (Liberty Global Europe, Sky Network Services), Spain (Telefonica de Espana), and more.

Amy April 11, 2017 at 12:26 pm • Reply

Interested in the utility to check for any open ports!

THANK YOU FOR YOUR HARD WORK!

Amy

James April 11, 2017 at 12:30 pm • Reply

This is really interesting, thanks.

What action if any should WP site admins w/ WF Premium take at this time, either on the site itself, or advise site admins/contributors to take on their home routers?

thanks!

Mark Maunder April 11, 2017 at 1:12 pm • Reply

No action required. We have already added many of these new IPs to the Premium Wordfence blacklist. We are gradually lowering our filter thresholds and modifying algorithms to include additional IPs that are engaging in these attacks. Just kick back and know that we're on top of this.

Amy April 11, 2017 at 1:02 pm • Reply

*Might be a dumb question but would using a VPN help eliminate this risk?

Mark Maunder April 11, 2017 at 1:13 pm • Reply

No it would not. Unfortunately an attacker who can compromise your home router will also be able to directly access your home workstation or device even if your traffic to the outside Internet is passing through an encrypted VPN tunnel.

rfrazier April 11, 2017 at 1:40 pm • Reply

Hi Mark,

Great post. Thanks for the good info. Hopefully the following comments will help people. Sorry, it got a little long but it's good info.

This vindicates my personal policy of blocking confirmed attackers for at least 3 months when I get a chance to review my logs and actually confirm that the suspected attacks (based on firewall rules violations) are actual attacks.

Takeaways for users, in my opinion are the following. If needed, ask a geek friend for help.

01) Put your own home router behind your cable / dsl modem between it and your home network.

Wiring should look like this:

internet -> cable modem -> your router's WAN port -> pc's either wired to your router's LAN ports or wireless

If you're really geeky, you could run alternate firmware like DD-WRT, Open-WRT, or Tomato. This is not for the faint of geek heart and instructions are beyond the scope of this post. If not using custom firmware, make sure the router you install has up to date factory firmware.

Using your own router won't prevent malware from getting into the cable modem. But it will help prevent it from breaching into your home network. The following steps won't guarantee that your router cannot become infected, but they will help make it much less likely.

02) Turn off all unneeded features in the router's control panel and, in particular, anything that allows outside access to your inside network.

03) Make sure the DMZ is OFF. DMZ stands for demilitarized zone. The DMZ feature, if on, forwards ALL incoming traffic from outside that is unsolicited (ie attacks) to a specific address on the INSIDE of your network. This is very dangerous. Don't use it.

04) Turn off ALL outside remote administration, be it web based (http, https), or ftp, or telnet, or just a general setting, or whatever.

05) Turn off all "servers" or "services" that expose any router features to the outside world.

06) Turn off UPNP. This stands for Universal Plug And Play. This allows things inside your network (game consoles, javascript apps in your browser) to open holes (ports) in your router's firewall without you knowing it which may let bad things sneak in. If the router's control panel shows any ports have been opened that you didn't specifically ask for, close them. Many routers won't even show you this. If you DO want specific ports open for games and such, you should open them manually and intentionally.

07) You may test your external IP address for open TCP ports within limits benignly using the "Shields UP" web service at GRC (Gibson Research Corp.). I have no financial interest in GRC but I value their services. Use this test only at your home, not in a corporate environment.

Go to: https://www.grc.com/x/ne.dll?bh0bkyd2 (This link may change over time.)

Read the information about what the test will do. If you understand and agree, click "Proceed".

There are several tests you can run. You may have to scroll down to see the menu.

First click "GRC's Instant UPNP Exposure Test". This will check if your router responds to UPNP port opening commands from the OUTSIDE world. The result should be a green banner saying it did not respond.

Click back to get back to the menu. Scroll down if necessary.

Click the "File Sharing" button.

This will test for outside access to your PC's hard drive. The result should say "Unable to connect".

Scroll back to the menu. Click the "Common Ports" button.

This will test your external address for common open TCP ports. The desired result is "TruStealth Analysis Passed" with data below showing green lights and all port numbers as Stealth. This means your router did not respond to any queries. It would be like if someone knocks on your front door and you don't answer even if you're home.

Scroll back to the menu. Click the "All Service Ports" button. Scroll down and wait for this to complete.

This will test your external address for open TCP ports 0 - 1055. Again, the desired result is "TruStealth Analysis Passed" with all green lights and all ports shown as Stealth. A closed port is an acceptable result, but that means when the remote computer probed that port number, your router said, "I'm here but go away, I don't want to talk." No response at all is preferable. An open port means that your router or cable modem is "listening" for connection attempts on that port number. You should not see open ports.

Note that none of this has tested the port mentioned in this blog post. Here's how you do that. Note also that these procedures test TCP ports, not UDP ports.

Scroll back down to the menu. Below the buttons, there is a text entry blank. Enter 7547 (the port number discussed in this blog post) into the blank. Click the "User Specified Custom Port Probe" button. This will probe this specific port number.

Again, the desired result is "TruStealth Analysis Passed" with a green light and this port shown as Stealth.

This will give you a pretty good idea if you have any COMMON ports open or if this specific port is open. Note that, for all the ports which your cable modem passes unhindered to your router, you are testing the router. If a port shows up as stealth, it's being blocked either by your ISP (mostly not the case), your cable modem (mostly not the case) or your router (usually the case). If a port shows up as closed or open, meaning there was a response, that response could be coming from your cable modem or your router or possibly the ISP if it's closed.

Note that most ports from 1056 - 65535 for TCP and ALL ports for UDP (also with numbers 0 - 65535) have NOT been tested. You could use something like NMAP to do that, but it has to be done from the outside world. Be careful, if your ISP thinks you're launching an attack on someone, even yourself, you may find yourself disconnected from the net. I have not had a problem running these simple scans on occasion.

The owner of GRC, Steve Gibson, hosts a podcast called Security Now. It's a good mix of consumer / prosumer security info. It is not Wordpress specific though. It is not for security experts, although some listen, but takes info from security experts and makes it available to more average people.

https://www.grc.com/securitynow.htm

https://twit.tv/shows/security-now

Back to the take away points for consumers.

08) Put your IOT things on their own router as described in the "Three Dumb Routers" philosophy.

(Disclaimer, the 1st link is on my own blog.)

https://techstarship.com/2016/02/18/you-yes-you-should-care-about-iot-security/

http://www.pcper.com/reviews/General-Tech/Steve-Gibsons-Three-Router-Solution-IOT-Insecurity

http://nerdcave.littlebytesofpi.com/router-configuration/

09) If you hear a security notice through sources such as Security Now or others that your router has a security vulnerability, see if you can get a firmware update from the factory and install it. I personally don't like auto update, since I like to know when new firmware is installed. Installing firmware will often clear the settings, so the router will have to be set up again. I personally like DD-WRT firmware which is pretty solid if you have all its external services turned off. This is beyond most people's comfort level though. The next best thing is up to date factory firmware.

10) Absolutely change your router's default management password. The BEST scenario is a long random (and unmemorable and untypeable) password stored in a password manager. If you need something memorable and typeable, multiple words separated by numbers and / or symbols is best. Write it down in a secure place or use a password manager to save it. Remember, a bad actor could be in your home in the form of a malicious script running in a web page, or someone physically there like contractors, relatives, friends, or kids. They could try to attack your router. That would be an attack from inside your network. If you have the option, make sure your router's control panel times out after you've been logged in for a while but inactive in case you forget to log out.

If you want a memorable and typeable password, you could use this site but don't use "correct horse battery staple" as the password.

http://correcthorsebatterystaple.net/

If you want a good long piece of randomness, you could use this site or the password generator in your password manager.

https://www.grc.com/passwords.htm

Be VERY careful about copying and pasting long passwords into the router's control panel. If it doesn't accept all the characters, you'll have a random length subset of the password that you don't know. If you can set it to let you see the characters, do that. If you get locked out, you'll have to physically reset the router and start over configuring it. Do NOT type confidential passwords into the router when connected by wifi unless you've already set up WPA2 encryption. See below. Connect to the router with a LAN cable initially and turn your wifi off to configure it.

For one of MANY thoughtful discussions on passwords, try this.

https://diogomonica.com/2014/10/11/password-security-why-the-horse-battery-staple-is-not-correct/

11) For your WIFI password, not the management or control panel password, use a long random string of characters and numbers. The router should be able to accept 63 alphanumeric characters or digits. It may not like symbols though. Set it for WPA2 and AES encryption. Do NOT use WPS or any quick and easy "push button" setup. You should disable WPS and WPS Pin if you have a choice. Save the password somewhere in a non obvious file. Note that, if someone bad is seated at your PC, or steals your PC, you've got bigger problems than whether they can log into your wifi. You should never have to type this password and almost never have to even copy and paste it. If you have a password manager, store it in a secure note or something.

https://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both/

If you need to let your friends log in, use a router with a guest network feature that ONLY connects to the internet. The guests should not be able to access the router's control panel. You can give them a separate more memorable, and typeable password and can conceivably change it when they leave.

Hopefully this will be helpful. I am not affiliated with GRC or Wordfence other than as a customer. But I was inspired to post this in hopes that it will help clear up a somewhat confusing topic of home routers.

Sincerely,

Ron

Michael McGInn April 12, 2017 at 8:35 am • Reply

Great comment Ron. Lots of great info. Do you have this info posted at a blog some where that I could report and share? Was thinking of just copy/pasting it to my blog but that would not be cool so I wanted to see if you had a alternate source or maybe an infographic published with the flow chart that could be pined and shared via social networks. Shoot me an email.

Nick Marshall April 11, 2017 at 2:24 pm • Reply

I think pressure and responsibility should fall on the makers of the routers, like ZyWall, to supply updated firmware for the compromised routers. Government agencies are usually understaffed and underfunded so they probably don't have the time or money to fix these kind of problems.

Patrizio Racco April 11, 2017 at 2:37 pm • Reply

This is as interesting as scaring. I have been hacked quite badly in the past, so I can say it's a real threat. Thanks guys for keeping an eye on us!

Pat

Wayne April 11, 2017 at 3:00 pm • Reply

I don't suppose std router usernames and passwords never getting changed helps , for instant admin / admin ,

Kevin Brown April 12, 2017 at 7:07 am • Reply

It won't help as these backdoor entries come in looking like the ISP, which doesn't rely on the userID password combo required for all other ports that request the standard GUI login page.

George Pasparakis April 11, 2017 at 11:25 pm • Reply

Thank you very much for this information.
We will keep a close eye on this issue since quite a few ISPs here in Greece provide Zyxel equipment.
I would be very surprised to see that Greek ISPs monitor traffic especially on management ports!
Thanks again for this!
It keeps us and our customers up to date.

oliver April 12, 2017 at 1:37 am • Reply

Thanks Mark, very informative. I guess am really scared with IOT now 😉
I hope my home washing machine would not attack my cellphone. LOL

-oliver

texlend@gmail.com April 12, 2017 at 9:15 am • Reply

Mark, thank you for this tool.

Daniel Peterson Houston mortgages

FerdieNandP April 12, 2017 at 6:29 pm • Reply

Since port 7547 is a service port for ISPs. How can a home user block or close this port?

Mark Maunder April 12, 2017 at 9:03 pm • Reply

You may be able to block it with rules on your router, but it's best to contact your ISP for help or at the very least to let them know that you would like the port closed for security reasons. The idea is to get the message out to ISPs about the danger of this port being open.

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.

Mehr Euro-Mil­li­o­näre als Flücht­linge

In Deutschland gab es 2015 mehr Euro-Millionäre als zugewanderte Flüchtlinge. Viele Flüchtlinge finden keine Unterkunft und in Berlin werden seither immer noch Turnhallen als Unterkünfte zweckentfremdet, obwohl viele Zimmer nicht nur in Villen leer stehen und nach Einwohnern schreien. Hier gibts eine segensreiche Initiative, die solche Zimmer und Interessenten zusammenführt: www.fluechtlinge-willkommen.de, Anmeldung auch hier:

Was wir machen

Flüchtlinge Willkommen bringt Wohnraumgebende und geflüchtete Menschen zusammen, um ein privates Zusammenleben zu initiieren. Wir sind Ansprechpartner*innen für Fragen des Zusammenlebens und bereiten die Kostenübernahme durch Ämter vor.
Flüchtlinge Willkommen kritisiert die zentrale Unterbringung in Massenunterkünften, die Menschen stigmatisiert und ausgrenzt, und setzt sich politisch für eine dezentrale Unterbringung ein. Langfristig wollen wir dazu beitragen, eine offene Gesellschaft zu gestalten, in der ein solidarisches Miteinander und ein Zusammenleben auf Augenhöhe als selbstverständlich gelten.

Grundlegend ist für uns: Kein Mensch ist illegal.

Was du tun kannst

Du hast Lust, einem geflüchteten Menschen das Ankommen in Deutschland zu erleichtern? In deiner WG oder Wohnung ist ein Zimmer frei?

Werde jetzt aktiv: Melde dein freies Zimmer an und verbreite die Idee von Flüchtlinge Willkommen:

Wie alles begann

Im Herbst 2014 beschlossen Mareike Geiling und Jonas Kakoschke, ein Zimmer in ihrer Wohnung einer geflüchteten Person zur Verfügung zu stellen. In dieser Zeit lernten sie Golde Ebding kennen, die die Idee teilte, aus der privaten Initiative eine Plattform aufzubauen, die bundesweit vermittelt. Einen Monat später zog Bakary aus Mali für ein halbes Jahr bei Jonas und Mareike ein – die erste WG, die durch das Projekt entstand.
Mittlerweile gibt es Büros in Berlin, Hamburg und Leipzig sowie mit Refugees Welcome International ein internationales Netzwerk, zu dem 12 weitere Länder zählen, in denen das Konzept mit Unterstützung des deutschen Teams adaptiert wurde.

Weitere Infos hierzu finden sich auf unserer internationalen Website www.refugees-welcome.net.

Saarland-AFD: Niveaulimbo mit Hakenkreuz, verdörrt-sprießender Vetternwirtschaft und BND-Schwester

Saarland-AFD: Unerträglicher Niveaulimbo mit NS-Devotionalienhandel, Dörr-Goldfasanen-Vetternwirtschaft, braun-pensioniertem Schuldirektor und BND-Schwester des unsäglichen NSA-Versagers Gerhard Schindler.

AfD im Saarland: Wo peinlich ein Kompliment wäre

Die AfD ist sicher nicht überall gleich. Im Saarland allerdings gibt sie vor der Landtagswahl am Sonntag ein erbärmliches Bild ab. Das zeigt auch eine Analyse des Bundesschiedsgerichts der Partei. Dort zieht man sogar Vergleiche mit dem Mittelalter.

Frauke Petry (Archivbild) hatte ihre Probleme mit dem System "family and friends" der Saar-AfD. Kurz vor der Landtagswahl im Saarland scheint das vergessen. 

Frauke Petry (Archivbild) hatte ihre Probleme mit dem System "family and friends" der Saar-AfD. Kurz vor der Landtagswahl im Saarland scheint das vergessen. 

Eine knappe Million Einwohner hat das , es ist so groß wie ein Landkreis, soll der frühere SPD-Politiker Johannes Rau mal gesagt haben. Und doch besitzt die Wahl an diesem Sonntag eine hohe Bedeutung. Hier will die CDU ihren Abwärtstrend bei Landtagswahlen stoppen. Die SPD will zeigen, dass sie mit Martin Schulz nicht nur in Umfragen gewinnt. Die Grünen kämpfen gegen den Absturz, die FDP ringt um den Aufstieg.

Die möchte am Sonntag ihren Siegeszug fortsetzen und in das nächste Landesparlament einziehen. Ein Selbstläufer ist der Weg in den Landtag diesmal allerdings nicht, und dafür hat der Landesverband Saar selbst gesorgt: In keinem anderen Bundesland agiert die AfD auf derart niedrigen Niveau.

Die Saar-AfD fällt vor allem unangenehm auf, und das durchaus bundesweit. Vor einem Jahr wurde sie komplett aufgelöst, nachdem der stern enthüllt hatte, dass die beiden Chefs Kontakte zu Neonazis gepflegt hatten. Eine Mehrheit des Bundesparteitags der AfD sprach sich anschließend ebenfalls für die Auflösung aus. Das der Partei musste entscheiden und beurteilte die Maßnahme als zu hart. Die Saar-AfD wurde gerüffelt, durfte aber weitermachen.


Die Hakenkreuz-Affäre des Spitzenkandidaten

Auch ihr Spitzenkandidat für die Landtagswahl, der 65-jährige Rudolf Müller, brachte es deutschlandweit in die Schlagzeilen. Das war, als das ARD-Magazin "Panorama" und der stern aufdeckten, dass Müller in seinem Laden in Saarbrücken "KZ-Geld" anbot und Hakenkreuzorden vertickte, teilweise ohne das Hakenkreuz abzukleben. Die Staatsanwaltschaft Saarbrücken ermittelte, stellte die Ermittlungen kürzlich aber ein. Dafür versucht der saarländische Justizminister über eine Bundesratsinitiative zu erreichen, dass Leute wie Müller nicht mehr länger mit NS-Devotionalien handeln dürfen.

Rudolf Müller rechnet bei der Landtagswahl, das teilte er der "Saarbrücker Zeitung" mit, für seine Partei mit einem "deutlich zweistelligen Ergebnis". Er selbst kommt im Wahlwerbespot der Saar-AfD allerdings nur wenige Sekunden zu Wort. Offenbar sehen es die Planer der Kampagne als eher hinderlich an, mit einem Spitzenkandidaten zu werben, der auch mit Nazi-Orden Geld verdient.

Müllers Frau Monika hingegen durfte sich in dem Werbefilm gut ausgeleuchtet auf einem Sessel präsentieren. Die Schwester des früheren BND-Präsidenten Gerhard Schindler steht zwar auf einem Listenplatz weit hinten, äußert sich in dem Spot aber trotzdem doppelt so lange wie ihr Gatte.

Notmaßnahmen wie "intensives Coachen" und "Rücktritt"

Was der wiederum in einer Diskussionsrunde mit anderen Spitzenkandidaten Mitte Januar von sich gab, beunruhigte selbst AfD-Mitglieder. Sie wandten sich nach dem öffentlichen Auftritt schriftlich an den Landesvorstand, schlugen Notmaßnahmen von "intensivem Coachen" bis zum "Rücktritt" Müllers als Spitzenkandidat vor. "Niemand kann alles wissen, aber er sollte wenigstens etwas Konkretes sagen", schrieb ein Parteifreund über Müllers Auftritt, ein anderer meinte: "Wenn wir sonst keine guten Alternativen als Politiker haben, sollten wir lieber nicht antreten."

Müller nahm dann, immerhin, an der öffentlichen Diskussionsrunde der Spitzenkandidaten für die Saarland-Wahl nicht teil, zu der ihn der Radiosender "Salü" eingeladen hatte. Auch ein Einzelinterview, wie es die Hörfunk-Redaktion des Saarländischen Rundfunks mit jedem Spitzenkandidaten führte, verweigerte er. Die Spitzenkandidatur selbst ließ er sich aber nicht nehmen.

Noch etwas knapper als Müller äußert sich in dem Wahlspot der Saar-AfD Aline Wagner. Die AfD-Politikerin, die es ohne jemals politisch auch nur aufzufallen auf einem aussichtsreichen Listenplatz brachte, steht dem Landeschef Josef Dörr nahe. Und weil im kleinen Saarland wenig unkommentiert bleibt, wabern Gerüchte über die Art der Beziehung des 78-Jährigen pensionierten Schulleiters und der 30-jährigen Justizvollzugsbeamtin durch die Partei, mündlich, aber auch schriftlich vorgetragen.

"Unsägliche Gerüchte ... zum Teil ehrabschneidend"

Aline Wagner, deren Gesicht auf das Wahlkampfauto der Saar-AfD geklebt ist, ging selbst auf die Gerüchte ein. Vergangenen Juli war das, in Stuttgart, als das Bundesschiedsgericht die Auflösung des Landesverbands verhandelte und Zeugen befragte. Aline Wagner kam dabei auf ein Zitat der Parteichefin Frauke Petry zu sprechen. Petry hatte mit Blick auf die Verhältnisse in der Saar-AfD von einem System "family and friends" gesprochen. Zu "family and friends" wolle sie etwas anmerken, warf Aline Wagner ein und sagte mit Blick auf Josef Dörr: "Mir wird oftmals gesagt, wir kannten uns vorher oder was. Ich bin allein in die AfD gekommen und habe niemanden vorher gekannt, auch den Vorstand nicht." Der Schiedsrichter verstand nicht recht, worauf Aline Wagner hinaus wollte. Da assistierte, wie das Protokoll festhält, Josef Dörrs Stellvertreter Lutz Hecker: "Es gibt unsägliche Gerüchte, die insbesondere mit ihrer Person (an Frau Wagner gerichtet) auch zusammen hängen, die sind zum Teil ehrabschneidend."

Aline Wagner sagte dem stern auf Nachfrage, sie stehe in keiner verwandtschaftlichen Beziehung zu Josef Dörr. Wenige Minuten nach dem kurzen Telefonat rief allerdings Josef Dörr auf Wagners Handy zurück – hörbar aufgebracht. Man werde ihn von einer anderen Seite kennen lernen, drohte der Landeschef, das seien unwahre Gerüchte und was einem einfalle, Frau Wagner darauf anzusprechen. Er hatte offenbar vergessen, dass Aline Wagner und sein Stellvertreter Hecker die Gerüchte selbst in das Verfahren am Bundesschiedsgericht getragen hatten.

Kinder, Nachbar, Frau und Nichte – alles Delegierte

"Family and friends": Falsch lag die Parteichefin Petry mit ihrer Analyse nicht. Während Vater Dörr und dessen Vertraute Aline Wagner in den Landtag einziehen wollen, soll Dörrs Sohn Michael an erster Stelle für den Bundestag kandidieren. Wählen müssen ihn dafür in eineinhalb Wochen die Mitglieder des Landesvorstands und unter anderem die Delegierten des AfD-Kreisverbandes Saarbrücken-Land. Und unter diesen finden sich, kein Witz:

• Josef Dörrs Sohn Michael Dörr

• Josef Dörr

• Josef Dörrs Vertraute Aline Wagner

• Josef Dörrs Sohn Martin

• Josef Dörrs Sohn Roman

• Josef Dörrs Frau Inge

• Josef Dörrs 86-jährige Schwägerin Erna Pontius,

außerdem eine Nichte Josef Dörrs und deren Mann.

Es ist nicht gerade unwahrscheinlich, dass Josef Dörrs Sohn Michael auf den von ihm gewünschten Listenplatz gelangt und von dort in den Deutschen Bundestag gelangt.

"Quasifeudalistische Struktur", der Landesvorsitzende als "Heilsfigur"

Der AfD-Bundesschiedsrichter Thomas Seitz hat sich besonders intensiv mit dem Landesverband Saar auseinander gesetzt. Er hat Akten studiert und Zeugen befragt, er wollte wissen, was dort vor sich gehe. Seitz, ein Jurist, schreibt in seiner Stellungnahme von einem "System Dörr". Dieses System bestehe "im Sinne einer quasifeudalistischen Struktur, in dessen Zentrum Josef Dörr als Heilsfigur steht, dem die Angehörigen seines Lagers in Art eines mittelalterlichen Lehensverhältnisses persönlich zur Treue verpflichtet fühlen. Deswegen wird Josef Dörr, dort wo er auftaucht, als Versammlungsleiter und ohne Gegenkandidat gewählt, weil bereits ein Antreten gegen Josef Dörr einen Treuebruch darstellte."

"Quasifeudalistische Struktur", Dörr als "Heilsfigur", gegen den anzutreten einen "Tabubruch" darstelle: Zu diesem Urteil kommt kein politischer Gegner, sondern, nach intensiver Analyse, ein Parteifreund.

Doch Dörr und die Seinen sind damit bisher trotz allem durchgekommen, bis zur Landtagswahl an diesem Sonntag und wohl auch darüber hinaus. Die Umfragewerte der AfD sanken zuletzt auch im Saarland deutlich, liegen aber stabil über der Fünf-Prozent-Hürde.

Petry zeigt klare Kante – und macht sich dann ganz klein

Im Grunde können sich Josef Dörr, Rudolf Müller und ihre Leute in diesen Tagen ins Fäustchen lachen. Am Dienstagabend kam sogar Frauke Petry zu ihnen ins Saarland gereist. Petry verachten sie in der Dörr-AfD, weil sie ihnen mit der Auflösung hart zugesetzt hat. "Mobbing gegen Missliebige" unterstellte Rudolf Müller ihm auf einem Flugblatt, das er an AfDler aus dem ganzen Bundesgebiet verteilen ließ.

Und Petry ließ nicht locker. Sie habe "erhebliche Zweifel an der Integrität von maßgeblichen Teilen des Landesvorstandes", mailte die Parteichefin allen knapp 26.000 AfD-Mitgliedern noch vergangenen Oktober, als das Bundesschiedsgericht den Landesverband Saar bestehen ließ. Petry forderte Josef Dörr in der E-Mail auch auf, "mit Rücksicht auf die Gesamtpartei" nicht an der Landtagswahl teilzunehmen.

Nun machte die Bundesvorsitzende sich ganz klein. Bei der Wahlkampfveranstaltung in Homburg rief sie brav dazu auf, die Saar-AfD zu wählen.

Translate »
Real time web analytics, Wordpress visitor counter, Wordpress visitor tracking