Confused why you can't currently download Ubuntu 23.10, despite the fact it's been released (and blogs like mine are telling you it's out)? There's a
If you’re confused why you can’t currently download Ubuntu 23.10 despite the fact it’s been released (and blogs like mine are telling you it’s out) there is a reason.
[From Twitter]: "We have identified hate speech from a malicious contributor in some of our translations submitted as part of a third party tool outside of the Ubuntu Archive. The Ubuntu 23.10 image has been taken down and a new version will be available once the correct translations have been restored."
Now, I’m not 100% certain but from poking around the Ubuntu Desktop Installer GitHub — I know, I’m nosey — appears to have been (sadly) the Ukrainian translation file that was hijacked. I ran the text through a translator and …Honestly, I wish I hadn’t.
It’s a broad range of offensive sentences touching on politics, sexuality, and current events. Though shocking, none of it is particularly coherent in scope. It seems to be written to be provocative for provocations sake – the sort of stuff people post on X to farm likes from far-right bots.
As an aside remark, it's really funny how everyone has to elaborate what the fuck they're talking about when they talk about Twitter.
In a post on X (formerly Twitter) Ubuntu explains the situation
could have just been written as
In a tweet, Ubuntu explains the situation
but the epic genius elon decided to destroy all brand recognition. Truly incredible thing to witness. Twitter literally got its own branded terms into common lexicon and he just set it all on fire.
Which is amazing that X isn't being sued by Xorg. I guess they probably don't have the same amount of money (although Twitter is probably going to be negative soon). It's also not really competition, but they're both tech companies. I could easily see Xorg winning that one.
He didnt just set the brand recognition on fire, elon basically did everything someone would do if they wanted to intentionally run twitter into the ground.
The current branding gives more a placeholder asset feeling than a memorable identity. Sorry the twitter logo isn't loading so we'll show you an "X" in the meantime
Nobody is even slightly concerned that this made it to release? if they can shove in hate speech without anyone noticing, cant be much harder to slowly introduce a backdoor over several commits.
Minecraft got in trouble when the Afrikaans translation had the n-word (in English) due to a malicious translator. CDPR had an issue with the Ukrainian translation making references to the ongoing war.
This sort of thing happens somewhat frequently. It's the same reason how fake sign language interpreters can hold positions. It's hard to verify the accuracy of a translation in a language you don't speak. They have to trust that the translator did their job right.
Translations are usually just text strings. No reasonable project would allow translators to write code.
I mean honestly though, if there are code reviews, how hard would it be to just make a quick "translation review", putting the stuff through a translator program, and verifying it's not obvious bullshit? Especially for new/unknown contributors. Of course it's additional work, again, but a sanity check should easily be possible.
I would assume since it was a block of raw text in Ukrainian in a translation file, it would have passed more under the radar than something like a backdoor. I do not know how things are reviewed before being pushed to release though.
Not really, not only because of the language but also because the same scrutiny between code and content wouldn't have to be the same. I also don't expect core aspects of the distribution, e.g kernel, package manager, cryptography libraries, to be verified the same way than a random software, e.g Kdenlive. So... is it bad, absolutely. Does it mean everything should be questioned again? Probably not.
I'm sure more people know C or Python than Ukrainian at Canonical. It looks like this particular change has been authorized by a third-party localization project, though I'm not sure the whole process works.
Translations are not going to be analyzed as thoroughly as code, and this was still found quite quickly. Submitted code is analyzed much more thoroughly, often by multiple members or the project.
Most translations are contributed by external users for languages that the project developers don't speak themselves, so they can't always check everything unless there's multiple active translators for one language.
Lol. You have to understand the context here. This is just translations. Actual code has many, many more eyes on it. An entire university was banned from submitting code to Linux, because of two dumbasses. They found and fixed genuine bugs. Built up lots of trust. Then violated that trust with actual use-after-free bugs submitted intentionally.
The submitted "patches" to the development branch was to prove it's easy to get exploits into high profile open source projects. They ultimately proved the contrary. Making their "research" bunk. The code they submitted never made it past the development testing phase.
I wish I was tbh, it's sad that stuff like this happens and it's very unfortunate... it bewilders me so much, to see someone go out their way to do shit like this but I guess when you're full of hate you'll do stupid shit like this
I contribute to OSM a lot and thankfully I haven’t ran into vandalism yet. I’ve always been kind of surprised it isn’t way more common. I guess maybe it is, just not around me.
Honestly, I'm more surprised that it wasn't caught by some review process. We normies may not consider it. But with 8 billion individuals on this planet, the chances of this happening is near 100%, without sufficient safeguards in place. If this is what happens to something as obvious as translation, imagine how compromised all those cryptic open source code must be!
And why companies usually don't allow for community translations outside of mods, or indies taking "no responsibility" when releasing them when donated.
There’s another case where the author doesn’t know enough English to know that making every toggle setting in the format of “Is (setting) ?” like “Does Close ADB when Closing Installer?” and “Is show helpers?” is wrong and insinuates that you ruined the meaning
submitted as part of a third party tool outside of the Ubuntu Archive
Not every git user is guaranteed to have an account. In this case, most translators probably don’t as it was automatically translated with weblate, which Ubuntu appears to have since removed.