If you’re confused why you can’t currently download Ubuntu 23.10 despite the fact it’s been released (and blogs like mine are telling you it’s out) there is a reason.
[From Twitter]: “We have identified hate speech from a malicious contributor in some of our translations submitted as part of a third party tool outside of the Ubuntu Archive. The Ubuntu 23.10 image has been taken down and a new version will be available once the correct translations have been restored.”
Now, I’m not 100% certain but from poking around the Ubuntu Desktop Installer GitHub — I know, I’m nosey — appears to have been (sadly) the Ukrainian translation file that was hijacked. I ran the text through a translator and …Honestly, I wish I hadn’t.
It’s a broad range of offensive sentences touching on politics, sexuality, and current events. Though shocking, none of it is particularly coherent in scope. It seems to be written to be provocative for provocations sake – the sort of stuff people post on X to farm likes from far-right bots.
As an aside remark, it’s really funny how everyone has to elaborate what the fuck they’re talking about when they talk about Twitter.
In a post on X (formerly Twitter) Ubuntu explains the situation
could have just been written as
In a tweet, Ubuntu explains the situation
but the epic genius elon decided to destroy all brand recognition. Truly incredible thing to witness. Twitter literally got its own branded terms into common lexicon and he just set it all on fire.
deleted by creator
Which is amazing that X isn’t being sued by Xorg. I guess they probably don’t have the same amount of money (although Twitter is probably going to be negative soon). It’s also not really competition, but they’re both tech companies. I could easily see Xorg winning that one.
Whoever has the most money automatically wins a lawsuit, because X could EASILY just get more lawyers to make more BAD faith arguments.
deleted by creator
He didnt just set the brand recognition on fire, elon basically did everything someone would do if they wanted to intentionally run twitter into the ground.
Now spez needs to rename Reddit and make his idol proud.
In a Y (formerly known as post) on Y (formerly known as reddit) a Y (formerly known as user) “vaporeonpissdrinker69” has said that…
Ycombinator looks around nervously
At least, vaporeon is compatible. In fact it is most compatible.
Perfect tagline for that site: “Y tho”
…and they replace the alien with the fellow in the meme (who was a Pope apparently. Who knew.)
Maybe that was his plan for creating true free speech, by driving everyone away from twitter to mastodon…
A very 200iq plan, only cost him $44B
It cost him a lot more than that. He lost about 200 billion in stock value that he owned and among the companies he “runs” about a trillion was lost in total due to investers dumping stock after seeing his ineptitude on full display.
Truly someone who is willing to go beyond his earthy wealth for his ideas of free speech.
No. The companies he controls at some level lost about a trillion in stock value combined
Yeah probably, I am trying to be funny here haha.
a trillion
Wait, he was a trillionaire before? Interesting, now I’m curious what effects did this made to the economy, it would be a fun read (maybe).
At those scales it’s apparent that money is mostly imaginary.
$10 is $10 but a publicly traded tech company loses most of its value the moment you try to sell it, but that doesn’t matter when the owner can “lose” 44 billion or 200 billion or a trillion or whatever and experience absolutely no change in his lifestyle.
Or we all could just still call it twitter and tweets, and be done with it
I propose we just stop talking about it altogether.
No, It’s called X now. Elon willed it so, and I’m happy to oblige. Posts are called X-cretions (or X-crement, if they are shitposts).
Well, he is allegedly fond of the poop emoji.
Like we call meta Facebook and alphabet google. 💁🏻♀️
Facebook is still Facebook and Google is still Google, and they’re owned by Meta and Alphabet, unlike X
What Google/Facebook did, while a little silly, at least makes some sense because they’re segregating the product from the megacorp that owns the product. They maintain the benefits of having consistent branding while also separating out their corporate interests under a new name. In Google’s case, Google still exists as a subsidiary of Alphabet, while in Facebook’s case Facebook is not a separate company anymore but it still exists as just one of the platforms that Meta operates.
With X, the product itself was renamed, and in so doing the branding was destroyed. There’s no good reason to do this as far as I can tell.
No no, it’s not 'a tweet ’ anymore, it’s ‘an X(, formerly known as a tweet)’
“In an X(formerly known as a tweet) on X(formerly known as Twitter) …”
It just rolls off the tongue!
Real “Los Angeles Angels of Anaheim” energy
The first X is pronounced Æsh
I hope this practice never dies.
(Also has “the artist formerly known as Prince vibes”.)The Prince one is different, since he changed his name to something that can’t be even spelled.
The current branding gives more a placeholder asset feeling than a memorable identity. Sorry the twitter logo isn’t loading so we’ll show you an “X” in the meantime
deleted by creator
𝕏cretion/𝕏creted
Why read X posts when you can watch X videos
I thought it was xeets
xcretes
“In a xweet (…)”
I prefer “xeet”
Xeet xeet, motherfucker
“In a xhit (…)”
On some news stories I’ve been seeing them refer to it as “the social media company X”
@fadingembers
So the company x social that existed before the muskrat bought twitter then, right?
@GnuLinuxDude
They could just keep calling tweet, or tweet on X, maybe they just keep this shit to show how stupid the change is…
“in a recent Twix…”
SMH what is wrong with people.
I mean… it’s likely just some Russian trolls fucking around
Ah yes I remember Russians that spread malware with node-ipc… oh wait, it was Ukrainians!
The irony of that statement.
Go back to your fucking cave
More irony. This is borderline comedic now. Cave man ugghh
I don’t understand, what’s ironic about it ? is the commenter a russian troll themself ?
Well, the original post is about some loser adding hate speech to Ubuntu.
Then this clown jumps in, and starts hate speech against Russian people.
He’s ok to throw some about, but the Ubuntu guy isn’t?
I mean, the irony and myopia is strong here.
Some people just need a punch in the face to understand why they shouldn’t use hate speech.
A punch in the face with a chair…
Some people need a high-five. With a billiard table. In the face.
Along with a nice thumbs up. With a thumb. Up their peehole.
Kinky
Redneck, or pirate, or leet speak language options are there to let developers test the translations without them having to be bilingual.
OK what’s the deal with those m’s and w’s?? It looks like a standard seriffed BIOS/ROM font except for those.
That is weird. Didn’t even notice til I read this.
Nobody is even slightly concerned that this made it to release? if they can shove in hate speech without anyone noticing, cant be much harder to slowly introduce a backdoor over several commits.
Minecraft got in trouble when the Afrikaans translation had the n-word (in English) due to a malicious translator. CDPR had an issue with the Ukrainian translation making references to the ongoing war.
This sort of thing happens somewhat frequently. It’s the same reason how fake sign language interpreters can hold positions. It’s hard to verify the accuracy of a translation in a language you don’t speak. They have to trust that the translator did their job right.
Translations are usually just text strings. No reasonable project would allow translators to write code.
I mean honestly though, if there are code reviews, how hard would it be to just make a quick “translation review”, putting the stuff through a translator program, and verifying it’s not obvious bullshit? Especially for new/unknown contributors. Of course it’s additional work, again, but a sanity check should easily be possible.
Quite hard. We had Open Source’ish LLMs for only around six months, if they are even up to the task of verifying a translation is another issue and if they are up to Debian’s Open Source guidelines yet another. This is obviously going to be the long term solution, but the tech for that has simply not been around for very long.
And of course once you have translation tools good enough for the task, you might just skip the human translator altogether and just use machine translations.
I more meant that if something contains “fucking kill all ukrainians and trans people”, which it sounds like this was something like that, that should be possible to see even with bad translation tools.
It wasn’t, by the way. Though it could have been flagged by the dumbest of online translators (or even anyone who could read Cyrillic, since some of it uses English loanwords, like “sex” and “gay”). It should never have made it in release, but I disagree with categorizing it as “hate speech”. I feel comfortable posting it here, even though it’s pretty crude and #3 in particular is very vulgar. If anyone’s curious, here are the Google Translate translations of the vandalized parts (except for one of them, fullInstallationSubtitle, which I think is too offensive to be repeated here. It references the Israel-Palestine war):
Suck dicks in this {DISTRO}
Your pants aren’t off yet
.
Classic gay sex
Only the bare essentials, circumcised beards and Jewish pornography.
Warning: This feature is not supported by your synagogue and cannot support updates to future versions of the Podor system. Please, take off your pants already.
It’s not that difficult, just take and take off your pants
Experimental encryption of the ancient Hebrew language
Complete infection with syphilis
Turn off RST, spread your buttocks, and continue
Everything is a hook
You left with your pin point
Too much grease on the primary socket
Leave unwashed
The mount point should start with removing the pants "/"That’s a lot of pant removal.
But anyway, it should be quite possible to automatically screen the translation for something this blatant.
I mean yeah, I was speculating. But what you posted also seems easily detectable :D
I would assume since it was a block of raw text in Ukrainian in a translation file, it would have passed more under the radar than something like a backdoor. I do not know how things are reviewed before being pushed to release though.
Not really, not only because of the language but also because the same scrutiny between code and content wouldn’t have to be the same. I also don’t expect core aspects of the distribution, e.g kernel, package manager, cryptography libraries, to be verified the same way than a random software, e.g Kdenlive. So… is it bad, absolutely. Does it mean everything should be questioned again? Probably not.
I’m sure more people know C or Python than Ukrainian at Canonical. It looks like this particular change has been authorized by a third-party localization project, though I’m not sure the whole process works.
Translations are not going to be analyzed as thoroughly as code, and this was still found quite quickly. Submitted code is analyzed much more thoroughly, often by multiple members or the project.
It is very concerning, absolutely. With that said, it’s entirely possible localization/translation reviews work differently than code reviews.
Well but they DID notice
Most translations are contributed by external users for languages that the project developers don’t speak themselves, so they can’t always check everything unless there’s multiple active translators for one language.
Ukrainian has enough speakers for there to be multiple translators, doesn’t it?
Clearly not enough active ones for each and every project out there.
But oPeN sOuRce iS sAfe.
Lol. You have to understand the context here. This is just translations. Actual code has many, many more eyes on it. An entire university was banned from submitting code to Linux, because of two dumbasses. They found and fixed genuine bugs. Built up lots of trust. Then violated that trust with actual use-after-free bugs submitted intentionally.
The submitted “patches” to the development branch was to prove it’s easy to get exploits into high profile open source projects. They ultimately proved the contrary. Making their “research” bunk. The code they submitted never made it past the development testing phase.
The context is that code made its way into shipped open source software.
The type doesn’t matter. It proves that there can be slip ups.
Move goal posts, though.
It proves that there can be slip ups.
Something nobody has ever disputed.
Translations… aren’t code though…?
Someone has been defacing OpenStreetMap with stuff like this for months as well. It’s pretty sad.
I contribute to OSM a lot and thankfully I haven’t ran into vandalism yet. I’ve always been kind of surprised it isn’t way more common. I guess maybe it is, just not around me.
This is just messed up and sad. Why do people do this stuff? Why do they have to act like assholes?
If you’re genuinely confused, it’s because a lot of people live broken lives and it brings them joy to bring others down.
I wish I was tbh, it’s sad that stuff like this happens and it’s very unfortunate… it bewilders me so much, to see someone go out their way to do shit like this but I guess when you’re full of hate you’ll do stupid shit like this
I read the changes, and it seems to me it was a stupid child. Not even someone malicious, but just a stupid love being edgy.
I see, honestly I HOPE it was some stupid child because if it was an adult with a functioning brain then idk what to say
If they could understand the situation, their heads would explode. But they can’t, that’s why.
yep, sadly that’s true
Kinda answered your own question there
Im amazed by peoples creativity.
I havent thought until now that such things like translations can be misused for hate speech.
Honestly, I’m more surprised that it wasn’t caught by some review process. We normies may not consider it. But with 8 billion individuals on this planet, the chances of this happening is near 100%, without sufficient safeguards in place. If this is what happens to something as obvious as translation, imagine how compromised all those cryptic open source code must be!
I wonder if people like that are why I was denied volunteer help on indie games with very broken English I wished to fix. :(
And why companies usually don’t allow for community translations outside of mods, or indies taking “no responsibility” when releasing them when donated.
It’s a legal and PR risk.
There’s another case where the author doesn’t know enough English to know that making every toggle setting in the format of “Is (setting) ?” like “Does Close ADB when Closing Installer?” and “Is show helpers?” is wrong and insinuates that you ruined the meaning
No bias here
The commit in question if anyone’s interested: https://github.com/canonical/ubuntu-desktop-provision/commit/6f4028057e55cebfc53cc45cb39831f7e6a176cb
I’m not sure why the author’s account is not clickable - has he deleted it?
submitted as part of a third party tool outside of the Ubuntu Archive
Not every git user is guaranteed to have an account. In this case, most translators probably don’t as it was automatically translated with weblate, which Ubuntu appears to have since removed.
But why not release 23.10 but without the affected language pack? The Ukrainian translation can be released once the vandalism is fixed.
Weird, I downloaded the Kubuntu 23.10 ISO yesterday. There wasn’t s link on the site but I changed the 23.04 link to 23.10 and it got in fine.