Ubuntu 23.10, the Mantic Minotaur, Withdrawn Due to Social Engineering Attack via Translations
Reprinted with permission from Ryan Farmer.
Canonical Puts Homophobic Translations Into Ubuntu Installer After Snap Store Malware Incidents; Says Security of Products is “Very Important”.
Not long after yet another round of malware in the Ubuntu Snap Store, Microsoft-partner Canonical got caught with their pants down again.
Ubuntu 23.10, the Mantic Minotaur, had to be yanked back down, after Canonical released ISO installer images containing a malicious Ukrainian translation full of “teenage boy” style homophobic slurs and hate speech.
Canonical released two statements. One was on X/Twitter, the famously progressive and Social Justice Diversity Equality Inclusion site ran by Elon Musk that the libtards love. *giggles* (I’m, of course, messing with you. The guy allows Nazis and why is Canonical on X, I wonder. Maybe ask them?)
And the other, on their site. Where they say security is “very important” and leave an E-Mail address where you can contact them regarding any disasters you find in their products.
At this point, you know, you really have to wonder how careful Canonical really is about what goes into their distribution.
If they can’t secure the Snap Store and can’t even be bothered to run the translations back into English using cut and paste into Google Translate, how much effort are they really putting into Ubuntu these days, and why would I want to use it?
Their Snap system is so poorly designed that as long as it is in the distribution, I will never touch Ubuntu.
I don’t even recommend Linux Mint to people, except to tell them about Linux Mint Debian Edition, which just had LMDE 6 go out recently, based on Debian 12.
Debian is a much more stable and secure Linux distribution, and they don’t rely on marketing bullshit and gimmicks, like the Snap store. It actually uses and recommends its own packaging system and they seem to be careful about what goes into it.
Debian must be doing something right because so many hundreds of “other distributions” start out with Debian and then layer the actual goals of that distribution on Debian, since Debian already has done all the grunt work for them.
When Ubuntu started out, it was pitched as “an easy way to actually get Debian installed”, and when I evaluated it, it was.
In the early days, they did a lot of good work to actually improve on the problems that Debian, and Linux, were having, including a bad setup program, lack of “good defaults” for each role, and an aging init system that was having trouble going on.
Over the years, they’ve abandoned all efforts at actually improving the Linux desktop experience.
They’ve signed a deal with Microsoft to promote malicious “cloud” disservices and proprietary software, through a malware-addled App Store, replaced some of their own technologies that were quite good (such as Upstart) with IBM-isms that are full of bugs (systemd) or, frankly, are such an embarrassment that they’re squarely into “You cannot be serious.” territory (like Wayland).
They’ve brought in the worst Linux desktop they possibly could have gotten their hands on, which is GNOME, where nobody cares about bugs and people do a lot of work to scrap important features and even more work to contain the security fallout of features which actually should be deleted.
(The patch to try to plug the hole in the sandbox that the security researcher didn’t even notice he’d escaped from is several hundred lines of additional code in GNOME.)
At this point, Ubuntu needs to be completely rebooted, including dropping GNOME and Snaps, and putting KDE in as the default desktop.
None of which will happen. They’ve shown that they’re as disinterested in a stable and usable desktop experience as IBM is, and even less concerned with security.
This latest embarrassment is just frosting for the “I told you so.” cake, regarding Ubuntu.
That they cannot be bothered to even do a cursory check on translations should tell you what’s going on in there.
None of the news sites are telling people where to find the offensive translations so they can see what Canonical allowed in, so I will.
They’re on Microsoft GitHub, at least at the time of this writing. But also, backed up on Archive Today.
The malicious translations seem to start on Line 455.
If you don’t want to be offended, I suggest not reading or translating any of the Ukrainan text in this file.
There was a lot of stuff about systemd that I won’t repeat here.
-Reddit User
I actually laughed at some of it, including the parts where whoever did this compared encrypting your disk using the “Trusted Platform Module” with a “complete infection with Syphilis”.
You can’t trust corporations to manage anything. I’m not laughing at the majority of what they actually put in there, I’m laughing that the idiots running Canonical didn’t even notice.
Ubuntu has spent years turning into useless corporate trash.
It’s the Linux version of Windows. Just, basically, run. █