In case you’re wondering why you can’t download the latest Ubuntu desktop version that was released earlier this week – it seems to have a bit of a rogue translation issue.
A community contributor submitted offensive Ukrainian translations to a public, third party online service that we use to provide language support for the Ubuntu Desktop installer. Around three hours after the release of Ubuntu 23.10 this fact was brought to our attention and we immediately removed the affected images.
After completing initial triage, we believe that the incident only impacts translations presented to a user during installation through the Live CD environment (not an upgrade). During installation the translations are resident in memory only and are not propagated to the disk. If you have upgraded to Ubuntu Desktop 23.10 from a previous release, then you are not affected by this issue.
That’s the difference between volunteer translations nobody checks, and proper translations that go through an extensive review process. As a translator – pay for your translations, and shit like this does not happen. Period.
Thom Holwerda,
Not a bad elevator pitch
It is. Paying for a service is never a guarantee not to get fooled or worse.
Nico57,
Sure, you’ll always have scammers. Still though, it seems fair to say that on average you get what you pay for. If you paid next to nothing, then don’t have high expectations or be surprised that corners were cut. We have a lot of people and even companies who feel entitled to get work done for peanuts. So many industries are plagued by this race to the bottom and quality is the first thing to go.
Personally, I’ve lost countless projects to much cheaper offshore labor because my own clients are looking to cut costs. Very frequently this comes back to bite them, yet they never seem to learn the lesson.
Actually, since you mentioned getting fooled by paid labor, one of my clients hired an indian firm to do development work and they literally ended up in a ransom situation. Those devs were attempting to hijack the website, changing admin passwords, etc. I took care of it, but even after that experience this client never stopped looking for cheaper labor. They feel entitled to get high quality at low cost. I find this to be an ongoing theme in working with most small businesses. I can’t blame them for not wanting to (or not being able to) pay more, but at the same time it can be hard to make a living serving them without cutting corners.
Not sure being paid would necessarily exclude unwanted actions based on political motives.
Professionals are unlikely to risk a stunt like that. They have a living to make…
useyourhead,
Sure, but putting on a tin foil hat one can imagine russion operatives making a living pulling stunts like this.
This is “racketeering 101”: first you smash their stuff to create demand; then you give them your “Pay for your translations, and shit like this does not happen. Period.” ultimatum so that they know you’re going to keep smashing their stuff until you get paid.
Right. Because there’s only one translator in town. You dump a shitty fan work and everyone will come to you, guaranteed…
Are you daft?
Dude, they don’t need to pose as freelance translators for that, they got total access already as simple fans…
It’s the whole point we’re making here: attach a reputable name to your project or you just open the door to this kind of shit.
It’s part of the drawback of the open source model. Encouraging people of professional level to provide their (paid) services, for free.
In my mind translations are such a key part of usability that you’d expect it to be fairly well sponsored. However, looking at this incident in more detail shows how big a gap there was between my expectations and the reality…
Adurbe,
That’s an interesting point. Now that you’ve brought it up in this way, the notion that translators ought to be paid whereas programmers should not be seems hypocritical and inconsistent. It makes me wonder if Thom believes that programmers should be paid as well as translators or if there’s a reason one should be paid and the other should not be?
Whether it’s translations or code, everyone ostensibly wants the work to be done “professionally”. I looked up the definition of professional to see what it says about being paid…
https://www.merriam-webster.com/dictionary/professional
Definitions 1 and 3 entail the qualities of professional work. Definition 2 covers livelihood, career, and financial return. Sports professionals are used as an example. Being a professional player generally means you are paid to do it. FOSS developers are often unpaid. They may be professional under definitions 1 and 3 but not 2.
Indeed, OSS projects add an interesting layer because the programmers themselves are volunteers.
However, there’s a major difference: I never heard of a “bad actor” programmer adding deliberately damaging code to a project, while malicious fan translations are quite common.
Why is that? I think it’s down to two factors, one is inevitable and the other is not.
The first factor is that it’s much harder to double-check, with the language barrier and all. Most programmers on a project can confirm a C++ routine, while only a small subset of people have any clue what the Ukrainian text says.
The second factor is the professionalization. Like you say, that doesn’t mean the translator should be paid if nobody else is. But somebody should check if they are reputable and accountable. Again, you wouldn’t have some rando adding code without supervision, yet you take every line of text ln the screen, the whole freaking voice of your project, and hand it over to the first person that comes about, without even being able to read what they do.
As someone would says: “Well done, you just played yourself”…
useyourhead,
You make valid points.
Sour software actors do happen though…
https://arstechnica.com/information-technology/2022/01/foss-developer-who-nuked-his-apps-embraced-qanon-theory-involving-aaron-swartz/
I wasn’t really expecting this to be as relevant to our thread as it is…
Here’s another…
https://hackaday.com/2018/10/31/when-good-software-goes-bad-malware-in-open-source/
Software vulnerabilities aren’t exactly uncommon and some of them go on undetected for several years, like heartbleed, the debian crypto bug, apple’s goto fail bug, etc. Most have no proof of being malicious, but this doesn’t logically disprove malice. The best hackers will find a way to cover their tracks and make vulnerabilities appear like innocent mistakes. Extremely dedicated hackers could go as far as to surround their vulnerabilities with lots of good work to build credibility. I don’t mean to get too far off track here but the point I was trying to make is that sometimes it is very difficult to identify malicious actors in software.
In the majority of software there is little text to translate. Help files and documentation are another issue.