Oddbean

Ubuntu Bitcoin Hack, yet CEO is still clueless A scammer got a fake version of Exodus wallet in Canonical’s Ubuntu Snap Store. This fake scam wallet drained 9 Bitcoins (worth nearly half a million USD) from a user. [1] The scammer was able to fake Exodus wallet’s logo and images without anyone from the company or Canonical noticing. [2] Quoting Mark Shuttleworth, CEO of Canonical, "cryptocurrency is largely a cesspit of ignoble intentions even if the mathematics are interesting",….. Additionally, Shuttleworth also opened an additional forum post to discuss requiring "more comprehensive proof of publisher identity for every publisher" for Snaps. [3] Mr. Shuttleworth, Your comments about cryptocurrency being a “cesspit” represent a gross misunderstanding of the purpose of Linux. It’s ludicrous to honor open source operating systems for privacy and freedom, but dismiss open source money. A Linux distribution is a package manager, where your goal is to vet software. Instead of doing a good job at this, Canonical seeks to undermine the authority of all other Linux distributions. You want to pretend Snaps are all about cross-platform distribution, when really it’s just Canonical attempting to act as a gatekeeper. This is done by forcing unpopular technology that is slow to start on graphical environments. The fact that Canonical continues to double down on “Slow GUI” Snaps, shows they only care about enterprise servers without GUIs, and therefore a complete disregard for the home end-user. Finally, your comments regarding forcing KYC to publish software on Ubuntu’s Snap Store are uneducated. Please go read the Wikileaks book, because you will not even make it past chapter 1 without learning the US government enslaves foreigners with debt through the World Bank, and murders and genocides millions through their foreign policy. Some choose to resist this through violence. Others write code that empowers us to resist the empire’s surveillance, so that we may be free. This is the only real purpose in Ubuntu. And by forcing KYC, you choke off meaningful development from anonymous devs who can’t comply with bullshit regulation. So Mr. Shuttleworth, how can you stop scams? 1) Closed source crypto apps should get a manual overview. These are the highest risk. 2) Instead of asking for KYC, ask for a PGP sign from the same key used on the developer’s other releases. (for example Exodus Debian packages) Now I’m done talking to Shuttleworth and I turn to you. The reason these issues are not addressed is pessimism. Only because people believe it doesn’t matter, and their actions are meaningless do they do nothing. Well, I got some news for you, but a different vendor emailed us a few days ago, and they are doing the work to remove some Big Tech from their site, thanks to you helping these articles trend. And so if you share this, you say to Ubuntu and all those forcing KYC to slowly creep into all aspects of our lives, that we will not stand by and let our freedoms be taken. That inside you is optimism and hope. And if Shuttleworth will not listen, someday Ubuntu will share the same fate as Ubuntu Phones. Sources: https://simplifiedprivacy.com/ubuntu-crypto-snap-scam/

I like the topic of the latest article, but I'd like to make 3 critiques regarding the content if I may. 1. Mark states crypto is a "cesspool of ignoble intentions". That could be interpreted as "There is a lot of scamming going on in crypto", and would be very True. Mark's choice of ambiguous words certainly could be made more clear. I don't really know what his opinion of crypto is in general use. 2. Mark wants to begin "forcing KYC"? Maybe. Or maybe some other verification is needed? We don't know. What we do know, is that absolutely more verification of some type is needed to prevent imposters. Exodus never uploaded their program to the snap store. The malicious snap package was someone pretending to be the creators of Exodus. 3. Canonical wants to "pretend Snaps are all about cross-platform distribution"? I'm not a fan of Snaps. I can't even use Snaps on NixOS. But there is something Flatpak and AppImage can't do that Snaps can- Snaps can run a background service. Snaps are good at non-GUI software. Is Ubuntu intentionally making the GUI Snaps slower than they could be? Probably, not. But that's the good thing about FOSS technologies. If we don't like the Snap GUI package, then we can still use the Flatpak or AppImage instead. I try to give this critique fairly and with good intentions. I'm thankful for the article, and the light it shines on the problem of the Snap store. Cheers 😊

Agreed. In fact, there are similar attempts by malicious actors on #Flathub. Just a few days ago, a verfied #opensource listing of #SparrowWallet was available for one day or less complete with the exact same logo before it was discovered and removed from Github and Flathub. They know #Linux is getting popular so these impersonations will probably increase.

What are some good practices new users should be aware of? How do you like to be safe in whatever Linux version you are using? Thanks for any tips or articles helping me start this line of research. Installing Ubuntu and ditching Microsoft felt great at the time. Looks like its time for me to try another version of linux. What version do you like to run? Thanks