Lunduke
News • Science & Tech
Make Computers Fun Again - Linux, UNIX, Alternative Operating Systems, Computer History, and Retro Computing. Also dad jokes.
Interested? Want to learn more about the community?
April 02, 2024

xz backdoor

I did a more thorough analysis and I changed my mind again. :) Specifically, I compared "Jia Tan" with myself, with the work I was doing on my FOSH computer during 2015-2019, when I worked a 9-to-5 job and worked on my computer after work; and I found ourselves largely comparable.

First, the data. For "Jia Tan", I took all the commits he authored (the field "Author" has the string "jiat" ) and for which the "AuthorDate" has the timezone UTC+0800. So I threw away a number of commits credited to "Jia Tan" because they may have been interference from Lasse Collins who may have applied the patches from "Jia" on his own machine at some weird time. To prevent them from skewing the results, I just threw them all out. For myself, I took the repo with the code and threw away all commits that are from 2020 and later. At that time either there was no work done, or else I wasn't using Git, or else I wasn't employed in a 9-to-5 job. After I left the job and again started using Git, my commits are all over the place. Literally. Not tracking any kind of a day-night cycle. xD

I then used the time of making the commit (AuthorDate) in it's own timezone. This means I'm basically testing the plausibility of "Jia Tan" being in UTC+0800, but it also means that for myself I'm automatically taking into account the daylight savings changes. This is important because this way I'm doing a better job comparing the purpoted behavior of two developers in their own lives.

Next, I counted all the commits. "Jia Tan" made the vast majority of his commits during 2023, amounting to 444 commits total, with the majority in about the span of a year and four months. I on the other hand have about three years of work I looked at and in that time I made 744 commits. You could say "Jia Tan" made about 40% more commits per year than I did.

Next, the commits were separated into commits made on weekdays and commits made on weekends. "Weekend" was counted as starting on 5 PM on a Friday and ending on 24 PM on Sunday. The weekend thus amounted to 33% of total time.

In total, I made 342 commits during workdays, amounting to 46.6% of all commits. On the other hand, "Jia Tan" made 311 commits during workdays, amounting to 70% of commits.

Next, all the commits were further divided into buckets according to the hour during which they were made. A commit made, say, starting with 8:00 PM and before 9:00 PM was counted to the bucket "20" (for 20:00, 24-hour time). Commits made before 1 AM were counted into bucket "0", commits made starting with noon and before "1 PM" were counted into bucket "12" and so on. The time "24 PM" didn't exist and was treated as "0 AM". I was actually using the 24-hour day throughout and I'm only coverting to 12-hour day for the purposes of writing this post. :)

Finally, every bucket was converted from a raw number of commits into the percentage of all commits from the developer that were made in that bucket. So a bucket "weekend, 20" now holds a percent instead of the actual number of commits. Percentage is, again, calculated as number of commits in the bucket divided by all the commits made by the developer.

I also made two separate "dot plots" which show in 2D both the day the commit was made and the moment of day the commit was made. The dot plots also differentiate between weekends and workdays. Workdays are red plusses and weekends are green x-es.

The graphs are below. First the graph of buckets then the two dot plots, first mine then "Jia Tan". The graph of buckets has been rotated to start with 6 AM so that it would be easier to view the events happening around the midnight, and how midnight doesn't itself change anything, really. :) Also, nobody had a single commit in the "6" bucket on either workdays or weekends.

As for the analysis, the difference between us is the fact "Jia Tan" has a large spike for work done between 8 PM and 9 PM, but otherwise we are mostly in line. You can see "Jia Tan" is probably one of those insufferable morning persons because on weekends he likes to commit during 10-12 AM. Some people... I on the other hand am displaying sensiblity in using weekends and I have a bump in the early afternoon, when you would expect to do some hacking. :) "Jia Tan" also has a bump in the "16" bucket, which might be explained with the notion he was working from 8 AM to 4 PM as a developer of some sort (remotely?) and then after finishing his dayjob he would do some FOSS maintenance, commit, go home, rest a little, and start working again around 8 PM. For the record, my work time was generally from 9 AM to 5 PM, a literal 9-to-5. :) I could also start working earlier, up to 8 AM, if I wanted to, and I would be expected to stay for 8 hours and then I'd be off. But I usually came to work at the last moment. :)

As for the reason why I usually came at the last moment, just look at the tail of the graph and you'll know. :) I don't remember I drove myself this hard. I thought I would be in bed by 1 AM, but apparently, actual records tell me I'd commonly stay up until 3 AM and then wake up after 8 AM. 6 hours sleep for the win! Don't do this kids, it wrecks your health. :)

Compared to me, "Jia Tan" is more sensible, not having any commits in the "workday, 3" bucket.

For my money, it seems as if "Jia Tan" wasn't doing this xz backdoor thing for a living, but as an afterwork hustle. He has plenty of commits in "workday, 16" and if you suppose those were made as part of an office job, he would presumably not have any commits after 8 hours of work. Yet 16+8=24, and he has plenty of commits in buckets 0 and 1 (which would imply a 10-hour workday). If you move his work hours forward by 1, then you get rid of bucket 0, but now have to deal with buckets 16 and 1. In addition, he made plenty of commits during the weekend. That is, realistically, unfeasible for an employee.

Share this post widely, if you please.

Interested? Want to learn more about the community?
What else you may like…
Videos
Podcasts
Posts
Articles
End of the Internet? Dead Internet Theory + Disappearing Content = Rut Roh

The Internet is mostly made by AI... but that's ok, it's all being deleted anyway.

00:28:24
The Future of Computing: A.I. and Advocacy. ...Seriously?

Microsoft, Firefox maker Mozilla, & Red Hat envision a future where computers are focused on Artificial Intelligence & Political Advocacy (and Activism). Where do others, like Apple & Ubuntu, stand?

00:28:46
The Open Source Community is Neither "Open" nor a "Community"

Other words that don't describe the Open Source World: Free, Democracy, Welcoming, Inclusive, Honest.

00:32:04
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

News fast update!

Last weekend, on what was pretty much a dare, I decided to not look at any "news" for the week. I signed out of all social media, except for FB and Discord. I'm in a couple motorcycle groups on FB that revolve around the Mid-Atlantic Backcountry Discovery Route. I just looked at that, and didn't even load up the main feed. Discord just for chat, though I even kept that to a minimum. I didn't click through anything that even remotely looked like news. I didn't go to Slashdot or CNN or Fox or the orange site, any of it. I skipped the current affairs people I follow on Youtube.

I didn't watch or read any of Bryan's new stuff. Heck, the only time I even signed into Locals was when I accidentally fired up the Android app, which I promptly closed. (I was trying to open my banking app and it's right beside Locals.)

In other words, I currently don't have a clue about anything. I see there's a new Q&A. I'ma go watch it now.

Going forward, I think a lot of what I...

post photo preview
post photo preview
post photo preview
Last week at The Lunduke Journal (May 19 - May 25, 2024)
Open Source! The Future of Computing! The End of the Internet! Yowza, what a week!

We tackled some pretty big topics last week!  The nature of "The Open Source Community", the future of computing (according to "the powers that be"), and the... end of the Internet?  Yikes.  Intense stuff!

Luckily, we ended the week with various nerdy goofiness.  You know.  To cleanse the palate.

Oh!  Have I thanked all of The Lunduke Journal subscribers yet today?  No?  Well, gosh darn it, I should!  You amazing nerds make all of this possible.

The Videos

The Articles

Previous Few Weeks

And, would you look at that?  A new week is about to begin!  If the past is a good indictor of the future... better buckle up, Buttercup!  This next week is gonna be a fun ride!

Read full Article
post photo preview
Instantly Become an Elite Movie Hacker
(with 3 simple tools)

Feeling lazy?  Want anyone who happens to walk past your computer screen to think you are incredibly busy writing — or compiling — a mountain of code?

Filming a movie about a squad of elite hackers and need the computer screens to... you know... look the part?

Or, heck, are you just a bit bored and want to make your computer do something funky looking?

Whichever situation you find yourself in, here are three different tools that will make your computer appear like it is hard at work doing some seriously elite hacking and coding.

1 - Genact

Genact is described as a “nonsense activity generator”. And boy does it do its job well.

Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of Genact and watch the show. Genact has multiple scenes that pretend to be doing something exciting or useful when in reality nothing is happening at all.

Runs on Linux, Windows, and Mac… and creates screens like this:

Compiling!

 

Memory Dumping!

 

Download-inating!

Genact has a whole boatload of different modules to help you pretend to do a bunch of different things: Mining crypto, handling docker images, compiling kernels, viewing logs… it’s all here.

2 - Hollywood

Hollywood is a Linux-only option, and it looks oh-so-cool. It runs in a terminal, and opens up a whole bunch of different applications (mostly real performance and network monitoring tools) each of which displays constantly updating bits of information.

The whole point is to make your computer look super busy… and super hacker-y. Just like in a movie.

In fact, Hollywood looks so good that it’s been used in multiple TV shows.

For example, here it is in a segment for NBC Nightly News:

So much elite hacker-y-ness!

Yeah. The news. A fake “make your computer look like it’s hacking something” application. On the news. If that’s not a great representation of the sorry state of TV News, I don’t know what is.

Just for the sake of completeness… here’s a shot of two investigators -- from that news report -- pointing to the random, gibberish output of Hollywood… and pretending like it’s super fascinating, real data that is somehow relevant to the news segment.

"Hmm.  Yes.  My elite hacker brain is thinking about this very real hacker stuff on this computer screen.  Look!  Right there!  Hacker stuff!"

That is, I kid you not, absolutely real.  This was on the news.

And here’s Hollywood in a sketch on Saturday Night Live:

"Don't interrupt me!  Can't you see I'm hacking!"

Seriously.  Hollywood is tons of fun to play with.  Even if you're not filming a news report.

3 - HackerTyper.net

HackerTyper.net is a bit different than the other ones.

Here’s how it works:

  1. Open up HackerTyper.net.

  2. Start hitting keys on the keyboard. Any keys at all. Doesn’t matter.

  3. Perfectly formatted C code appears on the screen!

Alloc's and Struct's and Int's!  Huzzah!

Now you can write code just like actors in the movies! Just sit back and pound away at your keyboard -- like a deranged, drunken monkey -- with complete disregard for what keys you’re actually pressing!

Whichever of these three options you choose -- HackerTyper, Hollywood, or Genact -- you are now fully equiped to become the most elitest of elite movie hackers.  (You're even ready to be on the evening news.)

Read full Article
post photo preview
Funny Programming Pictures Part XLI
That's, like, 41 in normal, non-fancy numbers.

Behold!  Pictures... from... the Internet!

 

Dangit, Bilbo!  Knock it off!

 

I would... still apply the .gitignore rules.  ... right?  I think?

 

HTTP jokes are all the rage these days.

 

According to every PM and Scrum Master I've ever worked with, this is true.

 

False.  Five months.

 

The Amazon Shareholders would like to thank you for your contribution.

 

It's totally normal for the value of a currency to fluxuate by 10% every day.  At random.  Wink wink.

 

You think a measly garage door is going to stop Flanders from asking you about LLM's?

 

Ok.  This one's not about programming or computers.  But.  You know.  Think about it.

 

This comic is highly misleading.  In real life, the "issues" bag is roughly twice the size.  Also the corporation stole the tree.

 

Can't argue with that.

 

He he.  Still one of my favorites.

 

I should make a rule about this within The Lunduke Journal.  Anyone who mentions "AI" has to drop a quarter in the tip jar.  I'd be rich!  Rich, I say!

 

Dagnabbit.

 

I'm not saying Infrastructure guys are pansies nowadays.  But they're pansies nowadays.

 

Yup.

 

It takes screenshots of your mouth.

 

You see... because they have small brains.
Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals