xz backdoor

I did a more thorough analysis and I changed my mind again. :) Specifically, I compared "Jia Tan" with myself, with the work I was doing on my FOSH computer during 2015-2019, when I worked a 9-to-5 job and worked on my computer after work; and I found ourselves largely comparable.

First, the data. For "Jia Tan", I took all the commits he authored (the field "Author" has the string "jiat" ) and for which the "AuthorDate" has the timezone UTC+0800. So I threw away a number of commits credited to "Jia Tan" because they may have been interference from Lasse Collins who may have applied the patches from "Jia" on his own machine at some weird time. To prevent them from skewing the results, I just threw them all out. For myself, I took the repo with the code and threw away all commits that are from 2020 and later. At that time either there was no work done, or else I wasn't using Git, or else I wasn't employed in a 9-to-5 job. After I left the job and again started using Git, my commits are all over the place. Literally. Not tracking any kind of a day-night cycle. xD

I then used the time of making the commit (AuthorDate) in it's own timezone. This means I'm basically testing the plausibility of "Jia Tan" being in UTC+0800, but it also means that for myself I'm automatically taking into account the daylight savings changes. This is important because this way I'm doing a better job comparing the purpoted behavior of two developers in their own lives.

Next, I counted all the commits. "Jia Tan" made the vast majority of his commits during 2023, amounting to 444 commits total, with the majority in about the span of a year and four months. I on the other hand have about three years of work I looked at and in that time I made 744 commits. You could say "Jia Tan" made about 40% more commits per year than I did.

Next, the commits were separated into commits made on weekdays and commits made on weekends. "Weekend" was counted as starting on 5 PM on a Friday and ending on 24 PM on Sunday. The weekend thus amounted to 33% of total time.

In total, I made 342 commits during workdays, amounting to 46.6% of all commits. On the other hand, "Jia Tan" made 311 commits during workdays, amounting to 70% of commits.

Next, all the commits were further divided into buckets according to the hour during which they were made. A commit made, say, starting with 8:00 PM and before 9:00 PM was counted to the bucket "20" (for 20:00, 24-hour time). Commits made before 1 AM were counted into bucket "0", commits made starting with noon and before "1 PM" were counted into bucket "12" and so on. The time "24 PM" didn't exist and was treated as "0 AM". I was actually using the 24-hour day throughout and I'm only coverting to 12-hour day for the purposes of writing this post. :)

Finally, every bucket was converted from a raw number of commits into the percentage of all commits from the developer that were made in that bucket. So a bucket "weekend, 20" now holds a percent instead of the actual number of commits. Percentage is, again, calculated as number of commits in the bucket divided by all the commits made by the developer.

I also made two separate "dot plots" which show in 2D both the day the commit was made and the moment of day the commit was made. The dot plots also differentiate between weekends and workdays. Workdays are red plusses and weekends are green x-es.

The graphs are below. First the graph of buckets then the two dot plots, first mine then "Jia Tan". The graph of buckets has been rotated to start with 6 AM so that it would be easier to view the events happening around the midnight, and how midnight doesn't itself change anything, really. :) Also, nobody had a single commit in the "6" bucket on either workdays or weekends.

As for the analysis, the difference between us is the fact "Jia Tan" has a large spike for work done between 8 PM and 9 PM, but otherwise we are mostly in line. You can see "Jia Tan" is probably one of those insufferable morning persons because on weekends he likes to commit during 10-12 AM. Some people... I on the other hand am displaying sensiblity in using weekends and I have a bump in the early afternoon, when you would expect to do some hacking. :) "Jia Tan" also has a bump in the "16" bucket, which might be explained with the notion he was working from 8 AM to 4 PM as a developer of some sort (remotely?) and then after finishing his dayjob he would do some FOSS maintenance, commit, go home, rest a little, and start working again around 8 PM. For the record, my work time was generally from 9 AM to 5 PM, a literal 9-to-5. :) I could also start working earlier, up to 8 AM, if I wanted to, and I would be expected to stay for 8 hours and then I'd be off. But I usually came to work at the last moment. :)

As for the reason why I usually came at the last moment, just look at the tail of the graph and you'll know. :) I don't remember I drove myself this hard. I thought I would be in bed by 1 AM, but apparently, actual records tell me I'd commonly stay up until 3 AM and then wake up after 8 AM. 6 hours sleep for the win! Don't do this kids, it wrecks your health. :)

Compared to me, "Jia Tan" is more sensible, not having any commits in the "workday, 3" bucket.

For my money, it seems as if "Jia Tan" wasn't doing this xz backdoor thing for a living, but as an afterwork hustle. He has plenty of commits in "workday, 16" and if you suppose those were made as part of an office job, he would presumably not have any commits after 8 hours of work. Yet 16+8=24, and he has plenty of commits in buckets 0 and 1 (which would imply a 10-hour workday). If you move his work hours forward by 1, then you get rid of bucket 0, but now have to deal with buckets 16 and 1. In addition, he made plenty of commits during the weekend. That is, realistically, unfeasible for an employee.

Share this post widely, if you please.