xz backdoor
I did a more thorough analysis and I changed my mind again. :) Specifically, I compared "Jia Tan" with myself, with the work I was doing on my FOSH computer during 2015-2019, when I worked a 9-to-5 job and worked on my computer after work; and I found ourselves largely comparable.
First, the data. For "Jia Tan", I took all the commits he authored (the field "Author" has the string "jiat" ) and for which the "AuthorDate" has the timezone UTC+0800. So I threw away a number of commits credited to "Jia Tan" because they may have been interference from Lasse Collins who may have applied the patches from "Jia" on his own machine at some weird time. To prevent them from skewing the results, I just threw them all out. For myself, I took the repo with the code and threw away all commits that are from 2020 and later. At that time either there was no work done, o ...
I then used the time of making the commit (AuthorDate) in it's own timezone. This means I'm basically testing the plausibility of "Jia Tan" being in UTC+0800, but it also means that for myself I'm automatically taking into account the daylight savings changes. This is important because this way I'm doing a better job comparing the purpoted behavior of two developers in their own lives.
Next, I counted all the commits. "Jia Tan" made the vast majority of his commits during 2023, amounting to 444 commits total, with the majority in about the span of a year and four months. I on the other hand have about three years of work I looked at and in that time I made 744 commits. You could say "Jia Tan" made about 40% more commits per year than I did.
Next, the commits were separated into commits made on weekdays and commits made on weekends. "Weekend" was counted as starting on 5 PM on a Friday and ending on 24 PM on Sunday. The weekend thus amounted to 33% of total time.
In total, I made 342 commits during workdays, amounting to 46.6% of all commits. On the other hand, "Jia Tan" made 311 commits during workdays, amounting to 70% of commits.
Next, all the commits were further divided into buckets according to the hour during which they were made. A commit made, say, starting with 8:00 PM and before 9:00 PM was counted to the bucket "20" (for 20:00, 24-hour time). Commits made before 1 AM were counted into bucket "0", commits made starting with noon and before "1 PM" were counted into bucket "12" and so on. The time "24 PM" didn't exist and was treated as "0 AM". I was actually using the 24-hour day throughout and I'm only coverting to 12-hour day for the purposes of writing this post. :)
Finally, every bucket was converted from a raw number of commits into the percentage of all commits from the developer that were made in that bucket. So a bucket "weekend, 20" now holds a percent instead of the actual number of commits. Percentage is, again, calculated as number of commits in the bucket divided by all the commits made by the developer.
I also made two separate "dot plots" which show in 2D both the day the commit was made and the moment of day the commit was made. The dot plots also differentiate between weekends and workdays. Workdays are red plusses and weekends are green x-es.
The graphs are below. First the graph of buckets then the two dot plots, first mine then "Jia Tan". The graph of buckets has been rotated to start with 6 AM so that it would be easier to view the events happening around the midnight, and how midnight doesn't itself change anything, really. :) Also, nobody had a single commit in the "6" bucket on either workdays or weekends.
As for the analysis, the difference between us is the fact "Jia Tan" has a large spike for work done between 8 PM and 9 PM, but otherwise we are mostly in line. You can see "Jia Tan" is probably one of those insufferable morning persons because on weekends he likes to commit during 10-12 AM. Some people... I on the other hand am displaying sensiblity in using weekends and I have a bump in the early afternoon, when you would expect to do some hacking. :) "Jia Tan" also has a bump in the "16" bucket, which might be explained with the notion he was working from 8 AM to 4 PM as a developer of some sort (remotely?) and then after finishing his dayjob he would do some FOSS maintenance, commit, go home, rest a little, and start working again around 8 PM. For the record, my work time was generally from 9 AM to 5 PM, a literal 9-to-5. :) I could also start working earlier, up to 8 AM, if I wanted to, and I would be expected to stay for 8 hours and then I'd be off. But I usually came to work at the last moment. :)
As for the reason why I usually came at the last moment, just look at the tail of the graph and you'll know. :) I don't remember I drove myself this hard. I thought I would be in bed by 1 AM, but apparently, actual records tell me I'd commonly stay up until 3 AM and then wake up after 8 AM. 6 hours sleep for the win! Don't do this kids, it wrecks your health. :)
Compared to me, "Jia Tan" is more sensible, not having any commits in the "workday, 3" bucket.
For my money, it seems as if "Jia Tan" wasn't doing this xz backdoor thing for a living, but as an afterwork hustle. He has plenty of commits in "workday, 16" and if you suppose those were made as part of an office job, he would presumably not have any commits after 8 hours of work. Yet 16+8=24, and he has plenty of commits in buckets 0 and 1 (which would imply a 10-hour workday). If you move his work hours forward by 1, then you get rid of bucket 0, but now have to deal with buckets 16 and 1. In addition, he made plenty of commits during the weekend. That is, realistically, unfeasible for an employee.
Share this post widely, if you please.
Millions in tax payer funding for "Antiracist, equity focused Computer Science" in Oregon, writing Latino only programming books, and more. All cancelled.
PewDiePie tells his fans to install Linux. The Leftist Activists within Open Source -- including prominent leaders - are declaring PewDiePie fans "Fascists" and "Nazis" who are "not allowed".
Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.
It's a fascinatingly annoying cycle. And there's only one viable way out of it.
Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm
Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal
Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.
Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣
Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm
Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal
Linuxfest Northwest was fun this year. Lots of nice people in the crowd. But I am sure if the name of Lunduke ever came from my mouth they'd throw me out! lol
Tonight I found my Locals session timed out, and when I got kicked out, I wound up on a page on lunduke.com saying: "Make Computers Fun Again". That made my night. Cuz yeah, computers should be fun. They used to be, and that's coming from someone who missed what some would claim to be all the best years (the 8-bit era thru the mid-90s).
Well for me... DOS is kinda winning me over, maybe even taking that top spot of my favorite retro computer. Of course I love all the 8-bits I've used, and my TheVIC20 still has its place of honor under my gaming TV. But DOS... I mean man, even without graphics mode, that OS is pretty flippin' cool! Tonight I copied Vim over to my tablet and spent an hour or so writing. Vim, Edit, and of course MS Word 5.5, make DOS a great tool for writers (to say nothing of Windows software like Notepad, which is also super nice). And DOS has a few different #Forth interpreters and a C compiler, so I'm enjoying learning to code on it too. Of course, its ...
The April Lunduke Journal Pledge drive has ended! Thank you to everyone who pitched in to help The Lunduke Journal continue to provide ad-free, Big Tech Free journalism!
The Lunduke Journal would not be possible without your support.
Seriously. Thank you.
-Lunduke
The April Lunduke Journal Pledge drive has ended! Thank you to everyone who pitched in to help The Lunduke Journal continue to provide ad-free, Big Tech Free journalism!
The Lunduke Journal would not be possible without your support.
Seriously. Thank you.
-Lunduke
The corrupt Tech Foundations of the world — WikiMedia, The Linux Foundation, Mozilla, and the rest — have received hundreds of Millions of dollars in donations. The Big Tech giants bring in Billions and Billions ever year.
And there is only one Tech News outlet that is pushing back against these woke, dirty organizations… The Lunduke Journal.
One nerdy David. Against an army of well-funded, woke Tech Goliaths.
Without your support, The Lunduke Journal would not exist.
And, without The Lunduke Journal, many Tech News stories simply would never be told.
From now, through Friday, March 28th, we are running The Lunduke Journal pledge drive.
Make a one time donation (with multiple options, including Bitcoin) — and help keep The Lunduke Journal publishing commercial free, Big-Tech-Free news.
Or grab a discounted subscription and get a few fun perks:
Access to the exclusive Forum.
Access to exclusive shows (such as Q & A’s).
Warm Fuzzy Feelings (tm) that you’re supporting truly independent Tech Journalism.
Scroll down to find the option that works bet for you. Give only what you are able. Together we will tell the Tech News stories that no other Tech News outlet has the guts cover — together we will hold these Tech Goliaths accountable.
Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!
Via BitCoin:
Send any amount of BTC to the following address:
bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq
Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer.
Via Locals:
Go to Lunduke.Locals.com/support.
Click “GIVE ONCE”.
Enter any amount you like.
Looking for a subscription? Scroll down for options!
50% off a Yearly subscription to The Lunduke Journal via both Locals and Substack. (This includes full access to the community Forum.)
That’s $2.25 per month. Pocket change.
The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life. A great way to support Big-Tech-Free Journalism.
(This includes full access to the community Forum.)
New Lifetime Subscriptions are available, for $200, from now through Friday, March 28th.
The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy.
Go to Lunduke.Locals.com/support.
Select "Give Once".
Enter "200" into the amount field.
After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)
Select the “Lifetime Subscription” option.
After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)
If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):
Make a free account on Lunduke.Locals.com.
Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).
Lunduke will toss you an email once your account is set to full lifetime status on Locals.
And, finally, you can obtain a Lifetime Subscription via Bitcoin. Save a few bucks with this option, as Bitcoin processing has fewer fees associated with it.
Make sure you have a Lunduke.Locals.com or Lunduke.Substack.com account (a free account, to either, works just fine).
Send $190 worth of Bitcoin (or more) to the following address:
bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq
Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.
Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.
All 2024 Lunduke Journal Episodes (226 total videos)
All 2025 Lunduke Journal Episodes (added throughout the year)
Or buy both 2024 and 2025 together!
Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.
The Lunduke Journal would not be possible without your support. Every subscriber, of every type, makes a massive difference in bringing Big-Tech-Free Tech Journalism to the world.
This truly is the last bastion of independent Tech Journalism.
Thank you.
-Lunduke
