Login Signup
Lunduke
News • Science & Tech
Make Computers Fun Again - Linux, UNIX, Alternative Operating Systems, Computer History, and Retro Computing. Also dad jokes.
Interested? Want to learn more about the community?

Show me more content first
trigglux@trigglux
April 02, 2024

xz backdoor

I did a more thorough analysis and I changed my mind again. :) Specifically, I compared "Jia Tan" with myself, with the work I was doing on my FOSH computer during 2015-2019, when I worked a 9-to-5 job and worked on my computer after work; and I found ourselves largely comparable.

First, the data. For "Jia Tan", I took all the commits he authored (the field "Author" has the string "jiat" ) and for which the "AuthorDate" has the timezone UTC+0800. So I threw away a number of commits credited to "Jia Tan" because they may have been interference from Lasse Collins who may have applied the patches from "Jia" on his own machine at some weird time. To prevent them from skewing the results, I just threw them all out. For myself, I took the repo with the code and threw away all commits that are from 2020 and later. At that time either there was no work done, or else I wasn't using Git, or else I wasn't employed in a 9-to-5 job. After I left the job and again started using Git, my commits are all over the place. Literally. Not tracking any kind of a day-night cycle. xD

I then used the time of making the commit (AuthorDate) in it's own timezone. This means I'm basically testing the plausibility of "Jia Tan" being in UTC+0800, but it also means that for myself I'm automatically taking into account the daylight savings changes. This is important because this way I'm doing a better job comparing the purpoted behavior of two developers in their own lives.

Next, I counted all the commits. "Jia Tan" made the vast majority of his commits during 2023, amounting to 444 commits total, with the majority in about the span of a year and four months. I on the other hand have about three years of work I looked at and in that time I made 744 commits. You could say "Jia Tan" made about 40% more commits per year than I did.

Next, the commits were separated into commits made on weekdays and commits made on weekends. "Weekend" was counted as starting on 5 PM on a Friday and ending on 24 PM on Sunday. The weekend thus amounted to 33% of total time.

In total, I made 342 commits during workdays, amounting to 46.6% of all commits. On the other hand, "Jia Tan" made 311 commits during workdays, amounting to 70% of commits.

Next, all the commits were further divided into buckets according to the hour during which they were made. A commit made, say, starting with 8:00 PM and before 9:00 PM was counted to the bucket "20" (for 20:00, 24-hour time). Commits made before 1 AM were counted into bucket "0", commits made starting with noon and before "1 PM" were counted into bucket "12" and so on. The time "24 PM" didn't exist and was treated as "0 AM". I was actually using the 24-hour day throughout and I'm only coverting to 12-hour day for the purposes of writing this post. :)

Finally, every bucket was converted from a raw number of commits into the percentage of all commits from the developer that were made in that bucket. So a bucket "weekend, 20" now holds a percent instead of the actual number of commits. Percentage is, again, calculated as number of commits in the bucket divided by all the commits made by the developer.

I also made two separate "dot plots" which show in 2D both the day the commit was made and the moment of day the commit was made. The dot plots also differentiate between weekends and workdays. Workdays are red plusses and weekends are green x-es.

The graphs are below. First the graph of buckets then the two dot plots, first mine then "Jia Tan". The graph of buckets has been rotated to start with 6 AM so that it would be easier to view the events happening around the midnight, and how midnight doesn't itself change anything, really. :) Also, nobody had a single commit in the "6" bucket on either workdays or weekends.

As for the analysis, the difference between us is the fact "Jia Tan" has a large spike for work done between 8 PM and 9 PM, but otherwise we are mostly in line. You can see "Jia Tan" is probably one of those insufferable morning persons because on weekends he likes to commit during 10-12 AM. Some people... I on the other hand am displaying sensiblity in using weekends and I have a bump in the early afternoon, when you would expect to do some hacking. :) "Jia Tan" also has a bump in the "16" bucket, which might be explained with the notion he was working from 8 AM to 4 PM as a developer of some sort (remotely?) and then after finishing his dayjob he would do some FOSS maintenance, commit, go home, rest a little, and start working again around 8 PM. For the record, my work time was generally from 9 AM to 5 PM, a literal 9-to-5. :) I could also start working earlier, up to 8 AM, if I wanted to, and I would be expected to stay for 8 hours and then I'd be off. But I usually came to work at the last moment. :)

As for the reason why I usually came at the last moment, just look at the tail of the graph and you'll know. :) I don't remember I drove myself this hard. I thought I would be in bed by 1 AM, but apparently, actual records tell me I'd commonly stay up until 3 AM and then wake up after 8 AM. 6 hours sleep for the win! Don't do this kids, it wrecks your health. :)

Compared to me, "Jia Tan" is more sensible, not having any commits in the "workday, 3" bucket.

For my money, it seems as if "Jia Tan" wasn't doing this xz backdoor thing for a living, but as an afterwork hustle. He has plenty of commits in "workday, 16" and if you suppose those were made as part of an office job, he would presumably not have any commits after 8 hours of work. Yet 16+8=24, and he has plenty of commits in buckets 0 and 1 (which would imply a 10-hour workday). If you move his work hours forward by 1, then you get rid of bucket 0, but now have to deal with buckets 16 and 1. In addition, he made plenty of commits during the weekend. That is, realistically, unfeasible for an employee.

Share this post widely, if you please.

post photo preview
post photo preview
post photo preview
Reply
Interested? Want to learn more about the community?

Show me more content first
What else you may like…
Videos
Podcasts
Posts
Articles
Bryan Lunduke@Lunduke
March 25, 2025
Help The Lunduke Journal Fight Against The Tech Goliaths

Mozilla, The Linux Foundation, & other corrupt, Woke "Open Source" organizations have received hundreds of millions in donations. The Lunduke Journal stands alone in truthfully covering them.

https://lunduke.substack.com/p/help-the-lunduke-journal-fight-against

00:17:25
Reply
Bryan Lunduke@Lunduke
March 27, 2025
Tor, F-Droid, & Let's Encrypt Lose Tax Payer Funding, Go To Court

The US tax payer funded Open Technology Fund has lost Federal funding and is taking the Trump administration to court. Plus: The shady connection to Firefox maker Mozilla.

00:36:04
Reply
Bryan Lunduke@Lunduke
March 24, 2025
Mozilla Launches Hypocritical, Political War Against Online Data Gathering

Sure. Mozilla is an advertising company that collects all of your personal, private data and sells it. But If public data is used to assist law enforcement (such as ICE - Immigration and Customs Enforcement)? That must be stopped!

00:23:53
Reply
Bryan Lunduke@Lunduke
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
Reply
Bryan Lunduke@Lunduke
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
Reply
Bryan Lunduke@Lunduke
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
Reply
Bryan Lunduke@Lunduke
7 hours ago
Final hours of The Lunduke Journal pledge drive!

Final hours, I say! The Lunduke Journal pledge drive ends at midnight tonight (in whatever time zone you’re in)!

So you’ve got a few hours left to support the last bastion of truly independent tech journalism!

How (and why) you should support The Lunduke Journal (plus discounts and whatnot) are listed here:

https://lunduke.substack.com/p/help-the-lunduke-journal-fight-against

Me yammering on about it is over here:

https://www.youtube.com/watch?v=FMGKRqH9QnI

Huge thank you to everyone who has already donated or subscribed! You make all of this possible!

-Lunduke

Reply
Bryan Lunduke@Lunduke
7 hours ago

A little something I'm working on...

post photo preview
Reply
TeaJunkie@TeaJunkie
2 hours ago

Is there a reason that virtually any "gaming" hardware, whether high end or low end, has all sorts of RGB/blinkenlights crap.

I want to run graphics stuff, not open a disco in my home lab.

I'd rather have beige boxes.

Also, get off my lawn.

Reply
Bryan Lunduke@Lunduke
March 25, 2025
Help The Lunduke Journal fight against the Tech Goliaths

The corrupt Tech Foundations of the world — WikiMedia, The Linux Foundation, Mozilla, and the rest — have received hundreds of Millions of dollars in donations. The Big Tech giants bring in Billions and Billions ever year.

And there is only one Tech News outlet that is pushing back against these woke, dirty organizations… The Lunduke Journal.

One nerdy David. Against an army of well-funded, woke Tech Goliaths.

Without your support, The Lunduke Journal would not exist.

And, without The Lunduke Journal, many Tech News stories simply would never be told.

From now, through Friday, March 28th, we are running The Lunduke Journal pledge drive.

Make a one time donation (with multiple options, including Bitcoin) — and help keep The Lunduke Journal publishing commercial free, Big-Tech-Free news.

Or grab a discounted subscription and get a few fun perks:

  • Access to the exclusive Forum.

  • Access to exclusive shows (such as Q & A’s).

  • Warm Fuzzy Feelings (tm) that you’re supporting truly independent Tech Journalism.

Scroll down to find the option that works bet for you. Give only what you are able. Together we will tell the Tech News stories that no other Tech News outlet has the guts cover — together we will hold these Tech Goliaths accountable.

Make a One Time Donation

Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!

Via BitCoin:

Send any amount of BTC to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer.

Via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Click “GIVE ONCE”.

  3. Enter any amount you like.

Looking for a subscription? Scroll down for options!

50% Off Yearly Subscription:

50% off a Yearly subscription to The Lunduke Journal via both Locals and Substack. (This includes full access to the community Forum.)

That’s $2.25 per month. Pocket change.

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life. A great way to support Big-Tech-Free Journalism.

(This includes full access to the community Forum.)

New Lifetime Subscriptions are available, for $200, from now through Friday, March 28th.

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select "Give Once".

  3. Enter "200" into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

And, finally, you can obtain a Lifetime Subscription via Bitcoin. Save a few bucks with this option, as Bitcoin processing has fewer fees associated with it.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

The Lunduke Journal would not be possible without your support. Every subscriber, of every type, makes a massive difference in bringing Big-Tech-Free Tech Journalism to the world.

This truly is the last bastion of independent Tech Journalism.

Thank you.

-Lunduke

Read full Article
Reply
Bryan Lunduke@Lunduke
February 24, 2025
post photo preview
12% of Tech Workers Believe macOS is Based on Linux
Over 70% believe in at least one common Myth of Computer History.

The following data was derived from the 2025 Tech Industry Demographic Survey, which included over 12,000 respondents -- from across companies and organizations throughout the Tech Industry -- surveyed during February of 2025.

 

Ready to have your mind blown?

According to those surveyed:

  • Nearly 12% believe that macOS is based on Linux.
  • Over 70% believe in at least one common Myth of Computer History.
  • The most commonly believed myth (at 52%) is the myth that "the first computer bug was a real bug (a moth)".

 

Those who took the survey were presented with 6 common (but debunked) computer history myths... and were asked to select the myths which they believed to be true and factual historical statements.

Here is the breakdown of how many believed in each myth.

 

 

One rather fascinating piece of data: Those percentages held steady for nearly every demographic group within the survey.

For example:

Roughly 12% of respondents who prefer Linux, believe macOS is based on Linux.  The same was true of Windows users, C / C++ programmers, and those who perfer the Firefox Web Browser... no matter what sub-group was looked at... that number stayed roughly steady (around 12%).

The one outlier appeared when I looked at how many myths a person says they believe in... grouped by generic political leanings (Left, Centrist, or Right Leaning).

 

Notice that the percentage of respondents who "Believe at least one myth" or "Believes 4+ myths" stays roughly consistent (with only mild variances) across all three political groupings.

But, if you look at the "Believes 3+ myths" data, there is an 8% spike among those who identify as "Left Leaning".

While all surveyed were likely to believe at least one myth, "Left Leaning" respondents were slightly more likely to believe up to 3 myths (of the 6 presented).

 

The Myths of Computer History

 

For those curious, here are the 6 myths included in the survey (with links to debunk each of them).  

 

Read full Article
Reply
Bryan Lunduke@Lunduke
February 18, 2025
Lunduke's Birthday! Woo!

Wooo! Today is Lunduke’s birthday! Want to help celebrate this most excellent of holidays? Here’s some totally radical ideas!

1) Share some links to Lunduke Journal shows.

Bonus points if you share those shows to the type of places where people would get mad about it. 🤣

The “Open Source is Anti-Free Speech” video is a great choice. Just remember to take screenshots… because some sites will censor those links faster than you can blink (be sure to let me know if they do censor).

2) Grab a Subscription

Gotta keep the lights on here at The Lunduke Journal! And, shoot, there’s no better gift than the gift of Big-Tech-Free Journalism. 😎

Plus… for the rest of February there’s some massive discounts (like 50% off).

https://lunduke.locals.com/post/6661699/for-february-50-off-subscriptions-50-off-drm-free-downloads-lifetime-subscriptions-available

So, you know, win-win!

Now, if you’ll excuse me, I’m going to go eat some BBQ. Because… birthday.

-Lunduke

 
Read full Article
Reply
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals