Lunduke
News • Science & Tech
Make Computers Fun Again - Linux, UNIX, Alternative Operating Systems, Computer History, and Retro Computing. Also dad jokes.
Interested? Want to learn more about the community?
April 02, 2024

xz backdoor

I did a more thorough analysis and I changed my mind again. :) Specifically, I compared "Jia Tan" with myself, with the work I was doing on my FOSH computer during 2015-2019, when I worked a 9-to-5 job and worked on my computer after work; and I found ourselves largely comparable.

First, the data. For "Jia Tan", I took all the commits he authored (the field "Author" has the string "jiat" ) and for which the "AuthorDate" has the timezone UTC+0800. So I threw away a number of commits credited to "Jia Tan" because they may have been interference from Lasse Collins who may have applied the patches from "Jia" on his own machine at some weird time. To prevent them from skewing the results, I just threw them all out. For myself, I took the repo with the code and threw away all commits that are from 2020 and later. At that time either there was no work done, or else I wasn't using Git, or else I wasn't employed in a 9-to-5 job. After I left the job and again started using Git, my commits are all over the place. Literally. Not tracking any kind of a day-night cycle. xD

I then used the time of making the commit (AuthorDate) in it's own timezone. This means I'm basically testing the plausibility of "Jia Tan" being in UTC+0800, but it also means that for myself I'm automatically taking into account the daylight savings changes. This is important because this way I'm doing a better job comparing the purpoted behavior of two developers in their own lives.

Next, I counted all the commits. "Jia Tan" made the vast majority of his commits during 2023, amounting to 444 commits total, with the majority in about the span of a year and four months. I on the other hand have about three years of work I looked at and in that time I made 744 commits. You could say "Jia Tan" made about 40% more commits per year than I did.

Next, the commits were separated into commits made on weekdays and commits made on weekends. "Weekend" was counted as starting on 5 PM on a Friday and ending on 24 PM on Sunday. The weekend thus amounted to 33% of total time.

In total, I made 342 commits during workdays, amounting to 46.6% of all commits. On the other hand, "Jia Tan" made 311 commits during workdays, amounting to 70% of commits.

Next, all the commits were further divided into buckets according to the hour during which they were made. A commit made, say, starting with 8:00 PM and before 9:00 PM was counted to the bucket "20" (for 20:00, 24-hour time). Commits made before 1 AM were counted into bucket "0", commits made starting with noon and before "1 PM" were counted into bucket "12" and so on. The time "24 PM" didn't exist and was treated as "0 AM". I was actually using the 24-hour day throughout and I'm only coverting to 12-hour day for the purposes of writing this post. :)

Finally, every bucket was converted from a raw number of commits into the percentage of all commits from the developer that were made in that bucket. So a bucket "weekend, 20" now holds a percent instead of the actual number of commits. Percentage is, again, calculated as number of commits in the bucket divided by all the commits made by the developer.

I also made two separate "dot plots" which show in 2D both the day the commit was made and the moment of day the commit was made. The dot plots also differentiate between weekends and workdays. Workdays are red plusses and weekends are green x-es.

The graphs are below. First the graph of buckets then the two dot plots, first mine then "Jia Tan". The graph of buckets has been rotated to start with 6 AM so that it would be easier to view the events happening around the midnight, and how midnight doesn't itself change anything, really. :) Also, nobody had a single commit in the "6" bucket on either workdays or weekends.

As for the analysis, the difference between us is the fact "Jia Tan" has a large spike for work done between 8 PM and 9 PM, but otherwise we are mostly in line. You can see "Jia Tan" is probably one of those insufferable morning persons because on weekends he likes to commit during 10-12 AM. Some people... I on the other hand am displaying sensiblity in using weekends and I have a bump in the early afternoon, when you would expect to do some hacking. :) "Jia Tan" also has a bump in the "16" bucket, which might be explained with the notion he was working from 8 AM to 4 PM as a developer of some sort (remotely?) and then after finishing his dayjob he would do some FOSS maintenance, commit, go home, rest a little, and start working again around 8 PM. For the record, my work time was generally from 9 AM to 5 PM, a literal 9-to-5. :) I could also start working earlier, up to 8 AM, if I wanted to, and I would be expected to stay for 8 hours and then I'd be off. But I usually came to work at the last moment. :)

As for the reason why I usually came at the last moment, just look at the tail of the graph and you'll know. :) I don't remember I drove myself this hard. I thought I would be in bed by 1 AM, but apparently, actual records tell me I'd commonly stay up until 3 AM and then wake up after 8 AM. 6 hours sleep for the win! Don't do this kids, it wrecks your health. :)

Compared to me, "Jia Tan" is more sensible, not having any commits in the "workday, 3" bucket.

For my money, it seems as if "Jia Tan" wasn't doing this xz backdoor thing for a living, but as an afterwork hustle. He has plenty of commits in "workday, 16" and if you suppose those were made as part of an office job, he would presumably not have any commits after 8 hours of work. Yet 16+8=24, and he has plenty of commits in buckets 0 and 1 (which would imply a 10-hour workday). If you move his work hours forward by 1, then you get rid of bucket 0, but now have to deal with buckets 16 and 1. In addition, he made plenty of commits during the weekend. That is, realistically, unfeasible for an employee.

Share this post widely, if you please.

Interested? Want to learn more about the community?
What else you may like…
Videos
Podcasts
Posts
Articles
October 21, 2025
Oregon State University Teaches "White Rage" as Computer Science

OSU's Computer Science program — which had a $1 Million Dollar grant for "Gender-Inclusive Open Source" — teaches about "White Supremacy" and "Reparations" instead of programming.

More from The Lunduke Journal:
https://lunduke.com/

00:09:23
October 21, 2025
F-Droid Says The Bible is Safe For Work... for Now

The story of the F-Droid Android App Store listing The Bible as NSFW ("Promotes Pornography" ) continues as developers de-list their Apps from F-Droid & Code of Conduct shenanigans.

More from The Lunduke Journal:
https://lunduke.com/

00:17:20
October 20, 2025
Omarchy Linux Hits 150,000 Installs This Month Alone

"Nazi! Fascist! Hitler Particles!" The Leftist Extremists of Open Source have been attacking DHH's Omarchy Linux non-stop. The result? Massive adoption from normal people.

More from The Lunduke Journal:
https://lunduke.com/

00:11:32
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

Meme of the year

post photo preview
7 hours ago

I just had my 35th HS reunion and so much of the planing and sharing happened on FB that I decided to open an account to stay connected with my favorite people from those halcyon days. Regrets: I have a few. So, evidently, FB does NOT have a keyword filter, you have use a browser plugin for that seemingly basic feature. Does anyone recommend a specific FB plugin? What are the pitfalls of browser plugins? Do they scrape data? Track browsing? I just want to filter out irritating content from my feed. Any help is much appreciated!

October 21, 2025

I'm officially a meme :)

post photo preview
October 15, 2025
post photo preview
The Unpublished Anti-Lunduke Hit-Piece
A Tech Journalist interviewed me for a hit-piece article. But the questions made them look bad, and they shelved the story. So I'm publishing their hit-piece for them.

Back in September, shortly after the assassination of Charlie Kirk, I was contacted by a Tech Journalist writing for FossForce.com (a smaller, Open Source focused publication) who was working on an article around Open Source, Antifa, and the Lunduke Journal’s coverage of those topics.

This particular outlet had, several months prior, run an “anti-Lunduke” hit piece without first reaching out for comment — which resulted in their most popular article (at least on social media) in quite some time.

With that in mind, it seemed reasonable that they’d want to repeat that success with another “anti-Lunduke” story.

This time they were doing the responsible thing. They reached out to the subject of the hit-piece article with questions. I like encouraging Tech Journalists when they do actual journalism, so I answered each and every query with easy-to-quote responses.

But, it would appear that the answers they received were not conducive to creating the hit-piece they were hoping for — my guess is they realized their questions made them look like the villain in the story. The villain they, clearly, hoped to portray me as.

They opted to not publish the piece.

So I’m publishing their hit-piece for them.

Below is every question — and every answer (with no edits) — which I was asked, on September 19th, by a Tech Journalist by the name of Christine Hall, writing for FossForce.

Fair warning: This is very, very politically charged.

Enjoy.


September 19th

Hall:

The last time I mentioned you in an article, you castigated me for not reaching out to you beforehand. Well, I’m reaching out now. We’ll see what comes of this.

You do recognize that the vast majority of organizations using the term antifa as a descriptor are not in the least bit terrorist and pose no threat to society -- and indeed, the only threats they might pose to fascist groups are not physical or life-harming?

Lunduke:

Hello Christine! Nice to hear from you!

Many, if not most, of those proclaiming support for Antifa (within Open Source) have also made statements encouraging or supporting violence and discrimination.

Regardless of that fact -- which I have documented extensively in Lunduke Journal coverage -- when violent acts are committed (such as murder, riots, and lynchings) in the name of “Antifa”, to turn around and immediately declare yourself to be “Antifa” is a clear declaration of support of that violence.

Hall:

And why did you feel it necessary to call out Danielle Foré’s [the founder of the elementary OS Linux Distribution] trans status in such an ugly manner?

Lunduke:

There is a noteworthy overlap between “Trans activism” and support for political violence -- including in the recent murder of Charlie Kirk (the murderer’s boyfriend was “Trans”).

In the case of Daniel Fore, he, a leader of an Open Source project, regularly calls for discrimination (and violence) against people he disagrees with -- often in conjunction with his self-declaration as “Trans”.

Thus, his declaration of being “Trans” becomes a part of the overall story.

It is worth noting here that The Lunduke Journal has never -- and would never -- call for discrimination or violence against someone because of how they identify or who they may (or may not) vote for.

This is in stark contrast those, such as Mr. Fore, who consider themselves “Trans” or “Antifa” -- who actively advocate for both discrimination and violence.

Hall:

Mentioning a person’s trans status in ways that are pertinent to your argument necessates rudeness such as calling her a “dude who likes to wear dresses”?

Lunduke:

Dan Fore is, in fact, a dude who likes to wear dresses.

The only reason to view that as a negative is if you view dudes wearing dresses as a negative.

Hall:

I’ll quote you on that, which I’m pretty sure won’t bother you in the least.

Lunduke:

Absolutely! Quote anything I say here. In fact, I suggest quoting absolutely everything I’ve written to you here, today.

Hall:

You also understand, don’t you, that voicing disagreement with an assessment made by POTUS is not only legal but a healthy part of the national dialog.

Lunduke:

Absolutely! Did I say somewhere that it was illegal to disagree with a politician? It seems unlikely that I have ever said that.

Hall:

Also, how would you reply to this:

There have been very few murders linked to individuals associated with Antifa, some incidents of rioting attributed to Antifa supporters, and no credible evidence of lynchings conducted in the name of Antifa. Compared to far-right groups, violence attributed to Antifa is much less frequent and lethal, with only one suspected kill—Aaron Danielson in Portland, by an anti-fascist activist—officially confirmed in recent U.S. history.

Lunduke:

Murder is bad. I am opposed to all murder.

In the context of these discussions, bearing in mind the Kirk murder is important (as many statements were made in response to it). The murderer of Kirk appears to have been pro-Trans and pro-Antifa (based on all available information).

Hall:

Is there any evidence that the suspect was part of an antifa group? I haven’t seen any.

Lunduke:

I have seen some reporting to this effect (including statements from family and messages he wrote).

But, far more important to this story, is the response to the murder among Antifa supporters (including those within Open Source). A large portion of Antifa supporters have celebrated the murder as justified because it killed someone they considered to be a “fascist”.

Hall:

Also, no group should be held responsible for what some deranged person who identifies with the group has done.

Lunduke:

I agree that a broader group should not be held responsible for the actions of a small number of individuals.

However, and this is critically important, it is entirely appropriate to hold people responsible for their own statements and actions.

With that in mind: The overall messaging of Antifa (and Antifa supporters) tends heavily towards violence. Punching, killing, molotov cocktails, etc. are all common messaging used by Antifa (including by those I quote within the Open Source world -- many of whom have advocated violence against myself).

Advocating for violence, then celebrating when violence is committed, are not good things.

Yet we see a great deal of that among Open Source supporters of Antifa.

Read full Article
October 13, 2025
Sale ends in a few hours, Lifetime Subs set up.

Holy moly, you guys are amazing.

A few days ago I published a “50% off” sale for Lunduke Journal subscriptions… and all of you showed up. In a big way.

To everyone who grabbed a Lifetime Subscription over the last few days: All of you are set to full Lifetime access. You should have a confirmation email in your inbox. If not, email me and I’ll make sure you’re setup properly.

That “50% off” sale ends tonight at midnight. So you have a few hours to snag a discounted subscription, if you haven’t already.

A huge thank you to everyone who supports this work. Couldn’t do it without you.

-Lunduke

Read full Article
October 12, 2025
50% Off Lunduke Journal Extended Through Monday (Oct 13th)

Just a quick heads up:

The “50% off every kind of Subscription to The Lunduke Journal” sale has been extended through Monday (October 13th).

So. You know. Grab one at 50% off between now and end of the day on Monday.

To all of you amazing nerds who have picked up a Lifetime Subscription already this weekend: You are awesome. You’ll be receiving a confirmation email, with all of the Lifetime Subscription details, by tomorrow (if you haven’t already).

Oh, and remember how we hit 11 Million views last month? Yeah. We’re well on our way to blowing past those numbers in October.

Wild.

See you all on Monday!

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals