If his full name "Jia Cheong Tan" is real, it can never be a valid romanization of han character used in China but somewhere in southeast asia like Malaysia. The spelling "Cheong" is not being used in China now and today Chinese tends to concatenate all the characters of their first name if written in letters. e.g.
Two of the +0200 commits by Jia Tan, de5c5e4 and e446ab7a have committer Lasse Collin. These appear to have been sent by email from Jia and applied with git am. Note that these and some commits immediately before and after all have identical timestaps, which is consistent with git am of a series of patch files.
This somewhat invalidates this analysis, because you can't rely on timezone information when patches are being mailed around.
I discuss some timestamp analysis of this and other clusters of timestamps here: 18abfde18f8d1cf02a914df72b1370e3
Your analysis is brilliant. I can confirm those "Chinese bank holidays" are real holidays in China. And it's very unlikely that a Chinese doing some Git work for 5 days consecutively during Chinese new year holidays.
It could be a false flag operation. I mean, if I were a spy working for a Western agency or corporation, I would choose Jia Tian and make all my interactions appear to come from China or Russia. It does not take a genius spy or a master of disguise to do that. I also do not buy the excuse that "because it was done this way and against this asset, it cannot be X, Y, Z who did it, it must be China or Russia". That's simple-minded and somehow implies that there are lower-level ways to achieve this, which is simply not true unless you work for distinguished and sophisticated, exceptional parties.
If you look at his GitHub graph (https://web.archive.org/web/20240329163626/https://github.com/JiaT75) you can see that he also worked on weekends. I'm afraid it will be impossible to prove your office hours hypothesis. It's not impossible that his workplace had him work on weekends, but you would have to find a country with matching office hours and where public holidays 100% match the days of his inactivity in every year. Some people in the comments were able to "prove" a certain country by cherry-picking the data, but you have to take all years into account.
In mainland China, almost nobody works during the Lunar New Year holiday, especially not on January 21 and 22, 2023. These are the most important days of the year, marking Chinese New Year's Eve and the first day of the Lunar New Year. Since holidays are rare in China, no one works on these days. Also, because of the unpopular shift system, people have to work on January 28 and 29, 2023, even though they're weekends. So, if someone had to work during this holiday, they'd be working 14 days straight from January 21 to February 3, 2023. That would be a terrible experience, and I doubt anyone would want to do it.
Wait, you're seeing a normal working day for them in +0300? When I looked at a graph of their commit times, there seemed to be a start time most days around noon UTC, which would be 9am in the *-0300* time zone.
Or 8am in the -0400 time zone, i.e. Eastern Daylight Time.
Jigar Kumar (most probably, Jia Tan's fake account used to promote himself) wrote the letter at Wed, 27 Apr 2022 11:42:57 -0700 (time is in destination server’s time zone).
But when Jia Tan replied as he-self, his email program marked “ On Thu, 28 Apr 2022 at 02:42, Jigar Kumar <jigarkuma...@protonmail.com> wrote”. It gives 15 hours time zone difference to destination mail server, that means Jia Tan replied being in +0300 time zone.
December, 25 in 2021-2023 was on Saturday, Sunday or Monday so it should not signal regular Christmas celebration, given that most commits were made on Tue-Fri.
I have a feeling that somehow Cyprus and Russia might be connected in this case. You see, the regular Christmas is celebrated on Dec 25, although the Orthodox one is on Jan 7. After the Russia/Ukraine war started, a notable amount of high-tech companies relocated their employees from Russia to Cyprus for you know, various reasons. Sometimes these companies give an ability to celebrate important holidays from both of the countries in the new location. Obviously, I don't think the Greeks themselves could be the case but given the Cyprus/Russia relations this could explain the timezone changes.
To add on another clue this guy is not Chinese.
If his full name "Jia Cheong Tan" is real, it can never be a valid romanization of han character used in China but somewhere in southeast asia like Malaysia. The spelling "Cheong" is not being used in China now and today Chinese tends to concatenate all the characters of their first name if written in letters. e.g.
https://scholar.google.com/citations?user=mu5Y2rYAAAAJ&hl=en is "Yangqing Jia" but not "Yang Qing Jia".
Two of the +0200 commits by Jia Tan, de5c5e4 and e446ab7a have committer Lasse Collin. These appear to have been sent by email from Jia and applied with git am. Note that these and some commits immediately before and after all have identical timestaps, which is consistent with git am of a series of patch files.
This somewhat invalidates this analysis, because you can't rely on timezone information when patches are being mailed around.
I discuss some timestamp analysis of this and other clusters of timestamps here: 18abfde18f8d1cf02a914df72b1370e3
A quick analysis of 2021 holidays on Mon-Fri for countries in EEST time zone shows the following matches:
• 100% Belarus, Moldova
• 85% Ukraine
• 83% Romania
• 75% Bulgaria, Finland, Latvia
• 74% Cyprus, Madagascar, Somalia
• 72% Kenya
• 71% Eritrea, Estonia, Ethiopia, Syria
• 69% Iraq, Tanzania, Uganda
• 68% Djibouti, Lebanon, Russia, Yemen
• 67% Bahrain, Greece, Lithuania
• 66% Comoros
• 64% Jordan
• 62% Kuwait
• 61% Qatar
• 38% Israel
• 29% Türkiye
• 23% Saudi Arabia
Other countries for reference:
• 100% Poland
• 86% France, Ireland
• 82% Armenia
• 76% Georgia
• 75% United Kingdom
• 73% South Africa
• 71% Argentina, Belgium, Norway
• 70% North Korea, South Korea
• 67% Italy, Japan, Taiwan
• 65% Kazakhstan
• 64% Brazil
• 62% USA
• 61% China
• 60% Germany, Mexico, Sweden
• 59% Thailand
• 58% Albania
• 57% Singapore
• 55% South Korea
• 56% Canada
• 50% Australia, India, Mexico, North Korea, Spain
• 40% Cuba, Norway
• 38% Iran
• 32% Indonesia
Your habits, are you, even if you're pretending to be not you.
Your analysis is brilliant. I can confirm those "Chinese bank holidays" are real holidays in China. And it's very unlikely that a Chinese doing some Git work for 5 days consecutively during Chinese new year holidays.
nice article
It could be a false flag operation. I mean, if I were a spy working for a Western agency or corporation, I would choose Jia Tian and make all my interactions appear to come from China or Russia. It does not take a genius spy or a master of disguise to do that. I also do not buy the excuse that "because it was done this way and against this asset, it cannot be X, Y, Z who did it, it must be China or Russia". That's simple-minded and somehow implies that there are lower-level ways to achieve this, which is simply not true unless you work for distinguished and sophisticated, exceptional parties.
Regarding the holidays, consider Orthodox holiday dates, observed in many Eastern European countries, are not the same: https://www.timeanddate.com/holidays/type/orthodox
Russian Orthodox Christmas is not on the 25th of December - it's on the 7th of January - most of Eastern Europe has that as a holiday.
If you look at his GitHub graph (https://web.archive.org/web/20240329163626/https://github.com/JiaT75) you can see that he also worked on weekends. I'm afraid it will be impossible to prove your office hours hypothesis. It's not impossible that his workplace had him work on weekends, but you would have to find a country with matching office hours and where public holidays 100% match the days of his inactivity in every year. Some people in the comments were able to "prove" a certain country by cherry-picking the data, but you have to take all years into account.
In mainland China, almost nobody works during the Lunar New Year holiday, especially not on January 21 and 22, 2023. These are the most important days of the year, marking Chinese New Year's Eve and the first day of the Lunar New Year. Since holidays are rare in China, no one works on these days. Also, because of the unpopular shift system, people have to work on January 28 and 29, 2023, even though they're weekends. So, if someone had to work during this holiday, they'd be working 14 days straight from January 21 to February 3, 2023. That would be a terrible experience, and I doubt anyone would want to do it.
Here's a graph of just Jia Tan's commits. To me it looks like there's a very clear 12 noon UTC start time most days:
https://mastodon.social/@rvstaveren@mastodon.online/112185625762235904
Wait, you're seeing a normal working day for them in +0300? When I looked at a graph of their commit times, there seemed to be a start time most days around noon UTC, which would be 9am in the *-0300* time zone.
Or 8am in the -0400 time zone, i.e. Eastern Daylight Time.
Another evidence:
Jigar Kumar (most probably, Jia Tan's fake account used to promote himself) wrote the letter at Wed, 27 Apr 2022 11:42:57 -0700 (time is in destination server’s time zone).
https://www.mail-archive.com/xz-devel@tukaani.org/msg00555.html
But when Jia Tan replied as he-self, his email program marked “ On Thu, 28 Apr 2022 at 02:42, Jigar Kumar <jigarkuma...@protonmail.com> wrote”. It gives 15 hours time zone difference to destination mail server, that means Jia Tan replied being in +0300 time zone.
https://www.mail-archive.com/xz-devel@tukaani.org/msg00556.html
December, 25 in 2021-2023 was on Saturday, Sunday or Monday so it should not signal regular Christmas celebration, given that most commits were made on Tue-Fri.
I would also recommend to analyze the language of commit messages (interchanging 'addding' and 'added'-like messages) and long messages like this: https://github.com/bytecodealliance/wasmtime/pull/6839#issue-1847055439
For me it looks like language style of ex-USSR citizen (who am I and type similar messages), but probably someone could do a better analysis.
I have a feeling that somehow Cyprus and Russia might be connected in this case. You see, the regular Christmas is celebrated on Dec 25, although the Orthodox one is on Jan 7. After the Russia/Ukraine war started, a notable amount of high-tech companies relocated their employees from Russia to Cyprus for you know, various reasons. Sometimes these companies give an ability to celebrate important holidays from both of the countries in the new location. Obviously, I don't think the Greeks themselves could be the case but given the Cyprus/Russia relations this could explain the timezone changes.
Source: personal experience.