From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id uNgyLWWSEmJs/gAAgWs5BA (envelope-from ) for ; Sun, 20 Feb 2022 20:11:33 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id CBaFKmWSEmI0TAEA9RJhRA (envelope-from ) for ; Sun, 20 Feb 2022 20:11:33 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 701763CDBF for ; Sun, 20 Feb 2022 20:11:33 +0100 (CET) Received: from localhost ([::1]:43452 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nLrcK-0002T6-6H for larch@yhetil.org; Sun, 20 Feb 2022 14:11:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52824) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nLrbt-0002Sv-II for guix-devel@gnu.org; Sun, 20 Feb 2022 14:11:05 -0500 Received: from dustycloud.org ([50.116.34.160]:40414) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nLrbp-0003uw-6r for guix-devel@gnu.org; Sun, 20 Feb 2022 14:11:05 -0500 Received: from chicory (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id D7DD8265FA; Sun, 20 Feb 2022 14:10:47 -0500 (EST) References: <2067ba1e606855eace261fd0b0ae9721b369bbd5.camel@telenet.be> User-agent: mu4e 1.6.10; emacs 27.2 From: Christine Lemmer-Webber To: Taylan Kammer Subject: Re: Excessively energy-consuming software considered malware? Date: Sun, 20 Feb 2022 13:53:12 -0500 In-reply-to: Message-ID: <87r17xgxqg.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=50.116.34.160; envelope-from=cwebber@dustycloud.org; helo=dustycloud.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645384293; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=ZGnXORogBdXAhYO/+N1D3J0dx0t9bfSvCN9ZsMuuA34=; b=Zye4jZ3UXYCYO0d+WFeiQTOx2uPe1mC6/shoOcvJHPr+uoQXEeGKwJ+WjEJGvK6880FMRF ZvLZ7kNvU40GDZkOZEQC46kFN9EMOAYXegAYOFi0r7ZcyREJeklWAaikp1rMpaOvdvcYKb lNovS1XY408vdj1K7iwfJw9pJ3ShJmexMJ/dSQX+HxEjNF4jFgT4pk4Fgg0MsdaveQ95+e ElTz8NJCFxK1njZKsEgGmacFMAVY26asaAGT80TC5jzYQ9NfXfHvmIZ6OuLmfxOflEOng5 EBn0L8n+0gxTDDcmMw2FLdyboSJeuXidI5LoX5VaeIB1vQLZ4rI9L07CiGboEQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1645384293; a=rsa-sha256; cv=none; b=KbhEVj+I+KfdLwFoIMfB3PbqKc4PcicFbWEnyrH4PIAWG17lDBQ8g8DUJEkgmshczMxqkB Wef3UCVMNqH5L+YT5+wLhgee5XXTl8gD8/JPDCpSSLG/ZJqZqFpX/9LZR1j+oaodzjQ6B5 BMwZYwvZLTsmqpw8y9iMq1zyVEP/tbjjaqKUkOIrEWF4uA4TIMetq54VXC68AgchioqFBl D69LRwy9qVn6sUgawOmp3JwtewBGmlJ+ueG51qlHHk+kxxKvjk0YDLzJqkyq5c73hWWkn0 KEL0WdTtZghGfJtPjs+pDX0w139dXXfBT/GjSdib3zrktyvKASD3mt+GPzxlcw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.43 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 701763CDBF X-Spam-Score: -1.43 X-Migadu-Scanner: scn0.migadu.com X-TUID: 8B43Suxm5z/i Taylan Kammer writes: > On 20.02.2022 11:05, Maxime Devos wrote: >> >> Guix has a policy against including malware[citation needed 2], and >> furthering global warming[3] (and energy prices[4], if [3] is not bad >> enough for you) seems rather bad behaviour to me. >> >> Would these miners be considered malware in Guix? >> > I'm not a fan of cryptocurrencies at all, but I don't like the idea of > excluding software from Guix on the grounds that it's harmful in some > indirect way. > > Malware is software that harms/exploits the user without their knowledge. > The inefficiency of cryptocurrencies was never a secret, though people > didn't think much about it; recently it's become widespread knowledge, so > I think considering crypto miners to be malware is somewhat unreasonable. > > An example of actual malware would be a *hidden* crypto miner that sends > the mined coins to the author of the software. I think that's a good analysis. Software which installs a crytpo-miner *without a user's knowledge* is a serious problem. > If we're going to exclude software on grounds of it being used in harmful > ways, I can already see people arguing that one should exclude software > such as aircrack-ng for aiding in breaching into networks, or anonymity > software like Tor because it aids perverts in sharing you-know-what or > aids terrorists in planning attacks. Slippery slopes and all. I agree... I'm also conscious that it'll put Guix in a position where this will be a large portion of the work that Guix is doing is screening software on a very large number of grounds, whereas we already screen software much more so than most places. It could absorb a lot of our energy. It's easy to underestimate just how all-consuming this could become. I share criticisms of proof-of-work. Though some of the criticisms being raised on this list are treating "blockchains" and "cryptocurrencies" as if they even were one coherent thing. In reality the variance space of this is huge: https://dustycloud.org/blog/what-is-a-blockchain-really/ You'll see plenty of my own criticisms coming up in there. But part of my issue is, it's worth being precise about what's being criticized. For instance, "proof of stake" has other problems (arguably still has plutocratic properties), but not the energy consumption issue. Most of the discourse contemporarily is acting as if both are the same. But even proof of stake based systems are often being built on top of software that's being refactored from "proof of work". I think this activism criticizing design choices along these lines *is* worthwhile, but building alternatives and getting them adopted may be a stronger choice. I'd like to replace proof-of-work based systems largely; there are under-appreciated directions that even predate Bitcoin dramatically that are worth exploring. Relatedly, the title of this is: "Excessively energy-consuming software considered malware?" That's broad enough that it could also put a lot of emphasis on "don't use inefficient languages" (actually that's how I misread what the subject of this thread originally before opening it). That's worthwhile also, but similarly, is Guix's package repository acceptance/rejection the right place? > One might argue that those pieces of software also have good uses, but > the same could be argued about a crypto miner: perhaps I want to install > one simply to study its operation to aide in some sort of research, maybe > even research about its inherent inefficiency. Or maybe I want to devise > a small-scale blockchain-based network for a niche use-case where the > blockchain won't reach an unwieldy size or will be limited in lifetime. > > All in all, I think the baseline is that if something is software, and it > respects the user's freedoms, it belongs in Guix. > > What do you think? I'm happy to have my mind changed. I've never used a > crypto miner and continue to be disinterested in them so don't care about > this particular case all that much, but the principle behind the reasoning > bothers me somewhat.