Still, I waited to see how it would play out: perhaps there would be loopholes, or maybe the EU wouldn’t enforce the rules. After all, Big Tech has plenty of cash to spread around.

The first indication that the DMA was for real was when Apple reversed course after initially disabling PWAs in iOS. The second was when the EU charged Apple with violating the DMA by “violating developers’ rights.” A ruling is due in March 2025, and fines can be as high as 10% of Apple’s worldwide revenue. Based on their 2023 revenue, that would be over $38B.

We’ll see how it plays out, but the mere threat of a fine that large, coupled with the no-nonsense process the DMA lays out for enforcement, may coerce Big Tech into compliance. In turn, this could make the DMA the de facto regulatory framework worldwide. Firms would otherwise need special variants of their platforms for each regulatory environment. Perhaps they will do so, but, in many cases, it’s hard to even know what that would mean.

Update: They’ve also charged Microsoft.

Update: I don’t know if the EU is entirely serious, but Apple sure seems to think so.

#EU #DMA

Projects still relying on unsafe code include: Linux, Chrome (Chromium), Firefox (Gecko), Node, PHP, Python, Redis, Postgres, MySQL, OpenSSH, and OpenSSL.

On the other hand, this is nevertheless a huge improvement over a decade ago. Projects that rely mostly on safe code include Ruby and Go. There are others, but they mostly make the list because they’re built on something else, which is often unsafe (ex: WordPress on PHP).

For our work, we rely on Node and Linux. Linux will never be safe, but someone may rewrite the majority of Linux in Rust (Runix?!).

Alternatives to Node already exist, but one relies on V8, which is not memory-safe (it’s part of Chromium, in case you’re wondering why it’s not on the CISA list). Bun relies on Zig, which is less safe than Rust:

Zig removes some of the most egregious footguns from [C], has better defaults, makes some good practices more ergonomic, and benefits from a fresh start in the standard library (eg using slices everywhere). But it does not nearly approach the level of systematic prevention of memory unsafety that rust achieves. It is still trivial to violate memory safety in zig.

Of course, we also rely heavily on Amazon’s stack, and determining its safety is non-trivial. Fortunately, there is evidence that Amazon takes memory safety into account. For example, DynamoDB is based on Java, a memory-safe language. Of course, Java itself is typically implemented in C, which is not.

#CISA #Safety #Security

I’m not a fan of either organization, but these lawsuits seem to have merit and, in any event, raise legitimate questions about the relationship between AI and fair use. Cory Doctorow seems concerned that limiting fair use is at odds with stronger regulation and organizing, but that doesn’t follow: we can do both.

#RIAA #AI

As well as focus areas, Interop 2024 will also feature a new investigation into improving the integration of WebAssembly testing into web-platform-tests. This will open up the possibility of including WASM features in future Interop projects.

#InterOp #WASM #OpenWeb