Critics are slamming Sen. Ted Cruz's (R-Texas) new AI policy framework, which they claim would give the White House unprecedented authority to allow Big Tech companies to make "sweetheart" deals with the Trump administration to void laws designed to protect the public from reckless AI experiments.

Under the framework, Cruz calls for a "light-touch" regulatory approach to "advance American leadership" in AI and ensure that "American values" are at the heart of the world's leading technology—not Chinese values.

Unsurprisingly, the framework requires blocking "burdensome" state AI regulations, as well as foreign ones. Cruz unsuccessfully helped push for a similar decadelong moratorium on state AI laws as part of Republicans' "big beautiful" budget bill. And more recently, he lost a bid to punish states for regulating AI, ultimately voting against his own measure in the face of overwhelming bipartisan opposition.

As the first step toward limiting AI regulations to prioritize innovation, Cruz announced the SANDBOX Act—which is shorthand for "Strengthening Artificial intelligence Normalization and Diffusion By Oversight and eXperimentation."

If passed, the SANDBOX Act would let AI companies apply to temporarily avoid enforcement of federal laws that could limit their testing of new AI products. As part of the application, companies would be asked to detail known risks or harms and any steps that could be taken to mitigate harms, as well as outline benefits that could outweigh harms.

Each agency in charge of enforcing each law would then weigh potential harms, with enforcement to be modified based on how much of the application each agency approves.

However, the White House Office of Science and Technology Policy (OSTP) would have the power to overrule decisions from independent agencies dedicated to consumer protection, alarming critics who fear AI companies could bribe officials through political donations to void laws.

Ultimately, federal agencies and the OSTP could grant two-year moratoriums on enforcement of AI laws to enable AI experiments on the public, which can be renewed up to four times for a maximum of 10 years. The bill also prompts Congress to make permanent any "successful" moratoriums found to benefit the US, Cruz's one-pager said. After its passage, Cruz expects to introduce more laws to support his framework, likely paving the way for similar future moratoriums to be granted to block state laws.

Critics warn bill is a gift to Big Tech

According to Cruz, the SANDBOX Act follows through on Donald Trump's demand for a regulatory sandbox in his AI Action Plan, which strives to make the US the global leader in AI (but critics suggest may violate the Constitution).

Cruz's sandbox program supposedly "gives AI developers space to test and launch new AI technologies without being held back by outdated or inflexible federal rules," while mitigating "against health, public safety, or fraud risks" through an expedited review process.

The Tech Oversight Project, a nonprofit tech industry watchdog group, warned that, if passed, the law would make it easier for AI firms to make "sweetheart" deals. It could perhaps incentivize the White House to favor Big Tech companies "donating to Trump" over smaller AI firms that can't afford to pay for such political leverage and may be bound to a different set of rules, the group suggested.

Cruz's SANDBOX Act "would give unprecedented authority for the Trump Administration to trade away protections for children and seniors and dole out favors to Big Tech companies like Google, Apple, Meta, Amazon, and OpenAI," the Tech Oversight Project alleged.

The bill's text suggests that health and safety risks that could result in a request for non-enforcement to be denied included risks of "bodily harm to a human life," "loss of human life," and "a substantial adverse effect on the health of a human." But the rushed review process may make it harder for officials—likely working in agencies recently gutted by the Department of Government Efficiency—to adequately weigh potential harms.

Cruz's bill requires agencies to review AI companies' requests within 14 days. Once the review process begins, agencies can hire advisory boards or working groups to assess risks, but they must reach a decision within 60 days or the AI firms' requests will be presumed approved. Only one request for a 30-day extension may be granted.

For AI companies that may benefit from rolling out products more quickly through the framework, Cruz requires reporting within 72 hours of "any incident that results in harm to the health and safety of a consumer, economic damage, or an unfair or deceptive trade practice." Firms will then be granted 30 days to fix the problem or risk enforcement of the law they sought to avoid, while the public is alerted and provided an opportunity to comment.

In a statement, a nonprofit dedicated to informing the public about AI risks, the Alliance for Secure AI, warned that Cruz's bill seeks to remove government oversight at "the wrong time."

"Ideally, Big Tech companies and frontier labs would make safety a top priority and work to prevent harm to Americans," Brendan Steinhauser, the nonprofit's CEO, said. "However, we have seen again and again that they have not done so. The SANDBOX Act removes much-needed oversight as Big Tech refuses to remain transparent with the public about the risks of advanced AI."

A nonprofit consumer advocacy organization, Public Citizen, agreed that Cruz seemed to be handing "Big Tech the keys to experiment on the public while weakening oversight, undermining regulatory authority, and pressuring Congress to permanently roll back essential safeguards."

Supporters say Cruz’s bill strikes the right balance

Supporters of the bill so far include the US Chamber of Commerce and NetChoice—a trade association representing Big Tech companies—as well as right-leaning and global policy research groups, including the Abundance Institute, the Information Technology Council, and the R Street Institute.

Adam Therrier, an R Street Institute senior fellow, suggested that too much of AI policy debate focuses on "new types of regulation for AI systems and applications," while ignoring that the SANDBOX Act would also help AI firms avoid being bogged down by the "many laws and regulations already on the books that cover—or could come to cover—algorithmic applications."

In the one-pager, Cruz noted that "most US rules and regulations do not squarely apply to emerging technologies like AI." So "rather than force AI developers to design inferior products just to comply with outdated Federal rules, our regulations should become more flexible," Cruz argued.

Therrier noted that once regulations are passed, they're rarely updated and backed Cruz's logic that AI firms may need support to override old rules that could restrict AI innovation. Consider the "many new applications in healthcare, transportation, and financial services," Therrier said, which "could offer the public important new life-enriching service" unless "archaic rules" are relied on to "block those benefits by standing in the way of marketplace experimentation."

"When red tape grows without constraint and becomes untethered from modern marketplace realities, it can undermine innovation and investment, undermine entrepreneurship and competition, raise costs to consumers, limit worker opportunities, and undermine long-term economic growth," Therrier wrote.

But Therrier acknowledged that Cruz seems particularly focused on propping up a national framework to "address the rapid proliferation of AI legislative proposals happening across the nation," noting that over 1,000 AI-related bills were introduced in the first half of this year.

Netchoice similarly celebrated the bill's "innovation-first approach," claiming "the SANDBOX Act strikes an important balance" between "giving AI developers room to experiment" and "preserving necessary safeguards."

To critics, the bill's potential to constrict new safeguards remains a primary concern. Steinhauser, of the Alliance for Secure AI, suggested that critics may get answers to their biggest questions about how well the law would work to protect public safety "in the coming days."

His group noted that just during this summer alone, "multiple companies have come under bipartisan fire for refusing to take Americans’ safety seriously and institute proper guardrails on their AI systems, leading to avoidable tragedies." They cited Meta allowing chatbots to be creepy to kids and OpenAI rushing to make changes after a child died after using ChatGPT to research a suicide.

Under Cruz's bill, the primary consumer protection seems to be requiring companies to provide warnings that consumers may be exposed to certain risks by interacting with experimental products. Those warnings would explain that consumers can attempt to hold companies civilly or criminally liable for any loss or damages, the bill said, while warning that the product could be discontinued at any time. Warnings must also provide contact information to send any complaints to the National Artificial Intelligence Initiative Office, the bill said.

However, critics who worry particularly about child safety are worried that warnings aren't enough. Consider how chatbots providing warnings that they're not real people or licensed therapists has not prevented some users from dangerously blurring the line between AI worlds and reality.

"This legislation is a victory for Big Tech CEOs, who have consistently failed to protect Americans from social and psychological harms caused by their products," Alliance for Secure AI warned.

So far, states have led efforts to police AI. Notably, Illinois banned AI therapy after research found chatbot therapists fuel delusions, and California is close to becoming the first state to restrict companion bots to protect kids. Other state protections, Tech Policy Press reported, cover "critical areas of life like housing, education, employment, and credit," as well as addressing deepfakes that could impact elections and public safety.

Critics are hoping that bipartisan support for these state efforts, as well as federal efforts like the Take It Down Act (which Cruz supported), will ensure that Cruz's framework and sandbox bill aren't adopted as drafted.

"It’s unconscionable to risk the American public’s safety to enrich AI companies that are already collectively worth trillions," Public Citizen said. "The sob stories of AI companies being ‘held back’ by regulation are simply not true and the record company valuations show it. Lawmakers should stand with the public, not corporate lobbyists, and slam the brakes on this reckless proposal. Congress should focus on legislation that delivers real accountability, transparency, and consumer protection in the age of AI."

Read full article

Comments

Susan Monarez, the former director of the Centers for Disease Control and Prevention who was ousted last month after mere weeks in the role, is set to testify before the Senate next week about what was behind her dramatic downfall, as well as the ongoing chaos at the public health agency under health secretary and anti-vaccine activist Robert F. Kennedy Jr.

In a hearing last Thursday before the Senate Finance Committee, a combative Kennedy repeatedly called Monarez a liar and made the incredible claim that he fired her after he asked her directly if she was a trustworthy person and she responded "no." While senators clearly struggled to believe that explanation, Sen. Thom Tillis (R-NC) wryly noted that Kennedy should have asked her the question before having the Senate confirm her for the role.

In an op-ed published in The Wall Street Journal the same day as Kennedy's testimony, Monarez gave a different account of her firing—one corroborated by independent reporting—saying that she was ousted after she refused Kennedy's directives to fire senior CDC staff and pre-approve vaccine recommendations from an advisory committee he had stacked with fellow anti-vaccine advocates.

In the hearing next week, Monarez will go before the Senate Health, Education, Labor, and Pensions (HELP) committee, chaired by Sen. Bill Cassidy (R-La.). Along with Monarez, the committee will hear from Debra Houry, the former chief medical officer for the CDC, who resigned—alongside two other high-ranking CDC leaders—upon Monarez's ouster. The hearing is scheduled for next Wednesday, September 17, at 10 am ET.

“To protect children’s health, Americans need to know what has happened and is happening at the CDC," Cassidy said in an announcement of the hearing. "They need to be reassured that their child’s health is given priority. Radical transparency is the only way to do that."

Cassidy, a physician who strongly supports vaccines, cast a critical vote for Kennedy's confirmation as health secretary, despite reservations about his anti-vaccine views. At the time, Cassidy said he had gotten assurances from Kennedy that he would not take vaccines away from Americans or undermine the CDC's childhood vaccine schedule. However, Kennedy has already done both, and health experts fear that the long-time anti-vaccine activist will continue to dismantle the CDC's evidence-based vaccination recommendations.

In the Senate Finance Committee hearing last week, Cassidy relayed accounts of a cancer patient being unable to get a COVID-19 vaccine and doctors being confused by the current state of access to the shots. "Effectively we're denying people vaccines," Cassidy said. Kennedy retorted: "You're wrong."

“Serious allegations”

The HELP committee hearing is scheduled the day before Kennedy's anti-vaccine-stacked CDC advisory panel is scheduled to meet and discuss COVID-19 vaccine recommendations, as well as recommendations for some childhood vaccines. In June, Kennedy fired all 17 highly qualified, respected, and thoroughly vetted experts on the panel—the CDC's Advisory Committee on Immunization Practices (ACIP). The committee now contains seven members hand-selected by Kennedy, including Robert Malone, who has falsely claimed COVID-19 vaccines cause a form of AIDS, and Retsef Levi, who said in a 2023 video that COVID-19 vaccines should be removed from the market. As recently as last month, Levi had the video pinned to his X account.

Kennedy is reportedly vetting seven additional members for ACIP, who may be added before the next meeting. They include additional anti-vaccine voices and fringe members of the medical community, such as Kirk Milhoan, who promoted the de-worming drug ivermectin to treat COVID-19, despite several clinical trials finding it is not effective. There is also Joseph Fraiman, who has repeatedly called for COVID-19 vaccines to be pulled from the market.

Also on the list is Catherine Stein, who, The Washington Post noted, has advocated against vaccine mandates and wrote a 2021 article arguing that people should not be afraid of contracting COVID-19 because: "Our Lord has given us a mission to share the gospel. If we live in fear of death, that weakens our testimony. Remember, the Lord Jesus did not fear lepers, and leprosy was (and continues to be) a highly contagious infectious disease."

Leprosy, or Hansen's disease, is, in fact, not a highly contagious disease. It does not spread easily from person to person, is not spread through casual contact, and about 95 percent of people are immune to it naturally. COVID-19, meanwhile, is estimated to have caused more than 7 million deaths worldwide since the start of the pandemic.

Regardless of whether these candidates are added to the roster, Cassidy has called for the ACIP meeting scheduled for September 18 and 19 to be postponed.

"Serious allegations have been made about the meeting agenda, membership, and lack of scientific process being followed for the now announced September ACIP meeting," Cassidy said. "These decisions directly impact children’s health and the meeting should not occur until significant oversight has been conducted. If the meeting proceeds, any recommendations made should be rejected as lacking legitimacy given the seriousness of the allegations and the current turmoil in CDC leadership."

After Monarez and Houry testify before the HELP committee, Cassidy said that Senators are planning to invite current health officials to respond in a subsequent hearing.

Read full article

Comments

While the Trump administration has continued to refer to efforts to avoid the worst impacts of climate change as a scam, it has done almost nothing to counter the copious scientific evidence that demonstrates that climate change is real and doing real damage to the citizens of the US. The lone exception has been a draft Department of Energy report prepared by a handful of carefully chosen fringe figures that questioned the mainstream understanding of climate change. The shoddy work and questionable conclusions of that report were so extensive that an analysis of it required over 450 pages to detail all of its shortcomings.

But its shortcomings may not have been limited to the science, as a lawsuit alleges that its preparation violated a law that regulates the activities of federal advisory panels. Now, in an attempt to avoid dealing with that lawsuit, the Department of Energy is claiming that it dissolved the committee that prepared the report, making the lawsuit moot.

Meanwhile, Congress is also attempting to muddy the waters. In response to the DOE report, the National Academies of Science announced that it would prepare a report describing the current state of climate science. Republicans on the House Committee on Oversight have responded by announcing an investigation of the National Academies "for undermining the EPA."

The vanishing committee

As we noted in our original coverage, the members of the advisory group that prepared the DOE report were carefully chosen for having views that are well outside the mainstream of climate science. Based on their past public statements, they could be counted on to produce a report that would question the severity of climate change and raise doubts about whether we had any evidence it was happening. The report they produced went beyond that by suggesting that the net effect of our carbon emissions was likely to be a positive for humanity.

Not only was that shoddy science, but a lawsuit filed by the Environmental Defense Fund and the Union of Concerned Scientists suggested that it was likely illegal. Groups like the one that wrote the report, the suit alleges, fall under the Federal Advisory Committee Act, which (among other things) dictates that these groups must be "fairly balanced in terms of the points of view represented," rather than be selected in order to reinforce a single point of view.

The "among other things" that the law dictates is that the advisory groups have public meetings that are announced in advance, be chartered with a well-defined mission, and all of their records be made available to the public. In contrast, nobody within the Department of Energy, including the contrarians who wrote the report, acknowledged the work they were doing publicly until the day the draft report was released.

The suit alleges that the work of this group fell under the Federal Advisory Committee Act, and the group violated the act in all of the above ways and more. The act asks the courts to force the DOE to disclose all the relevant records involved with the preparation of the report, and to cease relying on it for any regulatory actions. That's significant because the Environmental Protection Agency cited it in its attempts to roll back its prior finding that greenhouse gases posed a danger to the US public.

This week, the DOE responded in court by claiming the panel that produced the report had been dissolved, making the suit moot. That does not address the fact that the EPA is continuing to rely on the report in its attempts to argue there's no point in regulating greenhouse gases. It also leaves the report itself in a weird limbo. Its release marked the start of a period of public comment, and said comments were supposed to be considered during the revisions that would take place before the draft was finalized.

Failure to complete the revision process would leave the EPA vulnerable to claims that it's relying on an incomplete draft report for its scientific justifications. So, while the DOE's tactics may protect some of its internal documents, it may ultimately cause larger problems for the Trump administration's agenda.

Attacking the academies

Earlier this year, we were critical of the US's National Academies of Science for seemingly refusing to respond to the Trump administration's attacks on science. That reticence appeared to end in August with the release of the DOE climate report and the announcement that the EPA was using that report as the latest word on climate science, which it argued had changed considerably since the initial EPA decisions on this issue in 2009.

In response, the National Academies announced that it would fast-track a new analysis of the risks posed by greenhouse gases, this one done by mainstream scientists instead of a handful of fringe figures. The goal was to get it done before the EPA closed its public comment period on its proposal to ignore greenhouse gases.

Obviously, this poses a threat to the EPA's planned actions, which apparently prompted Republicans in Congress to step in. Earlier this month, the chair of the House Committee on Oversight and Government Reform, Rep. James Comer (R-Ky.), announced he was investigating the National Academies for preparing this report, calling it "a blatant partisan act to undermine the Trump Administration."

Comer has also sent a letter to the National Academies, outlining his concerns and demanding a variety of documents. Some of these are pretty convoluted: "The study is led by a National Academies member who serves as an external advisor to the Science Philanthropy Alliance, which has ties to the left-wing group Arabella Advisors through the New Venture Fund, an organization that promotes a variety of progressive causes and funds major climate litigation," Comer says, suggesting ... it's not entirely clear what. Another member of the study panel had the audacity to endorse former President Biden for his climate policies. Separately, Comer says he's concerned about the source of the funds that will pay for this study.

Some of Comer's demands are consistent with this, focusing on funding for this review. But he goes well beyond that, demanding a list of all the National Academies' sources of funding, as well as any internal communications about this study. He's also going on a bit of a witch hunt within the federal government, demanding any communications the NAS has had with government employees regarding the DOE's report or the EPA's greenhouse gas decisions.

It's pretty clear that Comer recognizes that any unbiased presentation of climate science is going to undercut the EPA's rationale for reversing course on greenhouse gas regulations. So, he's preparing in advance to undercut that presentation by claiming it's rife with conflicts of interest—and he's willing to include "supporting politicians who want to act on climate change" as a conflict.

All of this maneuvering is taking place before the EPA has even finalized its planned U-turn on greenhouse gases, a step that will undoubtedly trigger additional investigations and lawsuits. In many ways, this is likely to reflect many of these parties laying the groundwork for the legal fight to come. And, while some of this is ostensibly about the state of the science that has supported the EPA's past policy decisions, it's clear that the administration and its supporters are doing their best to minimize science's impact on their preferred course of action.

Read full article

Comments

Under ardent anti-vaccine activist Robert F. Kennedy Jr, federal health officials are working to link COVID-19 mRNA vaccines to the deaths of 25 children, and may further restrict access to the shots, possibly recommending them for people aged 75 and up, instead of 65 and up, according to The Washington Post.

Four unnamed sources close to the situation told the Post that Trump administration health officials appear to be using information from the Vaccine Adverse Event Reporting System (VAERS) to make the claim that COVID-19 vaccines have killed children. VAERS is a system in which anyone can report anything they think is an adverse event related to a vaccination. The reports are completely unverified upon submission, and the Centers for Disease Control and Prevention staff follow up on serious reports to try to substantiate claims and assess if they were actually caused by a vaccine. They rarely are.

Vaccine safety

Federal health experts continuously monitor VAERS and other safety surveillance systems, exhaustively assessing the safety of vaccines. After billions of COVID-19 doses have been administered worldwide, they—like other governments, health organizations, and academic researchers around the world—have found the shots to be remarkably safe. While they have been linked to a risk of myocarditis and pericarditis (inflammation of the heart and surrounding tissue, respectively), that risk is low and the cases are generally mild. During the 2023–2024 COVID-19 season, the incidence rate of heart conditions was 27 cases per million doses for males aged 12 to 24, who have the highest risk of any group. The shots have not been linked to deaths or heart transplants, according to data presented by staff experts at the CDC.

Generally, among people of all ages, death rates were lower for those vaccinated with mRNA COVID-19 vaccines than in the general population. Meanwhile, 25 children died of COVID-19—the disease, not the vaccine—since July 2023. Of those 25 children, 16 were old enough to get vaccinated, but 14 had no record of getting a vaccine, and none were up-to-date on their vaccines.

Still, Kennedy has a long-established disdain for the mRNA vaccines. In 2021, at the height of the pandemic, Kennedy petitioned the Food and Drug Administration to revoke authorization of COVID-19 vaccines and refrain from approving any future COVID-19 vaccines. He has since repeatedly spread false information about the vaccine, including claiming, without evidence, that they have caused the death of children and are "the deadliest vaccine[s] ever made." In making those comments, Kennedy has pointed to VAERS as his data source.

Now that Kennedy is Secretary of the Department of Health and Human Services (HHS), he has continued his anti-vaccine agenda and diligently installed allies in federal health agencies who share his anti-vaccine, anti-science, and anti-public health views.

Attack on vaccines

For instance, last month, Kennedy canceled nearly $500 million in grants that supported developing mRNA vaccines to prevent the next pandemic. In June, Kennedy fired all 17 highly qualified and respected experts on a vaccine advisory panel for the CDC—the Advisory Committee on Immunization Practices—which sets the vaccine standards and insurance coverage for the country. Kennedy quickly restocked ACIP with hand-selected members who share his contempt for mRNA vaccines and pandemic policies. He's currently considering adding more such members.

Kennedy's ACIP is scheduled to meet next week, September 18 and 19, to discuss COVID-19 vaccines, as well as the Hepatitis B vaccine, the measles, mumps, rubella, varicella (MMRV) vaccine, and Respiratory Syncytial Virus (RSV).

While the new members could vote to further restrict access to any of those safe, lifesaving vaccines, most of the focus has been on COVID-19 vaccine access. That access is currently in chaos due to new restrictions and a lack of updated ACIP recommendations, which are usually made earlier in the year. Under Kennedy, the FDA restricted access to the vaccines, changing the product approvals from being available to everyone ages 6 months and up to now only being approved for those 65 and older, and those under 64 who have a medical condition that puts them at a higher risk of COVID-19.

While some experts and health care providers had hoped that next week's ACIP meeting would add clarity to the situation and allow healthy adults and children better access to the shots, the Post's reporting suggests that's unlikely. According to their sources, Kennedy's ACIP is considering recommending the vaccines to those 75 and older, while instructing those 74 and younger to speak with their doctor about getting a shot. Another reported option is to not recommend the vaccine to people under the age of 75 at all, unless they have a preexisting condition.

Backlash

Such additional restrictions would likely intensify the backlash against Kennedy's anti-vaccine agenda. Already, medical organizations have taken the unprecedented action to release their own evidence-based guidances that maintain COVID-19 vaccine recommendations for healthy children, particularly those under age 2, pregnant people, and healthy adults. Many medical and health organizations, as well as lawmakers, and over 1,000 current and former HHS employees have also called for Kennedy to resign.

Criticism of Kennedy's actions has spread across party lines. Sen. Bill Cassidy (R-La.), a vaccine-supporting physician who cast a critical vote for Kennedy's confirmation, had accused Kennedy of denying people vaccines and called for next week's ACIP meeting to be postponed.

“Serious allegations have been made about the meeting agenda, membership, and lack of scientific process being followed for the now announced September ACIP meeting," Cassidy said. "These decisions directly impact children’s health, and the meeting should not occur until significant oversight has been conducted. If the meeting proceeds, any recommendations made should be rejected as lacking legitimacy given the seriousness of the allegations and the current turmoil in CDC leadership."

Meanwhile, in a clear rebuff of Kennedy's cancellation of mRNA vaccine funding, the Republican-led House Committee on Appropriations this week passed a 2026 spending bill that was specifically amended to inject the words "including of mRNA vaccines" into a sentence about pandemic preparedness funding. The bill now reads: "$1,100,000,000, to remain available through September 30, 2027, shall be for expenses necessary to support advanced research and development, including of mRNA vaccines, pursuant to section 319L of the PHS Act and other administrative expenses of the Biomedical Advanced Research and Development Authority."

Read full article

Comments

A customer had an app with a plugin model based on vendor-supplied COM objects that are loaded into the process via Co­Create­Instance.

These COM objects run in-process, but the customer realized that these plugins were a potential source of instability, and they saw that you can instruct COM to load the plugin into a sacrificial process so that if the plugin crashes, the main program is unaffected.

What they want is something like this:

But how do you opt a third-party component into the COM Surrogate? The third party component comes with its own registration, and it would be rude to alter that registration so that it runs in a COM Surrogate. Besides, a COM Surrogate requires an AppId, and the plugin might not have one.

The answer is simple: Create your own object that is registered to run in the COM Surrogate. Define an interface for that custom object, say, ISurrogateHost and give that interface a method like LoadPlugin(REFCLSID pluginClsid, REFIID iid, void** result) which calls Co­Create­Instance on the plugin CLSID and requests the specified interface pointer from it. (If you want to support aggregation, you can add a punkOuter parameter.)

The Load­Plugin method runs inside the surrogate, so when the plugin loads in-process, it loads into the surrogate process.

The host can return a reference to the plugin directly to the main app engine, so it steps out of the way once the two sides are connected. The purpose of the host is to set up a new process.

In fact, you don’t even need to invent that special surrogate interface. There is already a standard COM interface that does this already: ICreateObject. It has a single method, uncreatively named CreateObject that takes exactly the parameters we want, including the punkOuter.

Your surrogate host object would go like this, using (rolls dice) the WRL template library.

struct SurrogateHost :
    Microsoft::WRL::RuntimeClass<
        Microsoft::WRL::RuntimeClassFlags<
            Microsoft::WRL::RuntimeClassType::ClassicCom |
            Microsoft::WRL::RuntimeClassType::InhibitWeakReference>,
    ICreateObject, Microsoft::WRL::FtmBase>
{
    STDMETHOD(CreateObject)(
        REFCLSID clsid,
        IUnknown* outer,
        REFIID iid,
        void** result)
    {
        return CoCreateInstance(clsid, outer,
            CLSCTX_INPROC_SERVER, riid, result);
    }
};

In the engine, where you would normally do

hr = CoCreateInstance(pluginClsid, outer, CLSCTX_INPROC_SERVER,
        riid, result);

you instead create a surrogate host:

Microsoft::WRL::ComPtr<ICreateObject> host;
hr = CoCreateInstance(CLSID_SurrogateHost, nullptr,
        CLSCTX_LOCAL_SERVER, IID_PPV_ARGS(&host));

and then each time you need an object, you ask the surrogate host to do it:

hr = host->CreateObject(pluginClsid, outer, riid, result);

You can even get fancy and decide that some plugins are sus and should run in a surrogate, whereas others are trustworthy and may run inside the main process.

if (is_trustworthy(pluginClsid)) {
    // Let this one load into the main process
    hr = CoCreateInstance(pluginClsid, outer, CLSCTX_INPROC_SERVER,
            riid, result);
} else {
    // Boot this one to the surrogate process
    hr = host->CreateObject(pluginClsid, outer, riid, result);
}

Reusing the host object means that a single surrogate process is used for all plugins. If you want each plugin running in a separate surrogate, then create a separate host for each one.

The post How can I convert a third party in-process server so it runs in the COM surrogate? appeared first on The Old New Thing.

Consider the following:

void f(int, int);
void f(char*, char*);

void test(std::tuple<int, int> t)
{
    std::apply(f, t); // error
}

The compiler complains that it cannot deduce the type of the first parameter.

I’m using std::apply here, but the same arguments apply to functions like std::invoke and std::bind.

From inspection, we can see that the only overload that makes sense is f(int, int) since that is the only one that accepts two integer parameters.

But the compiler doesn’t know that std::apply is going to try to invoke its first parameter with arguments provided by the second parameter. The compiler has to choose an overload based on the information it is given in the function call.¹

Although the compiler could be taught the special behavior of functions like std::apply and std::invoke and use that to guide selection of an overload, codifying this would require verbiage in the standard to give those functions special treatment in the overload resolution process.

And even if they did, you wouldn’t be able to take advantage of it in your own implementations of functions similar to std::apply and std::invoke.

template<typename Callable,
            typename Tuple>
auto logapply(Callable&& callable,
              Tuple&& args)
{
    log("applying!");
    return std::apply(
        std::forward<Callable>(callable),
        std::forward<Tuple>(args));
}

The standard would have to create some general way of expressing “When doing overload resolution, look for an overload of the callable that accepts these arguments.”

Maybe you can come up with something and propose it to the standards committee.

In the meantime, you can work around this with a lambda that perfect-forwards the arguments to the overloaded function.

void test(std::tuple<int, int> t)
{
    std::apply([](auto&&... args) {
        f(std::forward<decltype(args)>args)...);
    }, t);
}

This solves the problem because the type of the lambda is, well, the lambda. The overload resolution doesn’t happen until the lambda template is instantiated with the actual parameter types from the tuple, at which point there is now enough information to choose the desired overload.

Now, in this case, we know that the answer is int, int, so the lambda is a bit wordier than it could have been.

void test(std::tuple<int, int> t)
{
    std::apply([](int a, int b) {
        f(a, b);
    }, t);
}

However, I presented the fully general std::forward version for expository purposes.

¹ You can see this problem if we change the overloads a little:

void f(int, int);
void f(char*, int);

auto test(int v)
{
    return std::bind(f, std::placeholders::_1, v);
}

At the point of the bind, you don’t know whether the result is going to be invoked with an integer or a character pointer, which means that you don’t know whether you want the first overload (that takes two integers) or the second overload (that takes a character pointer and an integer).

The post Why can’t <CODE>std::apply</CODE> figure out which overload I intend to use? Only one of then will work! appeared first on The Old New Thing.