The NSA has been involved with NIST and industry to produce a series of NIST Special Publications ( http://csrc.nist.gov/publications/PubsSPs.html ) which include BIOS security. This includes 800-147, 800-147B, 800-155, 800-164 etc.
I have no idea how many manufacturers implement these -- but there are some really gnarly issues there. It isn't even clear what BIOS means in the context of a blade server with multiple processors, management engines etc.
The TL;DR for these specs is that a BIOS update should not be accepted by the system if it is not signed by the BIOS manufacturer. This is a step in the right direction. Of course, it doesn't protect you from someone with access to the BIOS signing keys for a particular BIOS vendor (and there aren't many BIOS vendors around). I don't think that if 800-147 is implemented that it makes anything easier for the NSA, except that it might engender a false sense of security.
As a fifty+ year old coder/designer/architect, I just went back to do another startup where I get to write code again and to mentor the rest of the team. The reason to write code is that I want to build something and have it used by customers (preferably paying ones). I can have the biggest impact in a small startup where we want to change the world (or at least a small, profitable, segment of it!)
At 50+, your priorities do change somewhat -- family and kids are more important -- but these all encourage you to work smarter rather than longer. You also gain (through experience) an intuitive feel for what will work, and what will not.
The good news is that, in a court, if one party destroys evidence, the court is required to assume that the evidence is favorable to the other party. I.e. if the cops destroy a video, then the court assumes that it would be in favor of the defendant.
It also might mean they don't fancy going against a router model made up of bsd and linux software-based routers on appliance hardware in the home market.
As far as I know, most of the home routers today are based on open source platforms. [Yes, I know that some models use proprietary operating systems as it allows less RAM to be provided on the box]
I'm just about to install networked thermostats into my house. The current model is that it connects to a central server somewhere, and, in order to control my thermostat, I also have to connect to that site. This is crazy. I should be able to talk directly to my thermostat (over v6) from my smartphone (without needing to type in a v6 address!) Somehow my home firewall (without configuration) has to know that it can let my traffic in, but not other people who want to change the setting on my thermostat.
The trick is finding a way to make this happen securely and without configuration. On the face of it, this seems like a challenging task.
If legislation is passed that requires websites to be shutdown based on copyright infringement accusations, then I doubt that any of the RIAA member companies websites would last for long. They use a vast amount of copyrighted material all the way from the music that they think they have rights to (but what about all the samples used) down to the individual icons used on a web page, and the javascript to control the cheesy animations. If *any* one of these is used without permission, then it is a copyright violation.
I know websites that have ripped off my work (though I normally grant free permission if they ask in advance).
+1 for the brultech stuff. I have 4 ECM-1240s and also a TED device. The brultech stuff is much more useful -- though it doesn't agree with the TED device on the actual power consumed by the house. I need to do some experimentation to see which is right...
I picked up a used Tektronix 7904 for under $100. Of course, the four probes that I needed cost rather more than the scope, but that's life. The 7904 (with the modules that I have) is a 350MHz unit -- which is great for doing radio work. This setup could easily have cost $10k new.
Buy one of these online and the shipping will kill you. You need to find someone local who wants to get rid of one.
Every Vista install that uses the exploitable driver, you mean. Just as an exploitable driver for Linux would open every Linux install that uses that driver. For example, I have an NVidia card; as and when I upgrade to Vista, I won't be vulnerable to this particular exploit.
Errr... Are you sure? The bad guy can bring the ATI driver with him, and load it on your system. The key question is whether it will stay loaded long enough for the exploit to work even if the hardware is not present. At Blackhat this year, a bunch of similar exploits in Vista drivers were described, and at least some of them (possibly all) did not need their specialized hardware to load and stay loaded on the box.
Also, please note that getting your own signing key is not difficult or expensive ( $1000 ) and then you can sign any old chunk of malware that you like. Of course, you might want to make it do something useful as well so as to give yourself plausible deniability if it gets detected.
What I fail to understand is why this is such a terrible thing. These vendors (Tivo, various wifi vendors etc) sell cheaper products (perhaps were enabled to enter a market) based on the existence and use of GPL code. The market gets a product at a lower price than it would have done if the vendor had been forced to build this code from scratch. The community wins.
Note that the size of the community that wins from the existence of Tivo is *much* larger than the size of the community that wrote even a single line of code that went into a Tivo. Say the cost of a Tivo is $10 less than it would be if it used all proprietary software -- thus the use of GPL code in the Tivo has saved me (personally) $20. This is not a good ROI for my linux kernel contributions, but it is better than nothing! Note that it profits me less (by $20) for them to use proprietary software.
You might argue that the community would win *more* if the vendor was more open, and it *might* be true (though I suspect in the Tivo case, they would be required to use proprietary code in order to get CableLabs certification).
Of course, it is entirely up to the individual developer what license they stick on their software. They just need to be aware that the choice of license is important if they want their code to be widely deployed. Also, how many developers actually get to choose a license anyway -- rather than contributing to a project with a pre-existing license?
Many years ago, I wrote some open source software that we ended up putting under a BSD-like license. This led to the very wide adoption of this software in all sorts of devices -- mobile phones, PCs, Tivos and possibly even spacecraft.
If this had been under the GPL, it would *not* have been deployed as widely. [Given that this software was developed in 1991, the GPL was not really a serious contender at the time]. I don't get any income under either the GPL or the BSD-like license, so that is a wash. What I do get, from wider deployment, is a bigger ego boost. This is important to me.
This is why people who take security seriously (such as the intelligence services) retype important documents and then destroy the original. In this way, any identifying marks are removed. The intelligence services also make use of printing mechanisms that uniquely identify copies of documents (think interword spacing patterns). Rekeying destroys all that information.
Why? Think about moles in the intelligence services, and having them get their hands on original documents from agents in the field. This could compromise the identity of the agent.
I typically take a bunch of pictures at weddings -- and I have taken to putting them onto a CD and giving them to the happy couple after the event. This is a real treat for them as they get the pictures to do with what they want. In one case of a coworker, he uses one of my images as his desktop background. It gives me a kick every time I see it.
My advice is to do this for your friends as well. They will thank you for it (especially if their photographer is old-school).
What is really needed is for the ISPs to support SSM (Source Specific Multicast). This would allow anybody to stream audio or video in an efficient way. The bad news is that few ISPs have it turned on. The core backbone is enabled, so that isn't an issue. Why isn't it turned on? No demand!
Call/email your local ISP and tell them that you want SSM support. If enough people call, then they will turn it on (they already have all the equipment). Once turned on, I predict that there will be a flowering of software to exploit it -- this will include audio/video broadcasting, p2p applications, audio chatrooms etc.
It looks to me as though the socket labelled 10/100 LAN is actually an RJ-11 and not an RJ-45. The box also claims to have an internal DSL modem, but it isn't obvious which socket connects to that modem.
The TPM is a hardware component that implements the security model. It so happens that this exists on a bunch of modern IBM laptops. It is disabled by default.
Background: The TPM contains a number of PCRs. These are (roughly) hashes of bits of code -- the BIOS, the bootloader, the kernel, etc. The TPM also contains a private/public key pair which is generated when you reinitialize the TPM (i.e. the private key is not known to anybody).
The TPM can be used to encrypt a blob of data using the private key. It can also mark the encrypted blob such that it will only decrypt it if (some set of) the PCRs have the *same* value.
What is this good for?
This means that you can tell if your kernel has been modified in a very secure way. If your application is stored encrypted on disk, then you can ask the TPM to decrypt it (probably you just ask it for the key). It will only perform this operation *if* the boot process was the same as when the application was setup.
It means that someone with a boot floppy cannot get to your data (different boot process). You could also arrange to have the data protected from single-user mode.
However, there is a downside -- upgrading the OS becomes really tricky!
I just got a Prismiq, and I have to say that for playing MP3 files, it isn't there yet. In order to run the linux server, you have to install on windows first, import the media files and then copy some control files over to windows. The bad news is that the server on windows is a bit flaky when dealing with large numbers of files. The documentation says that the limit is 50k files, and I am nowhere close to that.
The UI doesn't make it easy to find anything as it all based around a flat list of 'playlists'. I suspect that the model is that you are supposed to construct playlists on the PC and then import those. *WRONG* This is supposed to be a consumer device that is no more complex than a cable box to operate.
By comparison, I also have two Rio Receivers ($99 each) being controlled by jreceiver (runs on Linux). These boxes only do MP3s and have a (small) LCD display builtin. They support hierarchical navigation by album/artist/genre/etc. This actually makes it possible to play all your 'Pink Floyd' (or whatever). With the right firmware, the Rio also supports a jukebox mode where you can add new tracks/playlists to the current queue.
The good news is that the Prismiq people appear to be actively developing the product, so there is hope.
When anybody ever proposes a radical new approach to something, you have to wonder what the underlying problem is. In this case, a uniform postal code means that forms can be standardized to have 10 characters for entering the code. This is clearly a huge win for software providers.
Does it solve any other problems? That is not clear -- consider what the current US postal zip code can do: zip codes are allocated by the amount of mail received (some large buildings have their own 5-digit zip). Some zip codes are used by the DoD for routing mail to overseas forces (i.e. the zip does not correspond to a geographical area, but a functional grouping).
Ah -- there is another problem it solves (if adopted) -- some dot-com gets to !!PROFIT!!
Re: Greedy change making algorithm - when optimal?
on
Making Change
·
· Score: 1
The greedy algorithm (as many as possible of the largest coin, then work down) is also the minimal (fewest number of coins) algorithm for some sets of coins. However, as has been pointed out, 1, 40, 41 is not one of those sets.
The old (pre 1971) British currency was of this type:
1, 3, 6, 12, 24, 30, 60
Consider making change for 48.
My question: is there a simple way of determining whether the greedy algorithm is optimal based on the coin set?
There is a problem with using true random numbers for ISNs -- this is that the new ISN for a TCP connection (srcip/dstip/srcport/dstport) should not be in the range of the window (?) of an earlier instance of the same connection quadruple. Why? If oneof the endpoints gets rebooted and looses state while the connection is open to the other end, then it is important that the other end is able to recognize that the new SYN packet is a truly new connection (and so the old connection should be destroyed). Otherwise, the new SYN looks like a duplicate of the original SYN which has spent a long time wandering around the network. This is the reason that the ISN calculation was defined to use a clock in the original RFC.
You may think that having a duplicate quadruple is unlikely, but that isn't true. The most common quadruples are: your ip, your port just a bit bigger than 1024, your http proxy server ip, port 80.
Using a random local port also helps, though I don't know of systems that do that for TCP.
It turns out that if you tell HP that you have a 6L, they will ship you the kit. I used the kit on my 5L, and it worked absolutely fine -- no misfeeds for the past year or so.
Another thing of interest is that there is a class action lawsuit over this misfeed problem. If you have enough of the paperwork, you might get something back from HP.
If it is, then it seems a bit dishonest for the microsoft message author (Dave at the Security Response Center) to say that they don't consider it to be a bug.
If it isn't, then there must be another problem which is even more serious. Oh dear!
If you read the downloading agreement then you will see that they (Washington Post Legal / boston.com legal) do not really permit you to do with the music what you might like to do.
For example, you are not allowed to distribute the music over a LAN. This means that I could not use my Rio Receiver to play the music over my hifi system. You are also not allowed to use the music to construct any kind of database. This probably rules out most fancy players that create nice indexes of your music. It may rule out all hardware based players as they will create a (small) database of the music stored internally to the player. It certainly rules out using JReceiver as my music server.
I understand that they want to restrict the use that people make of the band's music, but it does seem a little over restrictive.
This is a message that I just mailed to CNN after reading the AP story on their site. You can send a quick email to your favorite news outlet, making sure that they do not just reprint the AP story.
I realize that you are not responsible for the contents of AP stories that appear on your website, but I think that you ought to (at least) read the story before featuring a link to it on your home page (www.cnn.com).
The 'Victory for Internet Radio' is a victory like the 'victory' that America had at Pearl Harbor in WWII. On the face of it, this was a disaster for the US Pacific Fleet, however it galvanized the US into action which led to the defeat of Japan -- a true Victory for the US.
I suggest that the final CARP rate setting deterimination has already caused Internet broadcasters to stop broadcasting, and more will follow over the next few weeks.
However, unless this determination gets overturned by the courts (probably unlikely given that it is people without money (internet radio) fighting people with money (RIAA)) I predict that alternative internet radio business models will arise. These models will be based on independant artists licensing their creative works at zero cost to internet radio stations (via an independant licensing agency) in return for airplay. This airplay will generate CD sales and thus the artist gets paid.
Where does this leave the RIAA? In bed with the small number of commercial AM/FM broadcasters who see their market share dwindling.
When the CARP issue first came up, I actually took
action and wrote a set of comments to the LOC on the issue. Given the amount of publicity about this issue, I was suprised by the small number (39) of comments received by the LOC.
This note really indicates that you can make a difference -- if only you take action. Bear in mind that some/most/all Slashdotters know more about the reality of internet radio than the LOC. This is probably also the case for most highly technical issues.
You will have to guess which of the 39 commenters I am, but I note with some satisfaction that the reply comments from the RIAA indicated that they read my initial comments, and they couldn't figure out how to respond to one of the issues raised.
Slashdot Mirror
The NSA has been involved with NIST and industry to produce a series of NIST Special Publications ( http://csrc.nist.gov/publications/PubsSPs.html ) which include BIOS security. This includes 800-147, 800-147B, 800-155, 800-164 etc.
I have no idea how many manufacturers implement these -- but there are some really gnarly issues there. It isn't even clear what BIOS means in the context of a blade server with multiple processors, management engines etc.
The TL;DR for these specs is that a BIOS update should not be accepted by the system if it is not signed by the BIOS manufacturer. This is a step in the right direction. Of course, it doesn't protect you from someone with access to the BIOS signing keys for a particular BIOS vendor (and there aren't many BIOS vendors around). I don't think that if 800-147 is implemented that it makes anything easier for the NSA, except that it might engender a false sense of security.
As a fifty+ year old coder/designer/architect, I just went back to do another startup where I get to write code again and to mentor the rest of the team. The reason to write code is that I want to build something and have it used by customers (preferably paying ones). I can have the biggest impact in a small startup where we want to change the world (or at least a small, profitable, segment of it!)
At 50+, your priorities do change somewhat -- family and kids are more important -- but these all encourage you to work smarter rather than longer. You also gain (through experience) an intuitive feel for what will work, and what will not.
The good news is that, in a court, if one party destroys evidence, the court is required to assume that the evidence is favorable to the other party. I.e. if the cops destroy a video, then the court assumes that it would be in favor of the defendant.
It also might mean they don't fancy going against a router model made up of bsd and linux software-based routers on appliance hardware in the home market.
As far as I know, most of the home routers today are based on open source platforms. [Yes, I know that some models use proprietary operating systems as it allows less RAM to be provided on the box]
I'm just about to install networked thermostats into my house. The current model is that it connects to a central server somewhere, and, in order to control my thermostat, I also have to connect to that site. This is crazy. I should be able to talk directly to my thermostat (over v6) from my smartphone (without needing to type in a v6 address!) Somehow my home firewall (without configuration) has to know that it can let my traffic in, but not other people who want to change the setting on my thermostat.
The trick is finding a way to make this happen securely and without configuration. On the face of it, this seems like a challenging task.
Philip
If legislation is passed that requires websites to be shutdown based on copyright infringement accusations, then I doubt that any of the RIAA member companies websites would last for long. They use a vast amount of copyrighted material all the way from the music that they think they have rights to (but what about all the samples used) down to the individual icons used on a web page, and the javascript to control the cheesy animations. If *any* one of these is used without permission, then it is a copyright violation.
I know websites that have ripped off my work (though I normally grant free permission if they ask in advance).
The bigger they are, the harder they fall.
+1 for the brultech stuff. I have 4 ECM-1240s and also a TED device. The brultech stuff is much more useful -- though it doesn't agree with the TED device on the actual power consumed by the house. I need to do some experimentation to see which is right...
I picked up a used Tektronix 7904 for under $100. Of course, the four probes that I needed cost rather more than the scope, but that's life. The 7904 (with the modules that I have) is a 350MHz unit -- which is great for doing radio work. This setup could easily have cost $10k new.
Buy one of these online and the shipping will kill you. You need to find someone local who wants to get rid of one.
Every Vista install that uses the exploitable driver, you mean. Just as an exploitable driver for Linux would open every Linux install that uses that driver. For example, I have an NVidia card; as and when I upgrade to Vista, I won't be vulnerable to this particular exploit.
Errr... Are you sure? The bad guy can bring the ATI driver with him, and load it on your system. The key question is whether it will stay loaded long enough for the exploit to work even if the hardware is not present. At Blackhat this year, a bunch of similar exploits in Vista drivers were described, and at least some of them (possibly all) did not need their specialized hardware to load and stay loaded on the box.
Also, please note that getting your own signing key is not difficult or expensive ( $1000 ) and then you can sign any old chunk of malware that you like. Of course, you might want to make it do something useful as well so as to give yourself plausible deniability if it gets detected.
What I fail to understand is why this is such a terrible thing. These vendors (Tivo, various wifi vendors etc) sell cheaper products (perhaps were enabled to enter a market) based on the existence and use of GPL code. The market gets a product at a lower price than it would have done if the vendor had been forced to build this code from scratch. The community wins.
Note that the size of the community that wins from the existence of Tivo is *much* larger than the size of the community that wrote even a single line of code that went into a Tivo. Say the cost of a Tivo is $10 less than it would be if it used all proprietary software -- thus the use of GPL code in the Tivo has saved me (personally) $20. This is not a good ROI for my linux kernel contributions, but it is better than nothing! Note that it profits me less (by $20) for them to use proprietary software.
You might argue that the community would win *more* if the vendor was more open, and it *might* be true (though I suspect in the Tivo case, they would be required to use proprietary code in order to get CableLabs certification).
Of course, it is entirely up to the individual developer what license they stick on their software. They just need to be aware that the choice of license is important if they want their code to be widely deployed. Also, how many developers actually get to choose a license anyway -- rather than contributing to a project with a pre-existing license?
Many years ago, I wrote some open source software that we ended up putting under a BSD-like license. This led to the very wide adoption of this software in all sorts of devices -- mobile phones, PCs, Tivos and possibly even spacecraft.
If this had been under the GPL, it would *not* have been deployed as widely. [Given that this software was developed in 1991, the GPL was not really a serious contender at the time]. I don't get any income under either the GPL or the BSD-like license, so that is a wash. What I do get, from wider deployment, is a bigger ego boost. This is important to me.
Technically, the last second of the year (UTC) will be 2005-12-31 23:59:60
Note that in the US, this extra second happens in the evening, so we get 2005-12-31 18:59:60 in Boston, MA.
For linux people, you might see the following elusive message appear:
Clock: inserting leap second 23:59:60 UTC
if you are running xntpd, and everything is working correctly!
This is why people who take security seriously (such as the intelligence services) retype important documents and then destroy the original. In this way, any identifying marks are removed. The intelligence services also make use of printing mechanisms that uniquely identify copies of documents (think interword spacing patterns). Rekeying destroys all that information.
Why? Think about moles in the intelligence services, and having them get their hands on original documents from agents in the field. This could compromise the identity of the agent.
I typically take a bunch of pictures at weddings -- and I have taken to putting them onto a CD and giving them to the happy couple after the event. This is a real treat for them as they get the pictures to do with what they want. In one case of a coworker, he uses one of my images as his desktop background. It gives me a kick every time I see it.
My advice is to do this for your friends as well. They will thank you for it (especially if their photographer is old-school).
Call/email your local ISP and tell them that you want SSM support. If enough people call, then they will turn it on (they already have all the equipment). Once turned on, I predict that there will be a flowering of software to exploit it -- this will include audio/video broadcasting, p2p applications, audio chatrooms etc.
It looks to me as though the socket labelled 10/100 LAN is actually an RJ-11 and not an RJ-45. The box also claims to have an internal DSL modem, but it isn't obvious which socket connects to that modem.
It looks like a render to me.
The TPM is a hardware component that implements the security model. It so happens that this exists on a bunch of modern IBM laptops. It is disabled by default.
Background: The TPM contains a number of PCRs. These are (roughly) hashes of bits of code -- the BIOS, the bootloader, the kernel, etc. The TPM also contains a private/public key pair which is generated when you reinitialize the TPM (i.e. the private key is not known to anybody).
The TPM can be used to encrypt a blob of data using the private key. It can also mark the encrypted blob such that it will only decrypt it if (some set of) the PCRs have the *same* value.
What is this good for?
This means that you can tell if your kernel has been modified in a very secure way. If your application is stored encrypted on disk, then you can ask the TPM to decrypt it (probably you just ask it for the key). It will only perform this operation *if* the boot process was the same as when the application was setup.
It means that someone with a boot floppy cannot get to your data (different boot process). You could also arrange to have the data protected from single-user mode.
However, there is a downside -- upgrading the OS becomes really tricky!
I just got a Prismiq, and I have to say that for playing MP3 files, it isn't there yet. In order to run the linux server, you have to install on windows first, import the media files and then copy some control files over to windows. The bad news is that the server on windows is a bit flaky when dealing with large numbers of files. The documentation says that the limit is 50k files, and I am nowhere close to that.
The UI doesn't make it easy to find anything as it all based around a flat list of 'playlists'. I suspect that the model is that you are supposed to construct playlists on the PC and then import those. *WRONG* This is supposed to be a consumer device that is no more complex than a cable box to operate.
By comparison, I also have two Rio Receivers ($99 each) being controlled by jreceiver (runs on Linux). These boxes only do MP3s and have a (small) LCD display builtin. They support hierarchical navigation by album/artist/genre/etc. This actually makes it possible to play all your 'Pink Floyd' (or whatever). With the right firmware, the Rio also supports a jukebox mode where you can add new tracks/playlists to the current queue.
The good news is that the Prismiq people appear to be actively developing the product, so there is hope.
When anybody ever proposes a radical new approach to something, you have to wonder what the underlying problem is. In this case, a uniform postal code means that forms can be standardized to have 10 characters for entering the code. This is clearly a huge win for software providers.
Does it solve any other problems? That is not clear -- consider what the current US postal zip code can do: zip codes are allocated by the amount of mail received (some large buildings have their own 5-digit zip). Some zip codes are used by the DoD for routing mail to overseas forces (i.e. the zip does not correspond to a geographical area, but a functional grouping).
Ah -- there is another problem it solves (if adopted) -- some dot-com gets to !!PROFIT!!
The greedy algorithm (as many as possible of the largest coin, then work down) is also the minimal (fewest number of coins) algorithm for some sets of coins. However, as has been pointed out, 1, 40, 41 is not one of those sets.
The old (pre 1971) British currency was of this type:
1, 3, 6, 12, 24, 30, 60
Consider making change for 48.
My question: is there a simple way of determining whether the greedy algorithm is optimal based on the coin set?
You may think that having a duplicate quadruple is unlikely, but that isn't true. The most common quadruples are: your ip, your port just a bit bigger than 1024, your http proxy server ip, port 80.
Using a random local port also helps, though I don't know of systems that do that for TCP.
Another thing of interest is that there is a class action lawsuit over this misfeed problem. If you have enough of the paperwork, you might get something back from HP.
If it is, then it seems a bit dishonest for the microsoft message author (Dave at the Security Response Center) to say that they don't consider it to be a bug.
If it isn't, then there must be another problem which is even more serious. Oh dear!
For example, you are not allowed to distribute the music over a LAN. This means that I could not use my Rio Receiver to play the music over my hifi system. You are also not allowed to use the music to construct any kind of database. This probably rules out most fancy players that create nice indexes of your music. It may rule out all hardware based players as they will create a (small) database of the music stored internally to the player. It certainly rules out using JReceiver as my music server.
I understand that they want to restrict the use that people make of the band's music, but it does seem a little over restrictive.
I realize that you are not responsible for the contents of AP stories that appear on your website, but I think that you ought to (at least) read the story before featuring a link to it on your home page (www.cnn.com).
The 'Victory for Internet Radio' is a victory like the 'victory' that America had at Pearl Harbor in WWII. On the face of it, this was a disaster for the US Pacific Fleet, however it galvanized the US into action which led to the defeat of Japan -- a true Victory for the US.
I suggest that the final CARP rate setting deterimination has already caused Internet broadcasters to stop broadcasting, and more will follow over the next few weeks.
However, unless this determination gets overturned by the courts (probably unlikely given that it is people without money (internet radio) fighting people with money (RIAA)) I predict that alternative internet radio business models will arise. These models will be based on independant artists licensing their creative works at zero cost to internet radio stations (via an independant licensing agency) in return for airplay. This airplay will generate CD sales and thus the artist gets paid.
Where does this leave the RIAA? In bed with the small number of commercial AM/FM broadcasters who see their market share dwindling.
I know where I would invest my dollars. Do you?
This note really indicates that you can make a difference -- if only you take action. Bear in mind that some/most/all Slashdotters know more about the reality of internet radio than the LOC. This is probably also the case for most highly technical issues.
You will have to guess which of the 39 commenters I am, but I note with some satisfaction that the reply comments from the RIAA indicated that they read my initial comments, and they couldn't figure out how to respond to one of the issues raised.