For the second time, I was asked to play a hand pan solo on stage at the BGIedu intensive. This time I was better prepared to make a better quality recording.
For those who want more detail, this percussion instrument is generically called a hand pan, and specifically this a Pantheon Steel Halo Genesis tuned in the Xiao Xiong Diao (XXD) scale. A cousin of the PanArt hand pan called a "Hang", the makers of this instrument are one of the first to successfully make an instrument of similar quality. This specific instrument was the 14th created and tuned by Kyle Cox of Pantheon Steel in August of 2009, of what is now known as the "Genesis" line of their hand pans, and in my opinion is one of his early master works. The tuning was inspired by an asian scale called Xiao Xiong Diao (XXD). This means the central ding is a C, followed by 8 notes around the edge F G Ab C D Eb F and G.
This particular piece is a structured improv in 6 taking advantage of the multiple harmonics available to a single notes on the instrument depending on how you strike it, thus is titled "Harmonic".
If you like hand pans, I have an extensive playlist of good quality hand pan performances on YouTube.
Regarding the Heartbleed bug, SSL and TLS vendors used to require code security reviews before CAs would accept certificate requests from that implementation.
My firm Consensus Development was the only one offering these reviews, largely because other security firms were scared of liability issues. Over 50% of the products failed in less then 8 hours of review, typically for very stupid mistakes. The CAs stopped asking us for reviews because it was slowing down sales of certificates.
I believe that we would have found last month's Apple bug if we reviewed it. Maybe not Heartbleed, but we were doing these security reviews TWENTY years ago. If we had kept at it we would have created better tools by now.
It may be time for CAs to require vendors to pay for implementation security reviews again, or only offer a lower level certificate. They also need to indemnify security reviewers so that they can do this kind of work without fear of being sued for not finding a bug (hard to prove a negative). And there should be a pool of funding to do independent security reviews of open source.
The amazing Tim Dierks , author of SSLRef, the reference implementation of SSL 3.0, co-author IETF TLS 1.0 standard and subsequent updates, and later creator of Google Wallet, did all of these reviews for us back then. Any memories, comments, or suggestion to add?