diff --git a/src/remote/channelSearchManager.cpp b/src/remote/channelSearchManager.cpp
index 0fe9da1..c69b5f8 100644
--- a/src/remote/channelSearchManager.cpp
+++ b/src/remote/channelSearchManager.cpp
@@ -50,6 +50,8 @@ public:
 namespace epics {
 namespace pvAccess {
 
+// these are byte offset in a CMD_SEARCH request message
+// used to mangle a buffer to support incremental construction.  (ick!!!)
 const int ChannelSearchManager::DATA_COUNT_POSITION = PVA_MESSAGE_HEADER_SIZE + 4+1+3+16+2+1+4;
 const int ChannelSearchManager::CAST_POSITION = PVA_MESSAGE_HEADER_SIZE + 4;
 const int ChannelSearchManager::PAYLOAD_POSITION = 4;
diff --git a/src/server/responseHandlers.cpp b/src/server/responseHandlers.cpp
index c2eb0be..1b97405 100644
--- a/src/server/responseHandlers.cpp
+++ b/src/server/responseHandlers.cpp
@@ -283,6 +283,7 @@ void ServerSearchHandler::handleResponse(osiSockAddr* responseFrom,
     const int32 count = payloadBuffer->getShort() & 0xFFFF;
 
     // TODO DoS attack?
+    //   You bet!  With a reply address encoded in the request we don't even need a forged UDP header.
     const bool responseRequired = (QOS_REPLY_REQUIRED & qosCode) != 0;
 
     //