Herewith several articles that I've read lately for which I'm not going to write individual posts.

• Bruce Schneier has railed for years against security theater, ostensible security measures that have little real effect, but are performed to be seen as doing something — airline security being the most wretched example. Patrick Smith wrote a good piece on airport security follies at the NYT airline blog. We should all be protesting loudly at this nonsense, but no-one does because of the fear of ending up on a no-fly list.

• Also in the NYT, Harold McGee wrote a par­tic­u­lar­ly in­ter­est­ing article on the hidden ingredient in cooking, heat.

  That’s the basic challenge: We’re often aiming …continue.

In my post about Printf Tricks a couple of years ago, I mentioned that "%n is dangerous and disabled by default in Visual Studio 2005."

I got email today from someone who was porting a large codebase to VS 2005. He was getting an assert from %n and he needed a way to get past it. He intends to fix the uses of %n when he has a chance.

I spent several minutes digging around in MSDN and came up with set_print­f_­coun­t_out­put. Wikipedi­a's Format string attack page led me to Exploiting Format String Vul­ner­a­bil­i­ties, which describes in detail how %n (and %s) may be exploited.

In short, if you …continue.

I blogged before about KeePass, a free password manager utility. A few minutes ago, I added the 200th entry to my password database, when I registered to download VMware Server.

200 entries! At one point or another, I've registered on a hell of a lot of websites. I also use KeePass to keep track of credit card numbers, software reg­is­tra­tion keys, and so on. KeePass not only lets me use distinct, strong passwords for each site, but it also lets me remember which sites I've registered on. Some sites want me to use my email address; others prefer an al­phanu­mer­ic username.

One friend reliably informs me that KeePass runs just fine …continue.