Yeah, the only problem with this is that it'd require quite a rewrite. I suppose all DirectPlay games work like this. I know that at least Baldur's Gate 2 and Mechwarrior 3 have this problem. And since they're quite old I doubt anybody will bother rewriting networking for them.
I know two people who I can't play with because of this exact problem. They don't have a spare computer to use as a Linux router either. There are *many* computers behind NAT these days, so the ability to work by talking to a non-NATed computer doesn't help much when all the computers are behind NAT.
Okay, but then we can avoid all this port and NAT mess completely. If you're happy with having just one port going to every device there's an easier way. Tunneling everything through HTTP with virtual hosts.
Now, standarizing pagers to port whatever is a mess. What if some companies don't follow the standard? What if it's a company with 200 pagers, page everyone?
All this is very messy in comparison to using proper DNS. Say, company Widgets Inc. has 100 employees. It's easy, having IPv6 they have enough addresses for 2^48 devices. The employee takes the pager to the sysadmin who registers the MAC address. DHCP then takes care of the IP. DNS then gives you things like john.laptops.widgets.com and john.pagers.widgets.com. Sending messages is easy, we can just send an email to john.pagers.widgets.com.
So what we have? We can trace what device makes connections to outside. Wouldn't you like to know who's the rogue employee who keeps paging somebody 500 times a day? With NAT all that would come from the same IP and require examining logs, supposing they exist, and quite a lot of cooperation of the company from which the connections are coming. With one IP per device the admin just has to find who has that IP, and DNS even identifies the device. Seriously, it's much easier to act on a complaint "I'm getting 500 messages a day from 192.168.1.25" than on "I'm getting 500 messages a day from somewhere in your company"
We also can have unrestricted communication. My coffee maker, toaster and server all have a web server on port 80.
The mess with standarizing what things are on what port by default is also avoided. For example, how does a cell phone work? Does it use the pager port for SMS and another one for other stuff? Or it has its own?
First, for something like this you need to do something. Configure NAT, enter IP addresses, whatever. Grandma doesn't know about IP addresses and ports. But I believe that grandma would be quite happy with a box that assigns IPs automatically, which IPv4 and IPv6 are perfectly capable of doing with DHCP.
Second, messing with ports is well, annoying. What happens with this when you get 13 devices? Port 13 is daytime, which has a pretty good purpose. You'd have to avoid known ports to avoid problems. So you'd use something from the unreserved range, ending with ports like 64001.
Third, true, now the device can have any address you want. You just have to care about the port now. Pretty much the same level of inconvenience, IMO.
Fourth, you still haven't explained how is this system going to ensure device IDs are contiguous.
Eh, tell that to Microsoft. It's standard DirectPlay. Ports 47624 and 2300 to 2400 on UDP. Most cheap DSL "routers" don't even allow doing NAT with so many ports. Mine for example won't accept port ranges, and is limited to 32 entries.
Of course, I can still play, but because I disabled that function and use a Linux box instead. Not everybody can do that though.
So, what's the difference between 192.168.0.3 and 192.168.0.1:3, or whatever system you use to define this "device ID"? Looks like different ways to write the same thing to me.
The idea with IPv6 is indeed to give everybody a subnet. A/48, IIRC, which gives you more address space than all of IPv4.
But anyway. Suppose you have this "device ID" invention of yours. How does *it* guarantee that numbers are consecutive? Do devices talk to each other and decide on a sequence? Does a server decide? (DHCP) Do you number them manually? (setting IP addresses by hand). Also, how do you implement this extension? It sounds like it would require changes anyway, so we might just move to IPv6 instead since it offers other advantages too.
On a related note, why do you need to know the device ID? Do you know the IP of google? That's what we have DNS names for. If you had IPv6, or enough IPs, consecutive IPs or not, you'd simply run a DNS server. phone.deman.com would be your phone, laptop.deman.com would be your laptop, and you'd have fridge.deman.com and toaster.deman.com.
Again you people with NAT and masquerading. It is very hard to play a game online with my brother (who also lives here) because I have one IP. NAT will forward either to my computer or to his, not both. So the only chance we have to play at once is to use different ports, and not all games support that. Two IPs would have made this problem inexistent.
What nonsense. Let's say my network is 192.168.0, I'm allowed to have up to 253 (0 and 255 are reserved) devices, so my fridge would be 192.168.0.3. And there you go, it's already possible with the current system. No need to invent "device IDs" and strange things like that.
IPv6 adds more address space, making this kind of thing even easier. You get a subnet with millions of IP addresses, and can assign a number to almost every piece of dust in your house if you want.
The point of 35 trillion addresses is not to use them all, either. It's to simplify organization and routing. If an IP address was made of a country code, province code, city code and area code, routing would be fantasically easier. A situation where 34.* goes to Spain, 1.* goes to the US, and so on is pretty much ideal.
There's a fairly unknown thing, called "firewall" that can let you have 100 computers with an IP on the internet for each, while still denying access from the internet to them. Works as well as NAT for "protection", except that when you want to let two people play the same game you can allow it without any problems.
BTW, a firewall doesn't help that much against getting hacked. Having secure services is much more important.
You distribute it, so you're a distributor, the only thing the GPL applies to.
If you still don't get it, think about the difference between a shop that buys, exhibits, perhaps repackages and sells a product, and somebody who buys it to use for some purpose.
To give a dumb example, the laws about the use of guns aren't the same as the laws about buying and selling guns. Normal people don't care about all the documents needed to have a legal gun shop, just like the shop doesn't care about how and when you're allowed to fire them, since they only sell them.
It's different because the GPL is not relevant to a software user. Take any GPLd program, say Psi (Jabber client). Go to the site, and download it. You'll see there's no user agreement. You can do whatever you want with it, included reverse-engineering.
However, copyright law forbids you to distribute it. This is where the GPL kicks in, it gives you that right, with some conditions. If you agree to the GPL you can distribute the software, if you don't then the GPL is considered inexistent and you have the usual copyright law which forbids distribution.
In any case, none of those things prevent you from using the software in any way you want on your computer. This is not like an EULA, which state that unless you agree to these terms (no reverse-engineering, export restrictions, allowance of just one backup copy, etc) you have no right to use the software. That's where it's fundamentally different from the GPL.
An EULA that said "By using this software, the user agrees to abide by the GPL" would be nonsense, just because the GPL says nothing about how you can use the software. It only talks about distribution. It's as redundant as saying "By using this software, the user agrees not to infringe copyright law"
First, the GPL is just as viral as propietary software.
If you use GPL code in your program and distribute it, you have two choices: Comply with the GPL and GPL everything, or not use the GPL code.
If you use propietary code you have two choices: Comply with the license and do whatever they ask (pay royalties, etc), or not use it.
But that doesn't have anything to do with the fact that SCO can't put a license on it. They can't put a license on it simply because they didn't make it. Only the copyright holder can use whatever license s/he wants.
First, what does your program do? Why are you so sure XML takes so much time to process? And, is really XML the best format for your application?
You could get speed improvements by making things simpler. If XML data takes so much to process on your server then I guess you have two possible problems: Either the amount of data is very big, or you're doing something wrong. You don't really have to use every feature of XML in your program.
Make sure you also understand what XML is for. Sending bitmaps by transferring gigabytes of <pixel r="10" g="100" b="0"/> is definitely not a good use of XML. For some kinds of data perfectly good formats already exist.
Also, do you really need XML? If it's something time or bandwidth critical, rolling your own could be easier. Especially if you don't need a lot of interoperation with other programs. Binary protocols are quite easy to make extensible, too. For example, you can send everything in a kind of container. Say, a structure with a char or int for a command ID, and a long for a command length. Then put any data inside. That's just 5-8 bytes per header, and should let you add stuff easily.
Hidden passwords are not obscurity. They're just unknown data.
On Linux, the source code of login(1) and su(1) is known, the algorhitm used to encode the password in/etc/passwd or/etc/shadow is known, the format of those files is explained in a man page, and you even have mkpasswd(1) to encode passwords in the same was as in/etc/passwd. And still, I bet you can't get a password without using a bug or brute force.
Even word readable/etc/passwd with passwords in it is quite secure if users use good passwords. Unfortunately that doesn't happen often.
I think the point of the BIOS memory test is more to make sure memory is well inserted into the motherboard. It won't catch small errors, but it should catch chips with a bad contact, or really broken ones.
I wisht memtest86 or something similar was included in the BIOS, though.
You probably mean you used one of those compression programs like Stacker or Double/DriveSpace.
The problem is that they don't know how much disk space you have, since it depends on the compressability of the data. Sometimes you would need to write something large to the drive, and the installer would tell you that there's not enough space, although it would have fit. That happens because some data compresses really well. A MP3 won't compress at all, but something like a 16 color image might compress really well.
So, for these cases you can adjust the estimated compression ratio. You tell the program you expect files will compress to 1/8 of their size, and it adjusts the free space estimation. That's all. Data won't compress any better because of it. I saw lots of people setting a huge compression ratio thinking that seeing 10 times more "free space" would somehow let them put 10 times more stuff on it.
For a demonstration, I made a "32 MB" 1.44MB floppy, and showed how it got full with 2 MB of files.
IMHO, a GUI should only give a program a window. Why should a program be able to mess with other programs that are running, or to read my screen? It should have its window, and that's it. For example, if Windows required you to confirm that you allow a program to read your screen or get a process list, then things like BackOrifice would become considerably more difficult.
Sounds rather typical for russian stuff. I used to live there 12 years ago. Most things, like household items like irons and mixers weren't very pretty, but they were definitely were solid and lasted years and years. Some were even left from the previous generation.
I also remember seeing a magazine explaining the construction of an electric razor, and being able to buy all the components it was made of in a shop. Now unfortunately things seem to have "modernized" though, and all the crap that is produced now is becoming common there.
It's even kind of sad. If previously it was possible to have something working for 10 years without failing, now we have to replace things like mixers and vacuum cleaners very often.
A bit OT maybe, but a while ago I heard some rumors about Philips (or maybe another company) making a burner that would copy disks "protected" with any technology. Did that ever become reality?
I don't live in the US, and I don't know the laws of every country either. But I wouldn't be very surprised if it was illegal to do that in some countries.
And the load is probably increasing about 1%. Even my old Cyrix 233 could encrypt fast enough for a T1. I'm sure they have a more powerful server there. Also, if it bothered Rusty so much he could just disable it.
My, things are bad there. I used VPN for a while for development, but we removed it later. Turned out to be too slow. But it does work.
At least in Win2K setting them up is not too hard. I don't remember the exact procedure right now because it was a long time ago. The Microsoft site has some documentation on this subject.
BTW, if you have MSCEs there, then you might be using SQL Server. At least SQL server has support for encrypting connections with SSL.
Encryption might take a while to set up, but it's a very good thing. Not only for your own data.
I'll explain. Many of us run web servers and let friends have sites or mail accounts on them. Now, I'm pretty sure that in most places reading your user's mail is illegal. Suppose you're logged in on your server trying to solve some problem by looking at what's going on with a sniffer like tcpdump or ethereal. Accidentally you see a friend's private email scroll by.
Now, of course, this wasn't intentional. But what if you make a slip? The email could have been about some event you didn't know about. Then, a week later you forget where you got that information from, you ask that friend about whether his grandma got better. The friend then asks "How do you know that? You weren't reading my mail, were you?". Depending on how this person feels about you, you might get into some trouble.
This is why on my server I provide IMAP accounts only though SSL. I never look in user directories unless needed. And I tell everybody who gets an account that if they want to be completely sure their data stays confidential that they should use PGP and that I can explain how to use it.
It's not that hard to set up, anyway. Set up a mail server with SSL and you'll be able to check your mail safely from anywhere. Install SSH for administration. Install Apache SSL even if you don't need it much, to give the users who want it the ability to log in with an encrypted connection. Use an instant messenger like Jabber with a SSL connection too.
Don't worry about self-signed certificates. A certificate from Verisign provides a rather small increase of security which people tend to ignore anyway. If you just want to avoid your traffic from being sniffed, it should be enough.
Excepting web browsing, most of my data is encrypted. I even found that I can browse kuro5hin.org throught https. It's a good thing too, when I login my password won't be sent in clear text.
Sure, Linux gets patched too. Quite a lot in fact in some distributions (I run Gentoo). But there are some important differences.
1. I can patch Linux myself if needed. No such option with Microsoft. Maybe I can disable the service or firewall it, but that's about it.
2. Fixes for most distributions actually come fast, and don't get lumped into huge "service packs" that take months to come out, and forever to download on a modem (bet at MS they have a nice connection and don't even remember what it's like to have a 56K line). And if a distribution lags, I can just find how the problem was fixed and apply the patch myself.
3. I can decide exactly what to install. In Windows it's either a whole service pack, or nothing at all.
4. There's much less patching, actually. The kernel, and base tools tend to be patched very little. Of course, if you have a 20GB installation you'll see patches quite often, but I don't consider instant messengers and web browsers to be a part of the OS.
5. Patches don't come with EULAs, DRM, or changes in licensing terms.
Slashdot Mirror
Yeah, the only problem with this is that it'd require quite a rewrite. I suppose all DirectPlay games work like this. I know that at least Baldur's Gate 2 and Mechwarrior 3 have this problem. And since they're quite old I doubt anybody will bother rewriting networking for them.
I know two people who I can't play with because of this exact problem. They don't have a spare computer to use as a Linux router either. There are *many* computers behind NAT these days, so the ability to work by talking to a non-NATed computer doesn't help much when all the computers are behind NAT.
Okay, but then we can avoid all this port and NAT mess completely. If you're happy with having just one port going to every device there's an easier way. Tunneling everything through HTTP with virtual hosts.
Now, standarizing pagers to port whatever is a mess. What if some companies don't follow the standard? What if it's a company with 200 pagers, page everyone?
All this is very messy in comparison to using proper DNS. Say, company Widgets Inc. has 100 employees. It's easy, having IPv6 they have enough addresses for 2^48 devices. The employee takes the pager to the sysadmin who registers the MAC address. DHCP then takes care of the IP. DNS then gives you things like john.laptops.widgets.com and john.pagers.widgets.com. Sending messages is easy, we can just send an email to john.pagers.widgets.com.
So what we have? We can trace what device makes connections to outside. Wouldn't you like to know who's the rogue employee who keeps paging somebody 500 times a day? With NAT all that would come from the same IP and require examining logs, supposing they exist, and quite a lot of cooperation of the company from which the connections are coming. With one IP per device the admin just has to find who has that IP, and DNS even identifies the device. Seriously, it's much easier to act on a complaint "I'm getting 500 messages a day from 192.168.1.25" than on "I'm getting 500 messages a day from somewhere in your company"
We also can have unrestricted communication. My coffee maker, toaster and server all have a web server on port 80.
The mess with standarizing what things are on what port by default is also avoided. For example, how does a cell phone work? Does it use the pager port for SMS and another one for other stuff? Or it has its own?
That still doesn't solve much.
First, for something like this you need to do something. Configure NAT, enter IP addresses, whatever. Grandma doesn't know about IP addresses and ports. But I believe that grandma would be quite happy with a box that assigns IPs automatically, which IPv4 and IPv6 are perfectly capable of doing with DHCP.
Second, messing with ports is well, annoying. What happens with this when you get 13 devices? Port 13 is daytime, which has a pretty good purpose. You'd have to avoid known ports to avoid problems. So you'd use something from the unreserved range, ending with ports like 64001.
Third, true, now the device can have any address you want. You just have to care about the port now. Pretty much the same level of inconvenience, IMO.
Fourth, you still haven't explained how is this system going to ensure device IDs are contiguous.
Eh, tell that to Microsoft. It's standard DirectPlay. Ports 47624 and 2300 to 2400 on UDP. Most cheap DSL "routers" don't even allow doing NAT with so many ports. Mine for example won't accept port ranges, and is limited to 32 entries.
Of course, I can still play, but because I disabled that function and use a Linux box instead. Not everybody can do that though.
So, what's the difference between 192.168.0.3 and 192.168.0.1:3, or whatever system you use to define this "device ID"? Looks like different ways to write the same thing to me.
/48, IIRC, which gives you more address space than all of IPv4.
The idea with IPv6 is indeed to give everybody a subnet. A
But anyway. Suppose you have this "device ID" invention of yours. How does *it* guarantee that numbers are consecutive? Do devices talk to each other and decide on a sequence? Does a server decide? (DHCP) Do you number them manually? (setting IP addresses by hand). Also, how do you implement this extension? It sounds like it would require changes anyway, so we might just move to IPv6 instead since it offers other advantages too.
On a related note, why do you need to know the device ID? Do you know the IP of google? That's what we have DNS names for. If you had IPv6, or enough IPs, consecutive IPs or not, you'd simply run a DNS server. phone.deman.com would be your phone, laptop.deman.com would be your laptop, and you'd have fridge.deman.com and toaster.deman.com.
Again you people with NAT and masquerading. It is very hard to play a game online with my brother (who also lives here) because I have one IP. NAT will forward either to my computer or to his, not both. So the only chance we have to play at once is to use different ports, and not all games support that. Two IPs would have made this problem inexistent.
What nonsense. Let's say my network is 192.168.0, I'm allowed to have up to 253 (0 and 255 are reserved) devices, so my fridge would be 192.168.0.3. And there you go, it's already possible with the current system. No need to invent "device IDs" and strange things like that.
IPv6 adds more address space, making this kind of thing even easier. You get a subnet with millions of IP addresses, and can assign a number to almost every piece of dust in your house if you want.
The point of 35 trillion addresses is not to use them all, either. It's to simplify organization and routing. If an IP address was made of a country code, province code, city code and area code, routing would be fantasically easier. A situation where 34.* goes to Spain, 1.* goes to the US, and so on is pretty much ideal.
There's a fairly unknown thing, called "firewall" that can let you have 100 computers with an IP on the internet for each, while still denying access from the internet to them. Works as well as NAT for "protection", except that when you want to let two people play the same game you can allow it without any problems.
BTW, a firewall doesn't help that much against getting hacked. Having secure services is much more important.
You distribute it, so you're a distributor, the only thing the GPL applies to.
If you still don't get it, think about the difference between a shop that buys, exhibits, perhaps repackages and sells a product, and somebody who buys it to use for some purpose.
To give a dumb example, the laws about the use of guns aren't the same as the laws about buying and selling guns. Normal people don't care about all the documents needed to have a legal gun shop, just like the shop doesn't care about how and when you're allowed to fire them, since they only sell them.
It's different because the GPL is not relevant to a software user. Take any GPLd program, say Psi (Jabber client). Go to the site, and download it. You'll see there's no user agreement. You can do whatever you want with it, included reverse-engineering.
However, copyright law forbids you to distribute it. This is where the GPL kicks in, it gives you that right, with some conditions. If you agree to the GPL you can distribute the software, if you don't then the GPL is considered inexistent and you have the usual copyright law which forbids distribution.
In any case, none of those things prevent you from using the software in any way you want on your computer. This is not like an EULA, which state that unless you agree to these terms (no reverse-engineering, export restrictions, allowance of just one backup copy, etc) you have no right to use the software. That's where it's fundamentally different from the GPL.
An EULA that said "By using this software, the user agrees to abide by the GPL" would be nonsense, just because the GPL says nothing about how you can use the software. It only talks about distribution. It's as redundant as saying "By using this software, the user agrees not to infringe copyright law"
First, the GPL is just as viral as propietary software.
If you use GPL code in your program and distribute it, you have two choices: Comply with the GPL and GPL everything, or not use the GPL code.
If you use propietary code you have two choices: Comply with the license and do whatever they ask (pay royalties, etc), or not use it.
But that doesn't have anything to do with the fact that SCO can't put a license on it. They can't put a license on it simply because they didn't make it. Only the copyright holder can use whatever license s/he wants.
What buffer overflows? It's written in Java.
First, what does your program do? Why are you so sure XML takes so much time to process? And, is really XML the best format for your application?
/> is definitely not a good use of XML. For some kinds of data perfectly good formats already exist.
You could get speed improvements by making things simpler. If XML data takes so much to process on your server then I guess you have two possible problems: Either the amount of data is very big, or you're doing something wrong. You don't really have to use every feature of XML in your program.
Make sure you also understand what XML is for. Sending bitmaps by transferring gigabytes of <pixel r="10" g="100" b="0"
Also, do you really need XML? If it's something time or bandwidth critical, rolling your own could be easier. Especially if you don't need a lot of interoperation with other programs. Binary protocols are quite easy to make extensible, too. For example, you can send everything in a kind of container. Say, a structure with a char or int for a command ID, and a long for a command length. Then put any data inside. That's just 5-8 bytes per header, and should let you add stuff easily.
And it would be right. The credit card number would simply be duplicated.
Now, the money from the account would indeed be stolen since the original owner would lose it.
Hidden passwords are not obscurity. They're just unknown data.
/etc/passwd or /etc/shadow is known, the format of those files is explained in a man page, and you even have mkpasswd(1) to encode passwords in the same was as in /etc/passwd. And still, I bet you can't get a password without using a bug or brute force.
/etc/passwd with passwords in it is quite secure if users use good passwords. Unfortunately that doesn't happen often.
On Linux, the source code of login(1) and su(1) is known, the algorhitm used to encode the password in
Even word readable
I think the point of the BIOS memory test is more to make sure memory is well inserted into the motherboard. It won't catch small errors, but it should catch chips with a bad contact, or really broken ones.
I wisht memtest86 or something similar was included in the BIOS, though.
You probably mean you used one of those compression programs like Stacker or Double/DriveSpace.
The problem is that they don't know how much disk space you have, since it depends on the compressability of the data. Sometimes you would need to write something large to the drive, and the installer would tell you that there's not enough space, although it would have fit. That happens because some data compresses really well. A MP3 won't compress at all, but something like a 16 color image might compress really well.
So, for these cases you can adjust the estimated compression ratio. You tell the program you expect files will compress to 1/8 of their size, and it adjusts the free space estimation. That's all. Data won't compress any better because of it. I saw lots of people setting a huge compression ratio thinking that seeing 10 times more "free space" would somehow let them put 10 times more stuff on it.
For a demonstration, I made a "32 MB" 1.44MB floppy, and showed how it got full with 2 MB of files.
And some proper limits should be enforced too.
IMHO, a GUI should only give a program a window. Why should a program be able to mess with other programs that are running, or to read my screen? It should have its window, and that's it. For example, if Windows required you to confirm that you allow a program to read your screen or get a process list, then things like BackOrifice would become considerably more difficult.
Sounds rather typical for russian stuff. I used to live there 12 years ago. Most things, like household items like irons and mixers weren't very pretty, but they were definitely were solid and lasted years and years. Some were even left from the previous generation.
I also remember seeing a magazine explaining the construction of an electric razor, and being able to buy all the components it was made of in a shop. Now unfortunately things seem to have "modernized" though, and all the crap that is produced now is becoming common there.
It's even kind of sad. If previously it was possible to have something working for 10 years without failing, now we have to replace things like mixers and vacuum cleaners very often.
A bit OT maybe, but a while ago I heard some rumors about Philips (or maybe another company) making a burner that would copy disks "protected" with any technology. Did that ever become reality?
I don't live in the US, and I don't know the laws of every country either. But I wouldn't be very surprised if it was illegal to do that in some countries.
And the load is probably increasing about 1%. Even my old Cyrix 233 could encrypt fast enough for a T1. I'm sure they have a more powerful server there. Also, if it bothered Rusty so much he could just disable it.
My, things are bad there. I used VPN for a while for development, but we removed it later. Turned out to be too slow. But it does work.
At least in Win2K setting them up is not too hard. I don't remember the exact procedure right now because it was a long time ago. The Microsoft site has some documentation on this subject.
BTW, if you have MSCEs there, then you might be using SQL Server. At least SQL server has support for encrypting connections with SSL.
Encryption might take a while to set up, but it's a very good thing. Not only for your own data.
I'll explain. Many of us run web servers and let friends have sites or mail accounts on them. Now, I'm pretty sure that in most places reading your user's mail is illegal. Suppose you're logged in on your server trying to solve some problem by looking at what's going on with a sniffer like tcpdump or ethereal. Accidentally you see a friend's private email scroll by.
Now, of course, this wasn't intentional. But what if you make a slip? The email could have been about some event you didn't know about. Then, a week later you forget where you got that information from, you ask that friend about whether his grandma got better. The friend then asks "How do you know that? You weren't reading my mail, were you?". Depending on how this person feels about you, you might get into some trouble.
This is why on my server I provide IMAP accounts only though SSL. I never look in user directories unless needed. And I tell everybody who gets an account that if they want to be completely sure their data stays confidential that they should use PGP and that I can explain how to use it.
It's not that hard to set up, anyway. Set up a mail server with SSL and you'll be able to check your mail safely from anywhere. Install SSH for administration. Install Apache SSL even if you don't need it much, to give the users who want it the ability to log in with an encrypted connection. Use an instant messenger like Jabber with a SSL connection too.
Don't worry about self-signed certificates. A certificate from Verisign provides a rather small increase of security which people tend to ignore anyway. If you just want to avoid your traffic from being sniffed, it should be enough.
Excepting web browsing, most of my data is encrypted. I even found that I can browse kuro5hin.org throught https. It's a good thing too, when I login my password won't be sent in clear text.
Flash readers seem to be supported just fine, under 2.4.20 at least.
I just got a PQI TravelFlash reader. Works perfectly with no problems at all.
Sure, Linux gets patched too. Quite a lot in fact in some distributions (I run Gentoo). But there are some important differences.
1. I can patch Linux myself if needed. No such option with Microsoft. Maybe I can disable the service or firewall it, but that's about it.
2. Fixes for most distributions actually come fast, and don't get lumped into huge "service packs" that take months to come out, and forever to download on a modem (bet at MS they have a nice connection and don't even remember what it's like to have a 56K line). And if a distribution lags, I can just find how the problem was fixed and apply the patch myself.
3. I can decide exactly what to install. In Windows it's either a whole service pack, or nothing at all.
4. There's much less patching, actually. The kernel, and base tools tend to be patched very little. Of course, if you have a 20GB installation you'll see patches quite often, but I don't consider instant messengers and web browsers to be a part of the OS.
5. Patches don't come with EULAs, DRM, or changes in licensing terms.