Re:PJ is a journalist; will she go to jail?
on
SCO Vs. Groklaw
·
· Score: 2, Informative
Doubtful. All of her sources are court filings (which are matters of public record) or things like SCO's own press releases (which are also public), so what's to protect?
True, however the new Ubuntu user is also going to have apt set to the default of only fetching software from the Ubuntu archive and I'd say it's reasonable to trust software from there. This is in contrast to Vista, which is wanting to grant admin privs to any program that it's heuristics think is an installer regardless of it's source. So which is better, a system that can be set up to not require admin privs and defaults to a safe state or a system based on "admin privs or nothing" that blindly trusts anyone with no way to change the behavior?
Windows, I'm afraid, continues to suffer from the malady of trying to make it easy for people who don't know how to administer a computer to administer a computer. This is much like trying to make it easy for people who don't know how to drive a car to drive a car.
Synaptic will run quite nicely without root privileges. All it needs is the proper access to it's database (if you're installing or updating, you obviously need write access), but it can get that without being root if you set things up right. Now if it doesn't run as root then packages that want to install things in root-owned system directories might have problems, but a) that's the whole point and b) you can usually have such packages installed somewhere not root-owned by using the right incantations.
Another thing to think about is future maintenance. Take a look at what IE7 did to IE-only Web sites. Lots of IE-specific things that worked find in IE6 suddenly didn't work or worked badly in IE7 because of changes in the browser. If you'd written an IE-specific Web site that actually used IE-specific features (as opposed to "we only tested it in IE" without using anything beyond bog-standard HTML/CSS/JS), you had headaches. Sites designed to work well in Mozilla, Opera and Safari, by contrast, made the IE6-to-IE7 transition with few if any problems.
So you not only have to ask whether it's worth it to accomodate non-IE browsers, you also have to ask if it's worth it to target only IE and deal with the havoc when Microsoft moves your target again (and they will move it, the only question is when and how far).
If I am not allowed to blog positive things about my employer, then you have taken away freedom of speech from an individual person. I, as an individual, should not lose my freedom of speech, simply because my opinions may benifit a corporation.
As I read it, the law as proposed wouldn't prevent you from saying good things about your employer. It'd just ban you saying good things about them while claiming to not be an employee (or otherwise trying to give the impression you aren't). I don't consider banning misrepresentation to be an infringement on free speech.
Oh, I know how easy it is to set logic bombs. I also know from experience how easy it is to find and remove them. To be honest, if I were planting one the application is the last place I'd put it. In-house applications are known to too many developers, subject to formal and informal code review, and too often under good version control that makes it easy to isolate changes for examination. Libraries, particularly binary-only libraries, are a better target if you can get into the process by which they're installed. Few other developers are going to be familiar with the libraries on a source-code level, management's likely to want to keep it that way (the whole point of libraries is to avoid spending developer time on that code, after all) and it's almost impossible to spot a small patch in among the huge number of changes in a typical version upgrade of, for example, Xerces or CUPS.
Actually I think they do care. One of their tactics has been to drag things out to where people settle simply because it's cheaper. This decision hurts that tactic two ways. First, it calls into question the RIAA's assertion that merely being the registered owner of the IP address they claim was involved is sufficient. And second, it provides precedent a defendant can cite in future cases for making the RIAA pay defendant's attorney's fees if the RIAA can't prevail. Those two things make it more likely a defendant will take the "Prove it was me at the computer." defense further and go for a win instead of settling. And now it's on the record in an actual ruling by the court. It's a published ruling future defendants can cite as settled case law and which the RIAA will have to overcome. That's one of the things they really really didn't want to have happen, which is why they squirmed so hard to try and avoid a dismissal with prejudice.
The flip side is that the fastest way for management to make a worker into someone who's disgruntled, paranoid, shows up late, argues all the time and performs poorly is to treat them like a potential problem. You're giving people privileged access, either you trust them and thus don't need to worry until after they start showing obvious signs, or you don't trust them in which case why are you giving them privileged access in the first place?
To be honest, I think if you have to worry about abuse of privileged access after termination then you have a more fundamental problem that no access-management system will solve. After all, if you can't trust someone to behave professionally after you've given them their 2-weeks' notice then what makes you think you can trust them to behave professionally before that?
If you received an e-mail you believed was from BofA and followed the link to their Web site, you'd similarly believe you were secure. That's one of the main goals of a phishing attempt, to lull you into that false sense of security. Hence the whole point of the study: to determine how well SiteKey does at cluing users in to the fact that there's a problem when they aren't expecting problems.
I can understand making a mistake in key generation. Mistakes happen. But what makes me wary is the Vista enhanced authentication/validation process. We know Vista is designed to validate that key not just when it's installed but periodically thereafter. Microsoft knows they need to make a good impression right at product launch, and they still manage to stuff up the keys so they won't validate. My thought is this: if they can blow it now, what about 6 months or a year down the road when it isn't so blatantly critical for them to look good? Are they going to upgrade a server somewhere, blow it again and suddenly my key isn't on the valid list anymore? What confidence does this incident give me that this won't in fact happen?
Well, first off disclosure of trade secrets isn't a crime. It's a civil tort, specifically breach of a non-disclosure agreement. Of course the Web sites in question hadn't signed any NDA with Apple, so they couldn't have breached the (non-existent) agreement. Under the law the burden of keeping a trade secret secret rests on the company that owns it, not the general public.
And there's a couple of things. First is the fact that Apple couldn't show that the Web sites in question knew their source was breaching an NDA. Second is the rule that says you can only subpoena a journalist in the way Apple wanted to if all other avenues of investigation have been exhausted. As the judge observed, Apple could have questioned it's own employees about whether they'd disclosed the information and to whom, and done so under penalty of perjury to add weight to the questioning. This could've revealed the names Apple was looking for without requiring anything from the Web sites. Apple choose not to pursue internal questioning, and the judge ruled that their mere desire not to demoralize their employees wasn't enough to justify putting the burden on someone else.
I dunno. I use Microsoft's optical trackball and their keyboards under Linux and I never saw any EULA, not even on a piece of paper in the package. The devices may have firmware in them, but they never presents anything to the user nor requires anything to be loaded from the computer. If the terms of the EULA are never presented anywhere, then it should be a slam-dunk that it's terms are irrelevant. The only EULA is for the use of the software on the included disc, and since I'm not using that I can reject the terms without consequences (they didn't say they were required for the use of the trackball/keyboard, only for the use of the MS software which is sitting there still sealed).
Why do I use an MS trackball and keyboard? Because I prefer a thumb-operated trackball and Microsoft is the only company that makes (or made, they appear to have discontinued it) one that's large enough for my hands. Logitech's is too narrow to be comfortable. As far as the keyboard, I again prefer the touch of the MS over the Logitech and no-name brands. My main keyboards are Unicomp, but if you want ergonomic MS has the best-feeling ones. This is, quite frankly, a sad state of affaird.
There's a clause in the EULA where you give Microsoft or it's agents the right to come in and audit you at any time, at your expense. Refuse to let them audit and you're automatically in breach of every Windows license you have in addition to any other violations. And they'll hold that you agreed to the EULA for any pirated versions as well, since you had (in their opinion) to click OK to the EULA to be able to install the pirated copy and that constitutes agreement to the EULA's terms.
The only way out is to not be running any of their software and be able to prove it in court. Do that and make sure to have provided them that proof when you refused the audit and, while you can't stop them from suing you and getting a court order allowing them to do the audit, you can probably counter-sue them for every penny of costs.
Except that this is a "class break": it affects all players of the same type. If they revoke the cracker's player's individual key, the next 100 crackers continue blithely along unaffected. They have to revoke the keys for all players of the vulnerable type to stop the break. Which will always affect more legitimate customers than crackers.
It'd be interesting to see a state respond by saying "OK, if the Federal government doesn't want to pay for it's Interstate highways, it can have them back. Oh, and it can also have back all responsibility for maintaining them, enforcing the laws on them, clearing snow off them in the winter, the lot. We wish them luck with it, and if anyone finds the conditions deteriorating they know where they can call the owners.".
Yes, that money is taxable income. However, relocation costs are also deductible on your taxes. If the company is reporting the money as taxable compensation to you, then every penny of it should also be taken as a deduction by you as job-related moving expenses.
First question: do you have the original offer including the relocation package in writing? If you don't, you're screwed. If you do, however, that written offer will trump their policy. You accepted that offer, if they try to change the terms after the fact that's a material change that opens the whole thing up again. If the relocation package was actually part of the final paperwork you signed to accept the offer then the change isn't just a material change in the offer, it'd be an attempt to breach the agreement and they can be held liable for damages. If you have the original package offer in writing, I'd start with presenting the matter to HR as an attempt to change the offer after acceptance. HR will be rather nervous about that since they know what kind of havoc you could wreak if you wanted to.
A lot of those parked domains, though, are the equivalent of thinking "McDonalds will want to put a franchise here.", buying the land and putting up a "McRonalds" building with a pair of yellow arches suspiciously reminiscent of the ones used by aforementioned burger chain in the hopes that people looking for McDonalds will fail to notice the slight difference in spelling and show up at your place instead.
Under the conditions given, ie. that it enforce all rights under copyright including those that belong to the copy owner, I've no problem with DRM. Well, I'd add one condition: that the system be able to be updated to conform to future changes in copyright law and rights and have those updates take effect. My primary objection to DRM has always been that it protects some rights (those of the copyright owner) without regard to the nuances of copyright law while at the same time not only not protecting other rights (those of the copy owner) but actually preventing excercise of those rights. Correct that imbalance and it'd be acceptable to me (not ideal, but acceptable).
Actually there is a law. Or rather, a rule of the legal profession and the courts: lawyers are officers of the court first, advocates for their client second. When BSF realized SCO had no basis for their case, if SCO wouldn't listen to reason they should have asked the court to permission to withdraw. Failure to do so is a violation of professional ethics, and I believe a gross violation of both Bar Association and judicial rules. The defendant in a criminal case has a right to representation, the plaintiff in a civil lawsuit does not.
The danger that the courts may rule that the licensee can't sign away his right to challenge the patent, thus that clause is unenforceable. You can see the equivalent of that all the time: the clauses that disclaim all warranties, followed by "Some states do not permit the disclaimer of the implied warranties of merchantability and fitness for purpose. In those cases, the law trumps our disclaimer.". And from the tone of the Supreme Court on recent patent cases, I get the feeling they don't agree with the Federal Circuit on a lot of things and are getting about ready to do some wholesale striking down of Fed Circ precedents.
Actually the ad-supported businesses aren't getting a free ride. They're paying for their Internet connection and their bandwidth usage just like consumers are, and paying through the nose. What they want is to only have to pay their ISP for their Internet connection and bandwidth usage. What the telcos want is the right to charge businesses a second time for the bandwidth, so the business has to pay their own ISP for the bandwidth and then pay the user's ISP (who the business has no contact with at all) for the same bandwidth.
And it isn't even the case that the user's ISP isn't getting paid. When the user's ISP connected to the business's ISP's network, directly or indirectly, one of the things that was negotiated was peering: how much the two ISPs will pay each other for handling the other one's traffic. If the telcos negotiated bad peering arrangements, well that's between them and their peers. The business and the users shouldn't be involved in that.
Software design and development is more akin to an architect designing a building rather than the more common analogy of building the building once it's designed. Except that software developers are often burdened with requirements that any architect who valued his license would reject. For example, management often dictates which parts are to be used (ie. "We're going to use MS SQL Server as the database engine."). What architect would design a skyscraper after having been ordered by the client to use pine 2x4s instead of steel beams, or design a 1-story residential house under the requirement that he use titanium box beams instead of 2x4s? And then there's what the article notes at the top of page 3: software requirements change right up to the day of release. When an architect goes to design a building, the requirements are fixed before he starts. Square footage, height, number of floors, number of people each floor has to accomodate, number of elevators, number of toilets needed on each floor, how high the ceiling of the lobby floor will be, all that's fixed in stone before any design work begins. Sometimes that requires back-and-forth between the client and the architect to get everything clear, but it all happens before major design work begins. No architect's going to design the foundations of a building until he knows exactly (or at least very very closely) how much mass is going to have to sit on those foundations and how much horizontal shear they're going to have to handle. If the client can't decide what he wants, the architect just goes "Fine, call me when you decide what you want.". And even when this kind of analysis is done, software requirements change constantly after design's started. See above, no architect's going to accept the client changing the number of floors or the square footage of floors without also agreeing to a complete redesign to accomodate the changes with all the delays and additional costs that requires. If the client didn't like it, the architect would just hand the client the work to date and tell him to have a nice day. And no there wouldn't be any refund of money, the architect's held up his part of the deal as best the client will let him.
And then there's another parallel: architecture is only half engineering, the other half is art. Every building is different, and it's accepted that the architect's going to have to have time to come up with the parts that aren't off-the-shelf standard. There isn't a single standard floor-plan for a single-family 3-bedroom house, there aren't any rules that can be mechanically applied to create a floor-plan, and it's accepted that the process of creating a floor-plan is more creative than anything else and people without the knack for it just aren't going to be very good at it. And that on the next single-family 3-bedroom house much of that work's going to have to be done over again because the new client doesn't want the same thing the previous client wanted.
It will be attacked, but not with near the success as Windows is. A large part of that's because Linux grew out of Unix in attitude, and Unix always was subject to that kind of high-threat environment. It was used at universities with lots of very intelligent, often bored students who loved to play pranks. Pranks like breaking into someone else's account and deleting all their files. Or getting into the prof's account and changing grades. Or just getting access to the high-quality color typesetter without having to pay the per-page price the Computing Center charged for jobs submitted to that queue. And the admins couldn't lock out the attackers, because they were enrolled in classes. Not only did they have to give the attackers access to the systems, they usually had to give them several accounts to play with. How long do you think Windows would last if all attackers had local logins? Thought so.
Linux isn't invulnerable, but it's a solid stone fortress contrasted with the hole-riddled mud-and-straw hovel of Windows when it comes to security. You can get into both, but getting into the stone fortress isn't going to happen as easily or as often.
Slashdot Mirror
Doubtful. All of her sources are court filings (which are matters of public record) or things like SCO's own press releases (which are also public), so what's to protect?
True, however the new Ubuntu user is also going to have apt set to the default of only fetching software from the Ubuntu archive and I'd say it's reasonable to trust software from there. This is in contrast to Vista, which is wanting to grant admin privs to any program that it's heuristics think is an installer regardless of it's source. So which is better, a system that can be set up to not require admin privs and defaults to a safe state or a system based on "admin privs or nothing" that blindly trusts anyone with no way to change the behavior?
Windows, I'm afraid, continues to suffer from the malady of trying to make it easy for people who don't know how to administer a computer to administer a computer. This is much like trying to make it easy for people who don't know how to drive a car to drive a car.
Synaptic will run quite nicely without root privileges. All it needs is the proper access to it's database (if you're installing or updating, you obviously need write access), but it can get that without being root if you set things up right. Now if it doesn't run as root then packages that want to install things in root-owned system directories might have problems, but a) that's the whole point and b) you can usually have such packages installed somewhere not root-owned by using the right incantations.
Another thing to think about is future maintenance. Take a look at what IE7 did to IE-only Web sites. Lots of IE-specific things that worked find in IE6 suddenly didn't work or worked badly in IE7 because of changes in the browser. If you'd written an IE-specific Web site that actually used IE-specific features (as opposed to "we only tested it in IE" without using anything beyond bog-standard HTML/CSS/JS), you had headaches. Sites designed to work well in Mozilla, Opera and Safari, by contrast, made the IE6-to-IE7 transition with few if any problems.
So you not only have to ask whether it's worth it to accomodate non-IE browsers, you also have to ask if it's worth it to target only IE and deal with the havoc when Microsoft moves your target again (and they will move it, the only question is when and how far).
If I am not allowed to blog positive things about my employer, then you have taken away freedom of speech from an individual person. I, as an individual, should not lose my freedom of speech, simply because my opinions may benifit a corporation.
As I read it, the law as proposed wouldn't prevent you from saying good things about your employer. It'd just ban you saying good things about them while claiming to not be an employee (or otherwise trying to give the impression you aren't). I don't consider banning misrepresentation to be an infringement on free speech.
Oh, I know how easy it is to set logic bombs. I also know from experience how easy it is to find and remove them. To be honest, if I were planting one the application is the last place I'd put it. In-house applications are known to too many developers, subject to formal and informal code review, and too often under good version control that makes it easy to isolate changes for examination. Libraries, particularly binary-only libraries, are a better target if you can get into the process by which they're installed. Few other developers are going to be familiar with the libraries on a source-code level, management's likely to want to keep it that way (the whole point of libraries is to avoid spending developer time on that code, after all) and it's almost impossible to spot a small patch in among the huge number of changes in a typical version upgrade of, for example, Xerces or CUPS.
Actually I think they do care. One of their tactics has been to drag things out to where people settle simply because it's cheaper. This decision hurts that tactic two ways. First, it calls into question the RIAA's assertion that merely being the registered owner of the IP address they claim was involved is sufficient. And second, it provides precedent a defendant can cite in future cases for making the RIAA pay defendant's attorney's fees if the RIAA can't prevail. Those two things make it more likely a defendant will take the "Prove it was me at the computer." defense further and go for a win instead of settling. And now it's on the record in an actual ruling by the court. It's a published ruling future defendants can cite as settled case law and which the RIAA will have to overcome. That's one of the things they really really didn't want to have happen, which is why they squirmed so hard to try and avoid a dismissal with prejudice.
The flip side is that the fastest way for management to make a worker into someone who's disgruntled, paranoid, shows up late, argues all the time and performs poorly is to treat them like a potential problem. You're giving people privileged access, either you trust them and thus don't need to worry until after they start showing obvious signs, or you don't trust them in which case why are you giving them privileged access in the first place?
To be honest, I think if you have to worry about abuse of privileged access after termination then you have a more fundamental problem that no access-management system will solve. After all, if you can't trust someone to behave professionally after you've given them their 2-weeks' notice then what makes you think you can trust them to behave professionally before that?
If you received an e-mail you believed was from BofA and followed the link to their Web site, you'd similarly believe you were secure. That's one of the main goals of a phishing attempt, to lull you into that false sense of security. Hence the whole point of the study: to determine how well SiteKey does at cluing users in to the fact that there's a problem when they aren't expecting problems.
I can understand making a mistake in key generation. Mistakes happen. But what makes me wary is the Vista enhanced authentication/validation process. We know Vista is designed to validate that key not just when it's installed but periodically thereafter. Microsoft knows they need to make a good impression right at product launch, and they still manage to stuff up the keys so they won't validate. My thought is this: if they can blow it now, what about 6 months or a year down the road when it isn't so blatantly critical for them to look good? Are they going to upgrade a server somewhere, blow it again and suddenly my key isn't on the valid list anymore? What confidence does this incident give me that this won't in fact happen?
Well, first off disclosure of trade secrets isn't a crime. It's a civil tort, specifically breach of a non-disclosure agreement. Of course the Web sites in question hadn't signed any NDA with Apple, so they couldn't have breached the (non-existent) agreement. Under the law the burden of keeping a trade secret secret rests on the company that owns it, not the general public.
And there's a couple of things. First is the fact that Apple couldn't show that the Web sites in question knew their source was breaching an NDA. Second is the rule that says you can only subpoena a journalist in the way Apple wanted to if all other avenues of investigation have been exhausted. As the judge observed, Apple could have questioned it's own employees about whether they'd disclosed the information and to whom, and done so under penalty of perjury to add weight to the questioning. This could've revealed the names Apple was looking for without requiring anything from the Web sites. Apple choose not to pursue internal questioning, and the judge ruled that their mere desire not to demoralize their employees wasn't enough to justify putting the burden on someone else.
I dunno. I use Microsoft's optical trackball and their keyboards under Linux and I never saw any EULA, not even on a piece of paper in the package. The devices may have firmware in them, but they never presents anything to the user nor requires anything to be loaded from the computer. If the terms of the EULA are never presented anywhere, then it should be a slam-dunk that it's terms are irrelevant. The only EULA is for the use of the software on the included disc, and since I'm not using that I can reject the terms without consequences (they didn't say they were required for the use of the trackball/keyboard, only for the use of the MS software which is sitting there still sealed).
Why do I use an MS trackball and keyboard? Because I prefer a thumb-operated trackball and Microsoft is the only company that makes (or made, they appear to have discontinued it) one that's large enough for my hands. Logitech's is too narrow to be comfortable. As far as the keyboard, I again prefer the touch of the MS over the Logitech and no-name brands. My main keyboards are Unicomp, but if you want ergonomic MS has the best-feeling ones. This is, quite frankly, a sad state of affaird.
Ernie Ball. :)
There's a clause in the EULA where you give Microsoft or it's agents the right to come in and audit you at any time, at your expense. Refuse to let them audit and you're automatically in breach of every Windows license you have in addition to any other violations. And they'll hold that you agreed to the EULA for any pirated versions as well, since you had (in their opinion) to click OK to the EULA to be able to install the pirated copy and that constitutes agreement to the EULA's terms.
The only way out is to not be running any of their software and be able to prove it in court. Do that and make sure to have provided them that proof when you refused the audit and, while you can't stop them from suing you and getting a court order allowing them to do the audit, you can probably counter-sue them for every penny of costs.
Except that this is a "class break": it affects all players of the same type. If they revoke the cracker's player's individual key, the next 100 crackers continue blithely along unaffected. They have to revoke the keys for all players of the vulnerable type to stop the break. Which will always affect more legitimate customers than crackers.
It'd be interesting to see a state respond by saying "OK, if the Federal government doesn't want to pay for it's Interstate highways, it can have them back. Oh, and it can also have back all responsibility for maintaining them, enforcing the laws on them, clearing snow off them in the winter, the lot. We wish them luck with it, and if anyone finds the conditions deteriorating they know where they can call the owners.".
Yes, that money is taxable income. However, relocation costs are also deductible on your taxes. If the company is reporting the money as taxable compensation to you, then every penny of it should also be taken as a deduction by you as job-related moving expenses.
First question: do you have the original offer including the relocation package in writing? If you don't, you're screwed. If you do, however, that written offer will trump their policy. You accepted that offer, if they try to change the terms after the fact that's a material change that opens the whole thing up again. If the relocation package was actually part of the final paperwork you signed to accept the offer then the change isn't just a material change in the offer, it'd be an attempt to breach the agreement and they can be held liable for damages. If you have the original package offer in writing, I'd start with presenting the matter to HR as an attempt to change the offer after acceptance. HR will be rather nervous about that since they know what kind of havoc you could wreak if you wanted to.
A lot of those parked domains, though, are the equivalent of thinking "McDonalds will want to put a franchise here.", buying the land and putting up a "McRonalds" building with a pair of yellow arches suspiciously reminiscent of the ones used by aforementioned burger chain in the hopes that people looking for McDonalds will fail to notice the slight difference in spelling and show up at your place instead.
Under the conditions given, ie. that it enforce all rights under copyright including those that belong to the copy owner, I've no problem with DRM. Well, I'd add one condition: that the system be able to be updated to conform to future changes in copyright law and rights and have those updates take effect. My primary objection to DRM has always been that it protects some rights (those of the copyright owner) without regard to the nuances of copyright law while at the same time not only not protecting other rights (those of the copy owner) but actually preventing excercise of those rights. Correct that imbalance and it'd be acceptable to me (not ideal, but acceptable).
Actually there is a law. Or rather, a rule of the legal profession and the courts: lawyers are officers of the court first, advocates for their client second. When BSF realized SCO had no basis for their case, if SCO wouldn't listen to reason they should have asked the court to permission to withdraw. Failure to do so is a violation of professional ethics, and I believe a gross violation of both Bar Association and judicial rules. The defendant in a criminal case has a right to representation, the plaintiff in a civil lawsuit does not.
The danger that the courts may rule that the licensee can't sign away his right to challenge the patent, thus that clause is unenforceable. You can see the equivalent of that all the time: the clauses that disclaim all warranties, followed by "Some states do not permit the disclaimer of the implied warranties of merchantability and fitness for purpose. In those cases, the law trumps our disclaimer.". And from the tone of the Supreme Court on recent patent cases, I get the feeling they don't agree with the Federal Circuit on a lot of things and are getting about ready to do some wholesale striking down of Fed Circ precedents.
Actually the ad-supported businesses aren't getting a free ride. They're paying for their Internet connection and their bandwidth usage just like consumers are, and paying through the nose. What they want is to only have to pay their ISP for their Internet connection and bandwidth usage. What the telcos want is the right to charge businesses a second time for the bandwidth, so the business has to pay their own ISP for the bandwidth and then pay the user's ISP (who the business has no contact with at all) for the same bandwidth.
And it isn't even the case that the user's ISP isn't getting paid. When the user's ISP connected to the business's ISP's network, directly or indirectly, one of the things that was negotiated was peering: how much the two ISPs will pay each other for handling the other one's traffic. If the telcos negotiated bad peering arrangements, well that's between them and their peers. The business and the users shouldn't be involved in that.
Software design and development is more akin to an architect designing a building rather than the more common analogy of building the building once it's designed. Except that software developers are often burdened with requirements that any architect who valued his license would reject. For example, management often dictates which parts are to be used (ie. "We're going to use MS SQL Server as the database engine."). What architect would design a skyscraper after having been ordered by the client to use pine 2x4s instead of steel beams, or design a 1-story residential house under the requirement that he use titanium box beams instead of 2x4s? And then there's what the article notes at the top of page 3: software requirements change right up to the day of release. When an architect goes to design a building, the requirements are fixed before he starts. Square footage, height, number of floors, number of people each floor has to accomodate, number of elevators, number of toilets needed on each floor, how high the ceiling of the lobby floor will be, all that's fixed in stone before any design work begins. Sometimes that requires back-and-forth between the client and the architect to get everything clear, but it all happens before major design work begins. No architect's going to design the foundations of a building until he knows exactly (or at least very very closely) how much mass is going to have to sit on those foundations and how much horizontal shear they're going to have to handle. If the client can't decide what he wants, the architect just goes "Fine, call me when you decide what you want.". And even when this kind of analysis is done, software requirements change constantly after design's started. See above, no architect's going to accept the client changing the number of floors or the square footage of floors without also agreeing to a complete redesign to accomodate the changes with all the delays and additional costs that requires. If the client didn't like it, the architect would just hand the client the work to date and tell him to have a nice day. And no there wouldn't be any refund of money, the architect's held up his part of the deal as best the client will let him.
And then there's another parallel: architecture is only half engineering, the other half is art. Every building is different, and it's accepted that the architect's going to have to have time to come up with the parts that aren't off-the-shelf standard. There isn't a single standard floor-plan for a single-family 3-bedroom house, there aren't any rules that can be mechanically applied to create a floor-plan, and it's accepted that the process of creating a floor-plan is more creative than anything else and people without the knack for it just aren't going to be very good at it. And that on the next single-family 3-bedroom house much of that work's going to have to be done over again because the new client doesn't want the same thing the previous client wanted.
It will be attacked, but not with near the success as Windows is. A large part of that's because Linux grew out of Unix in attitude, and Unix always was subject to that kind of high-threat environment. It was used at universities with lots of very intelligent, often bored students who loved to play pranks. Pranks like breaking into someone else's account and deleting all their files. Or getting into the prof's account and changing grades. Or just getting access to the high-quality color typesetter without having to pay the per-page price the Computing Center charged for jobs submitted to that queue. And the admins couldn't lock out the attackers, because they were enrolled in classes. Not only did they have to give the attackers access to the systems, they usually had to give them several accounts to play with. How long do you think Windows would last if all attackers had local logins? Thought so.
Linux isn't invulnerable, but it's a solid stone fortress contrasted with the hole-riddled mud-and-straw hovel of Windows when it comes to security. You can get into both, but getting into the stone fortress isn't going to happen as easily or as often.