You can lead a horse to water, but you can't make him think. Part 1.
Years ago, the Open Source and Linux/Unix crowd (most of whose members are in both camps) jumped up and down on how stupid MS Office's developers were for including a macro language (at all, in many people's minds) in Word, among other applications in that suite.
Wind forward to today, and F-Secure comes out with the following announcement:
"One of our researchers, Sami Rautiainen, produced a paper for the Virus Bulletin Conference in September of 2003 on the topic of OpenOffice Security. The conclusions that he reached: The macro language and the API of OpenOffice are very powerful, but unfortunately the power can be abused for malicious purposes. The security settings in the default installation of OpenOffice much resembles older versions of Microsoft Office."
Okay, so that's from 2003 - old news.
Then they go on:
"That was then, and now… we have a sample of a proof-of-concept macro-virus for OpenOffice.org named Stardust.A. This thing is very proof-of-concept and is not something in the wild, but it's interesting to note that the waters are indeed being tested."
Unless I'm missing something here, that's yet another demonstration that, as far as developer security goes, there's no lesson like the one you learned first-hand. Apparently, OpenOffice didn't learn from Microsoft's Word macro virus woes, and then didn't learn sufficiently from F-Secure's paper.
Update: As if that wasn't enough, I read this story from an Australian IT news web site. I don't know that I can even comment on the stunningly dangerous naivete shown by the Linux / Open Source advocate there. Read it for yourself - what do you think?