I’m not particularly tech savvy and am unfamiliar with Linux but, if I understand the article correctly, wouldn’t you have to (1) expose print services directly to the Internet and (2) wait for a server operator to intentionally try and send a job to the newly created bogus printer (which he doesn’t even know exists) in order to execute the malicious payload? Seems like pretty low probability of being able to pull that off without an insider on the victim’s network to cooperate, no? Not impossible, of course. But seems like the attacker would have to be pretty lucky.