Laptops have so much custom hardware these days that it's a Bad Idea(TM) to attempt an OS installation from anything but restore CDs.
Not just these days but in olden times, too. I have an old Toshiba Satellite that is just good enough to run Win98. Installing the OS from the Microsoft CD requires me to install at least eight devices manually, with drivers downloaded from Toshiba - including network and modem.
Laptops are simply not good test platforms for OS, unless you're testing the OS for compatibility with a specific laptop model.
Just to make things clear - I am not a developer today, I'm a network engineer.
And it's still not magic. It's transistors and gates and electricity. I understand what you're saying: "Any sufficiently advanced technology is indistiguishable from magic."
However, just because something is indistiguishable from magic doesn't mean that it is magic.
... I think that you have to know a computer language to understand computers.
Hurrah. I learned BASIC when I was 13, and got pretty good at it. Sadly, my family didn't have the money at the time to be able to afford anything computerwise after the Timex/Sinclairs and C64s all went by the wayside. At the same time, I was playing video games at the arcade. Because I knew a programming language, I understood that the computer in the video game was following a set of commands, and could imagine all the lines of BASIC that would accomplish the same thing.... you don't have to be an engineer to drive a car.
You don't have to be an engineer, but it doesn't hurt knowing how the thing works. I've always insisted that the best way to teach someone how to drive a manual transmission is to start by describing how a clutch works. That clutch pedal - it's connected to something, you know? And when you press it down, something happens. And when you let it up, something else happens.
When you press buttons on your computer keyboard, those inputs are read by programming - and something happens. It's not just magic. Too many people, having absolutely no clue how anything works, just think everything runs on magic.
That's basically the formula laid out in Fight Club.
A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
If it costs less to recover from a failure than to prevent the failure in the first place (taking into account the number of predicted failures over the expected lifespan of the prevention implementation), you plan to recover from the failure instead of preventing it.
Make sure the powers that be understand the concept of driving an exploit into a single small security gap, and using that to bootstrap into higher and wider levels of access. Don't let them think that because they've assigned budgeting to address the top two tiers of security holes that they can let the bottom three tiers slide. Surely, the most glaring gaps deserve the most immediate attention, but that doesn't mean that you can rest on your laurels after you've tackled the big issues.
I see too many non-technical business leaders want to implement some technology or other, then expect it to go on and on forever without any further attention. I have to think that there are companies out there that have the same view of security. "Well, we did that already, so we don't have to do it again."
Maybe all that doesn't apply to you, what with the non-pointiness of your bosses' heads.
Plagiarism is "OK" is some circles -- do a Google News search and see how many big named media outlets just regurgitate each others' news.
Could this be the fact that there are really just a few major media producers (Reuters, AP, UPI), and a whole lot of "middlemen" that buy that content wholesale and deliver it to the consumer (with the mark-up being advertising)?
If this theory is true, and I suspect that to a large part it is, then "customer-facing" media outlets like CNN, Fox, NBC, etc., are all really just no-value-added warehousers.
Not only is the term "podcasting" overkill for "putting an MP3 on the internet," I imagine there are plenty of people out there who think (perhaps subconsciously, as I do): "I can't listen to podcasts, because I don't have an iPod."
This is akin to the recent proposal that all encryption key owners make their keys available to law enforcement.
It's also akin to the insistence that everyone cut off their feet, because feet can be used by criminals to move into and out of areas in order to commit crimes, and then escape from justice.
I hereby proclaim that in order to be safe from those who would do us harm, we must all cut off our own feet, and turn them in to the authorities immediately. Except for people who can't walk. They'll have to turn in their wheelchairs.
Even in situations of contributory negligence, the injured (suing) party must have been negligent to the point that they could have been injured apart from the injuring (sued) party.
Perhaps if I had left all my car doors standing open and the car parked in the middle of the street, I would be contributorially negligent. If it's parked in front my my house with the windows open and gets stolen, I'm not negligent. Apart from the actions of the person stealing my car, I would not be "injured."
As with Microsoft - apart from the actions of those who take malicious action against computers, those computers would not be compromised.
Qualtiy of Service (QoS) is prioritization of data packets based on how they're flagged. For QoS to work, it needs to be implemented end-to-end - every routing device between the two parties needs to be able to prioritize traffic, or else you lose QoS and you take your chances with your... well, your quality of service.
This goes both ways, back and forth. I was around for an internal VoIP installation for a company on a leased-line LAN. The company had to upgrade all of its switching and the WAN provider had to upgrade their routers, including their core Juniper, just in order for our call quality to be acceptable across the WAN.
That's why ISPs are talking about charging additional bandwidth fees. If you're not using QoS, or you're just going to take your chances, then you don't have to pay extra. If you want your ISP to prioritize your traffic with QoS (and prioritize everyone else's for what they want.. it becomes complicated), then your ISP has to invest in a lot of new systems and do a lot more work for you. Someone needs to pay for that work.
If I had mod points, I'd find a way to give you all of them. But also let me rebut.
If sufficiently concerned over the issue,...
Right there at the beginning. As I heard it described by Ms. Pelosi, the problem she had was in determining whether her concern was warranted. The best way for her to do so would be to discuss the situation with an uninterested third party, which for obvious reasons is not possible.
While you're correct about raising the issue before the whole House in secret session, that concept may ignore the politics of the game somewhat. Because the information was leaked to the public, and there was a public outcry, there are members of Congress from both sides of the aisle raising concerns. Had it been brought to the House in secret session, it would have been all too easy - outside of public view - for partisan politics to continue. I predict the Republicans would have stood together to make Ms. Pelosi (or anyone coming before that body) out to be supporting the terrorists by trying to inhibit the ability of our intelligence services to do their job protecting the American people from the threat of attack.
See? I've been hearing that crap so long I can spew it myself!
Anyway, without the public at least partially in the know, the Republican-controlled government (all three branches, remember?) would simply continue on with the smoke screen about terrorists. Terrorism is the new Communism in the new McCarthyism.
This is not a facetious question. Define "insecure".
This is maybe somewhat tangential, but here goes.
I have always thought that security and usability were inversely proportional. If your computer were unplugged from everything, turned off, and encased in some impermeable substance (think Han Solo), it would be imminently secure. And completely unusable.
If you had a system where anyone anywhere could give it commands just by thinking, and it would immediately execute those commands, it would be imminently useful. And completely insecure.
More to the point: any system can be made to be secure, and any system can be made to be insecure. Yes, even a Win9x system can be made to be secure on the internet - by adding a simple NAT router between it and the internet connection (inexpensive, and don't open any ports), not using IE or OE (replacements can be had for free), using antivirus and antispyware software (also available for free). That doesn't mean your Win9x machine is suitable to be a mail server, web server, Quake server or any other kind of server.
(Before you all chime in with "Linux" and "Mac" - I know. And I don't care.)
As said in another post to this article, a fair portion of the zombie systems are *nix machines with weak passwords. I don't doubt it. I expect that sloppy administration accounts for most hacking incidents, regardless of operating system.
Let's get back to the real question. What OSes are secure? Those that are administered such that authorized persons have access at the intended level, and unauthorized persons have no access. Maybe OSX suits your liking, and you find it easy to work with. Maybe Windows. Maybe some flavor of Linux. Doesn't matter. Administered properly, your OS can be secure.
Consider this. For all the internetting I've done over the last ten years - and I've slummed hard with the best of them - I've gotten a virus exactly one time. And it was my own fault. In a moment of weakness, I was overcome by the desire to view the pictures of Anna Kournikova that my mother-in-law sent me. As soon as I had made my mistake, I knew what I had done, and set about to fixing it. Took about an hour out of my life. Never had spyware, adware, nothing. All on Windows. It can be done.
What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.
You're right on the first part, wrong on the second.
It's true that if there weren't zombie machines out there to take part in botnets, that DDoSing would be much less of an issue, if one at all.
However, suggesting that Microsoft could be legally liable is right out. Just because I leave all of my car doors open and the keys in the ignition doesn't mean someone has the right to steal my car. I may be stupid, yes, but I am not legally liable for the crime, and I'd be able to make the insurance claim, too (unless there's a clause in my policy that says I need to adhere to certain standards of vigilance in order to qualify for reimbursement).
Suggesting that Microsoft is at fault for the botnets is the same as suggesting that BlueSecurity is at fault for the 'collateral damage' outages.
The people responsible for the mayhem - at least in a legal sense - are those who have perpetrated it.
(Oh yeah, IANAL, but I watch Cops on TV all the time. Cops set out 'bait' to catch thieves all the time. Expensive mountain bike unguarded and unlocked; someone walks off with it, cops swoop in and make the arrest. Same concept here.)
If you're paying any attention to this story beyond simple partisan axe grinding, you'll find that people like Bush's arch-nemises in the house and senate (like Nancy Pelosi) have been briefed on these exact NSA programs since 2001, just weeks after 9/11. Why do you think that only the wingnuts, and not the actual-in-the-know political opposition (which would love to do anything to embarass Bush) aren't being very vocal on this particular subject? Because they know what it really does, have known about it for years, and recognize what a serious breach it is to have it spilling about in the news. Of course they don't mind the political damage it's causing when it's absurdly, factlessly spun in the media, but people like Pelosi know better than to directly attack on this subject - because she's in the same loop and has been for years.
The text above presumes that the congressional oversight committee for these programs has the power to actually do anything. This presumption is incorrect.
The small committee briefed on these NSA programs is prohibited from discussing the programs anywhere outside the briefings. So what is a committee member to do if they have concerns? Ask someone outside if, hypothetically, some hypothetical NSA program could be improper? No way - that would put you in jail. Even after the programs are semi-public, these committee members are still prohibited from discussing the programs. Pelosi herself, in an NPR interview a few weeks back, expressed that she had wanted to speak out on the warrantless wiretap program from the very beginning, but was powerless to get external verification of her concerns, because doing so would reveal that the program existed.
Could the committee do something internally, by itself? Perhaps, were it so moved. But since the committee is heavily Republican, the likelihood of that happening is slim (though growing somewhat wider in a time where Republicans seem to want to portray themselves as standing independent of the president, at least until after Nov 2006. But I digress).
That's why you don't see anyone from the "oversight" committee saying anything. Because the oversight committee is just for show, actually having no real power of oversight. Real oversight would allow for accountability, and no one can be held accountable for programs that no one is allowed to talk to anyone about.
This is yet another case of uninformed "management" applying rules in broad brushstrokes while using buzzwords they've heard. Happens in business all the time, right alongside attempts to apply technological solutions to non-technological problems.
Based on these figures, it sounds like you're referring to "signing statements". While these statements are very troubling and have yet to be reviewed by the Court, they are not "set-asides" of the law.
You are absolutely correct. At the time of my first post, I couldn't remember the phrase 'signing statement.'
My understanding of signing statements is that they allow the president to reinterpret the bill passed by Congress so that said bill is applied only in the way the president chooses, without consideration from the judiciary or rebuttal from the legislature. Perhaps such statements don't "set aside" laws in the purest sense, but as you've said, they are troubling.
The official term is "signing statement." Basically, the president attaches this statement to a bill, explaining how the law applies differently, or does not apply at all, to whomever he decides.
Instead of using veto power, the executive branch is usurping the roles of both the legislative and judicial branches through the extensive use of these signing statements. This, when the Congress is majority Republican, and the Supreme Court vastly conservative. It always makes me think - what are they doing that's so bad that they don't even think their comrades would let them get away with it, that they have to hide behind signing statements?
I don't really understand why one should read such a book...
It's for people who want to read about Google and its uses, not for people who want to use Google.
A few years ago, between jobs, my wife bought me a "how to get a job" book produced (or at least endorsed) by the people at Monster. Equally useless. I needed to get a job, not read about how to get a job.
You're in the UK, so you probably pay more attention to US politics than most American citizens, but in case you forgot --
The President of the United States can, in "time of war," "set aside" any law he/she (ha!) so chooses. Which means that the US gov't can, with the president's permission, ignore the Berne convention legally.
Previous US presidents have set aside laws, yes. About 350 total before GW Bush. GW Bush has set aside ~750 in his term alone.
So, all you people who think you can do something silly like "apply existing laws to the actions of the US government" -- think again. The executive branch has its own specially tailored set of laws and freedoms that the rest of the US doesn't get to play by.
Slashdot Mirror
Laptops have so much custom hardware these days that it's a Bad Idea(TM) to attempt an OS installation from anything but restore CDs.
Not just these days but in olden times, too. I have an old Toshiba Satellite that is just good enough to run Win98. Installing the OS from the Microsoft CD requires me to install at least eight devices manually, with drivers downloaded from Toshiba - including network and modem.
Laptops are simply not good test platforms for OS, unless you're testing the OS for compatibility with a specific laptop model.
I recognized the article title as being a play on The Curious Incident of the Dog in the Night-Time , though I don't understand the connection between this story and the book.
Anyway, it's an excellent read.
Just to make things clear - I am not a developer today, I'm a network engineer.
And it's still not magic. It's transistors and gates and electricity. I understand what you're saying: "Any sufficiently advanced technology is indistiguishable from magic."
However, just because something is indistiguishable from magic doesn't mean that it is magic.
... I think that you have to know a computer language to understand computers.
... you don't have to be an engineer to drive a car.
Hurrah. I learned BASIC when I was 13, and got pretty good at it. Sadly, my family didn't have the money at the time to be able to afford anything computerwise after the Timex/Sinclairs and C64s all went by the wayside. At the same time, I was playing video games at the arcade. Because I knew a programming language, I understood that the computer in the video game was following a set of commands, and could imagine all the lines of BASIC that would accomplish the same thing.
You don't have to be an engineer, but it doesn't hurt knowing how the thing works. I've always insisted that the best way to teach someone how to drive a manual transmission is to start by describing how a clutch works. That clutch pedal - it's connected to something, you know? And when you press it down, something happens. And when you let it up, something else happens.
When you press buttons on your computer keyboard, those inputs are read by programming - and something happens. It's not just magic. Too many people, having absolutely no clue how anything works, just think everything runs on magic.
That's basically the formula laid out in Fight Club.
If it costs less to recover from a failure than to prevent the failure in the first place (taking into account the number of predicted failures over the expected lifespan of the prevention implementation), you plan to recover from the failure instead of preventing it.
Make sure the powers that be understand the concept of driving an exploit into a single small security gap, and using that to bootstrap into higher and wider levels of access. Don't let them think that because they've assigned budgeting to address the top two tiers of security holes that they can let the bottom three tiers slide. Surely, the most glaring gaps deserve the most immediate attention, but that doesn't mean that you can rest on your laurels after you've tackled the big issues.
I see too many non-technical business leaders want to implement some technology or other, then expect it to go on and on forever without any further attention. I have to think that there are companies out there that have the same view of security. "Well, we did that already, so we don't have to do it again."
Maybe all that doesn't apply to you, what with the non-pointiness of your bosses' heads.
[X] Yes
[ ] No
The Beastie Boys must not be made of hydrogen.
Plagiarism is "OK" is some circles -- do a Google News search and see how many big named media outlets just regurgitate each others' news.
Could this be the fact that there are really just a few major media producers (Reuters, AP, UPI), and a whole lot of "middlemen" that buy that content wholesale and deliver it to the consumer (with the mark-up being advertising)?
If this theory is true, and I suspect that to a large part it is, then "customer-facing" media outlets like CNN, Fox, NBC, etc., are all really just no-value-added warehousers.
Not only is the term "podcasting" overkill for "putting an MP3 on the internet," I imagine there are plenty of people out there who think (perhaps subconsciously, as I do): "I can't listen to podcasts, because I don't have an iPod."
So after i cut of my feet - just exactly how will i turn them in?
WITH YOUR HANDS. HURRRRR.
This is akin to the recent proposal that all encryption key owners make their keys available to law enforcement.
It's also akin to the insistence that everyone cut off their feet, because feet can be used by criminals to move into and out of areas in order to commit crimes, and then escape from justice.
I hereby proclaim that in order to be safe from those who would do us harm, we must all cut off our own feet, and turn them in to the authorities immediately. Except for people who can't walk. They'll have to turn in their wheelchairs.
Two words: contributary negligence.
d =341n ceg ence.htmo ntributory_neg.html
Everything I see regarding 'contributory negligence' refers to its use in personal injury cases, not in property theft cases.
http://dictionary.law.com/definition2.asp?selecte
http://en.wikipedia.org/wiki/Contributory_neglige
http://www.lectlaw.com/def/c125.htm
http://insurance.cch.com/Rupps/contributory-negli
http://www.west.net/~smith/negligence.htm
http://www.criminal-law-lawyer-source.com/terms/c
Even in situations of contributory negligence, the injured (suing) party must have been negligent to the point that they could have been injured apart from the injuring (sued) party.
Perhaps if I had left all my car doors standing open and the car parked in the middle of the street, I would be contributorially negligent. If it's parked in front my my house with the windows open and gets stolen, I'm not negligent. Apart from the actions of the person stealing my car, I would not be "injured."
As with Microsoft - apart from the actions of those who take malicious action against computers, those computers would not be compromised.
QoS comes into play when you're uploading.
... well, your quality of service.
.. it becomes complicated), then your ISP has to invest in a lot of new systems and do a lot more work for you. Someone needs to pay for that work.
Qualtiy of Service (QoS) is prioritization of data packets based on how they're flagged. For QoS to work, it needs to be implemented end-to-end - every routing device between the two parties needs to be able to prioritize traffic, or else you lose QoS and you take your chances with your
This goes both ways, back and forth. I was around for an internal VoIP installation for a company on a leased-line LAN. The company had to upgrade all of its switching and the WAN provider had to upgrade their routers, including their core Juniper, just in order for our call quality to be acceptable across the WAN.
That's why ISPs are talking about charging additional bandwidth fees. If you're not using QoS, or you're just going to take your chances, then you don't have to pay extra. If you want your ISP to prioritize your traffic with QoS (and prioritize everyone else's for what they want
If I had mod points, I'd find a way to give you all of them. But also let me rebut.
...
If sufficiently concerned over the issue,
Right there at the beginning. As I heard it described by Ms. Pelosi, the problem she had was in determining whether her concern was warranted. The best way for her to do so would be to discuss the situation with an uninterested third party, which for obvious reasons is not possible.
While you're correct about raising the issue before the whole House in secret session, that concept may ignore the politics of the game somewhat. Because the information was leaked to the public, and there was a public outcry, there are members of Congress from both sides of the aisle raising concerns. Had it been brought to the House in secret session, it would have been all too easy - outside of public view - for partisan politics to continue. I predict the Republicans would have stood together to make Ms. Pelosi (or anyone coming before that body) out to be supporting the terrorists by trying to inhibit the ability of our intelligence services to do their job protecting the American people from the threat of attack.
See? I've been hearing that crap so long I can spew it myself!
Anyway, without the public at least partially in the know, the Republican-controlled government (all three branches, remember?) would simply continue on with the smoke screen about terrorists. Terrorism is the new Communism in the new McCarthyism.
This is not a facetious question. Define "insecure".
This is maybe somewhat tangential, but here goes.
I have always thought that security and usability were inversely proportional. If your computer were unplugged from everything, turned off, and encased in some impermeable substance (think Han Solo), it would be imminently secure. And completely unusable.
If you had a system where anyone anywhere could give it commands just by thinking, and it would immediately execute those commands, it would be imminently useful. And completely insecure.
More to the point: any system can be made to be secure, and any system can be made to be insecure. Yes, even a Win9x system can be made to be secure on the internet - by adding a simple NAT router between it and the internet connection (inexpensive, and don't open any ports), not using IE or OE (replacements can be had for free), using antivirus and antispyware software (also available for free). That doesn't mean your Win9x machine is suitable to be a mail server, web server, Quake server or any other kind of server.
(Before you all chime in with "Linux" and "Mac" - I know. And I don't care.)
As said in another post to this article, a fair portion of the zombie systems are *nix machines with weak passwords. I don't doubt it. I expect that sloppy administration accounts for most hacking incidents, regardless of operating system.
Let's get back to the real question. What OSes are secure? Those that are administered such that authorized persons have access at the intended level, and unauthorized persons have no access. Maybe OSX suits your liking, and you find it easy to work with. Maybe Windows. Maybe some flavor of Linux. Doesn't matter. Administered properly, your OS can be secure.
Consider this. For all the internetting I've done over the last ten years - and I've slummed hard with the best of them - I've gotten a virus exactly one time. And it was my own fault. In a moment of weakness, I was overcome by the desire to view the pictures of Anna Kournikova that my mother-in-law sent me. As soon as I had made my mistake, I knew what I had done, and set about to fixing it. Took about an hour out of my life. Never had spyware, adware, nothing. All on Windows. It can be done.
What is fragile are the tens of thousands of pwn3d Windows PC's that are being used without their owners' knowledge to perpetrate these massive DDOS attacks. If I were a lawyer for Blue Security, Yahoo, or anyone else who has been hit recently, I would be seriously looking in to the merits of a lawsuit against MS for gross negligence or something similar.
You're right on the first part, wrong on the second.
It's true that if there weren't zombie machines out there to take part in botnets, that DDoSing would be much less of an issue, if one at all.
However, suggesting that Microsoft could be legally liable is right out. Just because I leave all of my car doors open and the keys in the ignition doesn't mean someone has the right to steal my car. I may be stupid, yes, but I am not legally liable for the crime, and I'd be able to make the insurance claim, too (unless there's a clause in my policy that says I need to adhere to certain standards of vigilance in order to qualify for reimbursement).
Suggesting that Microsoft is at fault for the botnets is the same as suggesting that BlueSecurity is at fault for the 'collateral damage' outages.
The people responsible for the mayhem - at least in a legal sense - are those who have perpetrated it.
(Oh yeah, IANAL, but I watch Cops on TV all the time. Cops set out 'bait' to catch thieves all the time. Expensive mountain bike unguarded and unlocked; someone walks off with it, cops swoop in and make the arrest. Same concept here.)
If you're paying any attention to this story beyond simple partisan axe grinding, you'll find that people like Bush's arch-nemises in the house and senate (like Nancy Pelosi) have been briefed on these exact NSA programs since 2001, just weeks after 9/11. Why do you think that only the wingnuts, and not the actual-in-the-know political opposition (which would love to do anything to embarass Bush) aren't being very vocal on this particular subject? Because they know what it really does, have known about it for years, and recognize what a serious breach it is to have it spilling about in the news. Of course they don't mind the political damage it's causing when it's absurdly, factlessly spun in the media, but people like Pelosi know better than to directly attack on this subject - because she's in the same loop and has been for years.
The text above presumes that the congressional oversight committee for these programs has the power to actually do anything. This presumption is incorrect.
The small committee briefed on these NSA programs is prohibited from discussing the programs anywhere outside the briefings. So what is a committee member to do if they have concerns? Ask someone outside if, hypothetically, some hypothetical NSA program could be improper? No way - that would put you in jail. Even after the programs are semi-public, these committee members are still prohibited from discussing the programs. Pelosi herself, in an NPR interview a few weeks back, expressed that she had wanted to speak out on the warrantless wiretap program from the very beginning, but was powerless to get external verification of her concerns, because doing so would reveal that the program existed.
Could the committee do something internally, by itself? Perhaps, were it so moved. But since the committee is heavily Republican, the likelihood of that happening is slim (though growing somewhat wider in a time where Republicans seem to want to portray themselves as standing independent of the president, at least until after Nov 2006. But I digress).
That's why you don't see anyone from the "oversight" committee saying anything. Because the oversight committee is just for show, actually having no real power of oversight. Real oversight would allow for accountability, and no one can be held accountable for programs that no one is allowed to talk to anyone about.
Thank god for whistleblowers.
This is yet another case of uninformed "management" applying rules in broad brushstrokes while using buzzwords they've heard. Happens in business all the time, right alongside attempts to apply technological solutions to non-technological problems.
I always wondered why my three-year-old son has so much back hair.
Based on these figures, it sounds like you're referring to "signing statements". While these statements are very troubling and have yet to be reviewed by the Court, they are not "set-asides" of the law.
You are absolutely correct. At the time of my first post, I couldn't remember the phrase 'signing statement.'
My understanding of signing statements is that they allow the president to reinterpret the bill passed by Congress so that said bill is applied only in the way the president chooses, without consideration from the judiciary or rebuttal from the legislature. Perhaps such statements don't "set aside" laws in the purest sense, but as you've said, they are troubling.
Here's someplace to start:
http://writ.news.findlaw.com/dean/20060113.html
The official term is "signing statement." Basically, the president attaches this statement to a bill, explaining how the law applies differently, or does not apply at all, to whomever he decides.
Instead of using veto power, the executive branch is usurping the roles of both the legislative and judicial branches through the extensive use of these signing statements. This, when the Congress is majority Republican, and the Supreme Court vastly conservative. It always makes me think - what are they doing that's so bad that they don't even think their comrades would let them get away with it, that they have to hide behind signing statements?
Heard the story on NPR a week ago or so. I am digging now, but probably won't have a link till morning.
I don't really understand why one should read such a book ...
It's for people who want to read about Google and its uses, not for people who want to use Google.
A few years ago, between jobs, my wife bought me a "how to get a job" book produced (or at least endorsed) by the people at Monster. Equally useless. I needed to get a job, not read about how to get a job.
You're in the UK, so you probably pay more attention to US politics than most American citizens, but in case you forgot --
The President of the United States can, in "time of war," "set aside" any law he/she (ha!) so chooses. Which means that the US gov't can, with the president's permission, ignore the Berne convention legally.
Previous US presidents have set aside laws, yes. About 350 total before GW Bush. GW Bush has set aside ~750 in his term alone.
So, all you people who think you can do something silly like "apply existing laws to the actions of the US government" -- think again. The executive branch has its own specially tailored set of laws and freedoms that the rest of the US doesn't get to play by.