Aggregator

Police want to speak to this man in connection to the assault

On paper it looks like I've discovered the perfect investment strategy. The value of my portfolio is up a stonking 20 per cent this year - and that's on top of a 21 per cent return the year before.

The coming-of-age sitcom, which was originally broadcast between 2008 and 2010, follows the misadventures of Will MacKenzie, Simon Cooper, Neil Sutherland and Jay Cartwright.

Three-quarters of shareholders in new buy-to-let businesses this year were born between 1981 and 1996.

Illicit colo cleanup seemed like a good way to get out of the house during Covid

Who, Me?  Welcome to another week of nimble newsifying from The Register, which as always kicks off the working week with a fresh instalment of Who, Me? It's the reader-contributed column in which you admit to mistakes that almost trashed your career.…

SQL Server Information Services is Microsoft's ETL tool. It provides a drag-and-drop interface for describing data flows from sources to sinks, complete with transformations and all sorts of other operations, and is useful for migrating data between databases, linking legacy mainframes into modern databases, or doing what most people seem to need: migrating data into Excel spreadsheets.

It's essentially a full-fledged scripting environment, with a focus on data-oriented operations. The various nodes you can drag-and-drop in are database connections, queries, transformations, file system operations, calls to stored procedures, and so on. It even lets you run .NET code inside of SSIS.

Which is why Lisa was so surprised that her predecessor had a "call stored procedure" node called "move file". And more than that, she was surprised that the stored procedure looked like this:

if (@doDelete = 1) begin set @cmdText = 'mv -f ' + @pathName + @FileName + @FileExt + ' ' + @pathName + 'archive\' + @FileName + @FileExt + '.archive' end else begin set @cmdText = 'cp -f ' + @pathName + @FileName + @FileExt + ' ' + @pathName + 'archive\' + @FileName + @FileExt + '.archive' end insert into #cmdOutput exec @cmdResult = master.dbo.xp_cmdshell @cmdText

This stored procedure was called from SSIS, which again, I want to stress, has the functionality to do this without calling a stored procedure. But this approach offers us a few unique "advantages".

First, it requires xp_cmdshell be enabled. This particular stored procedure is disabled by default, since it allows a user inside of SQL Server to invoke shell commands. Microsoft disables this by default, because it's a gaping security hole. Any security scanning tool you may run against your server will call it out as a big red flag. You're one SQL Injection attack away from an old rm -rf /.

Which, speaking of rm, you'll note the command strings they build to execute. mv and cp. Now, SQL Server can run on Linux, but this instance wasn't. No, the person responsible for this stored procedure also installed GNU Core Utils on Windows, just so they could have mv and cp to invoke from this stored procedure. Even better, they didn't document this dependency, so the first time someone tried to migrate the database to new hardware, this functionality broke and no one knew why.

At least the migration gave them a chance to update their SSIS packages to use the "File Transfer Task" instead of this stored procedure. But don't worry, there were plenty of other stored procedures using xp_cmdshell.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

Today would have been Margaret Thatcher's 100th birthday. The Iron Lady was the most marmite of British politicians conjuring up feelings of admiration amongst some and deep disdain among others.

Police will launch a new search for missing four-year-old boy Gus at the family's Outback station tomorrow.

Only time will tell whether James McAlpine stands head and shoulders (and head and shoulders again) above the political opposition, but last week his height made him the unexpected star.

Its one of Essex's most sought after places to live

Yelena Giler, 56, (pictured) mother of Slava Giler, who was murdered at the Nova music festival, died by suicide on Thursday, just two days after the second anniversary of the massacre.

An anonymous reader shared this excerpt from a Los Angeles Times newsletter: One of the most consequential moments in California's drive to beat back climate change will take place next month. The state will stop receiving electricity from the Intermountain Power Plant in Central Utah, meaning our reliance on coal as a source of power will essentially be over... [T]he U.S. got nearly half its electricity from coal-fired plants as recently as 2007. By 2023, that figure had dropped to just 16.2%. California drove an even more dramatic shift, getting just 2.2% of its electricity from coal in 2024 — nearly all of it from the Intermountain plant. Operators plan to cut off that final burst of ions next month. "And with improved technology to store power, the change has been made without the power shortages that dogged the state up until 2020..."

Read more of this story at Slashdot.

A rogue surgeon who harmed patients in a series of botched operations has pocketed around £1million of pension payments since fleeing the country.

The changes could have a big impact

A sick theory about Gus Lamont, 4, who went missing in the Australian outback, has spread online but the image which sparked the update was AI generated. 

The most popular baby names of 2025 have been revealed. But these types of lists have sparked online debate about whether new parents should - or shouldn't - use them as a naming guide.

ScienceDaily reports: Our everyday GPS struggles in "urban canyons," where skyscrapers bounce satellite signals, confusing even advanced navigation systems. Norwegian University of Science and Technology (NTNU) scientists created SmartNav, combining satellite corrections, wave analysis, and Google's 3D building data for remarkable precision. Their method achieved accuracy within 10 centimeters during testing [90% of the time]. The breakthrough could make reliable urban navigation accessible and affordable worldwide... "Cities are brutal for satellite navigation," explained Ardeshir Mohamadi. Mohamadi, a doctoral fellow at NTNU, is researching how to make affordable GPS receivers (like those found in smartphones and fitness watches) much more precise without depending on expensive external correction services.

Read more of this story at Slashdot.

Marcus Norton was walking his Mastiff puppy, Chief, and an elderly Staffordshire terrier, Molly, at an off-leash area in Pinjarra, south of Perth, on Friday.

A ground worker at Dallas Fort-Worth International airport was left horrified after dousing the tarmac with highly flammable jet fuel.

It's the largest nuclear power plant in Europe. But "Ukraine's foreign minister accused Russia on Sunday of deliberately severing the external power line to the Russian-held Zaporizhzhia nuclear power station," reports Reuters, "in order to link the plant to Moscow's power grid." Ukrainian Foreign Minister Andrii Sybiha said Moscow was attempting to test a reconnection to Russia's grid. Ukraine has long feared that Moscow would try to redirect the plant's output to its grid. But Russian officials have denied any intention of trying to restart the plant, seized by Moscow's forces in the early weeks of the February 2022 invasion of Ukraine. The plant produces no electricity at the moment, but has been without an external electricity source for nearly three weeks. Officials have relied on emergency diesel generators to secure the power needed to keep the fuel cool inside the facility and guard against a meltdown. "Russia intentionally broke the plant's connection with the Ukrainian grid in order to forcefully test reconnection with the Russian grid," Sybiha wrote on X in English. He denounced the "attempted theft of a peaceful Ukrainian nuclear facility".... Each side has accused the other of shelling that caused the line outage. Russia's continued occupation of the Zaporizhzhia nuclear power plant deprived Ukraine of a quarter of its generating capacity, according to a report from the Brookings Institute — calling Ukraine's energy sector "a key battleground" in the war. The Russian invasion began on the very day that Ukraine launched its so-called island test. This involved completely isolating the Ukrainian and Moldovan power systems from their neighbors to check whether the system was stable. This is a mandatory procedure prior to synchronization with the European grid... Despite this, Ukraine managed not only to militarily defend itself but also to maintain grid stability in wartime conditions and implement all the solutions necessary for an unprecedented synchronization on March 16, 2022. In 2022 a former commissioner of the U.S. Nuclear Regulatory Commission (from 1998 to 2007) even argued in the Wall Street Journal that "An unappreciated motive for Russia's invasion of Ukraine is that Kyiv was positioning itself to break from its longtime Russian nuclear suppliers..." At the time of the invasion, Westinghouse supplied fuel to six of the 15 [Ukrainian] nuclear reactors and could displace the Russians in all of them. The U.S. government had been highly supportive of this effort, and these fuel contracts represented hundreds of millions of dollars in yearly lost sales to Atomstroyexport [a nuclear exporter that's a subsidiary of Russian state corporation Rosatom]. By seizing the nuclear plants, Russia is able to retake the market for Ukrainian nuclear fuel. Most important, Westinghouse, with support from the U.S., was in a position to build nuclear reactors in Ukraine over the next two decades. On Aug. 31, 2021, Energy Secretary Jennifer Granholm and her Ukrainian counterpart, Herman Halushchenko, signed a strategic cooperation agreement to build five nuclear units with a value, according to the World Nuclear Association, of more than $30 billion. The timing is telling. In November 2021, Ukraine's leaders signed a deal with Westinghouse to start construction on what they hoped would be at least five nuclear units — the first tranche of a program that could more than double the number of plants in the country, with a potential total value approaching $100 billion. Ukraine clearly intended that Russia receive none of that business. Brookings looks at how Ukraine's energy sector has fared during the war: The Ukrainian energy sector was designed to be oversized with significant redundancy in order to meet huge Soviet-era industrial demand as well as to make it more resilient to a future world war... A radical change did not occur until 2014, when Ukrainians overthrew the pro-Russian president, Viktor Yanukovych. In the decade since then, Ukraine has pursued a policy of European Union (EU) integration with determination and without interruption... The real prospect of an improvement in the quality of life and development of Ukraine through integration with the EU and NATO was unacceptable to Russia, which first annexed Crimea and covertly attacked the Ukrainian Donbas, before launching a full-scale invasion of Ukraine on February 24, 2022. Russia's in-depth knowledge of the Ukrainian power system, dating back to the Soviet Union, was used to carry out a well-planned operation to cut off electricity to Ukrainians. The aim was to break the morale of Ukrainians to continue defending themselves and to collapse the economy so that it could not support the Ukrainian military effort. Ironically, however, the size of the energy system, which had been scaled up in case of war, and the enormous Western support, unexpectedly ensured its resilience to Russian attacks. Although they note that "During the first two years of the war, Russia fired nearly 2,000 missiles and drones at Ukrainian energy infrastructure... " And this week in Ukraine, damage to substations, power plants and oil depot temporarily cut off electricity for hundreds of thousands of Ukrainian homes and businesses, reports the UN. "As colder weather sets in, strikes on critical infrastructure are deepening humanitarian needs," warned a UN spokesperson on Thursday...

Read more of this story at Slashdot.