After upgrade to SQL Server 2019 some stored procedures fail

We just upgraded from SQL Server 2008 R2 to SQL Server 2019(Compability lvl 150).

We have two different stored procedures that started failing after the upgrade, with error messages like this:

Msg 8632, Level 17, State 2, Procedure BuildSelfSaleStats, Line 14 [Batch Start Line 4] Internal error: An expression services limit has been reached. Please look for potentially complex expressions in your query, and try to simplify them. 

Whats really strange is that this particular stored procedure doesnt take any arguments, and when we simply execute the body of the SQL code in SSMS, it works fine(!?).

What might cause some SQL code that works fine when executed in SSMS, to suddenly start failing when its wrapped in a stored procedure?

Windows 10 version 1809, not offered an upgrade to 1909 in Windows update

My Windows 10 build version is 1809. When I go into Windows update it does not offer to upgrade me to 1909 which should be the most recent as of today.

I notice that there is a bad bug (source: https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html) in 1909 which is patched by KB4551762 (https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762), but I don’t get it on my build.

So does this mean 1809 is not vulnerable to the SMBv3 ‘wormable’ issue? ANd why don’t I get the newest version of Windows?

How to sniff direct websocket connection in android ( i.e. no HTTP Upgrade connections ) using BURP?

I’ve pentested a lot of websites and a few apps too but this app eludes them all. On the websites, when there’s a websocket upgrade the BURP proxy recognizes it and starts showing it in the websockets tab. Somewhat similar happens on the apps, but not on this one.

This app doesn’t do any such thing.

How this app works :

  1. Gets it’s websocket endpoints from a config, downloaded from a website. Then ‘mysteriously’ it makes a connection to the websocket server, which isn’t visible in the BURP proxy.

My Setup : 1. Rooted phone with frida running and objection framework for ssl unpinning ( although not needed here, as I am already able to see all the http(s) traffic from the app ).

FYI I’ve added my BURP cert as root authority in my android 7.0 phone.

I’ve also tried ‘invisible proxying’ ( not sure how it works ) didn’t work either.

Any ideas would help ?

Thanks.

Kaspersky TS blocking apt-get upgrade and marking files as HEUR:Trojan.Script.Generic

I have just recently downloaded kali linux onto my VM software and i was doing apt-get upgrade in terminal and some files got blocked by my kts and i was wondering whether it was a false positive as what its trying to download is tools for code injections, do i allow the files to download or should i listen to kaspersky?
the 2 links –
http://ftp.hands.com/kali/pool/main/c/commix/commix_3.0-20191111-0kail1_all.deb//data.tar.xz//data.tar//./usr/share/commix/src/core/shells/bind_tcp.py
and
http://ftp.hands.com/kali/pool/main/l/laudanum/laudanum_1.0%2br36-0kail4_all.deb//data.tar.xz//data.tar//./usr/share/laundanum/jsp/cmd.war//cmd.jsp

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I’m recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they’re using they’re PCs. The particular issues vary, but this time I’m struggling with a really eggregious one: the refusal to upgrade from their ~20 years old Windows XP PC. (Or is this an even older version of Windows? I don’t really know as I did not see it yet.)

How can I explain that it is a bad idea nowadays to connect to the internet with such a PC?

I think that this question will only be clear and meaningful if I add an addendum about the mindset of such people… which seems to me to be really peculiar:

  • They seem to have no notion of obsolescence of things. In their minds, a computer is in good shape if and only if it is capable to perform the tasks they need it to perform (eg. “receive this important document sent to my e-mail address, make such-and-such modifications to this document, send it back“). Thus if they’re able to do this it is hard to explain to them they should buy a new PC.
  • They remember the times of poverty, when it was irresponsible (and actually plain stupid) to replace things carelessly. In their times broken things were being fixed if possible, and only replaced if repairs were no longer possible. Some of them are still poor, so they may have actual (rather than just mental) reasons to refuse to spend a three digit sum on new things.
  • They seem reluctant to understand how to operate stuff from the modern era. They seem to want a concise, clearly defined order of steps necessary to perform a task (rather than understanding of the abstractions of modern GUIs so that they can operate their PCs regardless of whatever it shows them). If anything strays from this clear order of steps (eg the computer shows them an unexpected dialog) they get confused and may deem their computer “broken” (and call me to “fix” it for them).
    • Actual example: “I don’t know what happens, why can I not get to my e-mail inbox without all of this annoying stuff? It keeps displaying me these annoying messages about passwords and phone numbers! Please fix it for me so that clicking this picture will get me to my e-mail inbox!”
    • As a result, whenever anything changes in their computer (eg this WinXP is upgraded finally…) that interferes with their well-known, predictable order of steps / responses from their PC it is likely they’ll say I “broke more than I fixed”. They have a clear definition of “fixing” their PC… “make it behave exactly as it used to“.
  • When told about security (eg that a middle school kiddie next door could break into their PC) they tend to respond along the lines of “Am I working in a three letter agency?” or “Who am I, a millionaire? There’s no reason anyone would want to target me!

Actually, if I think about it, their point of view, even if fallacious, kind of makes sense… They simply treat a PC as a tool like that they’re accustomed of, something like a hammer or a (traditional, simple, devoid of electronics) vacuum cleaner… Their approach, listed above, seems reasonable if they were talking about a hammer rather than a PC, I guess…

I’m running out of arguments. In the spirit of this question, may I ask how to talk to such old-timers?