Monthly Archives: August 2017

Adding Free SSL Certificates for HTTPS To Your Websites

Posted on by
Reply

I recently received a warning email from Google:

“Starting October 2017, Chrome (version 62) will show a ‘NOT SECURE’ warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The recommended solution was to migrate the affected website(s) to HTTPS. This requires an SSL certificate. There are many companies selling those for hundreds of dollars. I didn’t really want to spend that money.

It turns out there is a free alternative: The Let’s Encrypt project (https://letsencrypt.org/) provides free SSL certificates with just enough functionality to run SSL with current browsers. It also provides automated tools that greatly assist you in obtaining and installing those certificates.

I had a default SSL host configured on my Apache 2.4 installation (inherited from a different server running Ubuntu) that I had to manually remove.

Then, when all virtual hosts only had port 80 (HTTP) enabled, I could run the certbot tool as root:

# certbot --apache

It enumerates all host names supported by your Apache installation. I ran it repeatedly, for each domain and the corresponding www. host name (e.g. joewein.net, www.joewein.net) in my installation and verified the results, one at a time. It will create a new virtual host file in /etc/httpd/hosts-enabled for those hosts for port 443 (HTTPS). I appended the content of that file to my existing port 80 (HTTP) virtual host file in /etc/httpd/hosts-available for that host name and deleted the new file created by certbot. That way I can track all configuration details for each website for both HTTP and HTTPS in a single file, but this purely a personal choice.

All it takes is an Apache restart to enable the new configuration.

You can test if SSL is working as expected by accessing the website with a browser using https:// instead of http:// at the start of the URI.

If you have iptables rules for port 80, you may want to replicate those for port 443 or the certificate generation / renewal may fail. Also, you want to make sure that SSLv3 is turned off on your Apache installation, to protect against the POODLE vulnerability. This required the following setting in ssl.conf:

/etc/httpd/conf.d/ssl.conf:SSLProtocol all -SSLv2 -SSLv3

The free certificates will expire in 90 days, but it’s recommended to add a daily cron job that requests renewals so that an updated key will be downloaded after 60 days, long before the old key expires. Once that is in place, maintenance of SSL keys will be totally automatic.

UPDATE (2017-11-01): If you’re using WordPress on your website, you should change the WordPress base URI to HTTPS too. To do that, log into the WordPress Dashboard. In there select Settings > General. Change the “http://” in the WordPress Address (URI) and Site Address (URI) fields to “https://” and click the Save Changes button. This ensures that any messages from WordPress to you will include secure URIs.

Disc brakes on my Bike Friday (part II)

Posted on by
Reply

As I explained here almost two years ago, I have had the front brake of my Bike Friday replaced with a disk brake, an upgrade that involved installing a new fork with disk brake tabs. Now I’m having the same upgrade done one the rear:

I needed to replace the rear wheel anyway because after 37,000 km its rim was worn out. The aluminium of the brake surfaces was already worn past the wear markers. I decided, this was a good time to switch not only the rim but the brake too. With disc brakes, a well built rim will basically last forever. The brake wear will be on the rotor, but that is a cheaper part that can be replaced without the need for a full wheel rebuild. But more importantly, disc brakes are much more effective in the rain, where they are more predictable. I was reminded of that fact again when I descended a winding 20 km from Mt Norikura in the rain last month.

Originally I thought I could get IS disc tabs at the rear by simply swapping the rear triangle, which is a separate hinged part of the folding bike frame, but as it turns out Bike Friday needs to build the main tube and its hinge together with the rear triangle to ensure they will be properly aligned.

I went ahead and placed an order. A couple of weeks later the new main tube and rear triangle arrived. Tokyo Bike Friday dealer ehicle will be swapping all other parts from the existing bike to the new hinged section that has the disc tabs.

I bought a second Shimano BR-CX77 disc brake calliper. I still had a 140 mm centerlock rotor that I had bought two years ago as well as the matching IS adapter. The smaller rotor should be sufficient at the rear, especially with the smaller 20″ wheels. Heat dissipation should be less of a problem for a rear brake, which normally doesn’t have to work as hard as a front brake. I never had any heat problems with the 160 mm rotor at the front.

GS Astuto, my favourite wheel builder, built me a new rear wheel based on the Shimano Deore FH-M615 rear hub and an AlexRims DA22 rim (same as originally came with the bike). The disc brake wheel uses an O.L.D. (Over Locknut Dimension) of 135 mm, but the existing rim brake rear triangle uses 130 mm. Therefore installing the new wheel in the existing frame before the Norikura ride required some effort, but it worked OK. With the new rear triangle that issue will go away.

Once the conversion will be complete, I’ll actually have a spare main tube and rear triangle, a spare fork, two spare rim brakes and two spare hubs. The only frame parts missing to a complete non-disc brake frame will be the steerer and the folding seat tube 🙂 Nevertheless, doing it this way will have been worth it.

Instead of buying a new bicycle, I could first try out at the front what difference a disc brake would make, making only the minimal investment. I never had to send my bike back to the US for a few weeks for an upgrade or pay shipping costs either way. I only lost the use of the bike for a short period for each of the upgrade steps.

I’m looking forward to riding my upgraded bike this weekend, when the work will be complete! 🙂

Disc brake pad and rotor wear

Posted on by
Reply

It looks like I get about 6,000 km of useful life out of the disc brake pads on the front of my main bicycle. That’s about 9 months for me (I ride all year round, about 8,000 to 10,000 km per year).

Two years ago I switched my Bike Friday Pocket Rocket to a disc brake on the front by replacing the fork and the front wheel. 1 1/2 years ago I received my Elephant Bikes National Forest Explorer (NFE), a low trail randonneur bike with disc brakes. 9 Months ago I switched the NFE from TRP Spyre mechanical disc brakes with metallic pads to Shimano hydraulic brakes with resin pads. These pads had now worn out, see picture above.

Along with the brake pads I also replaced the front rotor, as the old one had worn quite thin.

Most of the 7,000 km that I had done on the TRP Spyre brakes I had been using metallic pads, as the factory resin pads wore extremely rapidly: I had to keep adjusting the brakes after each Saturday long ride (typically 130-200 km). The metallic pads needed less attention but were very noisy in the rain.

My experience with the Shimano BR-RS785 brakes was much better. As hydraulic brakes their pads were self adjusting. There weren’t any noise issues. Wear is quite acceptable: One set of resin pads every 9 months is not too bad and I expect the new brake rotor will last even longer than 13,000 km / 20 months now that I am only using resin pads. On top of that the modulation on the hydros is great and they need very little effort. I could not be happier!

It is good to have real-life figures from actual use as to how quickly parts will wear on the bike so you can do preventive maintenance. It is better to replace a worn out pad at home when you know that it will be due for replacement soon, rather than finding out on a mountain descent that suddenly you’ve got nothing left to stop you! 🙁

Likewise, I regularly replace shifter cables (about once a year), before they wear out enough to break inside the brifters during a ride away from home, as happened twice to me before I learnt that lesson.

In the past I have been quite easygoing about replacing worn out bicycle chains, but a chain that has “stretched” will wear out your chain rings or cassette more quickly. Chains do decrease in robustness with increasing numbers of gears (from 8 speed to 11 speed) as they increasingly become narrower, so I will probably be replacing my 11 speed chain annually too.

Jōmon Sugi, the hard way

Posted on by
1

Eight years ago I visited Yakushima island near Kyushu/Japan with my family. We did a lot of hiking to see the ancient Cryptomeria trees in the lush green mountains, but we did not try to go to Jōmon Sugi (縄文杉), the oldest and biggest tree on the island. It is estimated to be around 2000-7000 years old. Visiting it involves an all day hike. At the time I thought it was a bit far for my kids to hike.

Most people take a bus to the Anbo trail. Starting from the Arakawa trail head they walk along the tracks of the old narrow gauge railway previously used for logging. From there they follow the Okabu trail, which consists of a combination of dirt tracks, wooden steps and board walks. The route passes by Wilson’s Stump, the hollow remains of an even bigger tree, the size of a small living room.

The round trip on this route takes about 9-10 hours. People often leave their hotels at 04:00 to catch the first bus to the trail head at 05:00. The last return bus from the trail head leaves at 18:00.

Looking at the map (PDF here), I saw that one could avoid the buses by starting at Shiratani Unsuiko, climbing over the Tsuji Toge Pass and joining the Anbo trail about halfway to the turnoff for the Wilson stump. It involves a lot more climbing and descending, but the up side is that one is not tied to the bus schedule, no need for bus tickets and last but not least, Shiratani Unsuikyo is one of the most beautiful parts of the island. Furthermore, not far from Tsuji Toge Pass lies Taiko Iwa, a rock overlooking a mountainous valley with spectacular views.

We left the hotel in Miyanoura at 06:30. The hotel had prepared two lunch boxes for each of us, one with breakfast that we had in our room and one with lunch for during the hike. After driving up the steep road to Shiratani Unsuikyo high in the mountains, we parked the car in the car park and started to hike.

It was hot and humid but at least we were mostly walking in the shade of the dense forest.

At the Shiratani mountain hut I filled up with water. From the pass we climbed the trail up to Taiko Iwa. It was at least half an hour of detour, but we spent quite a bit more on taking pictures at the top.

A tour guide we met there told us we were probably a bit too late already to still make it to Jōmon Sugi in time to be back at the car park by the evening. Still, we decided to push on and see by what time we could make it to the Wilson stump. I reckoned, if we could make it there by noon we’d be at Jōmon Sugi by 13:00 and back at Shiratani Unsuikyo by 18:00, with about an hour spare before it got dark this time of the year.

Personally I find descents on foot harder than climbs, because they exercise muscles that only get used going downhill whereas climbing is much more similar to the kind of cardio exercise I get from cycling that I’m used to.

After about half an hour of descent we reached the old railway tracks, with wooden planks in the middle that made it easy to walk fast.

After maybe an hour we reached the turn-off for the Wilson stump. From here the course was a lot harder again. Especially the stairs were very hard on the legs.

We encountered some people heading back already. Many groups of people were resting by the side of the trail, either already return from or still heading to the tree.

There are two large viewing platforms near the tree, one below it on the hillside, one above it. For protection you can’t approach the tree itself anymore.

It was still a little before 13:00 when we started the hike back. With about six hours until sunset I was pretty sure we would make it, but it was going to be hard. There was a lot of up and down back to the Wilson stump and the Anbo trail. We rested a while at the Wilson stump, after going inside and taking pictures (there were about 8 people inside the stump at the time).

We were totally drenched in sweat by then. I had brought a towel to wipe my sweat but it was already soaking wet. All my clothes were soaked through. Paper tickets in my backpack dissolved.

I slowed down on the Anbo trail. With the goal of making it to the tree before cut-off time gone, I just wanted to make it to the end with the least amount of pain.

We rested again at the public toilets before the climb back up to the pass. Again I found the climb easier than the descent because my wife and kids slowed down more climbing while I had fallen behind on the descent.

The last kilometers from the Tsuji Toge Pass down to the Shiratani Unsuikyo car park were the hardest. All my muscles were sore.

A few hundred meters before the goal we soaked our feet in the cool water.

Finally we made it to the car, well before 18:00.

On the way down to the coast we passed some Yakushima monkeys. There are many of them all over the island, but especially on the mountains and on the west coast.

My legs were sore for several days after the hike (probably not helped by a canyoning tour the very next morning, which by itself was a lot of fun).

It was a great adventure to combine Jōmon Sugi with Shiratani Unsuikyo and Taiko Iwa. The latter two are definitely a local highlight, and much more interesting than Jōmon Sugi, which even though it’s impressive, is no match for the variety of stunning views at Shiratani Unsuikyo.

One of the hotel staff, who was a keen hiker, told us that even though he had also done the combined route, he had only ever done it once because it’s so hard. I can understand that.

If you want to see Jōmon Sugi, the conventional route on the Anbo trail is much easier, but then you should definitely also go and see Shiratani Unsuikyo separately.

When I next visit Yakushima, I probably won’t be hiking to Jōmon Sugi again, but I would love to visit Shiratani Unsuikyo again, perhaps climbing up from the coast by bicycle. A bicycle loop of the entire coastal road around the island (ca. 130 km) is also on my agenda for a future trip.