Porting iptables to ip6tables

A couple of days ago I received an email notification by the Berkeley Security Notifications Team that a Linux server of mine had less restrictive firewall rules for IPv6 than it had for IPv4. This prompted me to update my ip6tables settings on that host to make it is as secure via IPv6 as it was for IPv4.

If you have a dual stack server with IPv4 A records and IPv6 AAAA records published in DNS, you should have it protected with firewall rules on both protocols. Even if you only publish A records and not AAAA ones, you should secure IPv6 access because its address may leak to potential attackers in other ways.

The ip6tables tool is installed as part of iptables on recent distributions, but you need to set up one set of rules for each protocol. They’re independent of each other. A (not very secure) default ip6tables configuration might look like this:

# Generated by ip6tables-save v1.4.21 on Thu Sep 24 11:17:56 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1456:118498]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT –reject-with icmp6-adm-prohibited
COMMIT
# Completed on Thu Sep 24 11:17:56 2015

It’s relatively easy to port additional settings from iptables to ip6tables (e.g. in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables for CentOS).

Below are some of the changes needed when porting common entries. As you can see, some names are replaced with those of IPv6 equivalents. Any IP addresses and CIDRs for ip6tables need to be written in IPv6 notation.

To easily port over IPv4 addresses, simply prefix them with “::ffff:”. If they’re followed by a bit count such as /24 (the routing prefix size), add 96 to that number (IPv6 addresses are 128 bits each versus 32 bits for IPv4). Add equivalent rules for the corresponding native IPv6 addresses as needed.

  1. Accept ping from any source:

    IPv4:

    -A INPUT -p icmp -j ACCEPT

    IPv6:

    -A INPUT -p ipv6-icmp -j ACCEPT

  2. Accept connection from white-listed address:

    IPv4:

    -A SSH-IN -s 123.45.67.89/32 -j ACCEPT

    IPv6:

    -A SSH-IN -s ::ffff:123.45.67.89/128 -j ACCEPT
    -A SSH-IN -s 2345:abcd:678:42::/64 -j ACCEPT

  3. Rule to block access (after all the exceptions):

    IPv4:

    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited

    IPV6:

    -A INPUT -j REJECT –reject-with icmp6-adm-prohibited
    -A FORWARD -j REJECT –reject-with icmp6-adm-prohibited

“Helfen Sie uns, Ihr eBay-Konto zu schützen”

I received an email today that claimed to come from eBay Germany and at the first glance looked like yet another phishing scam, complete with link to a website for me to click on to “protect my account”. Even more suspiciously, the greeting at the top did not address me by my first name or full name.

Only when I looked at the message headers did I realize that the mail actually came from eBay’s mail servers. It was real. Still, as a simple precaution I typed eBay’s website address into a browser window to log in from scratch, ignoring the link in the email, just in case…

Later, when I had another look I noticed the small print at the bottom did actually mention my full name, again supporting that the mail was legitimate.

I found the whole experience pretty disappointing for a company of this size that has been in the business for so long and during that time has always been a prime target for phishing scams:

1. Please address the customer by their full name, otherwise you undermine years of education efforts. PayPal addresses all their customer mails to the full name of the recipient, why not eBay? Sceptical people may have ignored that email while for naive people it has made it harder to distinguish phishing mails from real mails.

2. Please do not ask people to click a link in an email claiming to be from you to go to a website that asks for their user name and password. Simply ask them to go to the eBay website in a browser and log in there. That removes any question whether any link is genuine or not or whether it’s safe to click on.

Don’t train customers to do things in your real business emails that phishing scammers would also like them to do, especially when there are alternatives.

Syria and the war against IS

The situation in Syria is getting ever more complex, with the Turkish air force shooting down a Russian SU-24 bomber on November 24, 2015. Several foreign countries are taking sides in the Syrian civil war and their declared objectives do not necessarily match up with their actions or those of their supposed allies.

The US is divided over its involvement in the war. President Obama made his name in national politics through his opposition to his predecessor’s war in Iraq. Sending US ground troops into Syria would carry many of the same risks encountered in Iraq. Therefore the US has restricted itself to air strikes and support of local proxies, including the Kurds.

Initially the US was aiming for regime change in Damascus, but more recently the fight against the “Islamic State” (IS) seems to have taken top priority. If the government in Damascus was defeated before an acceptable political alternative was ready to take over, the risk is that IS would acquire a huge amount of weapons, ammunition, territory and infrastructure from the collapsed regime.

Trying to step up its air warfare against IS, the US struck a bargain with next door Turkey, a NATO member, to use its Incirlik Air Base for attacks in Syria, a request that Turkey had denied them for a long time. No sooner had the US launched the first attacks from Turkish soil that Turkish airplanes started bombing Kurdish forces in Syria. According to President Erdogan, Turkey’s goal is “fighting terrorists”, and by that it mostly means the Kurdish PKK in Turkey and the Kurdish YPG in Syria.

It soon became obvious that the Turkish government sees the Kurds and not IS as enemy #1 within Syria. This had already transpired a year earlier in the siege of Kobani, when Turkey delayed and restricted reinforcements for the Kurdish defenders of the city against IS and asked the US not to make any air drops in their support.

Most foreign fighters joining IS arrive via Turkey and exports of fuel to Turkey are a major source of hard currency for IS. Turkey seems to have done little to stop either the flow of recruits or cash to IS, the Kurds’ worst enemy in Syria. Right now, the Kurds are America’s closest ally in Syria and Turkey’s worst enemy, even though the US and Turkey — as fellow NATO members — are supposed to be allies.

President Assad of Syria is fighting a war on several fronts, against the Al Qaeda-affiliated al-Nusra Front, the western-supported Free Syrian Army (FSA), IS and the Kurds. It is supported by Iran, by Hezbollah from Lebanon and by Russia. Assad and many members of the government and military are Alawites, a religious minority that is part of Shia Islam. The Alawites mostly live in the mountainous coastal region between Lebanon to the south and Turkish Hatay province in the north. Russia has its only naval base in the Mediterranean in Tartus, in the Alawite region. Regardless of whether the Assad family will remain in power or if the government can hold on to the capital of Damascus, the Alawites as an ethnic group have nowhere to go. Fear of Sunni Islamists taking revenge and maybe even committing genocide against the ethnic group of the current rulers ensures that Alawite forces will fight tenaciously to not lose control of their homeland in the west. Most observers agree that Syria is likely to end up divided, with a de-facto independent Alawite region established along the coast even if Sunni opposition forces conquer Damascus and set up a new national government.

Russia’s objective in supporting Assad is to remain relevant as a geo-political player. It has little to gain militarily, politically or economically by propping up the current bankrupt regime. But as long as Russia can be a thorn in the side of the US, Putin can demonstrate to Russians that their country is still a force to be reckoned with. In some ways Putin benefits domestically the same way as Erdogan, both burnishing their image as the local tough guy. That makes the Turkish-Russian clash even more dangerous. Just like Turkey, Russia got involved militarily to “fight terrorism”, only in its case the main target have been anti-government forces operating to the West of the IS-controlled territory, as opposed to the Kurds to the east. This also includes Turkmen, ethnic Turks in northern Syria, who were the target of the bombing run before the SU-24 was shot down by Turkish jets.

Neither Assad nor Russia place a high priority on fighting IS: If they were to defeat the barbaric hordes of IS, achieving regime change in Damascus would instantly rise to become the top priority of the US in this war again. Keeping IS in the mix is like a life insurance policy for Assad.

Shiite militia Hezbollah in Lebanon is supporting Assad with fighters. Shiites in Lebanon feel threatened by the prospect of militant Sunnis taking over next door. Lebanon suffered through a long period of civil war starting in the 1970s and is host to more than a million Syrian refugees now.

Talks have been ongoing for negotiating a cease-fire towards a political settlement. The idea is that all parties but IS would stop fighting each other, then gang up on IS and wipe it out. Finally they would agree to a new government, presumably led by the Sunni majority with some kind of autonomy for the Alawites and the Kurds. The shooting down of the Russian bomber has made this even less likely to happen any time soon. Erdogan is not particularly keen on any settlement that will create an autonomous or independent Kurdish entity south of the border, or linked up with Iraqi Kurdistan. As long as IS is there the Kurds will keep bleeding as a proxy for US ground troops that won’t get deployed.

IS will keep fighting as long as it can keep up the stream of recruits from outside the region and money from whatever sources they can lay their hands on. The more the west and Russia retaliate with military strikes and troops for acts of terrorism such as the ones in Paris or against the Russian tourists in Sinai, the easier it is for IS to sell its story as defending the “caliphate” against western “crusaders”. The war in Syria is still young compared to the jihad that has been going on in Afghanistan since the Russian invasion in 1979 and the US invasion in 2001.

I haven’t said much about Saudi Arabia and Qatar yet, two countries that would like to see a Sunni victory in Syria but are denying that they support Islamist extremists such as IS and al-Nusra Front. What mostly differentiates Saudi-Arabia from IS is not its ideology, but its oil wealth and its royal family. Ideologically they are actually quite close, for example both the Saudis and IS still practice crucifixion and neither tolerates other religions. The Saudi government opposes the likes of IS and Al-Qaeda not because they had different values, but because those militants regard the Saudi royals as corrupt and don’t recognize their authority. Saudi Arabia’s major rival in the Middle East is Iran, Syria’s main supporter. Supporting Sunni Islamists against Assad is a way of hurting Iran.

So, what will the outcome? Frankly, I am not hopeful. When next door neighbour Lebanon erupted into civil war in 1975, it took 15 years before the country could return to a fragile peace again. There are too many external powers involved in a proxy war in Syria and so much blood has been shed already, that a political settlement is unlikely any time soon. The conflict between the Saudis and Iran has recently escalated, following the execution of Shiite cleric Nimr al-Nimr, while Turkey has escalated its conflict with the Kurds and Russia. Even if Assad lost control of the capital, Russia is likely to keep supporting an Alawite rump state on the coast to keep its naval base and a seat at the table.

I would not be surprised if the war in Syria lasts another 10 years or more, if not for the sectarian and ethnic divisions within the country then because of the countries running the Syrian war as a regional proxy war, turning Syria into a burnt-out graveyard.

Torrontés, my Argentinian love affair

My most memorable trip this year probably was the one to Buenos Aires, Argentina for an ICANN conference. Argentina was very interesting. Culturally, I found it far more Italian than Spanish despite the language spoken. There is a certain sadness about the place, because Buenos Aires clearly has seen better days. A hundred years ago the country had a higher per-capita income that many European nations and yet its history is one of missed opportunities and crushed dreams.

While it’s clearly not a rich country and many people there are struggling, I was also impressed how people look after themselves. I saw relatively few overweight people (regardless of income levels) and the food was very nice. The local wines were inexpensive and excellent. I soon discovered Torrontés, a local white grape variety that is similar to Gewürztraminer and Muscat grapes. It’s very aromatic.

Not long after returning from Argentina I found some Torrontes at the local Kaldi import shop near my home. During three subsequent U.S. trips I searched local wine shops for more examples for my modest collection. My latest favourite is Domingo Molina Hermanos Torrontes 2014:

Brothers – we played soccer, we fought a lot, we generally caused trouble for our parents. But we Domingo Brothers (“Hermanos” in Spanish) became the best of friends, and 50 years after our father and uncle opened a winery, we started one of our own on a hillside above Cafayate. We named the winery Domingo Molina – Domingo for our father’s last name and Molina for our mother’s. Over the decades, our family has located the best vineyard sites in Salta Province, all 5800 – 7300 feet above sea level. This extreme altitude and 340 days of sun yield wines with intense aromas and soft tannins which are a pleasure to drink, especially with our brothers – Osvaldo, Gabriel & Rafael – the Hermanos de Domingo Molina.

Growing up with four brothers, this struck a note with me and I picked it up, along with two other bottles I have yet to try. Once I opened it, I just loved it. It compared well to the best Torrontés I had enjoyed in Buenos Aires.

If you like whites and are looking for something beyond Chardonnay, give Torrontés a try. To me it was one of Argentina’s best kept secrets.

Search engine registration scam / 1-716-328-1722

We received the following to our domain registrant contact address (listed in WHOIS) from Domain Services <notice@domainnotices666.com>:

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: MY-DOMAIN-HERE

Complete and return by fax to:
1-716-328-1722

ATT: MY-NAME-HERE
ADMINISTRATIVE CONTACT
MY-NAME-HERE
MY-EMAIL-HERE
MY-ADDRESS-HERE
WWW.MY-DOMAIN-HERE
Please ensure that your contact information is correct or make the necessary changes above

Requested Reply Before
November 23,2015

PART I: REVIEW SOLICITATION

Attn: MY-NAME-HERE
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it’s time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: WWW.MY-DOMAIN-HERE will expire on November 23,2015 Act today!

Select Term:

[ ] 1 year 11/23/2015 – 11/23/2016 $75.00
[ ] 2 year 11/23/2015 – 11/23/2017 $119.00
[ ] 5 year 11/23/2015 – 11/23/2020 $199.00
[ ] 10 year -Most Recommended- 11/23/2015 – 11/23/2025 $295.00
[ ] Lifetime (NEW!) Limited time offer – Best value! Lifetime $499.00

Today’s Date: _____________________ Signature: _____________________

Payment by Credit Card
Select the term above, then return by fax: 1-716-328-1722

MY-DOMAIN-HERE

——————————————————————————————-

By accepting this offer, you agree not to hold DS liable for any part. Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the DS 3501 Jack Northrop Ave. Suite #F9238 Hawthorne, CA 90250 USA, This information is intended only for the use of the individual(s) named above. There is no pre-existing relationship between DS and the domain mentioned above. This notice is not in any part associated with a continuation of services for domain registration. Search engine submission is an optional service that you can use as a part of your website optimization and alone may not increase the traffic to your site. If you do not wish to receive further updates from DS reply with Remove to unsubscribe. If you are not the intended recipient, you are hereby notified that disclosur
e, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited.

If you have received a message like that, ignore it. It’s actually an illegal solicitation, as it’s against the terms of use of WHOIS lookups to use them for spamming, which is what this is.

All it takes for search engines to find you after you register a domain and create a website for it is one public link on a website. There is no need to pay any registration service for it. Besides, if the spammers already found you, you obviously don’t need “search engine registration” :-)

Tomin no worries

“It’s going to rain on Saturday,” somebody on the adjacent table mentioned. “Oh really? I’ve been looking forward to rain for weeks, to be able to test my disc brakes!” I blurted out and the room suddenly went silent. Everybody was giving me a look that made it perfectly clear that this wasn’t the sort of comment that will win you popularity contests at a monthly bike meeting.

But it was true. The lack of reliable braking in the rain was the main reason why I had swapped the cantilever brake on the front fork of my Bike Friday for a disc brake (after upgrading to a new fork). Since then I hadn’t had the chance to test the new brake under the atrocious conditions I had wanted it for. I finally wanted to know how much difference the new brake would make.

So when the rainy forecast for Saturday remained unchanged by Friday afternoon, I announced to my wife that I was going to do a rainy ride the next day. The forecast was for light rain in the morning and heavier rain in the afternoon and evening, with 12 mm falling during daytime. Temperatures were supposed to be in the 12-16 C range.

“I’ll do the ride because I can,” I told my wife. I don’t ride in the rain because it was so much fun (usually it isn’t, even though atmospheric views and the resulting pictures often make up for some of the inconveniences), but because I don’t want to let the weather scare me. A lot of aspects of randonneuring can be intimidating, such as the distances or the amount of climbing or riding at night or sleep deprivation on 20+ hour rides. Much of the challenge of randonneuring is mental, i.e. having the confidence that you can do the ride despite all the challenges. The only way to build and maintain that confidence is to keep doing challenging rides.

When I sign up for brevet rides, I don’t know in advance what the weather will be like on the day. If it rains, I’ll still show up for the ride — it’s only water 😉

This year on the Easter weekend I had done a 400 km two day ride by myself in near constant drizzle for much of the ride. The year before I had done a 300 km brevet around Mt Fuji, with rain for the first 150 km.

I own two different rain jackets, a pair of nylon pants and various gloves. My friend Jose once told me, “There is no such thing as bad weather, only the wrong clothes!” Over the years I have built some experience in how to deal with wet and cold weather on bike rides.

My goal was Tomin no mori (“Tokyo citizens’ forest”), a hiking trail head in the mountains west of Musashiitsukaichi station. To me the the real gateway to cycling in the mountains in Japan is not Mt Takao on the western edge of Tokyo but Tomin no mori. It’s not the steepest route, at up to 8-10 % on the steeper part of the final 10 km, but at 26 km from the station it is long and remote enough to test you and at about 1000 m elevation high enough for the temperatures to significantly change from below. If you have made this climb, you will be ready for any surfaced mountain road anywhere in Japan.

I started the ride around 08:00 wearing my rain jacket. After a while I could feel my knees getting colder and wetter from the drizzle, so I put on my nylon pants. On the way to Musashiitsukaichi (49 km from home) I stopped twice for coffee and food. After another break at a Familymart I headed up the mountain valley.

Normally the road to Tomin no mori is popular with cyclists, motorcyclists and boy racers in souped-up cars, especially on the weekend. Almost every time I cycle up there I come across the sound of an ambulance or police car rushing to an accident site. This weekend was different. I didn’t see any other bicycles or motorbikes. A guard at some road works told me he had seen maybe four other bicycles the whole day.

I loved the momiji (Japanese maple) leaves in green, yellow and red and the steaming clouds hanging over the forests.

Three km from the top I passed a water fall. Even though the temperature was dropping, I felt warmer and warmer as I was working hard on the climb. I knew the descent would be much colder.

Finally I reached the entrance to the trail head. I parked the bicycle and ordered sansai (mountain vegetable) pizza with coffee.

The rain had picked up while I had my meal, just as predicted by the forecast for the later afternoon and evening.

When I started the ride, I had considered three route options: 1) to Tomin no mori and back down again. 2) to Kazahari toge, the pass a few km above Tomin no mori and back and 3) over the pass and down to Lake Okutama, then downhill to Oume and down the Tamagawa for maximum distance. As I headed out I quickly decided that 1) was the only sensible option, given the real risk of hypothermia with my rain soaked shoes, gloves and sweaty clothes under the rain gear. I wasn’t even wearing a long sleeved jersey under my jacket and had brought no extra layers or dry clothes to change into.

The first 10 km of descending down towards Musashiitsukaichi were the coldest because it was so steep, I couldn’t really pedal to generate heat. After the route flattened out a bit I could work more and the chill eased off, though with wet feet and gloves it never became all that warm.

The disc brake was OK but had too much travel. I found the brake levers hit the drops before the brake was fully engaged. What had happened was that during the previous weeks I had done several mountain rides which had worn the pads and I had not readjusted the brakes to compensate. It was only when I got back to the Familymart that I got out my Allen keys and adjusted the inner pad to remove the excess play in the system that the brake started working as it should. I wish I had done that before the ride.

I had one nasty experience about 15 km from home: At one level crossing the road crossed the rails not at a right angle but diagonally and just as I was wondering how the gap would play with my tyres, the wheels went out under me as they slipped on the wet steel. I landed hard on my left knee and elbow. Though my rain jacket was OK, my nylon pants were torn at the knee and I had some abrasions on my skin. Next time I have to cross rails like that in the rain, I’ll walk the bike…

I got home without further incident after 150 km with 1200 m of elevation gain in the rain.

Next time I’ll do a ride like this I’ll bring along an extra layer for the cold descent and maybe a pair of dry socks and gloves as well. I’ll treat wet railway crossings with even more respect than metal sewer lids and any metal grates, because all of them are accidents waiting to happen.

I managed to keep my phone dry with a plastic cover, protected my camera in my breast pocket and kept the spare battery and USB cable for recharging the GPS out of the rain with strategically placed plastic bags.

I am still looking for a good way to keep my feet dry in the rain. I tried Bicycle Line shoe covers, but the largest size available was too small for my shoe size.

Also I need to figure out why despite mudguards at the front and the rear I end up with dirt water being sprayed onto the seat post bag and my back. Really, I need to find myself a better pair of mudguards, but there isn’t much choice for the 20 inch ETRTO 451 wheels of my Bike Friday Pocket Rocket.

Despite the accident and notwithstanding the coldest part of the descent, I wasn’t too uncomfortable for most of the ride and am glad to have seen the autumn foliage views around Hinohara village.

Disc Brake on my Bike Friday

Today I visited Bike Friday dealer ehicle in Shinjuku, Tokyo to have a disc brake installed on the new fork that Bike Friday has made for my 4 year old bike. I had bought the Shimano BR-CX77 calliper second-hand from a friend. This conversion will make for much more consistent braking on rainy brevets or on wet shopping rides.

There was one small issue but it was quickly solved by ehicle. My friend had also given me a SM-MA-F160P/S adapter for fitting a post mount calliper like the BR-CX77 to an IS tab front fork with a 160 mm rotor. That’s exactly what I had on the Bike Friday. However, it did not fit together, the calliper sat too far out from the adapter. Comparing with the setup of a disc-equipped Bike Friday Silk in the shop we found that its Avid BB7 calliper was mated to a Shimano SM-MA-F180P/S, which is meant for a 180 mm rotor at the front or 160 mm at the rear (F180P/S = R160P/S). The adapter I got from my friend was for use with a 160 mm rotor at the front or 140 mm at the rear (F160P/S = R140P/S).

The use of a 160 mm rotor with an F180 adapter (i.e. R160) on the Silk fork suggests that the IS tab to axle distance on the BF fork is the same as on a standard rear setup. This means it takes a 180 mm front adapter for a 160 mm rotor or a 160 mm front adapter for a 140 mm rotor. This is very interesting, since Shimano doesn’t make 140 mm front P/S adapters: Using Shimano parts, you can’t normally use a 140 mm rotor at the front with an IS tab fork, but with Bike Friday’s setup you can because the spacing is like at the rear, where Shimano does support 140 mm rotors with IS tabs. The only thing you give up by using rear spacing at the front is the ability to use 203 mm rotors, but the fork doesn’t have enough clearance for those anyway and they’re not needed on a 20″ wheel bike. The smaller wheel means that a smaller rotor can match or beat a bigger rotor on a 700C wheel on stopping power, though heat dissipation for long descents still depends on rotor size.

Anyway, a cheap 180 mm Shimano adapter instead of the 160 mm one that I had brought along solved the issue and I could use the new brake with the 160 mm rotor on the new fork. The B&M dynamo headlight moved from the brake bolt in the fork crown to its own bolt in the same place. ehicle installed a longer brake cable for me to accommodate the different brake location.

I love the new brake, both its stopping power and modulation. It should make a huge difference on rainy rides, where I have always been uncomfortable with rim brakes, in particular on brevets where I don’t know what the weather will be like on the day when I sign up for an event. I’ve done one 300 km brevet where it was raining for 150 km.

I’d like to thank ehicle for their friendly and efficient service and recommend them to anyone interested in or already riding a Bike Friday :)

The last brevet of the season

BRM926 AJ NishiTokyo 200 km Kintaro on September 26 was the last brevet of the year for me, even though the Japanese Randonneuring season runs until October: I won’t able to attend AJ NishiTokyo’s West Izu brevet on October 17 due to business travel.

I had not prepared particularly well for BRM926. After a heat wave in early August we had lots of rain, then one of my brothers visited from Germany, then I traveled to the US again. I did not really get to do as much cycling as usual. So far I had not experienced any DNF (Did Not Finish) on any of my 200 km brevets, but I was a bit worried that this could be the first time on this very hilly course.

I got up at 03:45. In the front car of the first train heading out to Machida I met two other participants. In front of the station I unpacked the bike in the rain and rode out to the start (5 km) with one of the other guys. On the way the rain stopped and I took off and packed away my rain gear before the ride briefing. A week before the event, the weather forecast had predicted rain, but as the week progressed it gradually improved.

The day started off cool and never got too hot, but mostly staid dry. Around higher elevations, especially after going over a pass or through a tunnel through a mountain range we encountered slight drizzle again (really, we were just riding through clouds). The strongest was crossing from the Yamanakako side of Kagosaka Toge to the Gotemba side. But the drizzle always stopped when elevation dropped and we got out of the clouds again.

The course had three convenience store check points (point de contrôle, PC) roughly 60 km apart, as well as one quiz point and one manned but untimed check point. It headed from Machida via route 35/Akiyama to Tsuru and from there up to Kawaguchiko. After circling the lake it headed past Yamanako, over to the Ashigara mountains to a barbecue site called Yuhi no Taki (evening light waterfall) and back to Machida.

After the Akiyama road with the first big climb near the Maglev track I reached PC1 at Tsuru with only about 15 minutes spare before control closing time. That set the tone for the day.

I was continually chasing the next closing time, thinking I’d probably make it but could never be too sure until I reached it. At the top of a mountain I would always find myself behind the minimum average speed of 15 km/h from the start, but on the next descent I’d gain just enough distance in a short time that I was a little bit ahead of the minimum at the next PC again. Most of the time I cycled alone, but I came across the same three or four cyclists again and again.

At Lake Kawaguchiko I couldn’t see Mt Fuji because it was too cloudy. Given the forecast, I hadn’t expected to see it.

The highest point was Kagosaka Toge, about 1100 m. From there the road dropped over 700 m, which is a pretty long descent. PC2 at the bottom was a grocery store, where I arrived just 12 minutes before control closing time. I bought bananas and climbed up Ashigara Toge (6 km).

On the other side I descended 6 km, then climbed a valley to a barbecue place which was a manned checkpoint (untimed). Staff had prepared grilled seafood and meat. They had saved some Frankfurter sausage and chicken for me, which I ate only 13 minutes before they had to clear out of the place. Then I descended to Oi-Matsuda and across a mix of rolling hills and busy urban roads back to Machida.

PC3 felt like the biggest challenge as traffic and traffic lights got denser, with the hills still unrelenting. I arrived at PC3 with 14 minutes spare. Two other cyclists arrived 3 and 5 minutes later, as I was preparing to head off again. Due to the overall 200 km time limit being 10 minutes longer than the 15 km/h equivalent time limit of all intermediate controls, I gained more breathing space at the final PC and could take it relatively easy for the remaining 26 km, which had yet more hills and traffic. It was then that I could stop worrying about time. I arrived at the goal 20 minutes before control closing time, with the other two guys following soon.

From there it was an untimed 5 km back to the reception site, the Cherubim bike shop in Machida. Three cyclists behind me also completed. Quite a few others DNF’ed (dropped out) due to various problems, including mechanical problems (a broken front derailleur, a ripped off rear derailleur after a crash, etc). We relaxed, celebrated and talked.

After the AJ NishiTokyo staff tidied up we took a group picture. I then cycled home from Cherubim to Setagaya. I got back at 23:30 with 242 km recorded on Strava and close to 2900 m of climbing, including the return ride.

The next day I felt a bit sore, but not too bad. The adrenaline of an event lets you do amazing things. My brevet speeds are always significantly higher than my personal ride times because there is always a ticking clock and/or other riders to chase. Knowing I can achieve goals in brevets that I don’t normally achieve on my own encourages me to become more ambitious and aim higher.

Disc brake wheel build for my Bike Friday

With the new fork with disc brake tabs for my Bike Friday Pocket Rocket due to arrive at Tokyo Bike Friday dealer ehicle very soon, I had Tim at GS Astuto build a new wheel for it. The rim is the same type (Alexrims DA22) that came with my bike originally, also in silver and 32H. The spokes are WheelSmith SS in a 3X lacing.

I am using the Shutter Precision PL-8 centerlock dynamo hub (silver, 32H) instead of the Shimano DH-3N80 (rim brake version) that I used before. The Shimano worked really well, but I couldn’t reuse it directly because it didn’t have the centerlock connector. The PL-8 is lighter and slightly more efficient. It’s been getting very good reviews. Perhaps my son will be able to reuse the Shimano hub for one of his bikes.

Here are some pictures of the new wheel, with and without brake rotor (SM RT-81):

Moving to Disc Brakes for the Bike Friday and Elephant NFE

Last week I bought a pair of mechanical Shimano BR-CX77 disc brakes for my Bike Friday Pocket Rocket. A friend of mine was selling them cheaply since he had upgraded to hydro/mechanical brakes.

Later this month I’ll receive a new fork with IS disc tabs for my Bike Friday and will install one of these using the 160F post mount adapter. Tokyo Bike Friday dealer ehicle will be installing the fork and a new threadless headset for me, allowing me to convert my nearly 4 year old BF to disc brakes at the front. For now I won’t be changing the rear triangle and the rim brakes at the back, since most of my braking has always been on the front.

Another friend of mine is interested in picking up the rear brake for his bike (his fork and front hub don’t support discs). Thus we both get a bargain price upgrade out of this pair.

Depending on how I like the second hand CX77 in action, I may then buy a new pair for use with my Elephant Bikes National Forest Explorer (NFE).

Here is an IRD Alpina-D front derailleur (FD) for the NFE. I’ll use it with my Spa Cycles TD-2 touring crank. It’s very similar to older Ultegra FD’s and works well with smaller chain rings:

Finally here is one of the Compass Babyshoe Pass Extralight tires (650Bx42) that I’ve bought for the NFE. These should make for a cushy but fast ride. A friend of mine is using the 700Cx32 Stampede Pass tires and loves them.

More reading about the NFE build: