I replaced my bottom bracket yesterday, and decided to take the old one apart just for interest.
Basically it screws into the bottom bracket shell of your bike, put together it looks like this (obviously you wouldn’t be able to see most of it because it resides in the bike frame)
And disconnected it looks like this (Bottom bracket cups, spacers, plastic sleeve to keep majority of crap out)
Naturally, ignoring the ‘Do Not Disassemble’ warning and taking the only handy screwdriver to it, doesn’t really work too well:
Revealing cartridge bearings (I think)
Conclusion: Don’t try to service Shimano XT bottom brackets!
A bit of background required here, my job title is “System Administrator & Web Developer” for the company I work for. In short my my main responsibilities are ensuring good performance, high reliability and decent security for our customer facing computers.
When I started in this role back in 2003, the two servers we were using back then had applications crashing on a daily basis, telnet on and things like formmail.pl in root cgi directories etc. Slowly but surely I have managed to find a lot of the annoying little problems, and build a network of computers that I can rely on and trust.
However, there are still places where potential holes could arise, for instance there still a lot of key based ssh authentication going on (if one computer is compromised you can consider another one compromised too really because of this).
We purchased some high powered servers back in October, and recently an additional database server. I have been meaning to tighten the configuration and access to these servers for ages, and this week I had an opportunity to start on the new database server.
Grsecurity is a role based access control system that works on the premise that unless explicitly stated, a user/role has no access/permission/control. It can
- Control and audit file access,creation,deletion,modification etc (on top of the actual filesystem permissions)
- Control and audit network access, for instance binding to interfaces/sockets or connecting to certain addresses via tcp/udp (on top of any iptables configuration)
- Control and audit what daemonised programs are allowed to do (so in the unlikely case of sshd being exploited, an exploiter can only access the files that sshd would access normally anyway).
It does lots of other stuff too, but those points are the main things I am interested in. If computer A is compromised and has access to computer B via ssh keys, and computer B has a correctly implemented security policy, then all an intruder can do is the normal day to day commands that computer A asks computer B to perform anyway.
Real world example: User john auto logs in daily from a computer A to the secure computer B using key based authentication and views a log file, the policy on computer B would grant access from the address of computer A, allow role john to run /bin/bash and have an ssh session (quite a few rules required for this), and read the log file - but nothing else.
At the moment the logs are full of errors from various scripts etc that do not have enough permissions to do certain things. The most important programs running on that computer have access, and I will get round to sorting all the others next week.
Potential comedy beginners mistake #1: Always check you can log in using ssh after enabling the policy but before logging out your existing ssh session. I came so close to forgetting to do that and would have locked myself out entirely!
This weekend that passed was going to be ace.
Brill weather (check) - trailbuilding (check) - bike not broken (check) - nothing much else on (check).
website breaks - shite.
One new fancy pants dual 3.2Ghz Xeon w/ 4Gb of RAM and 2*U320 SCSI drives later, and the problem has disappeared. Anyway, so around this I did get some biking in, and went exploring locally.
I found a new trail, I christen it “the pipeline”. Its a bit overgrown so I might need to get going with some shears or something, but in the main it is all good. I’m not letting on at all where it is though, came across it through a bit of luck, essentially by riding every crappy bit of trail (that usually goes nowhere)! I also plucked up courage to do some 2-3′ drops that I found, easy once you do them a few times but get them wrong and there is the potential for bone snappage. The ride I went on this evening included all this, was probably 80-90% singletrack and was a touch over 2 hours long - ace.
As usual I have been looking at sexy new bike gear, and wondering if I can get away with another even lighter race frame considering I’m nearly 12 stone and do ask a fair bit of my current bike. On the short list: Rocky Mountain Vertex, Giant XTC zero (carbon back end). The Rocky Mountain has the real pimp factor and its handmade in Canada, but the Giant XTC is basically a better version of my current frame and I will not need any new stuff (seatposts/headsets/brake lines). Basically I anticipate I will come to the conclusion that what I have at the moment is fine and I don’t need anything else. Probably.
Random photo time, Stirling last weekend with some folk from EUCC.
