teenage mutant ninja hero coders

The ISO Shipping Container is a terrific pice of hardware. Cheap (500-3000 €), sturdy (structure can carry 200-350 tonnes), corrosion resistant (usually made of CORTEN) and good looking.

They are terrific for building things and while it is an urban legend that “it’s cheaper to scrap them then to send them back to Asia” (hint: the ships have to drive back to Asia anyway) new containers are produced in China or Korea and used containers are cheap and easy to get in Europe and the US.

Things you can’t do with shipping Containers

All these great features come with a bunch of restrictions. Containers come with 8 Corner Casings which are the only points where a Shipping Container is meant to be anchored. This makes a container can only rest on it’s 4 bottom Corners and can only support loads from above on it’s 4 top corners.

Everything else on a container is not meant to carry any significant load.

This meant you can only stack containers in configurations where all for bottom corner casings of the upper container are supported by four top corner casings of lower containers.

This results in many desirable stacking configurations being impossible from a stability standpoint. See for examples on the right.

Nearly all configurations where the upper container is rotated by 90 degrees are impossible. Putting 20″ on 40″ containers is in most cases impossible.

Putting a 40″ on a single 20″ container is impossible. Most overhang configurations are impossible.

Now you know the reason why there is so little creativity in professional Container Stacking.

What works is putting a 40″ Container on two 20″ containers, but there is little reason to do that.

The Roof Problem

While the floors of a Container are meant to carry loads from more than a ton per square meter the roofs are little more than weather protection than a few dozen kg per square meter. See this video of me seesawing my toes and the effect on the roof.

Walking on the Roof for a single person is slightly uncomfortable and for a group it is something in-between scary and dangerous. The high quality steel sheeting of the roof will not break but the whole thing is very shaky.

Also the roofs of pre-owned containers are usually not flat anymore. Being the most fragile part of the structure they have a tendency to bent and get into a wobbly state.

So if you plan to walk regularly on them you need to put additional flooring on top of the containers to distribute the load and stiffen the floor. We used two layers of 1 cm plywood which is fine, but still the walking experience is not totally solid.

If you plan to put heavier loads on the roofs you probably need to discuss this with a structural engineer. An approach we where contemplating was to add an additional layer of containers on top and remove roof and walls from them to keep only the ultra rigid container floor. Puma City this this for their balcony

Steel on Steel

You might or might not be aware, that steel on steel usually results in an excellent plate bearing. Meaning that Corner Casings on top of each other result in astonishing easy movability of the upper container. As in “Slam the door and it falls nearly down”. Even a pice of carton between the corner casings helps somewhat. But on the long run you need to fix your containers onto each other.

So it’t imperative that you fix the upper container to the lower containers. The best way is to use Twistlocks as the Pros do. Marine grade Twistlocks can secure a stack of 4 fully loaded containers on a rolling ship without additional help. (Usually contianers are stacked 6-8 levels high, which results in the need for additional securing. We bought our Twistlocks at Willi Wader Group.

You might be tempted to save the expense of twistlocks (15-30 € per lock) and instead screw or weld the containers together. But keep in might that the twistlocks are mass produced to rigid quality standards – while it is hard to assess the integrity of your home grown connection approach.

Doors

Doors of shipping containers are hard to open by design. Even on a brand new container you have to operate two handles with considerable strength at once and at different speeds to open and close a container. And you can not open the left dor unless the right door is already open (although you might bee able to change that with a welding touch, a knife and in 20 minutes).

On a pre-owned container being 10 years or so old it is usually much harder to operate the doors because the frame of the door and the container itself is always bent to a certain degree. These doors can not replace a normal door if you are planning to pass it several times a day.

If you receive more than one container sort them by door quality. If you are able to choose the containers before purchase, always check the doors.

Structural integrity

Shipping Containers are unibody constructions. This means the whole hull is used to contribute to load distribution.

In case you didn’t suspect: this means bad things™ happen, if you cut substantial holes in the hull.

If you spot something with big openings it is no shipping container. Or it is a shipping container which has extensively upgraded structural components – which is possible but defeats the purpose of “standardized, cheap, reusable”.

Even if you leave the door open the container is less sturdy than one wit a closed door. Most containers seem to be able to withstand removing the back wall opposite to the door I wouldn’t like to have any load on such a container.

We opted for leaving about 30 cm on the top and about 15 cm at the sides to keep some reinforcement. But in our application we are quite sure that there are only minimal shear forces. I would not feel comfortable in removing the back walls in any container which would have to carry substantial load.

If you remove one of the longer walls your container is toast. Or at least it has as much integrity as toast. We removed a complete wall of a container and found out that the container lost all stability.

While all containers conform to rigid standards (ocean carriers hate delays due to broken containers) not all containers are created equal. Some are a little less unibody by having additional reinforcement along the top. Use this type for cutting holes in the sides – they even can keep a somewhat stable roof when a whole wall is removed.

What feels like a relative comfortable solution is removing about 20% of the side wall at the right and at the left end while leaving the upper 30 cm of the wall intact. The result is a still very stable container.

Where to get containers and what to get

You can get containers at shipping companies and ad specialized container providers. The only ISO containers we where able to get at decent prices where 20″ 40″ and 40″ “high cube” containers. Keep in mind that the “modular space” container type is very different from shipping containers and usualy much less sturdy.

We bought containers still sea-worthy and with next CSC inspection scheduled for 2011 or 2012. The Containers where commissioned 1994-1997 and considered “C” quality (on a ABC scale) by the shipping company. Because of the doors and possible holes (in C quality containers or in containers not sea worthy) you should inspect the containers before buying if possible.

The floors differ much between containers and usually are contaminated by pesticides, plan to remove them if humans will spend serious time inside. Some of our containers where freshly painted on the inside and it took several weeks of venting to get the smell to a bearable level.

How to move the containers

Usually the party selling you the containers has the equipment for hauling them to your side. The first issue is getting them of the tuck and the second issue is getting them where you want them.

We rented a 8 ton fork lift for all the handling which was adequate but not over powered for the task. When carrying two containers at once (nominal weight 5 tons) the machine had considerable effort. While considering my self an seasoned fork lift driver (30 years of experience) I had to learn that a huge forklift with a huge container is something very different than the kind of forklift you drive in warehouses. A Container has lot’s of momentum and you see absolutely nothing in the direction you are driving at. For a 20″ container assume every corner with less than 8 m space requires artistic driving capabilities. We had to get around a 6.5 m corner and through a 4 m door. We handled that by carrying the containers between the big 8 t forklift and one of our own 1.5 t warehouse-forklifts.

When renting a forklift be sure to get one which can spread it’s forks wide enough to fit into the carrying lashes at the belly of a container. They are 2.5 m or so apart.

Big forklifts can only operate on relatively even ground. Alternatively you can use a crane. The main problem with a crane and especially 40″ containers is that you can not introduce big horizontal forces by the attachment cables running from all for corners to the hook. Since you probably don’t have a spreader available to distribute the load you either need a very tall crane or two cranes. Your crane operator probably can tell you more.

Placement

Containers are build to stand on their four lower corner casings. If you don’t have a flat sturdy surface to put them on you should build a foundation at the four corners. Directly insert twistlocks into the foundation during pouring for perfect stability.

Containers are not insulated against heat, cold, noise and vibrations. If you insulate them on the outside you loose the feature of the weatherproof shell and if you insulate them on the inside your rooms get very small. It’s also hard to make the connection between two containers waterproof. Therefore it seems very popular to put the containers into another building to provide heating and shelter.

Further Reading

More information on the real world issues of container construction can be found at 10 Things to Consider in Using Shipping Containers for Your Next Project. Preston Koerner has good points although we where able to get the containers much cheaper than his estimate of 2000-4000 U$. We payed less than 1000 € per 20″ (including delivery).

Posted in Uncategorized | 4 Comments »

hoptoad is a hosted web application for filtering and sorting errors from Web Applications. It is very much integrated with the Ruby on Rails community.

For Django there are similar Applications like django-db-log but to my Knowledge there is no hosted solution for Django. Hosted solutions are nice, because some types of errors might prevent you from saving information in the local database.

But there is django-hoptoad which brings basic hoptoad functionality to Django.

To use it, got to a href=”http://hoptoadapp.com”>hoptoadapp.com, sign up and create a Project. Go to “Edit Project and tou should see something like “Current API key: 3c81d132d2f28749eab2043bb4c987a5″.
There seems an other type of “auth_token” which is not per project but per user. Don’t use this.

If you use the Lighthouse Bugtracker, you can add it to your Hotoad configuration at this point to integrate the two Applications.

Now download django-hoptoad form it’s homepage and install it on your server.

Then add something like this to your settings.py:

HOPTOAD_NOTIFY_WHILE_DEBUG = True
HOPTOAD_API_KEY = '6c2...b3'
HOPTOAD_NOTIFY_404 = True
HOPTOAD_NOTIFY_403 = True
HOPTOAD_IGNORE_AGENTS = ['Googlebot', 'Yahoo! Slurp']
MIDDLEWARE_CLASSES = list(MIDDLEWARE_CLASSES).append( \
    'hoptoad.middleware.HoptoadNotifierMiddleware')

That’s all!

You now can see your issues aggregated by cause, create Lighthouse-Tickets from them and have peace of mind that your exceptions aren’t lost, even when your servers hard disks are full.

Posted in Uncategorized | 4 Comments »

Fritzbox is an nice WLAN,DSL/VoIP/DECT router from AVM with VPN capabilities. They have a VPN information page but no Information on setting up a VPN to the Kame IPsec stack. To my understanding the Stack is used in OpenBSD, NetBSD and FReeBSD and in some Linux Distributions.

I’ll setup a VPN between a BSD router with a static IP Address and the Fritz!Box with a dynamically changing IP. Sometimes this is called a “road warrior” setup.

Get a Dyndns.org name for your Fritzbox and configure it.

First you need a configuration file for the Fritzbox. Replace A.B.C.D with the IP of your gateway. Also replace the key with something more secret. phase2localid needs to describe the local net of the Fritzbox. accesslist needs to be the remote (BSD) network. Put your Dyndns Name into localid { fqdn }.

/*
 * C:\fritzbox_kame.cfg
 * Thu Sep 24 23:36:34 CEST 2009
 */
vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "BSD";
                always_renew = no;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = A.B.C.D;
                remote_virtualip = 0.0.0.0;
                localid {
                        fqdn = "example.ath.cx";
                }
                remoteid {
                        fqdn = "A.B.C.D";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "sekritt";
                cert_do_server_auth = no;
                use_nat_t = no;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 172.30.20.0;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-3des-sha/ah-no/comp-no/pfs";
                accesslist = "permit ip any 192.168.0.0 255.255.0.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

Now you have to set up your Unix Box. I used FreeBSD but to my understanding it’s the same with OpenBSD and probably also with some Linux Variants and NetBSD. You need to install ipsec-tools and racoon. They might come in two packages or in one or might be already installed. On my FreeBSD box I added something like this in /etc/rc.conf:

racoon_enable="YES"
racoon_flags="-l /var/log/racoon.log"
racoon_create_dirs="YES"

Next thing is to save your IPsec “shared secret” (Password) somewhere:

echo "example.ath.cx sekritt" > /usr/local/etc/racoon/psk.txt

The last Part missing is /usr/local/etc/racoon/racoon.conf:

# racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
log info; # notify info debug;
padding {
        maximum_length 20;
        randomize off;
        strict_check off;
        exclusive_tail off;
      }
listen { isakmp A.B.C.D [500]; # add your public IP here }
timer {
        counter 5;
        interval 20 sec;
        persend 1;
        phase1 30 sec;
        phase2 15 sec;
      }
remote anonymous { # we don't know the peers IP during phase 1
        exchange_mode main, aggressive;
        nonce_size 16;
        lifetime time 140 min;   # sec,min,hour
        initial_contact on;
        proposal_check obey;    # obey, strict or claim
        support_proxy on;
        ike_frag on;
        weak_phase1_check on;
        # important for automatically configuring
        # the Security Policy Database (SPD)
        generate_policy on;
        passive on;
        # Fritz!box
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2 ;
        }
      }
 # local net - Fritz net
sainfo address 192.168.0.0/16 any address 172.30.20.0/24 any {
	pfs_group 2;
	lifetime time 8 hour;
	encryption_algorithm aes, 3des, des;
	authentication_algorithm hmac_sha256, hmac_sha1, hmac_md5 ;
	compression_algorithm deflate;
}

If you use pf for Packet Filtering you need something like this in /etc/pf.conf:

pass on $ext_if proto udp from any port 500 to A.B.C.D port 500 keep state
pass on $ext_if proto udp from A.B.C.D port 500 to any keep state
pass quick on $ext_if proto { esp ah ipencap } from any to A.B.C.D
pass quick on $ext_if proto { esp ah ipencap } from A.B.C.D to any

This Configuration still has issues but works.

Posted in Uncategorized | No Comments »

I run a FreeBSD box with two SuperMicro AOC-SAT2-MV8 SATA controller providing 8 SATA ports each. Nice setup for a ZFS fileserver.

Unfortunately since 6.3 or so, FreeBSD comes with the hptrr binary blob driver from Highpoint. The hptrr driver breaks detection of the SuperMicro AOC-SAT2-MV8 controllers (which are handled by the ata driver).

Unfortunately the hptrr is compiled in into recent GENERIC cernels and can not be disabled. To disable it you have to edit the kernel configuration and comment out the “device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx” line and rebuild the kernel.

You also have to add the line ‘hptrr_load=”NO”‘ to /boot/loader.conf.

Very annoying.

Posted in Uncategorized | 2 Comments »