One USB3 external hard drive candidate that was especially disappointing was the Sans-Digital TowerRAID TR4UT-BP.   I used Sans-Digital quite successfully for USB2/RAID Thinkpad backups, however I simply could NOT get their USB3 based product to work, and the problem was clearly not with the Thinkpad W520.  There appear to be problems with a number of emerging USB3 products, however the Thermaltake product, mentioned in the earlier post, I have had good success with.   To make matters worse with the Sans-Digital product; I was promised a refund, however I finally had to have the bank issue me a credit for the Sans-Digital charge.   Due to this experience, this is probably the last time I will purchase a Sans-Digital product.

For external USB 3 storage I found that many of the emerging USB 3 products are not yet ready for prime time; in other words they are simply not working.  I initially wanted an external RAID unit, however none of the RAID units I evaluated worked adequately.  I settled on the Thermaltake Max 5G Active cooling enclosure without RAID capability and then purchased a server grade 2TB drive from Western Digital.

The new Thinkpad W520 came with a 150GB solid state hard drive.   I use the SSD for the HOST OS; Windows 7 64 bit Professional.   I ran a few disk performance runs against the SSD, as well as my secondary Seagate 500GB hybrid drive; where all of my virtual machine reside.   I am using the Crystal Disk performance tool.  here are some results.

Here are the results for the primary hard drive; the 150GB solid state drive.

Here are the results for the secondary internal hard drive; the Seagate 500GB hybrid drive, which I also used over the past year in my older Thinkpad T41p.

Here is the Windows 7 Performance Rating for the new Thinkpad W520.  Quite impressive

My new Thinkpad W520 has been a great investment for multiple virtual machine software development purposes.  Configured with an INTEL CORE I7-2920XM processor, solid state primary drive and 16GB of memory the multiple virtual machines run about twice as fast as my older Thinkpad T41p.

I still use my Seagate 500GB hybrid drive as my secondary drive, where I have all of my virtual machines located; the primary hard drive being used for the HOST OS only.

I am still using VMWare for virtualization, as was the case for the older Thinkpad T41p.  No need to consider a move away from VMWare Workstation 7.  I have been quite pleased with VMWare, after switching from the Microsoft Virtual PC product in 2009.   I also use VMWare ESXi Server for the hosting environment offered to my clients.

The primary reasons I purchased the W520 include the faster processor, as well as the solid state primary drive and of course the availability of USB3.  The faster processor plus USB 3 has reduced my full backup time from nine (9) to two (2) hours.

I was recently excited when I learned that the ELMAHopen source component (which I use as one of many components to monitor web site behavior) had the ability to send alerts to a twitter account.  I was then disappointed to learn that it no longer worked, because ELMAH was using Basic Authentication with the Twitter account’s user ID and password; and Twitter had disabled Basic Authenticationsince around 1-Sep-2010.  Twitter has opted to implement the more secure OAuth authentication scheme.   OAuthis a new open standard for providing delegated secure access to private resources, better defined as follows:

“…OAuth allows you to share your private resources (photos, videos, contact list, bank accounts) stored on one site with another site without having to hand out your username and password. There are many reasons why one should not share their private credentials. Giving your email account password to a social network  site so they can look up your friends is the same thing as going to dinner and giving your ATM card and PIN code to the waiter when it’s time to pay. Any restaurant asking for your PIN code will go out of business, but when it comes to the web, users put themselves at risk sharing the same private information. OAuth to the rescue.

After reading several articles on the web regarding OAuth, I learned quickly that replacing Basic Authentication with OAuth would be more involved than changing a few lines of code.  In fact, it would probably be necessary to find a suitable open source OAuth library to do the heavy lifting.  I found a couple of solutions from Shannon Whitley and also one called OAuth.net.

In so much as I was only looking to re-enable ELMAH Twitter support, I simply wanted to authenticate myself with Twitter and send an occasional direct user message.  OAuth.net provides support for the Consumer (client) requiring authentication as well as the Service Provider for web sites needing to implement secure delegation of credentials.  On the other hand the Shannon Whitney open source solution primarily addressed the needs of the Consumer (client).

After much downloading, assembling and debugging I settled on the Shannon Whitney open source solution, however parts of it were out of date and/or not working; such as the Twitter URLs being used.   I have enhanced and extended the Shannon Whitney solution to more than adequately meet my requirement of authenticating myself with Twitter.

To get startedone needs to register their applicationwith a Twitter user account from which one expects to authenticate on behalf of.   The output of this application registration will be a Consumer Key string value and a Consumer Secret value.   Using my enhanced and extended OAuth library the Consumer Key and Consumer Secret are used as the minimum requirements to obtain an Access Token Set; consisting of an Access Token string value and an Access Token Secret.  This Access Token Set are the base credentials to be used by one’s third party application to authenticate with Twitter.  This Access Token Set should be securely stored as is the case with any set of credentials.  The owning and delegator Twitter user can change his/her password at any time without compromising the ability of the third party application to authenticate.  The owning and delegator Twitter user can also revoke the privileges of the third party application without compromising his/her Twitter account for continued use.

What is needed for demo purposes is a program to request the Access Token Set and store it for future use and then another program to demonstrate how the Access Token Set can be used repeatedly for authentication.

At the end of this article is a download link to download a project which contains all sample programs and supporting libraries.  The sample web transaction below from this project shows the process of taking a Consumer Key and Consumer Secret, using the enhanced OAuth library and obtaining the Access Token Set (Access Token and Access Token Secret).

   1:  using System;

   2:  using System.Data;

   3:  using System.Configuration;

   4:  using System.Collections;

   5:  using System.Web;

   6:  using System.Web.Security;

   7:  using System.Web.UI;

   8:  using System.Web.UI.WebControls;

   9:  using System.Web.UI.WebControls.WebParts;

  10:  using System.Web.UI.HtmlControls;

  11:  using System.IO;

  12:  using System.Text;

  13:   

  14:  namespace oAuthExample

  15:  {

  16:      public partial class _Default : System.Web.UI.Page

  17:      {

  18:          protected void Page_Load(object sender, EventArgs e)

  19:          {

  20:              string url = string.Empty;

  21:              string xml = string.Empty;

  22:              oAuthTwitter oAuth = new oAuthTwitter();

  23:   

  24:              if (Request["oauth_token"] == null)

  25:              {

  26:                  //Redirect the user to Twitter for authorization.

  27:                  //Using oauth_callback for local testing.

  28:                  oAuth.CallBackUrl = this.Request.Url.AbsoluteUri;

  29:                  Response.Redirect(oAuth.AuthorizationLinkGet());

  30:              }

  31:              else

  32:              {

  33:                  //Get the access token and secret.

  34:                  oAuth.AccessTokenGet(Request["oauth_token"], Request["oauth_verifier"]);

  35:                  if (oAuth.TokenSecret.Length > 0)

  36:                  {

  37:                      // Save my Access Token Set - place in Web.config for use with

  38:                      // DefaultWithToken.aspx

  39:                      using (StreamWriter sw =

  40:                          new StreamWriter(Request.MapPath("~/TwitterCredentials"), false))

  41:                      {

  42:                          sw.WriteLine("Token=" + oAuth.Token);

  43:                          sw.WriteLine("TokenSecret=" + oAuth.TokenSecret);

  44:                          sw.Flush();

  45:                      }

  46:   

  47:                      url = "http://api.twitter.com/1/direct_messages/new.json";

  48:                      string postData = "user=@MyTwitterAccount" +

  49:                          "&text=" + 

  50:                          oAuth.UrlEncode("D @MyTwitterAccount - Access Token Obtained");

  51:                      xml = oAuth.oAuthWebRequest(oAuthTwitter.Method.POST, url, postData);

  52:                      apiResponse.InnerHtml = Server.HtmlEncode(xml);

  53:                  }

  54:              }

  55:          }

  56:      }

  57:  }

The above web transaction will essentially record the Access Token Set to the TwitterCredentials file of the root directory.  The Access Token and Access Secret from the TwitterCredentials file should now be placed into the AppSettings of the web.config and then the next web transaction will demonstrate using such credentials for repeated use:

   1:  using System;

   2:  using System.Data;

   3:  using System.Configuration;

   4:  using System.Collections;

   5:  using System.Web;

   6:  using System.Web.Security;

   7:  using System.Web.UI;

   8:  using System.Web.UI.WebControls;

   9:  using System.Web.UI.WebControls.WebParts;

  10:  using System.Web.UI.HtmlControls;

  11:   

  12:  namespace oAuthExample

  13:  {

  14:      public partial class DefaultWithToken : System.Web.UI.Page

  15:      {

  16:          // Direct Message API - http://dev.twitter.com/doc/post/direct_messages/new

  17:          // Limits (403) - http://support.twitter.com/forums/10711/entries/15364

  18:          // Also returns 403 when you send same message twice...

  19:          protected void Page_Load(object sender, EventArgs e)

  20:          {

  21:              string url = string.Empty;

  22:              string xml = string.Empty;

  23:              oAuthTwitter oAuth = new oAuthTwitter();

  24:              oAuth.Token = ConfigurationManager.AppSettings["accessToken"];

  25:              oAuth.TokenSecret = ConfigurationManager.AppSettings["accessTokenSecret"];

  26:   

  27:              url = "http://api.twitter.com/1/direct_messages/new.json";

  28:              string postData = "user=@MyTwitterAccount" +

  29:                          "&text=" + oAuth.UrlEncode("D @MyTwitterAccount - Hello World");

  30:              xml = oAuth.oAuthWebRequest(oAuthTwitter.Method.POST, url, postData);

  31:              apiResponse.InnerHtml = Server.HtmlEncode(xml);

  32:          }

  33:      }

  34:  }

The web.config is shown as follows:

   1:  <?xml version="1.0"?>

   2:  <configuration>

   3:    <appSettings>

   4:      <add key="consumerKey"

   5:           value="XXXXXXXXXXXXXXXXXXXXXXXXX"/>

   6:      <add key="consumerSecret"

   7:           value="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"/>

   8:      <add key="accessToken"

   9:           value="YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"/>

  10:      <add key="accessTokenSecret"

  11:           value="YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"/>

  12:    </appSettings>

  13:      <connectionStrings/>

  14:      <system.web>

  15:      <compilation debug="true"

  16:                   targetFramework="4.0" />

  17:          <authentication mode="Windows"/>

  18:          <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>

  19:    </system.web>

  20:  </configuration>

To protect the innocent, the web.config above does not show the actual Consumer Key and Consumer Secret as well as the actual Access Token and Access Token Secret.

That is it…Authentication with OAuth for Twitter…at least from the Consumer’s perspective.   Click HERE to download the project.

Thin provisioning has been a feature within VMWare Workstation and VMWare ESXi Server for quite some while.   To manage the growth of space use/reuse within a VMWare VMDK for VMWare Workstation, one usually periodically compresses the VMDK.  Of course, such compression requires a shutdown of the virtual machine.

With ESXi Server based VMDKs, what I have found is that I have a preference for using Thin Provisioning, because when I take a snapshot, I follow taking such a snapshot by copying the VMDK to either another local or remote storage media, and of course such copying takes much less time with thinly provisioned VMDKs.   The copy of the VMDK is a logical copy, not a physical copy; meaning only the in-use data blocks get copied, with one noted exception.  This exception happens to be how free space is identified and re-used.  If a utility like SDELETE is used periodically to zero out the free space within the VMDK then such free space is not copied to the destination location.  For example; if after executing SDELETE used space is 25% of the VMDK, then the destination VMDK will occupy only 25% of the VMDK provisioned size.  Also, the source thinly provisioned VMDK may have grown to the full thinly provisioned size.

I generally allow my ESXi Server thinly provisioned VMDKs to grow to the full thinly provisioned size, and of course this requires that the production VMDKs will require the provisioned size, however there is tremendous advantage during the copying/backup process, as noted above.

As of late I have been working with WCF Data Services to evaluate its fitness when used with client based Javascript/jQuery applications.   I have been quite pleased at the results.  WCF Data Services exposes a CRUD OData (Open Data Protocol) interface which can be accessed and utilized from not only jQuery client based applications but also desktop WPF or Silverlight apps, console apps, Winform apps and practically any application capable of communicating with WCF REST services.  Early in my evaluation I did encounter the need to uninstall WebDAV, which caused a Bad Method status code 405 to be returned, however after uninstalling WebDAV and utilizing many Internet articles on OData and WCF, I concluded that the following examples are good working examples on using OData and CRUD.

Microsoft does have a higher level Javascript/AJAX based interface implemented in the Sys.components.openDataContextnamespace, however I choose to use the jQuery API to issue Http requests directly, as illustrated in the examples below…

The examples below are also referencing one important constant; my WCF Data Service URL prefix…

   1:  var dataService = "/jCredentials.svc";

CRUD – “C” is for Create

   1:  function InsertCredentialsPIN(selectedTreeNode, PINObj) {

   2:   

   3:      var url = dataService + "/Credentials_PINs";

   4:   

   5:      var json = JSON.stringify(PINObj);

   6:   

   7:      $.ajax({

   8:          url: url,

   9:          data: json,

  10:          type: "POST",

  11:          contentType: "application/json; charset=utf-8",

  12:          dataType: "json",

  13:          success: function (result) {

  14:              // Do something

  15:          },

  16:          error: function (result) {

  17:              alert("PIN Insert Failure - Status Code=" + 

  18:                  result.status + ", Status=" + result.statusText);

  19:          }

  20:      });

  21:  }

CRUD – “R” is for Read

   1:  function GetPINTree(orderBy) {

   2:   

   3:      var url = null;

   4:      if (orderBy == null) {

   5:          url = dataService + "/Credentials_PINTree";

   6:      }

   7:      else {

   8:          url = dataService + "/Credentials_PINTree?$orderby=" + orderBy;

   9:      }

  10:   

  11:      $.ajax({

  12:          url: url,

  13:          type: "GET",

  14:          contentType: "application/json; charset=utf-8",

  15:          dataType: "json",

  16:          success: function (result) {

  17:              // Do something

  18:          },

  19:          error: function (result) {

  20:              alert("PINTree Get Failure - Status Code=" + 

  21:                      result.status + ", Status=" + result.statusText);

  22:          }

  23:      });

  24:  }

CRUD – “U” is for Update

   1:  function UpdatePINTree(selectedTreeNode, PINTreeObj) {

   2:   

   3:      var url = dataService + "/Credentials_PINTree(guid'" + 

   4:                          selectedTreeNode.get_value() + "')";

   5:   

   6:      var json = JSON.stringify(PINTreeObj);

   7:   

   8:      $.ajax({

   9:          url: url,

  10:          data: json,

  11:          type: "PUT",

  12:          contentType: "application/json; charset=utf-8",

  13:          dataType: "json",

  14:          success: function (result) {

  15:              // Do something

  16:          },

  17:          error: function (result) {

  18:              alert("PIN Tree Update Failure - Status Code=" + 

  19:                  result.status + ", Status=" + result.statusText);

  20:          }

  21:      });

  22:  }

CRUD – “D” is for Delete

   1:  function DeletePIN(selectedTreeNode) {

   2:   

   3:      var url = dataService + "/Credentials_PINs(guid'" + 

   4:                              selectedTreeNode.get_value() + "')";

   5:   

   6:      $.ajax({

   7:          url: url,

   8:          type: "DELETE",

   9:          contentType: "application/json; charset=utf-8",

  10:          dataType: "json",

  11:          success: function (result) { 

  12:              // Do something

  13:          },

  14:          error: function (result) {

  15:              alert("PIN Delete Failure - Status Code=" + 

  16:                      result.status + ", Status=" + result.statusText);

  17:          }

  18:      });

  19:  }

I just spend two days trying to figure out why I was getting a HTTP status code 405 (method not allowed) IIS 7.5 response when attempting a jQuery based PUT method to update an existing entity.  As it turns out I tried it with the internal VS 2010 web server and it was working OK.  This helped me to focus my Google searches a bit and I finally narrowed the problem down to having WebDAV Publishing installed on my Windows 7 development virtual machine.  I uninstalled WebDAV and the OData data service now works fine.

I found the WebDAV mention in this post… http://social.msdn.microsoft.com/Forums/en/windowsazure/thread/a22b9e60-8353-40c7-af3e-69a8f18240c1

As a result of my recent migration to VMWare ESX Server for my offsite hosted servers, I also needed to consider a backup strategy.  In addition to having a local daily backup option, I also wanted a secondary cloud backup strategy.  I selected the products available from Cloudberry Labs; a software company based out of St. Petersburg Russia.

There is a freeware edition of the Cloudberry products, however I selected the Cloudberry Explorer Pro and Cloudberry Online Backup Server Edition.  I have licensed the Online Backup Server Edition for each of my VMWare virtualized servers, and at around 2am each morning Online Backup Server Edition executes their user defined backup plan.

Cloudberry products support backing up to the cloud services of Amazon S3 (Simply Storage Service), Microsoft Azure, the emerging Google Storage Service and Dunkel Storage (a Amazon S3 compatible service based out of Germany).

The Cloudberry Explorer Pro and Online Backup products both support compression and encryption as features for any backup plan.  The Cloudberry compression feature reduces the amount of data being backed up on an average of 66%; effectively reducing the Amazon S3 storage charge from 15 cents down to 5 cents per GB.   The encryption feature provides an additional of privacy and security for your data.