Monthly Archives: September 2007


Use Emacs to edit compressed .ear and .war files

If you’re like me, you’ve often found yourself needing to change a setting, or view some information, buried deep inside a .ear or .war or .sar file. Well, you probably know that emacs can handle looking inside and editing files within a .tar or .jar file. Since .ear and .war files are just […]

By | September 26th, 2007|General, Java|6 Comments

Another small update

I just pushed up the latest version of 10MinuteMail. Now there are 29 languages supported! I’ve also upgraded the Seam version to 2.0.0.CR1 and the JBoss version to 4.2.1.GA. I am hoping that this will help fix some of the recent OutOfMemory […]

By | September 23rd, 2007|10MinuteMail, JBoss, Seam|2 Comments

ATG Dynamo – back to basics

I worry that ATG has mis-focused it’s energy.

In the last few years, ATG has introduced (or purchased) a number of new products which sit on the existing stack. Ticketing Features, Search, Merchandising, Campaign Optimizer, Knowledge, Self Service, Response Management, Commerce Service Center, Outreach, and Customer Intelligence). I haven’t had a chance to play with all of them yet. I’m sure they’re all very neat. I’m more sure that they help sell license dollars to marketing and business people.

I’m not trying to undercut the value in that. I see it. I totally think ATG should be expanding their offering, meeting customer needs, making money, etc… What bothers me is that if you look at the same time period which all of those new product were introduced, you’d see almost no changes or enhancements to the underlying product stack, what they now call the ATG Adaptive Scenario Engine (or ASE) which consists of DAS (ATG Dynamo Application Server) or DAF (Dynamo Application Framework), DPS (Dynamo Personalization Server), and DSS (Dynamo Scenario Server). Sure, there are some bug fixes, a little feature here and there (like adding forgot password support in 2006.3). But nothing significant. The programmers guides for ATG 7.0, 7.1, 2006.3, and 2007.1 look REALLY similar.


By | September 20th, 2007|ATG|7 Comments

How to block an IP in Linux

I run Debian on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, viruses scanning for the ability to spread, things like that. I’ll go into the SSH brute force defenses in a later post, but for now I’ll cover how to easily […]

By | September 16th, 2007|Linux, Security|21 Comments

ATG Security

World-facing websites always have to be written carefully in order to prevent malicious attacks. There are tons of additional vulnerabilities and attack vectors which need to be addressed as well, but in this post I’m going to talk about the two most common: Cross Site Scripting (XSS) and SQL Injection.

If you already know what these are, feel free to skip down a bit to the section where I talk about where ATG Dynamo helps and where there are still some gaps.

Cross Site Scripting is essentially when someone malicious gets your website to source in their content, from their site usually (hence the “cross site”), to what you serve to your users. This can take many forms including embedding a malicious page inside an existing frame in your website, sourcing in javascript which runs on your user’s computer as if it had come from your site, embedding an inappropriate image in a page, or using tricks (or javascript) to redirect the user from your site to a competitor or even a site that LOOKS like yours, but isn’t.

It is an attack against your users, not your servers.


By | September 4th, 2007|ATG, Security|0 Comments