I haven't written a text description of this process yet, sorry.

I've been really busy working on two upcoming things from Spark::red that I think you'll all appreciate, so bear with me.

On rare occasion, iCal under OS X will get really slow, or lock up. In this case the issue was caused by a repeating event which had gotten corrupted somehow and ended up creating over 12,000 instances within the calendar. It looked fine within iCal, however, when you export the calendar, it created a 4.5 MB file, with 12,000+ entries for the event. With that calendar deleted, iCal was fine.

I used TextMate and a regular expression (regex) to delete every instance of the offending event from the exported iCal file.

Step 1: Export each calendar from within iCal to their own .ics files.
Step 2: Quit iCal.
Step 3: Delete the contents from ~/Library/Calendars.
Step 4: Edit the offending .ics file. I used TextMate, but you can use a command line regex tool, BBEdit, Emacs, etc....
Step 5: Use a regex like this:

(?im)BEGIN:VEVENT([^ ]*)(?!END)(Forever)(.*?)END:VEVENT

where "Forever" is the part of the name of the event. It could be any string which only occurs within the bad event. Delete each matching instance. In TextMate I use search-and-replace. Save the file.
Step 6: Start iCal.
Step 7: Import each .ics file.
Step 8: Profit!

If you have a server with a world facing ssh server, you've probably seen brute force attacks in your logs. Some machine starts hammering your ssh server, trying all sorts of logins (staff, root, a, admin, etc...) over and over and over again.

This is bad on a lot of fronts.

I use two simple iptables rules to block any IP address who has made more than 3 ssh connections or attempted connections within the past 3 minutes. So your would-be brute force attacker, gets three tries, and then is locked out for a minimum of three minutes. However, since 99% of the attacks are run by an automated bot, it will either: give up after the connection is refused multiple times, or it will keep hammering away on the closed door, which keeps the running count of attempted connections in the past 3 minutes over 3, keeping the door closed.

First:

iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

Then run:

iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP

I'd also recommend using the script in my post on blocking IP addresses using iptables to deal with any persistent folks, or people poking too hard on your web site, or other services.

This is a copy of a small rant I just posted on the ATG_Tech Google Group.

Please note that ATG isn't the only company doing this, Oracle does it, as do many others. I just think that it's wrong:)

If you draw a graph showing processing power against software license cost for the same software module, over time, you'd see a steady increase of processing power, a pretty flat cost line for years and years, and then once multi-core hit the server market, you'd see a huge jump in cost, without a significant change in the climb of performance.

--------
I think this licensing model is a huge mistake for the customers.

CPU manufacturers changed course from developing faster and faster chips, to developing more and more cores on a given chip at lower clock speeds. The reason is that it's easier, cost-wise and silicon
manufacturing yield-wise, to add cores, and rely on the OS and applications to make use of the multi-cores. So ideally, the end user sitting in front of their computer will see a similar level of
performance increase as chips go wider, as they would have had chip manufacturer continued the megahertz wars. While at the same time, the cost of that increased performance to the chip manufacturers is less. (also there was an approaching barrier of how low you can shrink the die size without moving to a whole other base material, and power dissipation issues).

Intel released their 2.2 GHz Pentium in January of 2002. Current Intel dual and quad core processors don't really exceed 3.0 GHz, and many new chips are still being released in 2.2, 2.4, 2.6 GHz core
speeds. So in 6 years, based on an 18-month Moore's Law cycle (yes, I know Moore's Law is about transistor density not computation speed, but for the sake of estimation, it's pretty close to how the industry was progressing with clock speed before the shift to multi-cores), in the alternate universe of single core chips, we'd expect to see 35.2 GHz chips. With a 24 months cycle it would be 17.6 GHz. At least I think that's how the math works. At any rate, our current multi-core processors don't provide any additional performance based on the performance per CPU we should expect at the current time, based on the history of CPU performance increases.

The problem here is that now ATG (and other per-core licensing products) customer are paying up to 2X more money in licensing cost for very similar (if not the same) levels of performance than if they CPUs had just gotten faster.

You could make the case that for the work of handing request threads, two 3.0 GHz cores perform a bit better than a single 6.0 GHz (or 17.4 GHz) core, but honestly it's really hard to say, since we don't have 6.0 GHz cores readily available to test ATG on. I'd be VERY surprised if the performance was more than 10% different. And yet we have to pay far more for it.

Customers of ATG/Oracle/etc... are being penalized for the (legitimate) decisions of Intel and AMD.
-------

Some ATG product licenses are bound to a specific list of IP addresses. However, it may validate that in a somewhat counter-intuitive manner, at least under Linux.

If, for example, you are running ATG within JBoss on a server with multiple IP addresses (or multiple NICs), you might expect that if you bind JBoss to a specific IP address, that will be the IP that is used in the license check, since clearly that is the real IP the server is listening on.

Not so. It appears that instead of checking the IP address(es) of the J2EE container, it looks at the machine's hostname. So if your hostname is configured to a name that is mapped to a different IP in your /etc/hosts file, your license will fail to validate.

The fix is relatively simple, just change the hostname of the server to match the name mapped to the licensed IP address in your /etc/hosts file, and start up JBoss again.

However, since this essentially alters the "identity" of your server it can have other repercussions on your server. So be warned. It may make more sense to get the licenses issued with IPs matching your hostname, not the actual IP you intend to run JBoss/ATG on.

I think this is a bit of a bug, in my opinion.