Several major improvements have been implemented. The various monitoring functions are now set off via a timer. This allows the event loop to be looser, the GUI more responsive and DecaffeinatID to be less of a hog on the CPU. This caused a change in the way that the sleep parameter in the INI file is interpreted. Now the sleep parameter specifies the amount of time in milliseconds between each monitor function (ARP cache, Firewall and Event Log). For example, with the new default of "sleep=1000", DecaffeinatID waits about one second between each monitor function, so to go through one cycle takes about three second  with the default setting (I've taken it down to "sleep=100" without major problems). The only downside to this is that some alerts may be skipped if several happen at nearly the same time, but since DecaffeinatID's main function is just to alert you of network shenanigans this is a worthwhile compromise (when DecaffeinatID warns you about something, you really should check your logs for more details anyway). I've also fixed a problem with ARP cache parsing that was caused by the word "invalid" in the output of the "arp -a" command.